3 Library RequestsLibrary
4 Resource SSHKeywords.robot
5 Resource ../variables/Variables.robot
9 ${mount_point_url} /restconf/operational/network-topology:network-topology/topology/topology-netconf/
10 ${device_status} /restconf/operational/odl-netconf-callhome-server:netconf-callhome-server
11 ${whitelist} /restconf/config/odl-netconf-callhome-server:netconf-callhome-server/allowed-devices
12 ${global_config_url} /restconf/config/odl-netconf-callhome-server:netconf-callhome-server/global/credentials
13 ${netconf_keystore_url} /rests/operations/netconf-keystore
14 ${netconf_keystore_data_url} /rests/data/netconf-keystore:keystore
15 ${substring1} "netconf-node-topology:connection-status":"connected"
16 ${substring2} "node-id":"netopeer2"
17 ${substring3} "netconf-node-topology:available-capabilities"
22 [Documentation] Checks the operational device status.
23 [Arguments] ${status} ${id}=netopeer2
24 @{expectedValues} Create List "unique-id":"${id}" "callhome-status:device-status":"${status}"
25 IF '${status}'=='FAILED_NOT_ALLOWED' or '${status}'=='FAILED_AUTH_FAILURE'
26 Remove Values From List ${expectedValues} "unique-id":"${id}"
28 Utils.Check For Elements At URI ${device_status} ${expectedValues}
30 Apply SSH-based Call-Home configuration
31 [Documentation] Upload netopeer2 configuration files needed for SSH transport
32 SSHLibrary.Put File ${CURDIR}/../variables/netconf/callhome/configuration-files/ssh/ietf-netconf-server.xml
33 ... configuration-files/ietf-netconf-server.xml
34 SSHLibrary.Put File ${CURDIR}/../variables/netconf/callhome/configuration-files/ssh/ietf-keystore.xml
35 ... configuration-files/ietf-keystore.xml
37 Apply TLS-based Call-Home configuration
38 [Documentation] Upload netopeer2 configuration files needed for TLS transport
39 Generate certificates for TLS configuration
40 SSHLibrary.Put File ${CURDIR}/../variables/netconf/callhome/configuration-files/tls/ietf-keystore.xml
41 ... configuration-files/ietf-keystore.xml
42 SSHLibrary.Put File ${CURDIR}/../variables/netconf/callhome/configuration-files/tls/ietf-truststore.xml
43 ... configuration-files/ietf-truststore.xml
44 SSHLibrary.Put File ${CURDIR}/../variables/netconf/callhome/configuration-files/tls/ietf-netconf-server.xml
45 ... configuration-files/ietf-netconf-server.xml
47 Generate certificates for TLS configuration
48 [Documentation] Generates certificates for 2-way TLS authentication (ca, server, client)
49 ${stdout} SSHLibrary.Execute Command rm -rf ./certs && mkdir ./certs
50 SSHLibrary.Put File ${CURDIR}/../variables/netconf/callhome/x509_v3.cfg ./x509_v3.cfg
51 ${stdout} SSHLibrary.Execute Command openssl genrsa -out ./certs/ca.key 2048
52 ${stdout} SSHLibrary.Execute Command
53 ... openssl req -x509 -new -extensions v3_ca -nodes -key ./certs/ca.key -sha256 -days 365 -subj "/C=US/ST=CA/L=Netopeer/O=netopeerCA/CN=netopeerCA" -out ./certs/ca.pem
54 ${stdout} SSHLibrary.Execute Command openssl genrsa -out ./certs/server.key 2048
55 ${stdout} SSHLibrary.Execute Command
56 ... openssl req -new -sha256 -key ./certs/server.key -subj "/C=US/ST=CA/L=Netopeer/O=Netopeer2/CN=netopeer2-server" -out ./certs/server.csr
57 ${stdout} SSHLibrary.Execute Command
58 ... openssl x509 -req -in ./certs/server.csr -CA ./certs/ca.pem -CAkey ./certs/ca.key -CAcreateserial -extfile x509_v3.cfg -out ./certs/server.crt -days 365 -sha256
59 ${stdout} SSHLibrary.Execute Command openssl rsa -in ./certs/server.key -pubout > ./certs/server.pub
60 ${stdout} SSHLibrary.Execute Command openssl genrsa -out ./certs/client.key 2048
61 ${stdout} SSHLibrary.Execute Command
62 ... openssl req -new -sha256 -key ./certs/client.key -subj "/C=US/ST=CA/L=Netopeer/O=Netopeer2/CN=netopeer2-client" -out ./certs/client.csr
63 ${stdout} SSHLibrary.Execute Command
64 ... openssl x509 -req -in ./certs/client.csr -CA ./certs/ca.pem -CAkey ./certs/ca.key -CAcreateserial -extfile x509_v3.cfg -out ./certs/client.crt -days 1024 -sha256
