def test_device_count_simple(self, devices, management_api):
"""We have 15 devices, each with a single auth set, verify that
accepting/rejecting affects the count"""
count = management_api.count_devices()
assert count == 15
pending_count = management_api.count_devices(status='pending')
assert pending_count == 15
# accept device[0] and reject device[1]
for idx, (d, da) in enumerate(devices[0:2]):
dev = management_api.find_device_by_identity(d.identity)
assert dev
devid = dev.id
print('found matching device with ID:', dev.id)
aid = dev.auth_sets[0].id
try:
with orchestrator.run_fake_for_device_id(devid) as server:
if idx == 0:
management_api.accept_device(devid, aid)
elif idx == 1:
management_api.reject_device(devid, aid)
except bravado.exception.HTTPError as e:
assert e.response.status_code == 204
TestDevice.verify_device_count(management_api, 'pending', 13)
TestDevice.verify_device_count(management_api, 'accepted', 1)
TestDevice.verify_device_count(management_api, 'rejected', 1)
def test_device_count_multiple_auth_sets(self, devices, management_api,
device_api):
""""Verify that auth sets are properly counted. Take a device, make sure it has
2 auth sets, switch each auth sets between accepted/rejected/pending
states
"""
dev, dauth = devices[0]
# pretend device rotates its keys
dev.rotate_key()
with deviceadm.run_fake_for_device(deviceadm.ANY_DEVICE) as server:
device_auth_req(device_api.auth_requests_url, dauth, dev)
# should have 2 auth sets now
found_dev = management_api.find_device_by_identity(dev.identity)
assert len(found_dev.auth_sets) == 2
first_aid, second_aid = found_dev.auth_sets[0].id, found_dev.auth_sets[
1].id
# device [0] has 2 auth sets, but still counts as 1 device
TestDevice.verify_device_count(management_api, 'pending', 5)
devid = found_dev.id
with orchestrator.run_fake_for_device_id(
orchestrator.ANY_DEVICE) as server:
# accept first auth set
management_api.accept_device(devid, first_aid)
TestDevice.verify_device_count(management_api, 'pending', 4)
TestDevice.verify_device_count(management_api, 'accepted', 1)
TestDevice.verify_device_count(management_api, 'rejected', 0)
# reject the other
management_api.reject_device(devid, second_aid)
TestDevice.verify_device_count(management_api, 'pending', 4)
TestDevice.verify_device_count(management_api, 'accepted', 1)
TestDevice.verify_device_count(management_api, 'rejected', 0)
# reject both
management_api.reject_device(devid, first_aid)
TestDevice.verify_device_count(management_api, 'pending', 4)
TestDevice.verify_device_count(management_api, 'accepted', 0)
TestDevice.verify_device_count(management_api, 'rejected', 1)
# switch the first back to pending, 2nd remains rejected
management_api.put_device_status(devid, first_aid, 'pending')
TestDevice.verify_device_count(management_api, 'pending', 5)
TestDevice.verify_device_count(management_api, 'accepted', 0)
TestDevice.verify_device_count(management_api, 'rejected', 0)
def test_device_accept_reject_cycle(self, devices, device_api,
management_api):
d, da = devices[0]
url = device_api.auth_requests_url
dev = management_api.get_single_device()
assert dev
devid = dev.id
print("found device with ID:", dev.id)
aid = dev.auth_sets[0].id
with orchestrator.run_fake_for_device_id(devid) as server:
_, rsp = management_api.accept_device(devid, aid)
assert rsp.status_code == 204
# device is accepted, we should get a token now
rsp = device_auth_req(url, da, d)
assert rsp.status_code == 200
da.parse_rsp_payload(d, rsp.text)
assert len(d.token) > 0
# reject it now
_, rsp = management_api.reject_device(devid, aid)
print("RSP:", rsp)
assert rsp.status_code == 204
# device is rejected, should get unauthorized
rsp = device_auth_req(url, da, d)
assert rsp.status_code == 401
def test_device_accept_reject_cycle(self, devices, device_api,
management_api):
d, da = devices[0]
url = device_api.auth_requests_url
dev = management_api.find_device_by_identity(d.identity)
assert dev
devid = dev.id
print("found matching device with ID:", dev.id)
aid = dev.auth_sets[0].id
try:
with orchestrator.run_fake_for_device_id(devid) as server:
management_api.accept_device(devid, aid)
except bravado.exception.HTTPError as e:
assert e.response.status_code == 204
# device is accepted, we should get a token now
try:
with orchestrator.run_fake_for_device_id(devid) as server:
rsp = device_auth_req(url, da, d)
assert rsp.status_code == 200
da.parse_rsp_payload(d, rsp.text)
assert len(d.token) > 0
# reject it now
try:
management_api.reject_device(devid, aid)
except bravado.exception.HTTPError as e:
assert e.response.status_code == 204
# device is rejected, should get unauthorized
rsp = device_auth_req(url, da, d)
assert rsp.status_code == 401
except bravado.exception.HTTPError as e:
assert e.response.status_code == 204
def test_device_reject_nonexistent(self, management_api):
try:
management_api.reject_device('funnyid', 'funnyid')
except bravado.exception.HTTPError as e:
assert e.response.status_code == 404