X-Git-Url: https://git.opendaylight.org/gerrit/gitweb?a=blobdiff_plain;f=csit%2Flibraries%2FNetconfCallHome.robot;h=415f7cdae5ec96f5954b7e9171bc4661fc96105c;hb=bf53c6c85bb53ee48269e4cd22453d3963aae90e;hp=6afb7bfc2a3302be17040c59382262e54053806e;hpb=ce300688a6369a7fcbb1654c753357acfad047b5;p=integration%2Ftest.git diff --git a/csit/libraries/NetconfCallHome.robot b/csit/libraries/NetconfCallHome.robot index 6afb7bfc2a..415f7cdae5 100644 --- a/csit/libraries/NetconfCallHome.robot +++ b/csit/libraries/NetconfCallHome.robot @@ -1,24 +1,30 @@ *** Settings *** -Library SSHLibrary -Library RequestsLibrary -Resource SSHKeywords.robot -Resource ../variables/Variables.robot +Library SSHLibrary +Library RequestsLibrary +Resource SSHKeywords.robot +Resource ../variables/Variables.robot + *** Variables *** -${mount_point_url} /restconf/operational/network-topology:network-topology/topology/topology-netconf/ -${device_status} /restconf/operational/odl-netconf-callhome-server:netconf-callhome-server -${whitelist} /restconf/config/odl-netconf-callhome-server:netconf-callhome-server/allowed-devices -${global_config_url} /restconf/config/odl-netconf-callhome-server:netconf-callhome-server/global/credentials -${substring1} "netconf-node-topology:connection-status":"connected" -${substring2} "node-id":"netopeer2" -${substring3} "netconf-node-topology:available-capabilities" +${mount_point_url} /restconf/operational/network-topology:network-topology/topology/topology-netconf/ +${device_status} /restconf/operational/odl-netconf-callhome-server:netconf-callhome-server +${whitelist} /restconf/config/odl-netconf-callhome-server:netconf-callhome-server/allowed-devices +${global_config_url} /restconf/config/odl-netconf-callhome-server:netconf-callhome-server/global/credentials +${netconf_keystore_url} /rests/operations/netconf-keystore +${netconf_keystore_data_url} /rests/data/netconf-keystore:keystore +${substring1} "netconf-node-topology:connection-status":"connected" +${substring2} "node-id":"netopeer2" +${substring3} "netconf-node-topology:available-capabilities" + *** Keywords *** Check Device status - [Arguments] ${status} ${id}=netopeer2 [Documentation] Checks the operational device status. + [Arguments] ${status} ${id}=netopeer2 @{expectedValues} Create List "unique-id":"${id}" "callhome-status:device-status":"${status}" - Run Keyword If '${status}'=='FAILED_NOT_ALLOWED' or '${status}'=='FAILED_AUTH_FAILURE' Remove Values From List ${expectedValues} "unique-id":"${id}" + IF '${status}'=='FAILED_NOT_ALLOWED' or '${status}'=='FAILED_AUTH_FAILURE' + Remove Values From List ${expectedValues} "unique-id":"${id}" + END Utils.Check For Elements At URI ${device_status} ${expectedValues} Apply SSH-based Call-Home configuration @@ -28,9 +34,88 @@ Apply SSH-based Call-Home configuration SSHLibrary.Put File ${CURDIR}/../variables/netconf/callhome/configuration-files/ssh/ietf-keystore.xml ... configuration-files/ietf-keystore.xml +Apply TLS-based Call-Home configuration + [Documentation] Upload netopeer2 configuration files needed for TLS transport + Generate certificates for TLS configuration + SSHLibrary.Put File ${CURDIR}/../variables/netconf/callhome/configuration-files/tls/ietf-keystore.xml + ... configuration-files/ietf-keystore.xml + SSHLibrary.Put File ${CURDIR}/../variables/netconf/callhome/configuration-files/tls/ietf-truststore.xml + ... configuration-files/ietf-truststore.xml + SSHLibrary.Put File ${CURDIR}/../variables/netconf/callhome/configuration-files/tls/ietf-netconf-server.xml + ... configuration-files/ietf-netconf-server.xml + +Generate certificates for TLS configuration + [Documentation] Generates certificates for 2-way TLS authentication (ca, server, client) + ${stdout} SSHLibrary.Execute Command rm -rf ./certs && mkdir ./certs + SSHLibrary.Put File ${CURDIR}/../variables/netconf/callhome/x509_v3.cfg ./x509_v3.cfg + ${stdout} SSHLibrary.Execute Command openssl genrsa -out ./certs/ca.key 2048 + ${stdout} SSHLibrary.Execute Command + ... openssl req -x509 -new -extensions v3_ca -nodes -key ./certs/ca.key -sha256 -days 365 -subj "/C=US/ST=CA/L=Netopeer/O=netopeerCA/CN=netopeerCA" -out ./certs/ca.pem + ${stdout} SSHLibrary.Execute Command openssl genrsa -out ./certs/server.key 2048 + ${stdout} SSHLibrary.Execute Command + ... openssl req -new -sha256 -key ./certs/server.key -subj "/C=US/ST=CA/L=Netopeer/O=Netopeer2/CN=netopeer2-server" -out ./certs/server.csr + ${stdout} SSHLibrary.Execute Command + ... openssl x509 -req -in ./certs/server.csr -CA ./certs/ca.pem -CAkey ./certs/ca.key -CAcreateserial -extfile x509_v3.cfg -out ./certs/server.crt -days 365 -sha256 + ${stdout} SSHLibrary.Execute Command openssl rsa -in ./certs/server.key -pubout > ./certs/server.pub + ${stdout} SSHLibrary.Execute Command openssl genrsa -out ./certs/client.key 2048 + ${stdout} SSHLibrary.Execute Command + ... openssl req -new -sha256 -key ./certs/client.key -subj "/C=US/ST=CA/L=Netopeer/O=Netopeer2/CN=netopeer2-client" -out ./certs/client.csr + ${stdout} SSHLibrary.Execute Command + ... openssl x509 -req -in ./certs/client.csr -CA ./certs/ca.pem -CAkey ./certs/ca.key -CAcreateserial -extfile x509_v3.cfg -out ./certs/client.crt -days 1024 -sha256 + ${stdout} SSHLibrary.Execute Command mv ./certs ./configuration-files/certs + +Register keys and certificates in ODL controller + [Documentation] Register pre-configured netopeer2 certificates and key in ODL-netconf keystore + ${base64-client-key} ${stderr} SSHLibrary.Execute_Command + ... openssl enc -base64 -A -in ./configuration-files/certs/client.key + ... return_stdout=True + ... return_stderr=True + ${template} OperatingSystem.Get File ${ADD_KEYSTORE_ENTRY_REQ} + ${body} Replace String ${template} {base64-client-key} ${base64-client-key} + ${resp} RequestsLibrary.Post Request + ... session + ... ${netconf_keystore_url}:add-keystore-entry + ... data=${body} + ... headers=${HEADERS} + Should Contain ${ALLOWED_STATUS_CODES} ${resp.status_code} + ${client-key} ${stderr} SSHLibrary.Execute_Command + ... sed -u '1d; $d' ./configuration-files/certs/client.key | sed -z 's!\\n!\\\\n!g' + ... return_stdout=True + ... return_stderr=True + ${certificate-chain} ${stderr} SSHLibrary.Execute_Command + ... sed -u '1d; $d' ./configuration-files/certs/client.crt | sed -z 's!\\n!\\\\n!g' + ... return_stdout=True + ... return_stderr=True + ${template} OperatingSystem.Get File ${ADD_PRIVATE_KEY_REQ} + ${body} Replace String ${template} {client-key} ${client-key} + ${body} Replace String ${body} {certificate-chain} ${certificate-chain} + ${resp} RequestsLibrary.Post Request + ... session + ... ${netconf_keystore_url}:add-private-key + ... data=${body} + ... headers=${HEADERS} + Should Contain ${ALLOWED_STATUS_CODES} ${resp.status_code} + ${ca-certificate} ${stderr} SSHLibrary.Execute_Command + ... sed -u '1d; $d' ./configuration-files/certs/ca.pem | sed -z 's!\\n!\\\\n!g' + ... return_stdout=True + ... return_stderr=True + ${device-certificate} ${stderr} SSHLibrary.Execute_Command + ... sed -u '1d; $d' ./configuration-files/certs/server.crt | sed -z 's!\\n!\\\\n!g' + ... return_stdout=True + ... return_stderr=True + ${template} OperatingSystem.Get File ${ADD_TRUSTED_CERTIFICATE} + ${body} Replace String ${template} {ca-certificate} ${ca-certificate} + ${body} Replace String ${body} {device-certificate} ${device-certificate} + ${resp} RequestsLibrary.Post Request + ... session + ... ${netconf_keystore_url}:add-trusted-certificate + ... data=${body} + ... headers=${HEADERS} + Should Contain ${ALLOWED_STATUS_CODES} ${resp.status_code} + