def test_multi_tenancy_deployment(self):
""" Simply make sure we are able to run the multi tenancy setup and
bootstrap 2 different devices to different tenants """
auth.reset_auth_token()
users = [
{
"email": "*****@*****.**",
"password": "******",
"username": "******",
"container": "mender-client-deployment-1",
"fail": False
},
{
"email": "*****@*****.**",
"password": "******",
"username": "******",
"container": "mender-client-deployment-2",
"fail": True
}
]
for user in users:
auth.new_tenant(user["username"], user["email"], user["password"])
t = auth.current_tenant["tenant_token"]
new_tenant_client(user["container"], t)
auth_v2.accept_devices(1)
for user in users:
auth.new_tenant(user["username"], user["email"], user["password"])
assert len(inv.get_devices()) == 1
self.perform_update(mender_client_container=user["container"],
fail=user["fail"])
def test_multi_tenancy_deployment_aborting(self):
""" Simply make sure we are able to run the multi tenancy setup and
bootstrap 2 different devices to different tenants """
auth.reset_auth_token()
users = [
{
"email": "*****@*****.**",
"password": "******",
"username": "******",
"container": "mender-client-deployment-aborting-1",
}
]
for user in users:
auth.new_tenant(user["username"], user["email"], user["password"])
t = auth.current_tenant["tenant_token"]
new_tenant_client(user["container"], t)
auth_v2.accept_devices(1)
for user in users:
deployment_id, _ = common_update_procedure(install_image=conftest.get_valid_image())
deploy.abort(deployment_id)
deploy.check_expected_statistics(deployment_id, "aborted", 1)
execute(self.mender_log_contains_aborted_string,
hosts=get_mender_client_by_container_name(user["container"]))
def setup_set_client_number_bootstrapped(clients):
docker_compose_cmd("scale mender-client=%d" % clients)
ssh_is_opened()
auth.reset_auth_token()
auth_v2.accept_devices(clients)
set_setup_type(None)
def standard_setup_with_signed_artifact_client(request):
stop_docker_compose()
reset_mender_api()
docker_compose_cmd("-f ../extra/signed-artifact-client-testing/docker-compose.signed-client.yml up -d")
ssh_is_opened()
auth.reset_auth_token()
auth_v2.accept_devices(1)
set_setup_type(ST_SignedClient)
def test_clients_exclusive_to_user(self):
users = [
{
"email": "*****@*****.**",
"password": "******",
"username": "******",
"container": "mender-client-exclusive-1",
"client_id": "",
"device_id": ""
},
{
"email": "*****@*****.**",
"password": "******",
"username": "******",
"container": "mender-client-exclusive-2",
"client_id": "",
"device_id": ""
}
]
for user in users:
auth.set_tenant(user["username"], user["email"], user["password"])
t = auth.current_tenant["tenant_token"]
new_tenant_client(user["container"], t)
auth_v2.accept_devices(1)
# get the new devices client_id and setting it to the our test parameter
assert len(inv.get_devices()) == 1
user["client_id"] = inv.get_devices()[0]["id"]
user["device_id"] = auth_v2.get_devices()[0]["id"]
for user in users:
# make sure that the correct number of clients appear for the given tenant
auth.set_tenant(user["username"], user["email"], user["password"])
assert len(inv.get_devices()) == 1
assert inv.get_devices()[0]["id"] == user["client_id"]
for user in users:
# wait until inventory is populated
auth.set_tenant(user["username"], user["email"], user["password"])
auth_v2.decommission(user["client_id"])
timeout = time.time() + (60 * 5)
device_id = user["device_id"]
while time.time() < timeout:
newAdmissions = auth_v2.get_devices()[0]
if device_id != newAdmissions["id"] \
and user["client_id"] != newAdmissions["id"]:
logger.info("device [%s] not found in inventory [%s]" % (device_id, str(newAdmissions)))
break
else:
logger.info("device [%s] found in inventory..." % (device_id))
time.sleep(.5)
else:
assert False, "decommissioned device still available in inventory"
def test_multi_tenancy_deployment_s3(self):
def verify_object_id_and_tagging():
from boto3 import client
tenant = auth.get_tenant_id()
conn = client('s3')
artifacts = deploy.get_artifacts()
assert len(artifacts) == 1
artifact_id = artifacts[0]["id"]
# verify object ID of proper MT format
for key in conn.list_objects(Bucket='mender-artifacts-int-testing-us')['Contents']:
if key['Key'].startswith(tenant):