65 ${stdout} SSHLibrary.Execute Command mv ./certs ./configuration-files/certs
67 Register keys and certificates in ODL controller
68 [Documentation] Register pre-configured netopeer2 certificates and key in ODL-netconf keystore
69 ${base64-client-key} ${stderr} SSHLibrary.Execute_Command
70 ... openssl enc -base64 -A -in ./configuration-files/certs/client.key
71 ... return_stdout=True
72 ... return_stderr=True
73 ${template} OperatingSystem.Get File ${ADD_KEYSTORE_ENTRY_REQ}
74 ${body} Replace String ${template} {base64-client-key} ${base64-client-key}
75 ${resp} RequestsLibrary.Post Request
77 ... ${netconf_keystore_url}:add-keystore-entry
79 ... headers=${HEADERS}
80 Should Contain ${ALLOWED_STATUS_CODES} ${resp.status_code}
81 ${client-key} ${stderr} SSHLibrary.Execute_Command
82 ... sed -u '1d; $d' ./configuration-files/certs/client.key | sed -z 's!\\n!\\\\n!g'
83 ... return_stdout=True
84 ... return_stderr=True
85 ${certificate-chain} ${stderr} SSHLibrary.Execute_Command
86 ... sed -u '1d; $d' ./configuration-files/certs/client.crt | sed -z 's!\\n!\\\\n!g'
87 ... return_stdout=True
88 ... return_stderr=True
89 ${template} OperatingSystem.Get File ${ADD_PRIVATE_KEY_REQ}
90 ${body} Replace String ${template} {client-key} ${client-key}
91 ${body} Replace String ${body} {certificate-chain} ${certificate-chain}
92 ${resp} RequestsLibrary.Post Request
94 ... ${netconf_keystore_url}:add-private-key
96 ... headers=${HEADERS}
97 Should Contain ${ALLOWED_STATUS_CODES} ${resp.status_code}
98 ${ca-certificate} ${stderr} SSHLibrary.Execute_Command
99 ... sed -u '1d; $d' ./configuration-files/certs/ca.pem | sed -z 's!\\n!\\\\n!g'
100 ... return_stdout=True
101 ... return_stderr=True
102 ${device-certificate} ${stderr} SSHLibrary.Execute_Command
103 ... sed -u '1d; $d' ./configuration-files/certs/server.crt | sed -z 's!\\n!\\\\n!g'
104 ... return_stdout=True
105 ... return_stderr=True
106 ${template} OperatingSystem.Get File ${ADD_TRUSTED_CERTIFICATE}
107 ${body} Replace String ${template} {ca-certificate} ${ca-certificate}
108 ${body} Replace String ${body} {device-certificate} ${device-certificate}
109 ${resp} RequestsLibrary.Post Request
111 ... ${netconf_keystore_url}:add-trusted-certificate
113 ... headers=${HEADERS}
114 Should Contain ${ALLOWED_STATUS_CODES} ${resp.status_code}
116 Register global credentials for SSH call-home devices (APIv1)
117 [Documentation] Set global credentials for SSH call-home devices
118 [Arguments] ${username} ${password}
119 ${template} OperatingSystem.Get File ${CREATE_GLOBAL_CREDENTIALS_REQ}
120 ${body} Replace String ${template} {username} ${username}
121 ${body} Replace String ${body} {password} ${password}
122 ${resp} RequestsLibrary.Put Request session ${global_config_url} data=${body} headers=${HEADERS}
123 Should Contain ${ALLOWED_STATUS_CODES} ${resp.status_code}
125 Register SSH call-home device in ODL controller (APIv1)
126 [Documentation] Registration call-home device with SSH transport
127 [Arguments] ${device_name} ${hostkey} ${username}=${EMPTY} ${password}=${EMPTY}
128 IF '${username}' == '${EMPTY}' or '${password}' == '${EMPTY}'
129 Get create device request without credentials template (APIv1)
131 Get create device request template (APIv1)
133 ${body} Replace String ${template} {device_name} ${device_name}
134 ${body} Replace String ${body} {username} ${username}
135 ${body} Replace String ${body} {password} ${password}
136 ${body} Replace String ${body} {hostkey} ${hostkey}
137 ${resp} RequestsLibrary.Post Request session ${whitelist} data=${body} headers=${HEADERS}
138 Should Contain ${ALLOWED_STATUS_CODES} ${resp.status_code}
140 Get create device request template (APIv1)
141 ${template} OperatingSystem.Get File ${CREATE_SSH_DEVICE_REQ_V1}
142 Set Test Variable ${template}
