mgmt.py 47 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111
  1. # -*- encoding: utf8 -*-
  2. #
  3. # The Qubes OS Project, http://www.qubes-os.org
  4. #
  5. # Copyright (C) 2017 Marek Marczykowski-Górecki
  6. # <marmarek@invisiblethingslab.com>
  7. #
  8. # This program is free software; you can redistribute it and/or modify
  9. # it under the terms of the GNU General Public License as published by
  10. # the Free Software Foundation; either version 2 of the License, or
  11. # (at your option) any later version.
  12. #
  13. # This program is distributed in the hope that it will be useful,
  14. # but WITHOUT ANY WARRANTY; without even the implied warranty of
  15. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  16. # GNU General Public License for more details.
  17. #
  18. # You should have received a copy of the GNU General Public License along
  19. # with this program; if not, see <http://www.gnu.org/licenses/>.
  20. ''' Tests for management calls endpoints '''
  21. import asyncio
  22. import libvirt
  23. import unittest.mock
  24. import qubes
  25. import qubes.tests
  26. import qubes.mgmt
  27. # properties defined in API
  28. volume_properties = [
  29. 'pool', 'vid', 'size', 'usage', 'rw', 'internal', 'source',
  30. 'save_on_stop', 'snap_on_start']
  31. class MgmtTestCase(qubes.tests.QubesTestCase):
  32. def setUp(self):
  33. super().setUp()
  34. app = qubes.Qubes('/tmp/qubes-test.xml', load=False)
  35. app.vmm = unittest.mock.Mock(spec=qubes.app.VMMConnection)
  36. app.load_initial_values()
  37. app.default_kernel = '1.0'
  38. app.default_netvm = None
  39. app.add_new_vm('TemplateVM', label='black', name='test-template')
  40. app.default_template = 'test-template'
  41. app.save = unittest.mock.Mock()
  42. self.vm = app.add_new_vm('AppVM', label='red', name='test-vm1',
  43. template='test-template')
  44. self.app = app
  45. libvirt_attrs = {
  46. 'libvirt_conn.lookupByUUID.return_value.isActive.return_value':
  47. False,
  48. 'libvirt_conn.lookupByUUID.return_value.state.return_value':
  49. [libvirt.VIR_DOMAIN_SHUTOFF],
  50. }
  51. app.vmm.configure_mock(**libvirt_attrs)
  52. self.emitter = qubes.tests.TestEmitter()
  53. self.app.domains[0].fire_event = self.emitter.fire_event
  54. self.app.domains[0].fire_event_pre = self.emitter.fire_event_pre
  55. def call_mgmt_func(self, method, dest, arg=b'', payload=b''):
  56. mgmt_obj = qubes.mgmt.QubesMgmt(self.app, b'dom0', method, dest, arg)
  57. loop = asyncio.get_event_loop()
  58. response = loop.run_until_complete(
  59. mgmt_obj.execute(untrusted_payload=payload))
  60. self.assertEventFired(self.emitter,
  61. 'mgmt-permission:' + method.decode('ascii'))
  62. return response
  63. class TC_00_VMs(MgmtTestCase):
  64. def test_000_vm_list(self):
  65. value = self.call_mgmt_func(b'mgmt.vm.List', b'dom0')
  66. self.assertEqual(value,
  67. 'dom0 class=AdminVM state=Running\n'
  68. 'test-template class=TemplateVM state=Halted\n'
  69. 'test-vm1 class=AppVM state=Halted\n')
  70. def test_001_vm_list_single(self):
  71. value = self.call_mgmt_func(b'mgmt.vm.List', b'test-vm1')
  72. self.assertEqual(value,
  73. 'test-vm1 class=AppVM state=Halted\n')
  74. def test_010_vm_property_list(self):
  75. # this test is kind of stupid, but at least check if appropriate
  76. # mgmt-permission event is fired
  77. value = self.call_mgmt_func(b'mgmt.vm.property.List', b'test-vm1')
  78. properties = self.app.domains['test-vm1'].property_list()
  79. self.assertEqual(value,
  80. ''.join('{}\n'.format(prop.__name__) for prop in properties))
  81. def test_020_vm_property_get_str(self):
  82. value = self.call_mgmt_func(b'mgmt.vm.property.Get', b'test-vm1',
  83. b'name')
  84. self.assertEqual(value, 'default=False type=str test-vm1')
  85. def test_021_vm_property_get_int(self):
  86. value = self.call_mgmt_func(b'mgmt.vm.property.Get', b'test-vm1',
  87. b'vcpus')
  88. self.assertEqual(value, 'default=True type=int 42')
  89. def test_022_vm_property_get_bool(self):
  90. value = self.call_mgmt_func(b'mgmt.vm.property.Get', b'test-vm1',
  91. b'provides_network')
  92. self.assertEqual(value, 'default=True type=bool False')
  93. def test_023_vm_property_get_label(self):
  94. value = self.call_mgmt_func(b'mgmt.vm.property.Get', b'test-vm1',
  95. b'label')
  96. self.assertEqual(value, 'default=False type=label red')
  97. def test_024_vm_property_get_vm(self):
  98. value = self.call_mgmt_func(b'mgmt.vm.property.Get', b'test-vm1',
  99. b'template')
  100. self.assertEqual(value, 'default=False type=vm test-template')
  101. def test_025_vm_property_get_vm_none(self):
  102. value = self.call_mgmt_func(b'mgmt.vm.property.Get', b'test-vm1',
  103. b'netvm')
  104. self.assertEqual(value, 'default=True type=vm ')
  105. def test_030_vm_property_set_vm(self):
  106. netvm = self.app.add_new_vm('AppVM', label='red', name='test-net',
  107. template='test-template', provides_network=True)
  108. with unittest.mock.patch('qubes.vm.VMProperty.__set__') as mock:
  109. value = self.call_mgmt_func(b'mgmt.vm.property.Set', b'test-vm1',
  110. b'netvm', b'test-net')
  111. self.assertIsNone(value)
  112. mock.assert_called_once_with(self.vm, 'test-net')
  113. self.app.save.assert_called_once_with()
  114. def test_032_vm_property_set_vm_invalid1(self):
  115. with unittest.mock.patch('qubes.vm.VMProperty.__set__') as mock:
  116. with self.assertRaises(qubes.exc.QubesValueError):
  117. self.call_mgmt_func(b'mgmt.vm.property.Set', b'test-vm1',
  118. b'netvm', b'forbidden-chars/../!')
