anti
245975a6dd
Auth/session (V2.1.7, V4.1.5, V4.1.6, V2.1.4/V2.1.5): - env secret validation no longer bypassed by attacker-injectable PYTEST* env; gated on explicit DECNET_TESTING=1 (set only in conftest). - must_change_password now enforced on the SSE header-JWT path, not just ticket mint. - GET /system/deployment-mode requires viewer auth (was leaking role + topology size). - CreateUser/ResetUser passwords min_length=12; passwords >72 bytes rejected explicitly instead of bcrypt silently truncating. Swarm ingestion (V9.1.3, BUG-16): - Log listener hard-rejects peers with unparseable/empty cert CN (fail closed, ingests nothing) instead of tagging 'unknown'. - Shutdown handlers no longer swallow real errors (narrowed to CancelledError). Info leakage (V7.1.2, V14.1.2): - Exception text sanitized on swarm-update, health, tarpit, realism, file-drop, blank-topology endpoints (raw tc/docker stderr, DB/Docker errors logged server-side, generic detail returned). pyproject license corrected to AGPL-3.0. Correctness (BUG-12..16): - BUG-12 atomic credential upsert (UNIQUE constraint + IntegrityError retry, consistent principal_key canonicalization). - BUG-13 rule-tail watermark uses >= with seen-id dedup (no same-second drop). - BUG-14 worker wake cleared before wait (no lost wake during tick). - BUG-15 intel gather tolerates an unexpected provider raise. - BUG-16 see above. Already-closed (verified, no change): V2.1.6, V5.1.3, V9.1.2. Accept-risk + documented: V2.1.8 cache window, V3.1.3 idle timeout. Tests added for every fix; unanimous adversarial review after two refute-fix rounds.
91 lines
2.9 KiB
Python
91 lines
2.9 KiB
Python
# SPDX-License-Identifier: AGPL-3.0-or-later
|
|
"""POST /api/v1/swarm-updates/rollback — single-host manual rollback."""
|
|
from __future__ import annotations
|
|
|
|
import pytest
|
|
|
|
|
|
@pytest.mark.anyio
|
|
async def test_rollback_happy_path(client, auth_token, add_host, fake_updater):
|
|
h = await add_host("alpha")
|
|
|
|
resp = await client.post(
|
|
"/api/v1/swarm-updates/rollback",
|
|
headers={"Authorization": f"Bearer {auth_token}"},
|
|
json={"host_uuid": h["uuid"]},
|
|
)
|
|
assert resp.status_code == 200
|
|
body = resp.json()
|
|
assert body["status"] == "rolled-back"
|
|
assert body["host_name"] == "alpha"
|
|
|
|
|
|
@pytest.mark.anyio
|
|
async def test_rollback_404_when_no_previous(client, auth_token, add_host, fake_updater):
|
|
h = await add_host("alpha")
|
|
Resp = fake_updater["Response"]
|
|
fake_updater["client"].rollback_responses = {
|
|
"alpha": Resp(404, {"detail": "no previous release"}),
|
|
}
|
|
|
|
resp = await client.post(
|
|
"/api/v1/swarm-updates/rollback",
|
|
headers={"Authorization": f"Bearer {auth_token}"},
|
|
json={"host_uuid": h["uuid"]},
|
|
)
|
|
assert resp.status_code == 404
|
|
assert "no previous" in resp.json()["detail"].lower()
|
|
|
|
|
|
@pytest.mark.anyio
|
|
async def test_rollback_transport_failure_reported(client, auth_token, add_host, fake_updater):
|
|
h = await add_host("alpha")
|
|
fake_updater["client"].rollback_responses = {"alpha": RuntimeError("TLS handshake failed")}
|
|
|
|
resp = await client.post(
|
|
"/api/v1/swarm-updates/rollback",
|
|
headers={"Authorization": f"Bearer {auth_token}"},
|
|
json={"host_uuid": h["uuid"]},
|
|
)
|
|
assert resp.status_code == 200
|
|
body = resp.json()
|
|
assert body["status"] == "failed"
|
|
# V7.1.2: internal exception text must not leak to the response body.
|
|
assert "TLS handshake" not in body["detail"]
|
|
assert "RuntimeError" not in body["detail"]
|
|
assert body["detail"] == "transport failure"
|
|
|
|
|
|
@pytest.mark.anyio
|
|
async def test_rollback_unknown_host(client, auth_token, fake_updater):
|
|
resp = await client.post(
|
|
"/api/v1/swarm-updates/rollback",
|
|
headers={"Authorization": f"Bearer {auth_token}"},
|
|
json={"host_uuid": "nonexistent"},
|
|
)
|
|
assert resp.status_code == 404
|
|
|
|
|
|
@pytest.mark.anyio
|
|
async def test_rollback_on_agent_only_host_rejected(
|
|
client, auth_token, add_host, fake_updater,
|
|
):
|
|
h = await add_host("alpha", with_updater=False)
|
|
resp = await client.post(
|
|
"/api/v1/swarm-updates/rollback",
|
|
headers={"Authorization": f"Bearer {auth_token}"},
|
|
json={"host_uuid": h["uuid"]},
|
|
)
|
|
assert resp.status_code == 400
|
|
|
|
|
|
@pytest.mark.anyio
|
|
async def test_viewer_is_forbidden(client, viewer_token, add_host, fake_updater):
|
|
h = await add_host("alpha")
|
|
resp = await client.post(
|
|
"/api/v1/swarm-updates/rollback",
|
|
headers={"Authorization": f"Bearer {viewer_token}"},
|
|
json={"host_uuid": h["uuid"]},
|
|
)
|
|
assert resp.status_code == 403
|