144 Get create device request without credentials template (APIv1)
145 ${template} OperatingSystem.Get File ${CREATE_SSH_DEVICE_REQ_V1_HOST_KEY_ONLY}
146 Set Test Variable ${template}
148 Register SSH call-home device in ODL controller (APIv2)
149 [Documentation] Registration call-home device with SSH transport using latest models
150 [Arguments] ${device_name} ${hostkey} ${username}=${EMPTY} ${password}=${EMPTY}
151 IF '${username}' == '${EMPTY}' or '${password}' == '${EMPTY}'
152 Get create device request without credentials template (APIv2)
154 Get create device request template (APIv2)
156 ${body} Replace String ${template} {device_name} ${device_name}
157 ${body} Replace String ${body} {username} ${username}
158 ${body} Replace String ${body} {password} ${password}
159 ${body} Replace String ${body} {hostkey} ${hostkey}
160 ${resp} RequestsLibrary.Post Request session ${whitelist} data=${body} headers=${HEADERS}
161 Should Contain ${ALLOWED_STATUS_CODES} ${resp.status_code}
163 Get create device request template (APIv2)
164 ${template} OperatingSystem.Get File ${CREATE_SSH_DEVICE_REQ_V2}
165 Set Test Variable ${template}
167 Get create device request without credentials template (APIv2)
168 ${template} OperatingSystem.Get File ${CREATE_SSH_DEVICE_REQ_V2_HOST_KEY_ONLY}
169 Set Test Variable ${template}
171 Register TLS call-home device in ODL controller (APIv2)
172 [Documentation] Registration call-home device with TLS transport
173 [Arguments] ${device_name} ${key_id} ${certificate_id}
174 ${template} OperatingSystem.Get File ${CREATE_TLS_DEVICE_REQ}
175 ${body} Replace String ${template} {device_name} ${device_name}
176 ${body} Replace String ${body} {key_id} ${key_id}
177 ${body} Replace String ${body} {certificate_id} ${certificate_id}
178 ${resp} RequestsLibrary.Post Request session ${whitelist} data=${body} headers=${HEADERS}
179 Should Contain ${ALLOWED_STATUS_CODES} ${resp.status_code}
181 Pull Netopeer2 Docker Image
182 [Documentation] Pulls the netopeer image from the docker repository.
183 ${stdout} ${stderr} ${rc} SSHLibrary.Execute Command
184 ... docker pull sysrepo/sysrepo-netopeer2:latest
185 ... return_stdout=True
186 ... return_stderr=True
188 ${stdout} ${stderr} ${rc} SSHLibrary.Execute Command
190 ... return_stdout=True
191 ... return_stderr=True
194 Install Docker Compose on tools system
195 [Documentation] Install docker-compose on tools system.
196 ${netopeer_conn_id} SSHKeywords.Open_Connection_To_Tools_System
197 Builtin.Set Suite Variable ${netopeer_conn_id}
199 ... sudo curl -L "https://github.com/docker/compose/releases/download/1.11.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
200 ${output} Wait Until Keyword Succeeds 30s 2s SSHLibrary.Read_Until_Prompt
201 ${stdout} ${stderr} ${rc} SSHLibrary.Execute Command
202 ... sudo chmod +x /usr/local/bin/docker-compose
203 ... return_stdout=True
204 ... return_stderr=True
207 Uninstall Docker Compose on tools system
208 [Documentation] Uninstall docker-compose on tools system
209 ${stdout} ${stderr} ${rc} SSHLibrary.Execute Command
210 ... pip uninstall docker-compose
211 ... return_stdout=True
212 ... return_stderr=True
216 [Documentation] Opens session towards ODL controller, set configuration folder, generates a new host key for the container
217 RequestsLibrary.Create_Session session http://${ODL_SYSTEM_IP}:${RESTCONFPORT} auth=${AUTH}
218 SSHLibrary.Execute_Command rm -rf ./configuration-files && mkdir configuration-files
219 SSHLibrary.Execute_Command ssh-keygen -q -t rsa -b 2048 -N '' -f ./configuration-files/ssh_host_rsa_key
220 ${public_key} SSHLibrary.Execute_Command cat configuration-files/ssh_host_rsa_key.pub | awk '{print $2}'
221 Set Test Variable ${NETOPEER_PUB_KEY} ${public_key}
224 [Documentation] Tears down the docker running netopeer and deletes entry from the whitelist.