  119. self.assertFalse(mock.called)
  120. self.assertFalse(self.app.save.called)
  121. def test_033_vm_property_set_vm_invalid2(self):
  122. with unittest.mock.patch('qubes.vm.VMProperty.__set__') as mock:
  123. with self.assertRaises(qubes.exc.QubesValueError):
  124. self.call_mgmt_func(b'mgmt.vm.property.Set', b'test-vm1',
  125. b'netvm', b'\x80\x90\xa0')
  126. self.assertFalse(mock.called)
  127. self.assertFalse(self.app.save.called)
  128. def test_034_vm_propert_set_bool_true(self):
  129. with unittest.mock.patch('qubes.property.__set__') as mock:
  130. value = self.call_mgmt_func(b'mgmt.vm.property.Set', b'test-vm1',
  131. b'autostart', b'True')
  132. self.assertIsNone(value)
  133. mock.assert_called_once_with(self.vm, True)
  134. self.app.save.assert_called_once_with()
  135. def test_035_vm_propert_set_bool_false(self):
  136. with unittest.mock.patch('qubes.property.__set__') as mock:
  137. value = self.call_mgmt_func(b'mgmt.vm.property.Set', b'test-vm1',
  138. b'autostart', b'False')
  139. self.assertIsNone(value)
  140. mock.assert_called_once_with(self.vm, False)
  141. self.app.save.assert_called_once_with()
  142. def test_036_vm_propert_set_bool_invalid1(self):
  143. with unittest.mock.patch('qubes.property.__set__') as mock:
  144. with self.assertRaises(qubes.exc.QubesValueError):
  145. self.call_mgmt_func(b'mgmt.vm.property.Set', b'test-vm1',
  146. b'autostart', b'some string')
  147. self.assertFalse(mock.called)
  148. self.assertFalse(self.app.save.called)
  149. def test_037_vm_propert_set_bool_invalid2(self):
  150. with unittest.mock.patch('qubes.property.__set__') as mock:
  151. with self.assertRaises(qubes.exc.QubesValueError):
  152. self.call_mgmt_func(b'mgmt.vm.property.Set', b'test-vm1',
  153. b'autostart', b'\x80\x90@#$%^&*(')
  154. self.assertFalse(mock.called)
  155. self.assertFalse(self.app.save.called)
  156. def test_038_vm_propert_set_str(self):
  157. with unittest.mock.patch('qubes.property.__set__') as mock:
  158. value = self.call_mgmt_func(b'mgmt.vm.property.Set', b'test-vm1',
  159. b'kernel', b'1.0')
  160. self.assertIsNone(value)
  161. mock.assert_called_once_with(self.vm, '1.0')
  162. self.app.save.assert_called_once_with()
  163. def test_039_vm_propert_set_str_invalid1(self):
  164. with unittest.mock.patch('qubes.property.__set__') as mock:
  165. with self.assertRaises(qubes.exc.QubesValueError):
  166. self.call_mgmt_func(b'mgmt.vm.property.Set', b'test-vm1',
  167. b'kernel', b'some, non-ASCII: \x80\xd2')
  168. self.assertFalse(mock.called)
  169. self.assertFalse(self.app.save.called)
  170. def test_040_vm_propert_set_int(self):
  171. with unittest.mock.patch('qubes.property.__set__') as mock:
  172. value = self.call_mgmt_func(b'mgmt.vm.property.Set', b'test-vm1',
  173. b'maxmem', b'1024000')
  174. self.assertIsNone(value)
  175. mock.assert_called_once_with(self.vm, 1024000)
  176. self.app.save.assert_called_once_with()
  177. def test_041_vm_propert_set_int_invalid1(self):
  178. with unittest.mock.patch('qubes.property.__set__') as mock:
  179. with self.assertRaises(qubes.exc.QubesValueError):
  180. self.call_mgmt_func(b'mgmt.vm.property.Set', b'test-vm1',
  181. b'maxmem', b'fourty two')
  182. self.assertFalse(mock.called)
  183. self.assertFalse(self.app.save.called)
  184. def test_042_vm_propert_set_label(self):
  185. with unittest.mock.patch('qubes.property.__set__') as mock:
  186. value = self.call_mgmt_func(b'mgmt.vm.property.Set', b'test-vm1',
  187. b'label', b'green')
  188. self.assertIsNone(value)
  189. mock.assert_called_once_with(self.vm, 'green')
  190. self.app.save.assert_called_once_with()
  191. def test_043_vm_propert_set_label_invalid1(self):
  192. with unittest.mock.patch('qubes.property.__set__') as mock:
  193. with self.assertRaises(qubes.exc.QubesValueError):
  194. self.call_mgmt_func(b'mgmt.vm.property.Set', b'test-vm1',
  195. b'maxmem', b'some, non-ASCII: \x80\xd2')
  196. self.assertFalse(mock.called)
  197. self.assertFalse(self.app.save.called)
  198. @unittest.skip('label existence not checked before actual setter yet')
  199. def test_044_vm_propert_set_label_invalid2(self):
  200. with unittest.mock.patch('qubes.property.__set__') as mock:
  201. with self.assertRaises(qubes.exc.QubesValueError):
  202. self.call_mgmt_func(b'mgmt.vm.property.Set', b'test-vm1',
  203. b'maxmem', b'non-existing-color')
  204. self.assertFalse(mock.called)
  205. self.assertFalse(self.app.save.called)
  206. def test_050_vm_property_help(self):
  207. value = self.call_mgmt_func(b'mgmt.vm.property.Help', b'test-vm1',
  208. b'label')
  209. self.assertEqual(value,
  210. 'Colourful label assigned to VM. This is where the colour of the '
  211. 'padlock is set.')
