def initialize_os_setup(env): """ Seed the OS setup with all operational data - users and devices. Return {"os_devs": [...], "os_users": [...]} """ uadmm = ApiClient(useradm.URL_MGMT, host=env.get_mender_gateway()) dauthd = ApiClient(deviceauth.URL_DEVICES, host=env.get_mender_gateway()) dauthm = ApiClient(deviceauth.URL_MGMT, host=env.get_mender_gateway()) users = [ create_user("*****@*****.**", "correcthorse", containers_namespace=env.name), create_user("*****@*****.**", "correcthorse", containers_namespace=env.name), ] r = uadmm.call("POST", useradm.URL_LOGIN, auth=(users[0].name, users[0].pwd)) assert r.status_code == 200 utoken = r.text # create and accept some devs; save tokens devs = [] for _ in range(10): devs.append(make_accepted_device(dauthd, dauthm, utoken)) # get tokens for all for d in devs: body, sighdr = deviceauth.auth_req( d.id_data, d.authsets[0].pubkey, d.authsets[0].privkey ) r = dauthd.call("POST", deviceauth.URL_AUTH_REQS, body, headers=sighdr) assert r.status_code == 200 d.token = r.text return {"os_devs": devs, "os_users": users}
def get_tenant_username_and_password(self, plan): _ = plan uuidv4 = str(uuid.uuid4()) username, password = ( "some.user+" + uuidv4 + "@example.com", "secretsecret", ) create_user(username, password) return None, username, password
def tenant_users(clean_migrated_mongo): uuidv4 = str(uuid.uuid4()) tenant, username, password = ( "test.mender.io-" + uuidv4, "some.user+" + uuidv4 + "@example.com", "secretsecret", ) tenant = create_org(tenant, username, password, "enterprise") user = create_user("foo+" + uuidv4 + "@user.com", "correcthorsebatterystaple", tid=tenant.id) tenant.users.append(user) update_tenant(tenant.id, addons=["troubleshoot"]) for u in tenant.users: r = ApiClient(useradm.URL_MGMT).call("POST", useradm.URL_LOGIN, auth=(u.name, u.pwd)) assert r.status_code == 200 assert r.text is not None assert r.text != "" u.token = r.text yield tenant
def test_deploy_to_group(self, clean_mongo, test_case): """ Tests adding group restrinction to roles and checking that users are not allowed to deploy to devices outside the restricted groups. """ dplmnt_MGMT = ApiClient(deployments.URL_MGMT) i = 0 self.logger.info("RUN: %s", test_case["name"]) tenant = create_org("org%d" % i, "*****@*****.**" % i, "password", plan="enterprise") test_user = create_user(tid=tenant.id, **test_case["user"]) tenant.users.append(test_user) login_tenant_users(tenant) # Initialize tenant's devices grouped_devices = setup_tenant_devices(tenant, test_case["device_groups"]) # Add user to deployment group role = UserRole("RBAC_DEVGRP", test_case["permissions"]) add_user_to_role(test_user, tenant, role) # Upload a bogus artifact artifact = Artifact("tester", ["qemux86-64"], payload="bogus") rsp = dplmnt_MGMT.with_auth(test_user.token).call( "POST", deployments.URL_DEPLOYMENTS_ARTIFACTS, files=(( "artifact", ( "artifact.mender", artifact.make(), "application/octet-stream", ), ), ), ) assert rsp.status_code == 201, rsp.text # Attempt to create deployment with test user devices = [] for group in test_case["deploy_groups"]: for device in grouped_devices[group]: devices.append(device.id) rsp = dplmnt_MGMT.with_auth(test_user.token).call( "POST", deployments.URL_DEPLOYMENTS, body={ "artifact_name": "tester", "name": "dplmnt", "devices": devices }, ) assert rsp.status_code == test_case["status_code"], rsp.text self.logger.info("PASS: %s" % test_case["name"])
def initialize_os_setup(): """ Seed the OS setup with all operational data - users and devices. Return {"os_devs": [...], "os_users": [...]} """ uadmm = ApiClient('https://{}/api/management/v1/useradm'.format( get_mender_gateway())) dauthd = ApiClient('https://{}/api/devices/v1/authentication'.format( get_mender_gateway())) dauthm = ApiClient('https://{}/api/management/v2/devauth'.format( get_mender_gateway())) users = [ create_user("*****@*****.**", "correcthorse", docker_prefix=docker_compose_instance), create_user("*****@*****.**", "correcthorse", docker_prefix=docker_compose_instance) ] r = uadmm.call('POST', useradm.URL_LOGIN, auth=(users[0].name, users[0].pwd)) assert r.status_code == 200 utoken = r.text # create and accept some devs; save tokens devs = [] for i in range(10): devs.append(make_accepted_device(dauthd, dauthm, utoken)) # get tokens for all for d in devs: body, sighdr = deviceauth_v1.auth_req(d.id_data, d.authsets[0].pubkey, d.authsets[0].privkey) r = dauthd.call('POST', deviceauth_v1.URL_AUTH_REQS, body, headers=sighdr) assert r.status_code == 200 d.token = r.text return {"os_devs": devs, "os_users": users}