225 ${stdout} ${stderr} ${rc} SSHLibrary.Execute Command
226 ... docker-compose logs
227 ... return_stdout=True
228 ... return_stderr=True
231 ${stdout} ${stderr} ${rc} SSHLibrary.Execute Command
232 ... docker-compose down
233 ... return_stdout=True
234 ... return_stderr=True
236 ${stdout} ${stderr} ${rc} SSHLibrary.Execute Command
238 ... return_stdout=True
239 ... return_stderr=True
241 SSHLibrary.Execute_Command rm -rf ./configuration-files
242 ${resp} RequestsLibrary.Delete_Request session ${whitelist}
243 ${resp} RequestsLibrary.Delete_Request session ${netconf_keystore_data_url}
246 [Documentation] Get the suite ready for callhome test cases.
247 Install Docker Compose on tools system
248 Pull Netopeer2 Docker Image
249 SSHLibrary.Put File ${CURDIR}/../variables/netconf/callhome/docker-compose.yaml .
250 SSHLibrary.Put File ${CURDIR}/../variables/netconf/callhome/init_configuration.sh .
251 SSHLibrary.Execute_Command sed -i -e 's/ODL_SYSTEM_IP/${ODL_SYSTEM_IP}/g' docker-compose.yaml
252 ${netconf_cl_ssh_port} Set_Variable_If_At_Least_Sulfur 4334 6666
253 SSHLibrary.Execute_Command sed -i -e 's/NETCONF_CH_SSH/${netconf_cl_ssh_port}/g' docker-compose.yaml
254 SSHLibrary.Execute_Command sed -i -e 's/NETCONF_CH_TLS/4335/g' docker-compose.yaml
255 ${netconf_mount_expected_values} Create list ${substring1} ${substring2} ${substring3}
256 Set Suite Variable ${netconf_mount_expected_values}
258 ... ${CREATE_SSH_DEVICE_REQ_V1}
259 ... ${CURDIR}/../variables/netconf/callhome/json/apiv1/create_device.json
261 ... ${CREATE_SSH_DEVICE_REQ_V1_HOST_KEY_ONLY}
262 ... ${CURDIR}/../variables/netconf/callhome/json/apiv1/create_device_hostkey_only.json
264 ... ${CREATE_GLOBAL_CREDENTIALS_REQ}
265 ... ${CURDIR}/../variables/netconf/callhome/json/apiv1/create_global_credentials.json
267 ... ${CREATE_SSH_DEVICE_REQ_V2}
268 ... ${CURDIR}/../variables/netconf/callhome/json/apiv2/create_ssh_device.json
270 ... ${CREATE_SSH_DEVICE_REQ_V2_HOST_KEY_ONLY}
271 ... ${CURDIR}/../variables/netconf/callhome/json/apiv2/create_device_hostkey_only.json
273 ... ${CREATE_TLS_DEVICE_REQ}
274 ... ${CURDIR}/../variables/netconf/callhome/json/apiv2/create_tls_device.json
276 ... ${ADD_KEYSTORE_ENTRY_REQ}
277 ... ${CURDIR}/../variables/netconf/callhome/json/apiv2/add_keystore_entry.json
279 ... ${ADD_PRIVATE_KEY_REQ}
280 ... ${CURDIR}/../variables/netconf/callhome/json/apiv2/add_private_key.json
282 ... ${ADD_TRUSTED_CERTIFICATE}
283 ... ${CURDIR}/../variables/netconf/callhome/json/apiv2/add_trusted_certificate.json
286 [Documentation] Tearing down the setup.
287 Uninstall Docker Compose on tools system
288 RequestsLibrary.Delete_All_Sessions
289 SSHLibrary.Close_All_Connections