3 Library RequestsLibrary
4 Resource SSHKeywords.robot
5 Resource ../variables/Variables.robot
8 ${mount_point_url} /restconf/operational/network-topology:network-topology/topology/topology-netconf/
9 ${device_status} /restconf/operational/odl-netconf-callhome-server:netconf-callhome-server
10 ${whitelist} /restconf/config/odl-netconf-callhome-server:netconf-callhome-server/allowed-devices
11 ${global_config_url} /restconf/config/odl-netconf-callhome-server:netconf-callhome-server/global/credentials
12 ${netconf_keystore_url} /rests/operations/netconf-keystore
13 ${netconf_keystore_data_url} /rests/data/netconf-keystore:keystore
14 ${substring1} "netconf-node-topology:connection-status":"connected"
15 ${substring2} "node-id":"netopeer2"
16 ${substring3} "netconf-node-topology:available-capabilities"
20 [Arguments] ${status} ${id}=netopeer2
21 [Documentation] Checks the operational device status.
22 @{expectedValues} Create List "unique-id":"${id}" "callhome-status:device-status":"${status}"
23 Run Keyword If '${status}'=='FAILED_NOT_ALLOWED' or '${status}'=='FAILED_AUTH_FAILURE' Remove Values From List ${expectedValues} "unique-id":"${id}"
24 Utils.Check For Elements At URI ${device_status} ${expectedValues}
26 Apply SSH-based Call-Home configuration
27 [Documentation] Upload netopeer2 configuration files needed for SSH transport
28 SSHLibrary.Put File ${CURDIR}/../variables/netconf/callhome/configuration-files/ssh/ietf-netconf-server.xml
29 ... configuration-files/ietf-netconf-server.xml
30 SSHLibrary.Put File ${CURDIR}/../variables/netconf/callhome/configuration-files/ssh/ietf-keystore.xml
31 ... configuration-files/ietf-keystore.xml
33 Apply TLS-based Call-Home configuration
34 [Documentation] Upload netopeer2 configuration files needed for TLS transport
35 Generate certificates for TLS configuration
36 SSHLibrary.Put File ${CURDIR}/../variables/netconf/callhome/configuration-files/tls/ietf-keystore.xml
37 ... configuration-files/ietf-keystore.xml
38 SSHLibrary.Put File ${CURDIR}/../variables/netconf/callhome/configuration-files/tls/ietf-truststore.xml
39 ... configuration-files/ietf-truststore.xml
40 SSHLibrary.Put File ${CURDIR}/../variables/netconf/callhome/configuration-files/tls/ietf-netconf-server.xml
41 ... configuration-files/ietf-netconf-server.xml
43 Generate certificates for TLS configuration
44 [Documentation] Generates certificates for 2-way TLS authentication (ca, server, client)
45 ${stdout} SSHLibrary.Execute Command rm -rf ./certs && mkdir ./certs
46 SSHLibrary.Put File ${CURDIR}/../variables/netconf/callhome/x509_v3.cfg ./x509_v3.cfg
47 ${stdout} SSHLibrary.Execute Command openssl genrsa -out ./certs/ca.key 2048
48 ${stdout} SSHLibrary.Execute Command openssl req -x509 -new -extensions v3_ca -nodes -key ./certs/ca.key -sha256 -days 365 -subj "/C=US/ST=CA/L=Netopeer/O=netopeerCA/CN=netopeerCA" -out ./certs/ca.pem
49 ${stdout} SSHLibrary.Execute Command openssl genrsa -out ./certs/server.key 2048
50 ${stdout} SSHLibrary.Execute Command openssl req -new -sha256 -key ./certs/server.key -subj "/C=US/ST=CA/L=Netopeer/O=Netopeer2/CN=netopeer2-server" -out ./certs/server.csr
51 ${stdout} SSHLibrary.Execute Command openssl x509 -req -in ./certs/server.csr -CA ./certs/ca.pem -CAkey ./certs/ca.key -CAcreateserial -extfile x509_v3.cfg -out ./certs/server.crt -days 365 -sha256