  212. self.assertFalse(self.app.save.called)
  213. def test_052_vm_property_help_invalid_property(self):
  214. with self.assertRaises(AssertionError):
  215. self.call_mgmt_func(b'mgmt.vm.property.Help', b'test-vm1',
  216. b'no-such-property')
  217. self.assertFalse(self.app.save.called)
  218. def test_060_vm_property_reset(self):
  219. with unittest.mock.patch('qubes.property.__delete__') as mock:
  220. value = self.call_mgmt_func(b'mgmt.vm.property.Reset', b'test-vm1',
  221. b'default_user')
  222. mock.assert_called_with(self.vm)
  223. self.assertIsNone(value)
  224. self.app.save.assert_called_once_with()
  225. def test_062_vm_property_reset_invalid_property(self):
  226. with unittest.mock.patch('qubes.property.__delete__') as mock:
  227. with self.assertRaises(AssertionError):
  228. self.call_mgmt_func(b'mgmt.vm.property.Help', b'test-vm1',
  229. b'no-such-property')
  230. self.assertFalse(mock.called)
  231. self.assertFalse(self.app.save.called)
  232. def test_070_vm_volume_list(self):
  233. self.vm.volumes = unittest.mock.Mock()
  234. volumes_conf = {
  235. 'keys.return_value': ['root', 'private', 'volatile', 'kernel']
  236. }
  237. self.vm.volumes.configure_mock(**volumes_conf)
  238. value = self.call_mgmt_func(b'mgmt.vm.volume.List', b'test-vm1')
  239. self.assertEqual(value, 'root\nprivate\nvolatile\nkernel\n')
  240. # check if _only_ keys were accessed
  241. self.assertEqual(self.vm.volumes.mock_calls,
  242. [unittest.mock.call.keys()])
  243. def test_080_vm_volume_info(self):
  244. self.vm.volumes = unittest.mock.MagicMock()
  245. volumes_conf = {
  246. 'keys.return_value': ['root', 'private', 'volatile', 'kernel']
  247. }
  248. for prop in volume_properties:
  249. volumes_conf[
  250. '__getitem__.return_value.{}'.format(prop)] = prop +'-value'
  251. self.vm.volumes.configure_mock(**volumes_conf)
  252. value = self.call_mgmt_func(b'mgmt.vm.volume.Info', b'test-vm1',
  253. b'private')
  254. self.assertEqual(value,
  255. ''.join('{p}={p}-value\n'.format(p=p) for p in volume_properties))
  256. self.assertEqual(self.vm.volumes.mock_calls,
  257. [unittest.mock.call.keys(),
  258. unittest.mock.call.__getattr__('__getitem__')('private')])
  259. def test_080_vm_volume_info_invalid_volume(self):
  260. self.vm.volumes = unittest.mock.MagicMock()
  261. volumes_conf = {
  262. 'keys.return_value': ['root', 'private', 'volatile', 'kernel']
  263. }
  264. self.vm.volumes.configure_mock(**volumes_conf)
  265. with self.assertRaises(AssertionError):
  266. self.call_mgmt_func(b'mgmt.vm.volume.Info', b'test-vm1',
  267. b'no-such-volume')
  268. self.assertEqual(self.vm.volumes.mock_calls,
  269. [unittest.mock.call.keys()])
  270. def test_090_vm_volume_listsnapshots(self):
  271. self.vm.volumes = unittest.mock.MagicMock()
  272. volumes_conf = {
  273. 'keys.return_value': ['root', 'private', 'volatile', 'kernel'],
  274. '__getitem__.return_value.revisions': ['rev1', 'rev2'],
  275. }
  276. self.vm.volumes.configure_mock(**volumes_conf)
  277. value = self.call_mgmt_func(b'mgmt.vm.volume.ListSnapshots',
  278. b'test-vm1', b'private')
  279. self.assertEqual(value,
  280. 'rev1\nrev2\n')
  281. self.assertEqual(self.vm.volumes.mock_calls,
  282. [unittest.mock.call.keys(),
  283. unittest.mock.call.__getattr__('__getitem__')('private')])
  284. def test_090_vm_volume_listsnapshots_invalid_volume(self):
  285. self.vm.volumes = unittest.mock.MagicMock()
  286. volumes_conf = {
  287. 'keys.return_value': ['root', 'private', 'volatile', 'kernel']
  288. }
  289. self.vm.volumes.configure_mock(**volumes_conf)
  290. with self.assertRaises(AssertionError):
  291. self.call_mgmt_func(b'mgmt.vm.volume.ListSnapshots', b'test-vm1',
  292. b'no-such-volume')
  293. self.assertEqual(self.vm.volumes.mock_calls,
  294. [unittest.mock.call.keys()])
  295. @unittest.skip('method not implemented yet')
  296. def test_100_vm_volume_snapshot(self):
  297. pass
  298. @unittest.skip('method not implemented yet')
  299. def test_100_vm_volume_snapshot_invlid_volume(self):
  300. self.vm.volumes = unittest.mock.MagicMock()
  301. volumes_conf = {
  302. 'keys.return_value': ['root', 'private', 'volatile', 'kernel'],
  303. '__getitem__.return_value.revisions': ['rev1', 'rev2'],
  304. }
  305. self.vm.volumes.configure_mock(**volumes_conf)
  306. with self.assertRaises(AssertionError):
  307. self.call_mgmt_func(b'mgmt.vm.volume.Snapshots',
  308. b'test-vm1', b'no-such-volume')
  309. self.assertEqual(self.vm.volumes.mock_calls,
  310. [unittest.mock.call.keys()])
  311. @unittest.skip('method not implemented yet')
  312. def test_100_vm_volume_snapshot_invalid_revision(self):
  313. self.vm.volumes = unittest.mock.MagicMock()
  314. volumes_conf = {
  315. 'keys.return_value': ['root', 'private', 'volatile', 'kernel']
  316. }
  317. self.vm.volumes.configure_mock(**volumes_conf)
  318. with self.assertRaises(AssertionError):
  319. self.call_mgmt_func(b'mgmt.vm.volume.Snapshots',
  320. b'test-vm1', b'private', b'no-such-rev')
  321. self.assertEqual(self.vm.volumes.mock_calls,
  322. [unittest.mock.call.keys(),
  323. unittest.mock.call.__getattr__('__getitem__')('private')])
  324. def test_110_vm_volume_revert(self):
  325. self.vm.volumes = unittest.mock.MagicMock()
  326. volumes_conf = {
  327. 'keys.return_value': ['root', 'private', 'volatile', 'kernel'],
  328. '__getitem__.return_value.revisions': ['rev1', 'rev2'],
  329. }
  330. self.vm.volumes.configure_mock(**volumes_conf)
  331. self.vm.storage = unittest.mock.Mock()
  332. value = self.call_mgmt_func(b'mgmt.vm.volume.Revert',
  333. b'test-vm1', b'private', b'rev1')
  334. self.assertIsNone(value)
