def auth_file_platform_tuple(volttron_instance_encrypt):
platform = volttron_instance_encrypt
auth_file = AuthFile(os.path.join(platform.volttron_home, 'auth.json'))
allow_entries, groups, roles = auth_file.read()
gevent.sleep(0.5)
return auth_file, platform
def auth_file_platform_tuple(volttron_instance_encrypt):
platform = volttron_instance_encrypt
auth_file = AuthFile(os.path.join(platform.volttron_home, 'auth.json'))
allow_entries, groups, roles = auth_file.read()
gevent.sleep(0.5)
return auth_file, platform
def test_upgrade_file_verison_0_to_1_1_minimum_entries(tmpdir_factory):
"""The only required field in 'version 0' was credentials"""
mechanism = "CURVE"
publickey = "A" * 43
version0 = {
"allow": [{
"credentials": mechanism + ":" + publickey
}],
}
filename = str(tmpdir_factory.mktemp('auth_test').join('auth.json'))
with open(filename, 'w') as fp:
fp.write(json.dumps(version0, indent=2))
upgraded = AuthFile(filename)
entries = upgraded.read()[0]
assert len(entries) == 1
assert entries[0].user_id is not None
expected = version0['allow'][0]
expected["credentials"] = publickey
expected["mechanism"] = mechanism
expected["domain"] = None
expected["address"] = None
expected["user_id"] = entries[0].user_id # this will be a UUID
expected["enabled"] = True
expected["comments"] = None
expected["capabilities"] = []
expected["roles"] = []
expected["groups"] = []
assert_auth_entries_same(expected, vars(entries[0]))
def test_upgrade_file_verison_0_to_1_1_minimum_entries(tmpdir_factory):
"""The only required field in 'version 0' was credentials"""
mechanism = "CURVE"
publickey = "A" * 43
version0 = {
"allow": [{"credentials": mechanism + ":" + publickey}],
}
filename = str(tmpdir_factory.mktemp('auth_test').join('auth.json'))
with open(filename, 'w') as fp:
fp.write(json.dumps(version0, indent=2))
upgraded = AuthFile(filename)
entries = upgraded.read()[0]
assert len(entries) == 1
assert entries[0].user_id is not None
expected = version0['allow'][0]
expected["credentials"] = publickey
expected["mechanism"] = mechanism
expected["domain"] = None
expected["address"] = None
expected["user_id"] = entries[0].user_id # this will be a UUID
expected["enabled"] = True
expected["comments"] = None
expected["capabilities"] = []
expected["roles"] = []
expected["groups"] = []
assert_auth_entries_same(expected, vars(entries[0]))
def set_auth_identities(agent_credential_map):
"""Updates auth entries' identity field in auth file based on existing agents"""
auth_file = AuthFile()
entries, deny_entries, groups, roles = auth_file.read()
for entry in entries:
for credential in agent_credential_map:
if entry.credentials == credential:
entry.identity = agent_credential_map[credential]
auth_file._write(entries, deny_entries, groups, roles)
return
def test_upgrade_file_verison_0_to_latest(tmpdir_factory):
mechanism = "CURVE"
publickey = "A" * 43
version0 = {
"allow": [
{
"domain": "vip",
"address": "127.0.0.1",
"user_id": "user123",
"enabled": True,
"comments": "This is a test entry",
"capabilities": ["can_publish_temperature"],
"roles": [],
"groups": [],
"credentials": mechanism + ":" + publickey
}
],
"roles": {
"manager": ["can_managed_platform"]
},
"groups": {
"admin": ["reader", "writer"]
},
"version": {
"major": 0,
"minor": 0
},
}
filename = str(tmpdir_factory.mktemp('auth_test').join('auth.json'))
with open(filename, 'w') as fp:
fp.write(jsonapi.dumps(version0, indent=2))
upgraded = AuthFile(filename)
entries, denied_entries, groups, roles = upgraded.read()
assert groups == version0['groups']
assert roles == version0['roles']
assert len(entries) == 1
expected = version0['allow'][0]
expected["credentials"] = publickey
expected["mechanism"] = mechanism
expected["capabilities"] = {'can_publish_temperature': None,
'edit_config_store': {'identity': entries[0].user_id}}
expected["rpc_method_authorizations"] = {}
assert_auth_entries_same(expected, vars(entries[0]))
# RPC Method Authorizations added with 1.3
for entry in upgraded.auth_data["allow_list"]:
assert entry["rpc_method_authorizations"] == {}
def test_upgrade_file_verison_0_to_1_1(tmpdir_factory):
mechanism = "CURVE"
publickey = "A" * 43
version0 = {
"allow": [
{
"domain": "vip",
"address": "127.0.0.1",
"user_id": "user123",
"enabled": True,
"comments": "This is a test entry",
"capabilities": ["can_publish_temperature"],
"roles": [],
"groups": [],
"credentials": mechanism + ":" + publickey
}
],
"roles": {
"manager": ["can_managed_platform"]
},
"groups": {
"admin": ["reader", "writer"]
}
}
filename = str(tmpdir_factory.mktemp('auth_test').join('auth.json'))
with open(filename, 'w') as fp:
fp.write(json.dumps(version0, indent=2))
upgraded = AuthFile(filename)
entries, groups, roles = upgraded.read()
assert groups == version0['groups']
assert roles == version0['roles']
assert len(entries) == 1
expected = version0['allow'][0]
expected["credentials"] = publickey
expected["mechanism"] = mechanism
assert_auth_entries_same(expected, vars(entries[0]))
