"""Test cases for Trustpoint model deletion."""fromtypingimportAnyimportpytestfromdjango.core.exceptionsimportValidationErrorfromdjango.db.modelsimportProtectedErrorfrompki.models.certificateimportCertificateModelfrompki.models.credentialimportCredentialModelfrompki.models.domainimportDomainModelfromdevices.modelsimportDeviceModel,IssuedCredentialModel
[docs]deftest_device_delete_revocation(mock_models:dict[str,Any])->None:"""Tests that credentials issued to a device are deleted and certificates revoked on device deletion."""device=mock_models['device']assertdevice.issued_credentials.count()==1,'Mock Device should have one issued credential.'issued_cred=device.issued_credentials.first()assertissued_cred.credential.certificate.certificate_status==CertificateModel.CertificateStatus.OK,('Mock Device credential should not be revoked before deletion.')device_id=device.idissued_cred_id=issued_cred.idcred_id=issued_cred.credential.idcert_id=issued_cred.credential.certificate.iddevice.delete()# Ensure device, issued credential and credential are deletedwithpytest.raises(DeviceModel.DoesNotExist):DeviceModel.objects.get(id=device_id)withpytest.raises(IssuedCredentialModel.DoesNotExist):IssuedCredentialModel.objects.get(id=issued_cred_id)withpytest.raises(CredentialModel.DoesNotExist):CredentialModel.objects.get(id=cred_id)# Ensure certificate is revokedcert=CertificateModel.objects.get(id=cert_id)assertcert.certificate_status==CertificateModel.CertificateStatus.REVOKED,('Certificate should be revoked after delete.')
[docs]deftest_multi_device_delete(mock_models:dict[str,Any])->None:"""Tests that multiple devices can be deleted and pre_delete is called even on a QuerySet of DeviceModels."""mock_domain=mock_models['domain']mock_device1=mock_models['device']issued_cred=mock_device1.issued_credentials.first()cert_id=issued_cred.credential.certificate.idmock_device2=DeviceModel(common_name='test_device2',serial_number='1234567890_2',domain=mock_domain,no_onboarding_config=mock_device1.no_onboarding_config,)mock_device2.save()DeviceModel.objects.filter(domain=mock_domain).delete()# queryset delete# Ensure certificate of device 1 is also revoked if deleted via querysetcert=CertificateModel.objects.get(id=cert_id)assertcert.certificate_status==CertificateModel.CertificateStatus.REVOKED,('Certificate should be revoked after delete.')
[docs]deftest_domain_delete(mock_models:dict[str,Any])->None:"""Tests that a domain can be deleted only if it has no associated devices."""domain=mock_models['domain']assertdomain.devices.exists(),'Mock Domain should have associated devices.'domain_id=domain.idwithpytest.raises(ProtectedError):domain.delete()DeviceModel.objects.filter(domain=domain).delete()# Ensure domain is deleted after device deletiondomain.delete()withpytest.raises(DomainModel.DoesNotExist):DomainModel.objects.get(id=domain_id)
[docs]deftest_ca_delete_with_issued_certificates(mock_models:dict[str,Any])->None:"""Tests that a CA can be deleted only if it has no associated domains and no issued unexpired certificates."""ca=mock_models['ca']assertca.domains.exists(),'Mock CA should have associated domains.'# Ensure CA cannot be deleted with issued certificateswithpytest.raises(ValidationError):ca.delete()