  335. self.assertEqual(self.vm.volumes.mock_calls,
  336. [unittest.mock.call.keys(),
  337. unittest.mock.call.__getattr__('__getitem__')('private')])
  338. self.assertEqual(self.vm.storage.mock_calls,
  339. [unittest.mock.call.get_pool(self.vm.volumes['private']),
  340. unittest.mock.call.get_pool().revert('rev1')])
  341. def test_110_vm_volume_revert_invalid_rev(self):
  342. self.vm.volumes = unittest.mock.MagicMock()
  343. volumes_conf = {
  344. 'keys.return_value': ['root', 'private', 'volatile', 'kernel'],
  345. '__getitem__.return_value.revisions': ['rev1', 'rev2'],
  346. }
  347. self.vm.volumes.configure_mock(**volumes_conf)
  348. self.vm.storage = unittest.mock.Mock()
  349. with self.assertRaises(AssertionError):
  350. self.call_mgmt_func(b'mgmt.vm.volume.Revert',
  351. b'test-vm1', b'private', b'no-such-rev')
  352. self.assertEqual(self.vm.volumes.mock_calls,
  353. [unittest.mock.call.keys(),
  354. unittest.mock.call.__getattr__('__getitem__')('private')])
  355. self.assertFalse(self.vm.storage.called)
  356. def test_120_vm_volume_resize(self):
  357. self.vm.volumes = unittest.mock.MagicMock()
  358. volumes_conf = {
  359. 'keys.return_value': ['root', 'private', 'volatile', 'kernel'],
  360. }
  361. self.vm.volumes.configure_mock(**volumes_conf)
  362. self.vm.storage = unittest.mock.Mock()
  363. value = self.call_mgmt_func(b'mgmt.vm.volume.Resize',
  364. b'test-vm1', b'private', b'1024000000')
  365. self.assertIsNone(value)
  366. self.assertEqual(self.vm.volumes.mock_calls,
  367. [unittest.mock.call.keys()])
  368. self.assertEqual(self.vm.storage.mock_calls,
  369. [unittest.mock.call.resize('private', 1024000000)])
  370. def test_120_vm_volume_resize_invalid_size1(self):
  371. self.vm.volumes = unittest.mock.MagicMock()
  372. volumes_conf = {
  373. 'keys.return_value': ['root', 'private', 'volatile', 'kernel'],
  374. }
  375. self.vm.volumes.configure_mock(**volumes_conf)
  376. self.vm.storage = unittest.mock.Mock()
  377. with self.assertRaises(AssertionError):
  378. self.call_mgmt_func(b'mgmt.vm.volume.Resize',
  379. b'test-vm1', b'private', b'no-int-size')
  380. self.assertEqual(self.vm.volumes.mock_calls,
  381. [unittest.mock.call.keys()])
  382. self.assertFalse(self.vm.storage.called)
  383. def test_120_vm_volume_resize_invalid_size2(self):
  384. self.vm.volumes = unittest.mock.MagicMock()
  385. volumes_conf = {
  386. 'keys.return_value': ['root', 'private', 'volatile', 'kernel'],
  387. }
  388. self.vm.volumes.configure_mock(**volumes_conf)
  389. self.vm.storage = unittest.mock.Mock()
  390. with self.assertRaises(AssertionError):
  391. self.call_mgmt_func(b'mgmt.vm.volume.Resize',
  392. b'test-vm1', b'private', b'-1')
  393. self.assertEqual(self.vm.volumes.mock_calls,
  394. [unittest.mock.call.keys()])
  395. self.assertFalse(self.vm.storage.called)
  396. def test_130_pool_list(self):
  397. self.app.pools = ['file', 'lvm']
  398. value = self.call_mgmt_func(b'mgmt.pool.List', b'dom0')
  399. self.assertEqual(value, 'file\nlvm\n')
  400. self.assertFalse(self.app.save.called)
  401. @unittest.mock.patch('qubes.storage.pool_drivers')
  402. @unittest.mock.patch('qubes.storage.driver_parameters')
  403. def test_140_pool_listdrivers(self, mock_parameters, mock_drivers):
  404. self.app.pools = ['file', 'lvm']
  405. mock_drivers.return_value = ['driver1', 'driver2']
  406. mock_parameters.side_effect = \
  407. lambda driver: {
  408. 'driver1': ['param1', 'param2'],
  409. 'driver2': ['param3', 'param4']
  410. }[driver]
  411. value = self.call_mgmt_func(b'mgmt.pool.ListDrivers', b'dom0')
  412. self.assertEqual(value,
  413. 'driver1 param1 param2\ndriver2 param3 param4\n')
  414. self.assertEqual(mock_drivers.mock_calls, [unittest.mock.call()])
  415. self.assertEqual(mock_parameters.mock_calls,
  416. [unittest.mock.call('driver1'), unittest.mock.call('driver2')])
  417. self.assertFalse(self.app.save.called)
  418. def test_150_pool_info(self):
  419. self.app.pools = {
  420. 'pool1': unittest.mock.Mock(config={
  421. 'param1': 'value1', 'param2': 'value2'})
  422. }
  423. value = self.call_mgmt_func(b'mgmt.pool.Info', b'dom0', b'pool1')
  424. self.assertEqual(value, 'param1=value1\nparam2=value2\n')
  425. self.assertFalse(self.app.save.called)
  426. @unittest.mock.patch('qubes.storage.pool_drivers')
  427. @unittest.mock.patch('qubes.storage.driver_parameters')
  428. def test_160_pool_add(self, mock_parameters, mock_drivers):
  429. self.app.pools = {
  430. 'file': unittest.mock.Mock(),
  431. 'lvm': unittest.mock.Mock()
  432. }
  433. mock_drivers.return_value = ['driver1', 'driver2']
  434. mock_parameters.side_effect = \
  435. lambda driver: {
  436. 'driver1': ['param1', 'param2'],
  437. 'driver2': ['param3', 'param4']
  438. }[driver]
  439. self.app.add_pool = unittest.mock.Mock()
  440. value = self.call_mgmt_func(b'mgmt.pool.Add', b'dom0', b'driver1',
  441. b'name=test-pool\nparam1=some-value\n')
  442. self.assertIsNone(value)
  443. self.assertEqual(mock_drivers.mock_calls, [unittest.mock.call()])
  444. self.assertEqual(mock_parameters.mock_calls,
  445. [unittest.mock.call('driver1')])
  446. self.assertEqual(self.app.add_pool.mock_calls,
  447. [unittest.mock.call(name='test-pool', driver='driver1',
  448. param1='some-value')])
  449. self.assertTrue(self.app.save.called)
  450. @unittest.mock.patch('qubes.storage.pool_drivers')
  451. @unittest.mock.patch('qubes.storage.driver_parameters')
  452. def test_160_pool_add_invalid_driver(self, mock_parameters, mock_drivers):
  453. self.app.pools = {
  454. 'file': unittest.mock.Mock(),
  455. 'lvm': unittest.mock.Mock()