def test_deploy_to_devices(self, clean_mongo, test_case): """ Tests adding group restrinction to roles and checking that users are not allowed to deploy to devices by providing list of device IDs. The only exception is single device deployment. """ self.logger.info("RUN: %s", test_case["name"]) uuidv4 = str(uuid.uuid4()) tenant, username, password = ( "test.mender.io-" + uuidv4, "some.user+" + uuidv4 + "@example.com", "secretsecret", ) tenant = create_org(tenant, username, password, "enterprise") test_case["user"]["name"] = test_case["user"]["name"].replace("UUID", uuidv4) test_user = create_user(tid=tenant.id, **test_case["user"]) tenant.users.append(test_user) login_tenant_users(tenant) # Initialize tenant's devices grouped_devices = setup_tenant_devices(tenant, test_case["device_groups"]) # Add user to deployment group role = UserRole("RBAC_DEVGRP", test_case["permissions"]) add_user_to_role(test_user, tenant, role) # Upload a bogus artifact artifact = Artifact("tester", ["qemux86-64"], payload="bogus") dplmnt_MGMT = ApiClient(deployments.URL_MGMT) rsp = dplmnt_MGMT.with_auth(test_user.token).call( "POST", deployments.URL_DEPLOYMENTS_ARTIFACTS, files=( ( "artifact", ("artifact.mender", artifact.make(), "application/octet-stream"), ), ), ) assert rsp.status_code == 201, rsp.text # Attempt to create deployment with test user devices = [] for group in test_case["deploy_groups"]: for device in grouped_devices[group]: devices.append(device.id) rsp = dplmnt_MGMT.with_auth(test_user.token).call( "POST", deployments.URL_DEPLOYMENTS, body={"artifact_name": "tester", "name": "dplmnt", "devices": devices}, ) assert rsp.status_code == test_case["status_code"], rsp.text self.logger.info("PASS: %s" % test_case["name"])
def test_set_and_deploy_configuration(self, clean_mongo, test_case): """ Tests adding group restrinction to roles and checking that users are not allowed to set and deploy configuration to devices outside the restricted groups. """ self.logger.info("RUN: %s", test_case["name"]) uuidv4 = str(uuid.uuid4()) tenant, username, password = ( "test.mender.io-" + uuidv4, "some.user+" + uuidv4 + "@example.com", "secretsecret", ) tenant = create_org(tenant, username, password, "enterprise") update_tenant(tenant.id, addons=["configure"]) test_case["user"]["name"] = test_case["user"]["name"].replace( "UUID", uuidv4) test_user = create_user(tid=tenant.id, **test_case["user"]) tenant.users.append(test_user) login_tenant_users(tenant) # Initialize tenant's devices grouped_devices = setup_tenant_devices(tenant, test_case["device_groups"]) # Add user to deployment group role = UserRole("RBAC_DEVGRP", test_case["permissions"]) add_user_to_role(test_user, tenant, role) deviceconf_MGMT = ApiClient(deviceconfig.URL_MGMT) device_id = grouped_devices[test_case["deploy_group"]][0].id # Attempt to set configuration rsp = deviceconf_MGMT.with_auth(test_user.token).call( "PUT", deviceconfig.URL_MGMT_DEVICE_CONFIGURATION.format(id=device_id), body={"foo": "bar"}, ) assert rsp.status_code == test_case[ "set_configuration_status_code"], rsp.text # Attempt to deploy the configuration rsp = deviceconf_MGMT.with_auth(test_user.token).call( "POST", deviceconfig.URL_MGMT_DEVICE_CONFIGURATION_DEPLOY.format( id=device_id), body={"retries": 0}, ) assert (rsp.status_code == test_case["deploy_configuration_status_code"]), rsp.text self.logger.info("PASS: %s" % test_case["name"])
def tenants_users(clean_migrated_mongo): tenants = [] cli = CliTenantadm() api = ApiClient(tenantadm.URL_INTERNAL) for n in ["tenant1", "tenant2"]: username = "******" # user[12]@tenant[12].com password = "******" # Create tenant with two users tenant = create_org(n, username % (1, n), "123password", plan="enterprise") tenant.users.append(create_user(username % (2, n), password, tenant.id)) tenants.append(tenant) yield tenants