expectedObject = "%s/%s" % (tenant, artifact_id)
assert key['Key'] == expectedObject
# verify tagging is working
tags = conn.get_object_tagging(Bucket='mender-artifacts-int-testing-us', Key=expectedObject)["TagSet"][0]
assert tags["Value"] == tenant
assert tags["Key"] == "tenant_id"
# Delete artifact and make sure it's really gone
conn.delete_object(Bucket="mender-artifacts-int-testing-us",
Key=expectedObject)
deploy.delete_artifact(artifact_id)
conn.list_objects(Bucket='mender-artifacts-int-testing-us')
for key in conn.list_objects(Bucket='mender-artifacts-int-testing-us').get('Contents', []):
if key['Key'].startswith(tenant):
pytest.fail("failed to delete artifact from s3")
auth.reset_auth_token()
users = [
{
"email": "*****@*****.**",
"password": "******",
"username": "******",
"container": "mender-client-mt-s3",
}
]
for user in users:
auth.new_tenant(user["username"], user["email"], user["password"])
t = auth.current_tenant["tenant_token"]
new_tenant_client(user["container"], t)
auth_v2.accept_devices(1)
self.perform_update(mender_client_container=user["container"])
verify_object_id_and_tagging()
def standard_setup_with_short_lived_token():
stop_docker_compose()
reset_mender_api()
docker_compose_cmd("-f ../docker-compose.yml \
-f ../docker-compose.client.yml \
-f ../docker-compose.storage.minio.yml \
-f ../docker-compose.testing.yml \
-f ../extra/expired-token-testing/docker-compose.short-token.yml up -d",
use_common_files=False)
ssh_is_opened()
auth.reset_auth_token()
auth_v2.accept_devices(1)
set_setup_type(ST_ShortLivedAuthToken)
def standard_setup_one_client_bootstrapped_with_s3():
stop_docker_compose()
reset_mender_api()
docker_compose_cmd("-f ../docker-compose.yml \
-f ../docker-compose.client.yml \
-f ../docker-compose.testing.yml \
-f ../docker-compose.storage.minio.yml \
-f ../docker-compose.storage.s3.yml up -d",
use_common_files=False)
docker_compose_cmd("logs -f &")
ssh_is_opened()
auth.reset_auth_token()
auth_v2.accept_devices(1)
set_setup_type(ST_OneClientsBootstrapped_AWS_S3)
def test_reject_bootstrap(self):
"""Make sure a rejected device does not perform an upgrade, and that it gets it's auth token removed"""
if not env.host_string:
execute(self.test_reject_bootstrap, hosts=get_mender_clients())
return
# iterate over devices and reject them
for device in auth_v2.get_devices():
auth_v2.set_device_auth_set_status(device["id"], device["auth_sets"][0]["id"], "rejected")
logging.info("Rejecting DeviceID: %s" % device["id"])
auth_v2.check_expected_status("rejected", len(get_mender_clients()))
with Helpers.RebootDetector() as reboot:
try:
deployment_id, _ = common_update_procedure(install_image=conftest.get_valid_image())
except AssertionError:
logging.info("Failed to deploy upgrade to rejected device.")
reboot.verify_reboot_not_performed()
else:
# use assert to fail, so we can get backend logs
pytest.fail("no error while trying to deploy to rejected device")
return
finished = False
# wait until auththoken is removed from file
for _ in range(10):
with settings(abort_exception=Exception):
try:
run("journalctl -u mender -l -n 3 | grep -q 'authentication request rejected'")
except:
time.sleep(30)
else:
finished = True
break
auth_v2.accept_devices(1)
if not finished:
pytest.fail("failed to remove authtoken from mender-store file")
def setup_failover():
"""
Setup with two servers and one client.
First server (A) behaves as usual, whereas the second server (B) should
not expect any clients. Client is initially set up against server A.
In docker all microservices for B has a suffix "-2"
"""
stop_docker_compose()
reset_mender_api()
docker_compose_cmd("-f ../docker-compose.yml \
-f ../docker-compose.client.yml \
-f ../docker-compose.storage.minio.yml \
-f ../docker-compose.testing.yml \
-f ../extra/failover-testing/docker-compose.failover-server.yml up -d",
use_common_files=False)
ssh_is_opened()
auth.reset_auth_token()
auth_v2.accept_devices(1)
set_setup_type(ST_Failover)
def standard_setup_two_clients_bootstrapped():
restart_docker_compose(2)
reset_mender_api()
auth_v2.accept_devices(2)
set_setup_type(ST_TwoClientsBootstrapped)
def standard_setup_one_client_bootstrapped():
restart_docker_compose()
reset_mender_api()
auth_v2.accept_devices(1)
set_setup_type(ST_OneClientBootstrapped)