  456. }
  457. mock_drivers.return_value = ['driver1', 'driver2']
  458. mock_parameters.side_effect = \
  459. lambda driver: {
  460. 'driver1': ['param1', 'param2'],
  461. 'driver2': ['param3', 'param4']
  462. }[driver]
  463. self.app.add_pool = unittest.mock.Mock()
  464. with self.assertRaises(AssertionError):
  465. self.call_mgmt_func(b'mgmt.pool.Add', b'dom0',
  466. b'no-such-driver', b'name=test-pool\nparam1=some-value\n')
  467. self.assertEqual(mock_drivers.mock_calls, [unittest.mock.call()])
  468. self.assertEqual(mock_parameters.mock_calls, [])
  469. self.assertEqual(self.app.add_pool.mock_calls, [])
  470. self.assertFalse(self.app.save.called)
  471. @unittest.mock.patch('qubes.storage.pool_drivers')
  472. @unittest.mock.patch('qubes.storage.driver_parameters')
  473. def test_160_pool_add_invalid_param(self, mock_parameters, mock_drivers):
  474. self.app.pools = {
  475. 'file': unittest.mock.Mock(),
  476. 'lvm': unittest.mock.Mock()
  477. }
  478. mock_drivers.return_value = ['driver1', 'driver2']
  479. mock_parameters.side_effect = \
  480. lambda driver: {
  481. 'driver1': ['param1', 'param2'],
  482. 'driver2': ['param3', 'param4']
  483. }[driver]
  484. self.app.add_pool = unittest.mock.Mock()
  485. with self.assertRaises(AssertionError):
  486. self.call_mgmt_func(b'mgmt.pool.Add', b'dom0',
  487. b'driver1', b'name=test-pool\nparam3=some-value\n')
  488. self.assertEqual(mock_drivers.mock_calls, [unittest.mock.call()])
  489. self.assertEqual(mock_parameters.mock_calls,
  490. [unittest.mock.call('driver1')])
  491. self.assertEqual(self.app.add_pool.mock_calls, [])
  492. self.assertFalse(self.app.save.called)
  493. @unittest.mock.patch('qubes.storage.pool_drivers')
  494. @unittest.mock.patch('qubes.storage.driver_parameters')
  495. def test_160_pool_add_missing_name(self, mock_parameters, mock_drivers):
  496. self.app.pools = {
  497. 'file': unittest.mock.Mock(),
  498. 'lvm': unittest.mock.Mock()
  499. }
  500. mock_drivers.return_value = ['driver1', 'driver2']
  501. mock_parameters.side_effect = \
  502. lambda driver: {
  503. 'driver1': ['param1', 'param2'],
  504. 'driver2': ['param3', 'param4']
  505. }[driver]
  506. self.app.add_pool = unittest.mock.Mock()
  507. with self.assertRaises(AssertionError):
  508. self.call_mgmt_func(b'mgmt.pool.Add', b'dom0',
  509. b'driver1', b'param1=value\nparam2=some-value\n')
  510. self.assertEqual(mock_drivers.mock_calls, [unittest.mock.call()])
  511. self.assertEqual(mock_parameters.mock_calls, [])
  512. self.assertEqual(self.app.add_pool.mock_calls, [])
  513. self.assertFalse(self.app.save.called)
  514. @unittest.mock.patch('qubes.storage.pool_drivers')
  515. @unittest.mock.patch('qubes.storage.driver_parameters')
  516. def test_160_pool_add_existing_pool(self, mock_parameters, mock_drivers):
  517. self.app.pools = {
  518. 'file': unittest.mock.Mock(),
  519. 'lvm': unittest.mock.Mock()
  520. }
  521. mock_drivers.return_value = ['driver1', 'driver2']
  522. mock_parameters.side_effect = \
  523. lambda driver: {
  524. 'driver1': ['param1', 'param2'],
  525. 'driver2': ['param3', 'param4']
  526. }[driver]
  527. self.app.add_pool = unittest.mock.Mock()
  528. with self.assertRaises(AssertionError):
  529. self.call_mgmt_func(b'mgmt.pool.Add', b'dom0',
  530. b'driver1', b'name=file\nparam1=value\nparam2=some-value\n')
  531. self.assertEqual(mock_drivers.mock_calls, [unittest.mock.call()])
  532. self.assertEqual(mock_parameters.mock_calls, [])
  533. self.assertEqual(self.app.add_pool.mock_calls, [])
  534. self.assertFalse(self.app.save.called)
  535. @unittest.mock.patch('qubes.storage.pool_drivers')
  536. @unittest.mock.patch('qubes.storage.driver_parameters')
  537. def test_160_pool_add_invalid_config_format(self, mock_parameters,
  538. mock_drivers):
  539. self.app.pools = {
  540. 'file': unittest.mock.Mock(),
  541. 'lvm': unittest.mock.Mock()
  542. }
  543. mock_drivers.return_value = ['driver1', 'driver2']
  544. mock_parameters.side_effect = \
  545. lambda driver: {
  546. 'driver1': ['param1', 'param2'],
  547. 'driver2': ['param3', 'param4']
  548. }[driver]
  549. self.app.add_pool = unittest.mock.Mock()
  550. with self.assertRaises(AssertionError):
  551. self.call_mgmt_func(b'mgmt.pool.Add', b'dom0',
  552. b'driver1', b'name=test-pool\nparam 1=value\n_param2\n')
  553. self.assertEqual(mock_drivers.mock_calls, [unittest.mock.call()])
  554. self.assertEqual(mock_parameters.mock_calls, [])
  555. self.assertEqual(self.app.add_pool.mock_calls, [])
  556. self.assertFalse(self.app.save.called)
  557. def test_170_pool_remove(self):
  558. self.app.pools = {
  559. 'file': unittest.mock.Mock(),
  560. 'lvm': unittest.mock.Mock(),
  561. 'test-pool': unittest.mock.Mock(),
  562. }
  563. self.app.remove_pool = unittest.mock.Mock()
  564. value = self.call_mgmt_func(b'mgmt.pool.Remove', b'dom0', b'test-pool')
  565. self.assertIsNone(value)
  566. self.assertEqual(self.app.remove_pool.mock_calls,
  567. [unittest.mock.call('test-pool')])
  568. self.assertTrue(self.app.save.called)
  569. def test_170_pool_remove_invalid_pool(self):
  570. self.app.pools = {
  571. 'file': unittest.mock.Mock(),
  572. 'lvm': unittest.mock.Mock(),
  573. 'test-pool': unittest.mock.Mock(),
  574. }
  575. self.app.remove_pool = unittest.mock.Mock()
  576. with self.assertRaises(AssertionError):
  577. self.call_mgmt_func(b'mgmt.pool.Remove', b'dom0',
  578. b'no-such-pool')
  579. self.assertEqual(self.app.remove_pool.mock_calls, [])
  580. self.assertFalse(self.app.save.called)
  581. def test_180_label_list(self):
  582. value = self.call_mgmt_func(b'mgmt.label.List', b'dom0')