52 ${stdout} SSHLibrary.Execute Command openssl rsa -in ./certs/server.key -pubout > ./certs/server.pub
53 ${stdout} SSHLibrary.Execute Command openssl genrsa -out ./certs/client.key 2048
54 ${stdout} SSHLibrary.Execute Command openssl req -new -sha256 -key ./certs/client.key -subj "/C=US/ST=CA/L=Netopeer/O=Netopeer2/CN=netopeer2-client" -out ./certs/client.csr
55 ${stdout} SSHLibrary.Execute Command openssl x509 -req -in ./certs/client.csr -CA ./certs/ca.pem -CAkey ./certs/ca.key -CAcreateserial -extfile x509_v3.cfg -out ./certs/client.crt -days 1024 -sha256
56 ${stdout} SSHLibrary.Execute Command mv ./certs ./configuration-files/certs
58 Register keys and certificates in ODL controller
59 [Documentation] Register pre-configured netopeer2 certificates and key in ODL-netconf keystore
60 ${base64-client-key} ${stderr} SSHLibrary.Execute_Command openssl enc -base64 -A -in ./configuration-files/certs/client.key return_stdout=True return_stderr=True
61 ${template} OperatingSystem.Get File ${ADD_KEYSTORE_ENTRY_REQ}
62 ${body} Replace String ${template} {base64-client-key} ${base64-client-key}
63 ${resp} RequestsLibrary.Post Request session ${netconf_keystore_url}:add-keystore-entry data=${body} headers=${HEADERS}
64 Should Contain ${ALLOWED_STATUS_CODES} ${resp.status_code}
65 ${client-key} ${stderr} SSHLibrary.Execute_Command sed -u '1d; $d' ./configuration-files/certs/client.key | sed -z 's!\\n!\\\\n!g' return_stdout=True return_stderr=True
66 ${certificate-chain} ${stderr} SSHLibrary.Execute_Command sed -u '1d; $d' ./configuration-files/certs/client.crt | sed -z 's!\\n!\\\\n!g' return_stdout=True return_stderr=True
67 ${template} OperatingSystem.Get File ${ADD_PRIVATE_KEY_REQ}
68 ${body} Replace String ${template} {client-key} ${client-key}
69 ${body} Replace String ${body} {certificate-chain} ${certificate-chain}
70 ${resp} RequestsLibrary.Post Request session ${netconf_keystore_url}:add-private-key data=${body} headers=${HEADERS}
71 Should Contain ${ALLOWED_STATUS_CODES} ${resp.status_code}
72 ${ca-certificate} ${stderr} SSHLibrary.Execute_Command sed -u '1d; $d' ./configuration-files/certs/ca.pem | sed -z 's!\\n!\\\\n!g' return_stdout=True return_stderr=True
73 ${device-certificate} ${stderr} SSHLibrary.Execute_Command sed -u '1d; $d' ./configuration-files/certs/server.crt | sed -z 's!\\n!\\\\n!g' return_stdout=True return_stderr=True
74 ${template} OperatingSystem.Get File ${ADD_TRUSTED_CERTIFICATE}
75 ${body} Replace String ${template} {ca-certificate} ${ca-certificate}
76 ${body} Replace String ${body} {device-certificate} ${device-certificate}
77 ${resp} RequestsLibrary.Post Request session ${netconf_keystore_url}:add-trusted-certificate data=${body} headers=${HEADERS}
78 Should Contain ${ALLOWED_STATUS_CODES} ${resp.status_code}
80 Register global credentials for SSH call-home devices (APIv1)
81 [Arguments] ${username} ${password}
82 [Documentation] Set global credentials for SSH call-home devices
83 ${template} OperatingSystem.Get File ${CREATE_GLOBAL_CREDENTIALS_REQ}
84 ${body} Replace String ${template} {username} ${username}
85 ${body} Replace String ${body} {password} ${password}
86 ${resp} RequestsLibrary.Put Request session ${global_config_url} data=${body} headers=${HEADERS}
87 Should Contain ${ALLOWED_STATUS_CODES} ${resp.status_code}
