def test_device_count_multiple_auth_sets(self, devices, management_api,
device_api):
""""Verify that auth sets are properly counted. Take a device, make sure it has
2 auth sets, switch each auth sets between accepted/rejected/pending
states
"""
dev, dauth = devices[0]
# pretend device rotates its keys
dev.rotate_key()
with deviceadm.run_fake_for_device(deviceadm.ANY_DEVICE) as server:
device_auth_req(device_api.auth_requests_url, dauth, dev)
# should have 2 auth sets now
found_dev = management_api.find_device_by_identity(dev.identity)
assert len(found_dev.auth_sets) == 2
first_aid, second_aid = found_dev.auth_sets[0].id, found_dev.auth_sets[
1].id
# device [0] has 2 auth sets, but still counts as 1 device
TestDevice.verify_device_count(management_api, 'pending', 5)
devid = found_dev.id
with orchestrator.run_fake_for_device_id(
orchestrator.ANY_DEVICE) as server:
# accept first auth set
management_api.accept_device(devid, first_aid)
TestDevice.verify_device_count(management_api, 'pending', 4)
TestDevice.verify_device_count(management_api, 'accepted', 1)
TestDevice.verify_device_count(management_api, 'rejected', 0)
# reject the other
management_api.reject_device(devid, second_aid)
TestDevice.verify_device_count(management_api, 'pending', 4)
TestDevice.verify_device_count(management_api, 'accepted', 1)
TestDevice.verify_device_count(management_api, 'rejected', 0)
# reject both
management_api.reject_device(devid, first_aid)
TestDevice.verify_device_count(management_api, 'pending', 4)
TestDevice.verify_device_count(management_api, 'accepted', 0)
TestDevice.verify_device_count(management_api, 'rejected', 1)
# switch the first back to pending, 2nd remains rejected
management_api.put_device_status(devid, first_aid, 'pending')
TestDevice.verify_device_count(management_api, 'pending', 5)
TestDevice.verify_device_count(management_api, 'accepted', 0)
TestDevice.verify_device_count(management_api, 'rejected', 0)
def test_check_device_limits(
self, clean_db, cli, device_api, management_api, internal_api, test_case
):
rsp_q_tadm = asyncio.Queue(
maxsize=len(test_case["tenant"]["users"]) + test_case["device_count"]
)
rsp_q_wflows = asyncio.Queue(
maxsize=len(test_case["tenant"]["users"]) + test_case["device_count"]
)
with self.init_service_mocks(wflows_rsp_q=rsp_q_wflows, tadm_rsp_q=rsp_q_tadm):
tenant_token = make_fake_tenant_token(test_case["tenant"]["id"])
internal_api.put_max_devices_limit(
test_case["tenant"]["id"], test_case["tenant"]["device_limit"]
)
for _ in range(test_case["device_count"]):
# POST /api/internal/v1/tenantadm/verify
rsp_q_tadm.put_nowait(
(200, {}, '{"id": "%s", "sub": "user"}' % test_case["tenant"])
)
# POST /api/v1/workflows/update_device_inventory
rsp_q_wflows.put_nowait((201, {}, ""))
# POST /api/v1/workflows/provision_device
rsp_q_wflows.put_nowait((201, {}, ""))
dev = Device()
da = DevAuthorizer(tenant_token=tenant_token)
rsp = device_auth_req(device_api.auth_requests_url, da, dev)
assert rsp.status_code == 401
devs = management_api.list_devices(
status="pending", Authorization="Bearer " + tenant_token
)
for dev in devs:
# POST /api/v1/workflows/update_device_status
rsp_q_wflows.put_nowait((201, {}, ""))
# POST /api/v1/workflows/provision_device
rsp_q_wflows.put_nowait((201, {}, ""))
management_api.put_device_status(
dev["id"],
dev["auth_sets"][0]["id"],
"accepted",
Authorization="Bearer " + tenant_token,
)
if test_case["device_count"] >= (
(test_case["tenant"]["device_limit"] * test_case["threshold"] / 100.0)
):
# GET /api/management/v1/tenantadm/users
usersJSON = json.dumps(test_case["tenant"]["users"])
rsp_q_tadm.put_nowait((200, {}, usersJSON))
usernames = [user["name"] for user in test_case["tenant"]["users"]]
# Verify that workflow is started for each user
for i in range(len(test_case["tenant"]["users"])):
def verify_workflow(handler):
assert handler.request.path.endswith("device_limit_email")
body_json = json.loads(handler.request.body.decode("utf-8"))
assert body_json["to"] in usernames
usernames.remove(body_json["to"])
handler.set_status(201)
# POST /api/v1/workflows/device_limit_email
rsp_q_wflows.put_nowait(verify_workflow)
code, stdout, stderr = cli.check_device_limits()
assert code == 0
# All pushed mock responses should be consumed at this point.
assert (
rsp_q_tadm.empty()
), "TenantAdm mock responses not consumed as expected"
assert (
rsp_q_wflows.empty()
), "Workflows mock responses not consumed as expected"