  583. self.assertEqual(value,
  584. ''.join('{}\n'.format(l.name) for l in self.app.labels.values()))
  585. self.assertFalse(self.app.save.called)
  586. def test_190_label_get(self):
  587. self.app.get_label = unittest.mock.Mock()
  588. self.app.get_label.configure_mock(**{'return_value.color': '0xff0000'})
  589. value = self.call_mgmt_func(b'mgmt.label.Get', b'dom0', b'red')
  590. self.assertEqual(value, '0xff0000')
  591. self.assertEqual(self.app.get_label.mock_calls,
  592. [unittest.mock.call('red')])
  593. self.assertFalse(self.app.save.called)
  594. def test_200_label_create(self):
  595. self.app.get_label = unittest.mock.Mock()
  596. self.app.get_label.side_effect=KeyError
  597. self.app.labels = unittest.mock.MagicMock()
  598. labels_config = {
  599. 'keys.return_value': range(1, 9),
  600. }
  601. self.app.labels.configure_mock(**labels_config)
  602. value = self.call_mgmt_func(b'mgmt.label.Create', b'dom0', b'cyan',
  603. b'0x00ffff')
  604. self.assertIsNone(value)
  605. self.assertEqual(self.app.get_label.mock_calls,
  606. [unittest.mock.call('cyan')])
  607. self.assertEqual(self.app.labels.mock_calls,
  608. [unittest.mock.call.keys(),
  609. unittest.mock.call.__getattr__('__setitem__')(9,
  610. qubes.Label(9, '0x00ffff', 'cyan'))])
  611. self.assertTrue(self.app.save.called)
  612. def test_200_label_create_invalid_color(self):
  613. self.app.get_label = unittest.mock.Mock()
  614. self.app.get_label.side_effect=KeyError
  615. self.app.labels = unittest.mock.MagicMock()
  616. labels_config = {
  617. 'keys.return_value': range(1, 9),
  618. }
  619. self.app.labels.configure_mock(**labels_config)
  620. with self.assertRaises(AssertionError):
  621. self.call_mgmt_func(b'mgmt.label.Create', b'dom0', b'cyan',
  622. b'abcd')
  623. self.assertEqual(self.app.get_label.mock_calls,
  624. [unittest.mock.call('cyan')])
  625. self.assertEqual(self.app.labels.mock_calls, [])
  626. self.assertFalse(self.app.save.called)
  627. def test_200_label_create_invalid_name(self):
  628. self.app.get_label = unittest.mock.Mock()
  629. self.app.get_label.side_effect=KeyError
  630. self.app.labels = unittest.mock.MagicMock()
  631. labels_config = {
  632. 'keys.return_value': range(1, 9),
  633. }
  634. self.app.labels.configure_mock(**labels_config)
  635. with self.assertRaises(AssertionError):
  636. self.call_mgmt_func(b'mgmt.label.Create', b'dom0', b'01',
  637. b'0xff0000')
  638. with self.assertRaises(AssertionError):
  639. self.call_mgmt_func(b'mgmt.label.Create', b'dom0', b'../xxx',
  640. b'0xff0000')
  641. with self.assertRaises(AssertionError):
  642. self.call_mgmt_func(b'mgmt.label.Create', b'dom0',
  643. b'strange-name!@#$',
  644. b'0xff0000')
  645. self.assertEqual(self.app.get_label.mock_calls, [])
  646. self.assertEqual(self.app.labels.mock_calls, [])
  647. self.assertFalse(self.app.save.called)
  648. def test_200_label_create_already_exists(self):
  649. self.app.get_label = unittest.mock.Mock(wraps=self.app.get_label)
  650. with self.assertRaises(qubes.exc.QubesValueError):
  651. self.call_mgmt_func(b'mgmt.label.Create', b'dom0', b'red',
  652. b'abcd')
  653. self.assertEqual(self.app.get_label.mock_calls,
  654. [unittest.mock.call('red')])
  655. self.assertFalse(self.app.save.called)
  656. def test_210_label_remove(self):
  657. label = qubes.Label(9, '0x00ffff', 'cyan')
  658. self.app.labels[9] = label
  659. self.app.get_label = unittest.mock.Mock(wraps=self.app.get_label,
  660. **{'return_value.index': 9})
  661. self.app.labels = unittest.mock.MagicMock(wraps=self.app.labels)
  662. value = self.call_mgmt_func(b'mgmt.label.Remove', b'dom0', b'cyan')
  663. self.assertIsNone(value)
  664. self.assertEqual(self.app.get_label.mock_calls,
  665. [unittest.mock.call('cyan')])
  666. self.assertEqual(self.app.labels.mock_calls,
  667. [unittest.mock.call.__delitem__(9)])
  668. self.assertTrue(self.app.save.called)
  669. def test_210_label_remove_invalid_label(self):
  670. with self.assertRaises(qubes.exc.QubesValueError):
  671. self.call_mgmt_func(b'mgmt.label.Remove', b'dom0',
  672. b'no-such-label')
  673. self.assertFalse(self.app.save.called)
  674. def test_210_label_remove_default_label(self):
  675. self.app.labels = unittest.mock.MagicMock(wraps=self.app.labels)
  676. self.app.get_label = unittest.mock.Mock(wraps=self.app.get_label,
  677. **{'return_value.index': 6})
  678. with self.assertRaises(AssertionError):
  679. self.call_mgmt_func(b'mgmt.label.Remove', b'dom0',
  680. b'blue')
  681. self.assertEqual(self.app.labels.mock_calls, [])
  682. self.assertFalse(self.app.save.called)
  683. def test_210_label_remove_in_use(self):
  684. self.app.labels = unittest.mock.MagicMock(wraps=self.app.labels)
  685. self.app.get_label = unittest.mock.Mock(wraps=self.app.get_label,
  686. **{'return_value.index': 1})
  687. with self.assertRaises(AssertionError):
  688. self.call_mgmt_func(b'mgmt.label.Remove', b'dom0',
  689. b'red')
  690. self.assertEqual(self.app.labels.mock_calls, [])
  691. self.assertFalse(self.app.save.called)
  692. def test_990_vm_unexpected_payload(self):
  693. methods_with_no_payload = [
  694. b'mgmt.vm.List',
  695. b'mgmt.vm.Remove',
  696. b'mgmt.vm.property.List',
  697. b'mgmt.vm.property.Get',
  698. b'mgmt.vm.property.Help',
  699. b'mgmt.vm.property.HelpRst',
  700. b'mgmt.vm.property.Reset',
  701. b'mgmt.vm.feature.List',
  702. b'mgmt.vm.feature.Get',
  703. b'mgmt.vm.feature.CheckWithTemplate',
  704. b'mgmt.vm.feature.Remove',
  705. b'mgmt.vm.tag.List',
  706. b'mgmt.vm.tag.Get',
  707. b'mgmt.vm.tag.Remove',
  708. b'mgmt.vm.tag.Set',
  709. b'mgmt.vm.firewall.Get',