def test_upgrade_file_verison_0_to_latest_minimum_entries(tmpdir_factory):
"""The only required field in 'version 0' was credentials"""
mechanism = "CURVE"
publickey = "A" * 43
version0 = {
"allow": [{"credentials": mechanism + ":" + publickey}],
"version": {
"major": 0,
"minor": 0
},
}
filename = str(tmpdir_factory.mktemp('auth_test').join('auth.json'))
with open(filename, 'w') as fp:
fp.write(jsonapi.dumps(version0, indent=2))
upgraded = AuthFile(filename)
entries = upgraded.read()[0]
assert len(entries) == 1
assert entries[0].user_id is not None
expected = version0['allow'][0]
expected["credentials"] = publickey
expected["mechanism"] = mechanism
expected["domain"] = None
expected["address"] = None
expected["user_id"] = entries[0].user_id #this will be a UUID
expected["enabled"] = True
expected["comments"] = None
expected["capabilities"] = {'edit_config_store': {'identity': entries[0].user_id}}
expected["rpc_method_authorizations"] = {}
expected["roles"] = []
expected["groups"] = []
assert_auth_entries_same(expected, vars(entries[0]))
# RPC Method Authorizations added with 1.3
for entry in upgraded.auth_data["allow_list"]:
assert entry["rpc_method_authorizations"] == {}
def test_upgrade_file_verison_0_to_1_1(tmpdir_factory):
mechanism = "CURVE"
publickey = "A" * 43
version0 = {
"allow": [{
"domain": "vip",
"address": "127.0.0.1",
"user_id": "user123",
"enabled": True,
"comments": "This is a test entry",
"capabilities": ["can_publish_temperature"],
"roles": [],
"groups": [],
"credentials": mechanism + ":" + publickey
}],
"roles": {
"manager": ["can_managed_platform"]
},
"groups": {
"admin": ["reader", "writer"]
}
}
filename = str(tmpdir_factory.mktemp('auth_test').join('auth.json'))
with open(filename, 'w') as fp:
fp.write(json.dumps(version0, indent=2))
upgraded = AuthFile(filename)
entries, groups, roles = upgraded.read()
assert groups == version0['groups']
assert roles == version0['roles']
assert len(entries) == 1
expected = version0['allow'][0]
expected["credentials"] = publickey
expected["mechanism"] = mechanism
assert_auth_entries_same(expected, vars(entries[0]))
def upgrade_old_agents(aip):
"""
Moves any keystore.json from agent-data to dist-info.
Only applies to agents in auth file.
"""
vhome = Path(aip.env.volttron_home)
agent_map = aip.get_agent_identity_to_uuid_mapping()
auth_file = AuthFile()
install_dir = vhome.joinpath("agents")
for agent in agent_map:
agent_path = install_dir.joinpath(agent_map[agent])
try:
agent_data = get_agent_path(agent_path, 'agent-data')
# Skip if no agent-data exists
except KeyError as err:
print(f"agent-data not found for {err}")
continue
keystore_path = agent_data.joinpath('keystore.json')
try:
dist_info = get_agent_path(agent_path, 'dist-info')
# Skip if no dist-info exists
except KeyError as err:
print(f"dist-info not found for {err}")
continue
keystore_dest_path = dist_info.joinpath('keystore.json')
if keystore_path.exists():
agent_keystore = KeyStore(keystore_path)
for entry in auth_file.read()[0]:
# Only move if agent exists in auth file
if entry.credentials == agent_keystore.public:
shutil.move(str(keystore_path), str(keystore_dest_path))
break
return
def test_upgrade_file_version_1_2_to_1_3(tmpdir_factory):
"""The only required field in 'version 0' was credentials"""
version1_2 = {
"roles":{
"manager":[
"can_managed_platform"
]
},
"version":{
"major":1,
"minor":2
},
"groups":{
"admin":[
"reader",
"writer"
]
},
"allow":[
{
"domain":"vip",
"user_id":"user1",
"roles":[],
"enabled":True,
"mechanism":"CURVE",
"capabilities":{'can_publish_temperature': None,
'edit_config_store': {'identity': 'user1'}},
"groups":[],
"address":"127.0.0.1",
"credentials":"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
"comments":"This is a test entry"
},
{
"domain": "vip",
"user_id": "user2",
"roles": [],
"enabled": True,
"mechanism": "CURVE",
"capabilities": {'blah': None, 'foo': None,
'edit_config_store': {'identity': 'user2'}},
"groups": [],
"address": "127.0.0.1",
"credentials": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
"comments": "This is a test entry"
},
{
"domain": "vip",
"user_id": CONTROL,
"roles": [],
"enabled": True,
"mechanism": "CURVE",
"capabilities": {'edit_config_store': {'identity': '/.*/'}},
"groups": [],
"address": "127.0.0.1",
"credentials": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
"comments": "This is a test entry"
},
{
"domain": "vip",
"user_id": VOLTTRON_CENTRAL_PLATFORM,
"roles": [],
"enabled": True,
"mechanism": "CURVE",
"capabilities": {'edit_config_store': {'identity': '/.*/'}},
"groups": [],
"address": "127.0.0.1",
"credentials": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
"comments": "This is a test entry"
}
]
}
filename = str(tmpdir_factory.mktemp('auth_test').join('auth.json'))
with open(filename, 'w') as fp:
fp.write(jsonapi.dumps(version1_2, indent=2))
upgraded = AuthFile(filename)
entries = upgraded.read()[0]
assert len(entries) == 4
for entry in entries:
assert entry.rpc_method_authorizations == {}