def test_get_emails_by_group(self, clean_mongo, test_case): """ Tests endpoint for retrieving list of users emails with access to devices from given group. """ self.logger.info("RUN: %s", test_case["name"]) uuidv4 = str(uuid.uuid4()) tenant, username, password = ( "test.mender.io-" + uuidv4, "admin+" + uuidv4 + "@example.com", "secretsecret", ) tenant = create_org(tenant, username, password, "enterprise") for i in range(len(test_case["users"])): test_case["users"][i]["name"] = test_case["users"][i][ "name"].replace("UUID", uuidv4) test_user = create_user( test_case["users"][i]["name"], test_case["users"][i]["pwd"], tid=tenant.id, roles=test_case["users"][i]["roles"], ) tenant.users.append(test_user) # Initialize tenant's devices grouped_devices = setup_tenant_devices(tenant, test_case["device_groups"]) device_id = grouped_devices[test_case["device_group"]][0].id useradm_INT = ApiClient(useradm.URL_INTERNAL, host=useradm.HOST, schema="http://") rsp = useradm_INT.call( "GET", useradm.URL_EMAILS, path_params={ "tenant_id": tenant.id, "device_id": device_id }, ) assert rsp.status_code == test_case["status_code"], rsp.text emails = rsp.json()["emails"] assert len(emails) == test_case["emails_count"] + 1 for email in emails: assert email.startswith( test_case["emails_prefix"]) or email.startswith("admin")
def tenants_users(clean_migrated_mongo): tenants = [] for _ in range(2): uuidv4 = str(uuid.uuid4()) tenant, username, password = ( "test.mender.io-" + uuidv4, "ci.email.tests+" + uuidv4 + "@mender.io", "secretsecret", ) # Create tenant with two users tenant = create_org(tenant, username, password, "enterprise") tenant.users.append( create_user("ci.email.tests+" + uuidv4 + "*****@*****.**", password, tenant.id)) tenants.append(tenant) yield tenants
def tenants_users(clean_migrated_mongo): tenants = [] for n in range(2): uuidv4 = str(uuid.uuid4()) tenant, username, password = ( "test.mender.io-" + uuidv4, "some.user+" + uuidv4 + "@foo.com", "secretsecret", ) # Create tenant with two users tenant = create_org(tenant, username, password, "enterprise") tenant.users.append( create_user("some.other.user+" + uuidv4 + "@foo.com", password, tenant.id)) tenants.append(tenant) yield tenants
def setup_os_compat(request): env = container_factory.get_compatibility_setup() request.addfinalizer(env.teardown) env.setup() env.user = create_user( "*****@*****.**", "correcthorse", containers_namespace=env.name ) env.populate_clients() clients = env.get_mender_clients() assert len(clients) > 0, "Failed to setup clients" env.devices = [] for client in clients: dev = MenderDevice(client) dev.ssh_is_opened() env.devices.append(dev) return env
def azure_user(clean_mongo) -> Optional[User]: """Create Mender user and create an Azure IoT Hub integration in iot-manager using the connection string.""" api_azure = ApiClient(base_url=iot.URL_MGMT) uuidv4 = str(uuid.uuid4()) try: tenant = create_org( "test.mender.io-" + uuidv4, f"user+{uuidv4}@example.com", "password123", ) user = tenant.users[0] user.tenant = tenant except RuntimeError: # If open-source user = create_user(f"user+{uuidv4}@example.com", "password123") # Authorize rsp = ApiClient(useradm.URL_MGMT).call("POST", useradm.URL_LOGIN, auth=(user.name, user.pwd)) assert rsp.status_code == 200 user.token = rsp.text connection_string = get_connection_string() integration = { "provider": "iot-hub", "credentials": { "connection_string": connection_string, "type": "sas" }, } # create the integration in iot-manager rsp = api_azure.with_auth(user.token).call("POST", iot.URL_INTEGRATIONS, body=integration) assert rsp.status_code == 201 yield user
def user(clean_migrated_mongo): yield create_user('*****@*****.**', 'correcthorse')
def test_create_artifact(self, mongo, clean_mongo): uuidv4 = str(uuid.uuid4()) username, password = ("some.user+" + uuidv4 + "@example.com", "secretsecret") create_user(username, password) self.run_create_artifact_test(username, password)
def user(clean_mongo): yield create_user("*****@*****.**", "correcthorse")
def test_create_artifact(self, mongo, clean_mongo): username, password = "******", "secretsecret" create_user(username, password) self.run_create_artifact_test(username, password)