anti
a266d6b17e
Adds /api/v1/swarm-updates/{hosts,push,push-self,rollback} behind
require_admin. Reuses the existing UpdaterClient + tar_working_tree + the
per-host asyncio.gather pattern from api_deploy_swarm.py; tarball is
built exactly once per /push request and fanned out to every selected
worker. /hosts filters out decommissioned hosts and agent-only
enrollments (no updater bundle = not a target).
Connection drops during /update-self are treated as success — the
updater re-execs itself mid-response, so httpx always raises.
Pydantic models live in decnet/web/db/models.py (single source of
truth). 24 tests cover happy paths, rollback, transport failures,
include_self ordering (skip on rolled-back agents), validation, and
RBAC gating.
87 lines
2.7 KiB
Python
87 lines
2.7 KiB
Python
"""POST /api/v1/swarm-updates/rollback — single-host manual rollback."""
|
|
from __future__ import annotations
|
|
|
|
import pytest
|
|
|
|
|
|
@pytest.mark.anyio
|
|
async def test_rollback_happy_path(client, auth_token, add_host, fake_updater):
|
|
h = await add_host("alpha")
|
|
|
|
resp = await client.post(
|
|
"/api/v1/swarm-updates/rollback",
|
|
headers={"Authorization": f"Bearer {auth_token}"},
|
|
json={"host_uuid": h["uuid"]},
|
|
)
|
|
assert resp.status_code == 200
|
|
body = resp.json()
|
|
assert body["status"] == "rolled-back"
|
|
assert body["host_name"] == "alpha"
|
|
|
|
|
|
@pytest.mark.anyio
|
|
async def test_rollback_404_when_no_previous(client, auth_token, add_host, fake_updater):
|
|
h = await add_host("alpha")
|
|
Resp = fake_updater["Response"]
|
|
fake_updater["client"].rollback_responses = {
|
|
"alpha": Resp(404, {"detail": "no previous release"}),
|
|
}
|
|
|
|
resp = await client.post(
|
|
"/api/v1/swarm-updates/rollback",
|
|
headers={"Authorization": f"Bearer {auth_token}"},
|
|
json={"host_uuid": h["uuid"]},
|
|
)
|
|
assert resp.status_code == 404
|
|
assert "no previous" in resp.json()["detail"].lower()
|
|
|
|
|
|
@pytest.mark.anyio
|
|
async def test_rollback_transport_failure_reported(client, auth_token, add_host, fake_updater):
|
|
h = await add_host("alpha")
|
|
fake_updater["client"].rollback_responses = {"alpha": RuntimeError("TLS handshake failed")}
|
|
|
|
resp = await client.post(
|
|
"/api/v1/swarm-updates/rollback",
|
|
headers={"Authorization": f"Bearer {auth_token}"},
|
|
json={"host_uuid": h["uuid"]},
|
|
)
|
|
assert resp.status_code == 200
|
|
body = resp.json()
|
|
assert body["status"] == "failed"
|
|
assert "TLS handshake" in body["detail"]
|
|
|
|
|
|
@pytest.mark.anyio
|
|
async def test_rollback_unknown_host(client, auth_token, fake_updater):
|
|
resp = await client.post(
|
|
"/api/v1/swarm-updates/rollback",
|
|
headers={"Authorization": f"Bearer {auth_token}"},
|
|
json={"host_uuid": "nonexistent"},
|
|
)
|
|
assert resp.status_code == 404
|
|
|
|
|
|
@pytest.mark.anyio
|
|
async def test_rollback_on_agent_only_host_rejected(
|
|
client, auth_token, add_host, fake_updater,
|
|
):
|
|
h = await add_host("alpha", with_updater=False)
|
|
resp = await client.post(
|
|
"/api/v1/swarm-updates/rollback",
|
|
headers={"Authorization": f"Bearer {auth_token}"},
|
|
json={"host_uuid": h["uuid"]},
|
|
)
|
|
assert resp.status_code == 400
|
|
|
|
|
|
@pytest.mark.anyio
|
|
async def test_viewer_is_forbidden(client, viewer_token, add_host, fake_updater):
|
|
h = await add_host("alpha")
|
|
resp = await client.post(
|
|
"/api/v1/swarm-updates/rollback",
|
|
headers={"Authorization": f"Bearer {viewer_token}"},
|
|
json={"host_uuid": h["uuid"]},
|
|
)
|
|
assert resp.status_code == 403
|