89 Register SSH call-home device in ODL controller (APIv1)
90 [Arguments] ${device_name} ${hostkey} ${username}=${EMPTY} ${password}=${EMPTY}
91 [Documentation] Registration call-home device with SSH transport
92 Run Keyword If '${username}' == '${EMPTY}' or '${password}' == '${EMPTY}' Get create device request without credentials template (APIv1)
93 ... ELSE Get create device request template (APIv1)
94 ${body} Replace String ${template} {device_name} ${device_name}
95 ${body} Replace String ${body} {username} ${username}
96 ${body} Replace String ${body} {password} ${password}
97 ${body} Replace String ${body} {hostkey} ${hostkey}
98 ${resp} RequestsLibrary.Post Request session ${whitelist} data=${body} headers=${HEADERS}
99 Should Contain ${ALLOWED_STATUS_CODES} ${resp.status_code}
101 Get create device request template (APIv1)
102 ${template} OperatingSystem.Get File ${CREATE_SSH_DEVICE_REQ_V1}
103 Set Test Variable ${template}
105 Get create device request without credentials template (APIv1)
106 ${template} OperatingSystem.Get File ${CREATE_SSH_DEVICE_REQ_V1_HOST_KEY_ONLY}
107 Set Test Variable ${template}
109 Register SSH call-home device in ODL controller (APIv2)
110 [Arguments] ${device_name} ${hostkey} ${username}=${EMPTY} ${password}=${EMPTY}
111 [Documentation] Registration call-home device with SSH transport using latest models
112 Run Keyword If '${username}' == '${EMPTY}' or '${password}' == '${EMPTY}' Get create device request without credentials template (APIv2)
113 ... ELSE Get create device request template (APIv2)
114 ${body} Replace String ${template} {device_name} ${device_name}
115 ${body} Replace String ${body} {username} ${username}
116 ${body} Replace String ${body} {password} ${password}
117 ${body} Replace String ${body} {hostkey} ${hostkey}
118 ${resp} RequestsLibrary.Post Request session ${whitelist} data=${body} headers=${HEADERS}
119 Should Contain ${ALLOWED_STATUS_CODES} ${resp.status_code}
121 Get create device request template (APIv2)
122 ${template} OperatingSystem.Get File ${CREATE_SSH_DEVICE_REQ_V2}
123 Set Test Variable ${template}
125 Get create device request without credentials template (APIv2)
126 ${template} OperatingSystem.Get File ${CREATE_SSH_DEVICE_REQ_V2_HOST_KEY_ONLY}
127 Set Test Variable ${template}
129 Register TLS call-home device in ODL controller (APIv2)
130 [Arguments] ${device_name} ${key_id} ${certificate_id}
131 [Documentation] Registration call-home device with TLS transport
132 ${template} OperatingSystem.Get File ${CREATE_TLS_DEVICE_REQ}
133 ${body} Replace String ${template} {device_name} ${device_name}
134 ${body} Replace String ${body} {key_id} ${key_id}
135 ${body} Replace String ${body} {certificate_id} ${certificate_id}
136 ${resp} RequestsLibrary.Post Request session ${whitelist} data=${body} headers=${HEADERS}
137 Should Contain ${ALLOWED_STATUS_CODES} ${resp.status_code}
139 Pull Netopeer2 Docker Image
140 [Documentation] Pulls the netopeer image from the docker repository.
141 ${stdout} ${stderr} ${rc}= SSHLibrary.Execute Command docker pull sysrepo/sysrepo-netopeer2:latest return_stdout=True return_stderr=True
143 ${stdout} ${stderr} ${rc}= SSHLibrary.Execute Command docker images return_stdout=True return_stderr=True
146 Install Docker Compose on tools system
147 [Documentation] Install docker-compose on tools system.
