def do_test_ok_preauth_and_remove(self):
"""
Test the removal of a preauthorized auth set, verify it's gone from all API results.
"""
# preauthorize
preauth_iddata = "{\"mac\":\"preauth-mac\"}"
preauth_key = "preauth-key"
r = adm.preauth(preauth_iddata, preauth_key)
assert r.status_code == 201
devs = adm.get_devices(2)
dev_preauth = [d for d in devs if d['device_identity'] == preauth_iddata]
assert len(dev_preauth) == 1
dev_preauth = dev_preauth[0]
# remove from admission
r = adm.delete_auth_set(dev_preauth['id'])
assert r.status_code == 204
# verify removed from admission
devs = adm.get_devices(1)
dev_removed = [d for d in devs if d['device_identity'] == preauth_iddata]
assert len(dev_removed) == 0
# verify removed from deviceauth
r = deviceauth.get_device(dev_preauth['id'])
assert r.status_code == 404
# verify removed from inventory
r = inv.get_device(dev_preauth['id'])
assert r.status_code == 404
def do_test_ok_preauth_and_bootstrap(self):
"""
Test the happy path from preauthorizing a device to a successful bootstrap.
Verify that the device/auth set appear correctly in admission API results.
"""
client = get_mender_clients()[0]
# we'll use the same pub key for the preauth'd device, so get it
res = execute(Client.get_pub_key, hosts=client)
preauth_key = res[client].exportKey()
# stick an extra newline on the key - this is how a device would send it
preauth_key += '\n'
# preauthorize a new device
preauth_iddata = {"mac": "mac-preauth"}
# serialize manually to avoid an extra space (id data helper doesn't insert one)
preauth_iddata_str = "{\"mac\":\"mac-preauth\"}"
r = adm.preauth(preauth_iddata_str, preauth_key)
assert r.status_code == 201
# verify the device appears correctly in api results
devs = adm.get_devices(2)
dev_preauth = [d for d in devs if d['status'] == 'preauthorized']
assert len(dev_preauth) == 1
dev_preauth = dev_preauth[0]
assert dev_preauth['device_identity'] == preauth_iddata_str
assert dev_preauth['key'] == preauth_key
# make one of the existing devices the preauthorized device
# by substituting id data and restarting
res = execute(Client.substitute_id_data, preauth_iddata, hosts=client)
res = execute(Client.restart, hosts=client)
# verify api results - after some time the device should be 'accepted'
for _ in range(120):
time.sleep(15)
dev_accepted = adm.get_devices_status(status="accepted", expected_devices=2)
if len([d for d in dev_accepted if d['status'] == 'accepted']) == 1:
break
logging.info("devices: " + str(dev_accepted))
dev_accepted = [d for d in dev_accepted if d['status'] == 'accepted']
logging.info("accepted devices: " + str(dev_accepted))
execute(Client.get_logs, hosts=client)
assert len(dev_accepted) == 1, "looks like the device was never accepted"
dev_accepted = dev_accepted[0]
logging.info("accepted device: " + str(dev_accepted))
assert dev_accepted['device_identity'] == preauth_iddata_str
assert dev_accepted['key'] == preauth_key
# verify device was issued a token
res = execute(Client.have_authtoken, hosts=client)
assert res[client]
def do_test_fail_preauth_existing(self):
"""
Test 'conflict' response when an identity data set already exists.
"""
# wait for the device to appear
devs = adm.get_devices(1)
dev = devs[0]
# try to preauthorize the same id data, new key
r = adm.preauth(dev['device_identity'], 'preauth-key')
assert r.status_code == 409
def do_test_ok_preauth_and_remove(self):
"""
Test the removal of a preauthorized auth set, verify it's gone from all API results.
"""
# preauthorize
preauth_iddata = "{\"mac\":\"preauth-mac\"}"
preauth_key = '''-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzogVU7RGDilbsoUt/DdH
VJvcepl0A5+xzGQ50cq1VE/Dyyy8Zp0jzRXCnnu9nu395mAFSZGotZVr+sWEpO3c
yC3VmXdBZmXmQdZqbdD/GuixJOYfqta2ytbIUPRXFN7/I7sgzxnXWBYXYmObYvdP
okP0mQanY+WKxp7Q16pt1RoqoAd0kmV39g13rFl35muSHbSBoAW3GBF3gO+mF5Ty
1ddp/XcgLOsmvNNjY+2HOD5F/RX0fs07mWnbD7x+xz7KEKjF+H7ZpkqCwmwCXaf0
iyYyh1852rti3Afw4mDxuVSD7sd9ggvYMc0QHIpQNkD4YWOhNiE1AB0zH57VbUYG
UwIDAQAB
-----END PUBLIC KEY-----
'''
r = adm.preauth(preauth_iddata, preauth_key)
assert r.status_code == 201
devs = adm.get_devices(2)
dev_preauth = [d for d in devs if d['device_identity'] == preauth_iddata]
assert len(dev_preauth) == 1
dev_preauth = dev_preauth[0]
# remove from admission
r = adm.delete_auth_set(dev_preauth['id'])
assert r.status_code == 204
# verify removed from admission
devs = adm.get_devices(1)
dev_removed = [d for d in devs if d['device_identity'] == preauth_iddata]
assert len(dev_removed) == 0
# verify removed from deviceauth
r = deviceauth.get_device(dev_preauth['id'])
assert r.status_code == 404
# verify removed from inventory
r = inv.get_device(dev_preauth['id'])
assert r.status_code == 404
def do_test_fail_preauth_existing(self):
"""
Test 'conflict' response when an identity data set already exists.
"""
# wait for the device to appear
devs = adm.get_devices(1)
dev = devs[0]
# try to preauthorize the same id data, new key
preauth_key = '''-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzogVU7RGDilbsoUt/DdH
VJvcepl0A5+xzGQ50cq1VE/Dyyy8Zp0jzRXCnnu9nu395mAFSZGotZVr+sWEpO3c
yC3VmXdBZmXmQdZqbdD/GuixJOYfqta2ytbIUPRXFN7/I7sgzxnXWBYXYmObYvdP
okP0mQanY+WKxp7Q16pt1RoqoAd0kmV39g13rFl35muSHbSBoAW3GBF3gO+mF5Ty
1ddp/XcgLOsmvNNjY+2HOD5F/RX0fs07mWnbD7x+xz7KEKjF+H7ZpkqCwmwCXaf0
iyYyh1852rti3Afw4mDxuVSD7sd9ggvYMc0QHIpQNkD4YWOhNiE1AB0zH57VbUYG
UwIDAQAB
-----END PUBLIC KEY-----
'''
r = adm.preauth(dev['device_identity'], preauth_key)
assert r.status_code == 409