  710. b'mgmt.vm.firewall.RemoveRule',
  711. b'mgmt.vm.firewall.Flush',
  712. b'mgmt.vm.device.pci.Attach',
  713. b'mgmt.vm.device.pci.Detach',
  714. b'mgmt.vm.device.pci.List',
  715. b'mgmt.vm.device.pci.Available',
  716. b'mgmt.vm.microphone.Attach',
  717. b'mgmt.vm.microphone.Detach',
  718. b'mgmt.vm.microphone.Status',
  719. b'mgmt.vm.volume.ListSnapshots',
  720. b'mgmt.vm.volume.List',
  721. b'mgmt.vm.volume.Info',
  722. b'mgmt.vm.Start',
  723. b'mgmt.vm.Shutdown',
  724. b'mgmt.vm.Pause',
  725. b'mgmt.vm.Unpause',
  726. b'mgmt.vm.Kill',
  727. ]
  728. # make sure also no methods on actual VM gets called
  729. vm_mock = unittest.mock.MagicMock()
  730. vm_mock.name = self.vm.name
  731. vm_mock.qid = self.vm.qid
  732. vm_mock.__lt__ = (lambda x, y: x.qid < y.qid)
  733. self.app.domains._dict[self.vm.qid] = vm_mock
  734. for method in methods_with_no_payload:
  735. # should reject payload regardless of having argument or not
  736. with self.subTest(method.decode('ascii')):
  737. with self.assertRaises(AssertionError):
  738. self.call_mgmt_func(method, b'test-vm1', b'',
  739. b'unexpected-payload')
  740. self.assertFalse(vm_mock.called)
  741. self.assertFalse(self.app.save.called)
  742. with self.subTest(method.decode('ascii') + '+arg'):
  743. with self.assertRaises(AssertionError):
  744. self.call_mgmt_func(method, b'test-vm1', b'some-arg',
  745. b'unexpected-payload')
  746. self.assertFalse(vm_mock.called)
  747. self.assertFalse(self.app.save.called)
  748. def test_991_vm_unexpected_argument(self):
  749. methods_with_no_argument = [
  750. b'mgmt.vm.List',
  751. b'mgmt.vm.Clone',
  752. b'mgmt.vm.Remove',
  753. b'mgmt.vm.property.List',
  754. b'mgmt.vm.feature.List',
  755. b'mgmt.vm.tag.List',
  756. b'mgmt.vm.firewall.List',
  757. b'mgmt.vm.firewall.Flush',
  758. b'mgmt.vm.device.pci.List',
  759. b'mgmt.vm.device.pci.Available',
  760. b'mgmt.vm.microphone.Attach',
  761. b'mgmt.vm.microphone.Detach',
  762. b'mgmt.vm.microphone.Status',
  763. b'mgmt.vm.volume.List',
  764. b'mgmt.vm.Start',
  765. b'mgmt.vm.Shutdown',
  766. b'mgmt.vm.Pause',
  767. b'mgmt.vm.Unpause',
  768. b'mgmt.vm.Kill',
  769. ]
  770. # make sure also no methods on actual VM gets called
  771. vm_mock = unittest.mock.MagicMock()
  772. vm_mock.name = self.vm.name
  773. vm_mock.qid = self.vm.qid
  774. vm_mock.__lt__ = (lambda x, y: x.qid < y.qid)
  775. self.app.domains._dict[self.vm.qid] = vm_mock
  776. for method in methods_with_no_argument:
  777. # should reject argument regardless of having payload or not
  778. with self.subTest(method.decode('ascii')):
  779. with self.assertRaises(AssertionError):
  780. self.call_mgmt_func(method, b'test-vm1', b'some-arg',
  781. b'')
  782. self.assertFalse(vm_mock.called)
  783. self.assertFalse(self.app.save.called)
  784. with self.subTest(method.decode('ascii') + '+payload'):
  785. with self.assertRaises(AssertionError):
  786. self.call_mgmt_func(method, b'test-vm1', b'unexpected-arg',
  787. b'some-payload')
  788. self.assertFalse(vm_mock.called)
  789. self.assertFalse(self.app.save.called)
  790. def test_992_dom0_unexpected_payload(self):
  791. methods_with_no_payload = [
  792. b'mgmt.vmclass.List',
  793. b'mgmt.vm.List',
  794. b'mgmt.label.List',
  795. b'mgmt.label.Get',
  796. b'mgmt.label.Remove',
  797. b'mgmt.property.List',
  798. b'mgmt.property.Get',
  799. b'mgmt.property.Help',
  800. b'mgmt.property.HelpRst',
  801. b'mgmt.property.Reset',
  802. b'mgmt.pool.List',
  803. b'mgmt.pool.ListDrivers',
  804. b'mgmt.pool.Info',
  805. b'mgmt.pool.Remove',
  806. b'mgmt.backup.Execute',
  807. ]
  808. # make sure also no methods on actual VM gets called
  809. vm_mock = unittest.mock.MagicMock()
  810. vm_mock.name = self.vm.name
  811. vm_mock.qid = self.vm.qid
  812. vm_mock.__lt__ = (lambda x, y: x.qid < y.qid)
  813. self.app.domains._dict[self.vm.qid] = vm_mock
  814. for method in methods_with_no_payload:
  815. # should reject payload regardless of having argument or not
  816. with self.subTest(method.decode('ascii')):
  817. with self.assertRaises(AssertionError):
  818. self.call_mgmt_func(method, b'dom0', b'',
  819. b'unexpected-payload')
  820. self.assertFalse(vm_mock.called)
  821. self.assertFalse(self.app.save.called)
  822. with self.subTest(method.decode('ascii') + '+arg'):
  823. with self.assertRaises(AssertionError):
  824. self.call_mgmt_func(method, b'dom0', b'some-arg',
  825. b'unexpected-payload')
  826. self.assertFalse(vm_mock.called)
  827. self.assertFalse(self.app.save.called)
  828. def test_993_dom0_unexpected_argument(self):
  829. methods_with_no_argument = [
  830. b'mgmt.vmclass.List',
  831. b'mgmt.vm.List',
  832. b'mgmt.label.List',
  833. b'mgmt.property.List',
  834. b'mgmt.pool.List',
  835. b'mgmt.pool.ListDrivers',
  836. ]
  837. # make sure also no methods on actual VM gets called
  838. vm_mock = unittest.mock.MagicMock()
  839. vm_mock.name = self.vm.name
  840. vm_mock.qid = self.vm.qid
  841. vm_mock.__lt__ = (lambda x, y: x.qid < y.qid)
  842. self.app.domains._dict[self.vm.qid] = vm_mock
  843. for method in methods_with_no_argument:
  844. # should reject argument regardless of having payload or not
  845. with self.subTest(method.decode('ascii')):
  846. with self.assertRaises(AssertionError):
  847. self.call_mgmt_func(method, b'dom0', b'some-arg',
  848. b'')
  849. self.assertFalse(vm_mock.called)
  850. self.assertFalse(self.app.save.called)
  851. with self.subTest(method.decode('ascii') + '+payload'):
  852. with self.assertRaises(AssertionError):
  853. self.call_mgmt_func(method, b'dom0', b'unexpected-arg',
  854. b'some-payload')