148 ${netopeer_conn_id} = SSHKeywords.Open_Connection_To_Tools_System
149 Builtin.Set Suite Variable ${netopeer_conn_id}
150 SSHLibrary.Write sudo curl -L "https://github.com/docker/compose/releases/download/1.11.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
151 ${output}= Wait Until Keyword Succeeds 30s 2s SSHLibrary.Read_Until_Prompt
152 ${stdout} ${stderr} ${rc}= SSHLibrary.Execute Command sudo chmod +x /usr/local/bin/docker-compose return_stdout=True return_stderr=True
155 Uninstall Docker Compose on tools system
156 [Documentation] Uninstall docker-compose on tools system
157 ${stdout} ${stderr} ${rc}= SSHLibrary.Execute Command pip uninstall docker-compose return_stdout=True return_stderr=True
161 [Documentation] Opens session towards ODL controller, set configuration folder, generates a new host key for the container
162 RequestsLibrary.Create_Session session http://${ODL_SYSTEM_IP}:${RESTCONFPORT} auth=${AUTH}
163 SSHLibrary.Execute_Command rm -rf ./configuration-files && mkdir configuration-files
164 SSHLibrary.Execute_Command ssh-keygen -q -t rsa -b 2048 -N '' -f ./configuration-files/ssh_host_rsa_key
165 ${public_key} SSHLibrary.Execute_Command cat configuration-files/ssh_host_rsa_key.pub | awk '{print $2}'
166 Set Test Variable ${NETOPEER_PUB_KEY} ${public_key}
169 [Documentation] Tears down the docker running netopeer and deletes entry from the whitelist.
170 ${stdout} ${stderr} ${rc}= SSHLibrary.Execute Command docker-compose logs return_stdout=True return_stderr=True
173 ${stdout} ${stderr} ${rc}= SSHLibrary.Execute Command docker-compose down return_stdout=True return_stderr=True
175 ${stdout} ${stderr} ${rc}= SSHLibrary.Execute Command docker ps -a return_stdout=True return_stderr=True
177 SSHLibrary.Execute_Command rm -rf ./configuration-files
178 ${resp} = RequestsLibrary.Delete_Request session ${whitelist}
179 ${resp} = RequestsLibrary.Delete_Request session ${netconf_keystore_data_url}
182 [Documentation] Get the suite ready for callhome test cases.
183 Install Docker Compose on tools system
184 Pull Netopeer2 Docker Image
185 SSHLibrary.Put File ${CURDIR}/../variables/netconf/callhome/docker-compose.yaml .
186 SSHLibrary.Put File ${CURDIR}/../variables/netconf/callhome/init_configuration.sh .
187 SSHLibrary.Execute_Command sed -i -e 's/ODL_SYSTEM_IP/${ODL_SYSTEM_IP}/g' docker-compose.yaml
188 ${netconf_mount_expected_values} Create list ${substring1} ${substring2} ${substring3}
189 Set Suite Variable ${netconf_mount_expected_values}
190 Set Suite Variable ${CREATE_SSH_DEVICE_REQ_V1} ${CURDIR}/../variables/netconf/callhome/json/apiv1/create_device.json
191 Set Suite Variable ${CREATE_SSH_DEVICE_REQ_V1_HOST_KEY_ONLY} ${CURDIR}/../variables/netconf/callhome/json/apiv1/create_device_hostkey_only.json
192 Set Suite Variable ${CREATE_GLOBAL_CREDENTIALS_REQ} ${CURDIR}/../variables/netconf/callhome/json/apiv1/create_global_credentials.json
193 Set Suite Variable ${CREATE_SSH_DEVICE_REQ_V2} ${CURDIR}/../variables/netconf/callhome/json/apiv2/create_ssh_device.json
194 Set Suite Variable ${CREATE_SSH_DEVICE_REQ_V2_HOST_KEY_ONLY} ${CURDIR}/../variables/netconf/callhome/json/apiv2/create_device_hostkey_only.json
195 Set Suite Variable ${CREATE_TLS_DEVICE_REQ} ${CURDIR}/../variables/netconf/callhome/json/apiv2/create_tls_device.json
196 Set Suite Variable ${ADD_KEYSTORE_ENTRY_REQ} ${CURDIR}/../variables/netconf/callhome/json/apiv2/add_keystore_entry.json
197 Set Suite Variable ${ADD_PRIVATE_KEY_REQ} ${CURDIR}/../variables/netconf/callhome/json/apiv2/add_private_key.json
198 Set Suite Variable ${ADD_TRUSTED_CERTIFICATE} ${CURDIR}/../variables/netconf/callhome/json/apiv2/add_trusted_certificate.json
201 [Documentation] Tearing down the setup.
202 Uninstall Docker Compose on tools system
203 RequestsLibrary.Delete_All_Sessions
204 SSHLibrary.Close_All_Connections