  855. self.assertFalse(vm_mock.called)
  856. self.assertFalse(self.app.save.called)
  857. def test_994_dom0_only_calls(self):
  858. # TODO set some better arguments, to make sure the call was rejected
  859. # because of invalid destination, not invalid arguments
  860. methods_for_dom0_only = [
  861. b'mgmt.vmclass.List',
  862. b'mgmt.vm.Create.AppVM',
  863. b'mgmt.vm.CreateInPool.AppVM',
  864. b'mgmt.vm.CreateTemplate',
  865. b'mgmt.label.List',
  866. b'mgmt.label.Create',
  867. b'mgmt.label.Get',
  868. b'mgmt.label.Remove',
  869. b'mgmt.property.List',
  870. b'mgmt.property.Get',
  871. b'mgmt.property.Set',
  872. b'mgmt.property.Help',
  873. b'mgmt.property.HelpRst',
  874. b'mgmt.property.Reset',
  875. b'mgmt.pool.List',
  876. b'mgmt.pool.ListDrivers',
  877. b'mgmt.pool.Info',
  878. b'mgmt.pool.Add',
  879. b'mgmt.pool.Remove',
  880. b'mgmt.pool.volume.List',
  881. b'mgmt.pool.volume.Info',
  882. b'mgmt.pool.volume.ListSnapshots',
  883. b'mgmt.pool.volume.Snapshot',
  884. b'mgmt.pool.volume.Revert',
  885. b'mgmt.pool.volume.Resize',
  886. b'mgmt.backup.Execute',
  887. b'mgmt.backup.Info',
  888. b'mgmt.backup.Restore',
  889. ]
  890. # make sure also no methods on actual VM gets called
  891. vm_mock = unittest.mock.MagicMock()
  892. vm_mock.name = self.vm.name
  893. vm_mock.qid = self.vm.qid
  894. vm_mock.__lt__ = (lambda x, y: x.qid < y.qid)
  895. self.app.domains._dict[self.vm.qid] = vm_mock
  896. for method in methods_for_dom0_only:
  897. # should reject call regardless of having payload or not
  898. with self.subTest(method.decode('ascii')):
  899. with self.assertRaises(AssertionError):
  900. self.call_mgmt_func(method, b'test-vm1', b'',
  901. b'')
  902. self.assertFalse(vm_mock.called)
  903. self.assertFalse(self.app.save.called)
  904. with self.subTest(method.decode('ascii') + '+arg'):
  905. with self.assertRaises(AssertionError):
  906. self.call_mgmt_func(method, b'test-vm1', b'some-arg',
  907. b'')
  908. self.assertFalse(vm_mock.called)
  909. self.assertFalse(self.app.save.called)
  910. with self.subTest(method.decode('ascii') + '+payload'):
  911. with self.assertRaises(AssertionError):
  912. self.call_mgmt_func(method, b'test-vm1', b'',
  913. b'payload')
  914. self.assertFalse(vm_mock.called)
  915. self.assertFalse(self.app.save.called)
  916. with self.subTest(method.decode('ascii') + '+arg+payload'):
  917. with self.assertRaises(AssertionError):
  918. self.call_mgmt_func(method, b'test-vm1', b'some-arg',
  919. b'some-payload')
  920. self.assertFalse(vm_mock.called)
  921. self.assertFalse(self.app.save.called)
  922. @unittest.skip('undecided')
  923. def test_995_vm_only_calls(self):
  924. # XXX is it really a good idea to prevent those calls this early?
  925. # TODO set some better arguments, to make sure the call was rejected
  926. # because of invalid destination, not invalid arguments
  927. methods_for_vm_only = [
  928. b'mgmt.vm.Clone',
  929. b'mgmt.vm.Remove',
  930. b'mgmt.vm.property.List',
  931. b'mgmt.vm.property.Get',
  932. b'mgmt.vm.property.Set',
  933. b'mgmt.vm.property.Help',
  934. b'mgmt.vm.property.HelpRst',
  935. b'mgmt.vm.property.Reset',
  936. b'mgmt.vm.feature.List',
  937. b'mgmt.vm.feature.Get',
  938. b'mgmt.vm.feature.Set',
  939. b'mgmt.vm.feature.CheckWithTemplate',
  940. b'mgmt.vm.feature.Remove',
  941. b'mgmt.vm.tag.List',
  942. b'mgmt.vm.tag.Get',
  943. b'mgmt.vm.tag.Remove',
  944. b'mgmt.vm.tag.Set',
  945. b'mgmt.vm.firewall.Get',
  946. b'mgmt.vm.firewall.RemoveRule',
  947. b'mgmt.vm.firewall.InsertRule',
  948. b'mgmt.vm.firewall.Flush',
  949. b'mgmt.vm.device.pci.Attach',
  950. b'mgmt.vm.device.pci.Detach',
  951. b'mgmt.vm.device.pci.List',
  952. b'mgmt.vm.device.pci.Available',
  953. b'mgmt.vm.microphone.Attach',
  954. b'mgmt.vm.microphone.Detach',
  955. b'mgmt.vm.microphone.Status',
  956. b'mgmt.vm.volume.ListSnapshots',
  957. b'mgmt.vm.volume.List',
  958. b'mgmt.vm.volume.Info',
  959. b'mgmt.vm.volume.Revert',
  960. b'mgmt.vm.volume.Resize',
  961. b'mgmt.vm.Start',
  962. b'mgmt.vm.Shutdown',
  963. b'mgmt.vm.Pause',
  964. b'mgmt.vm.Unpause',
  965. b'mgmt.vm.Kill',
  966. ]
  967. # make sure also no methods on actual VM gets called
  968. vm_mock = unittest.mock.MagicMock()
  969. vm_mock.name = self.vm.name
  970. vm_mock.qid = self.vm.qid
  971. vm_mock.__lt__ = (lambda x, y: x.qid < y.qid)
  972. self.app.domains._dict[self.vm.qid] = vm_mock
  973. for method in methods_for_vm_only:
  974. # should reject payload regardless of having argument or not
  975. # should reject call regardless of having payload or not
  976. with self.subTest(method.decode('ascii')):
  977. with self.assertRaises(AssertionError):
  978. self.call_mgmt_func(method, b'dom0', b'',
  979. b'')
  980. self.assertFalse(vm_mock.called)
  981. self.assertFalse(self.app.save.called)
  982. with self.subTest(method.decode('ascii') + '+arg'):
  983. with self.assertRaises(AssertionError):
  984. self.call_mgmt_func(method, b'dom0', b'some-arg',
  985. b'')
  986. self.assertFalse(vm_mock.called)
  987. self.assertFalse(self.app.save.called)
  988. with self.subTest(method.decode('ascii') + '+payload'):
  989. with self.assertRaises(AssertionError):
  990. self.call_mgmt_func(method, b'dom0', b'',
  991. b'payload')
  992. self.assertFalse(vm_mock.called)
  993. self.assertFalse(self.app.save.called)
  994. with self.subTest(method.decode('ascii') + '+arg+payload'):
  995. with self.assertRaises(AssertionError):
  996. self.call_mgmt_func(method, b'dom0', b'some-arg',
  997. b'some-payload')
  998. self.assertFalse(vm_mock.called)
  999. self.assertFalse(self.app.save.called)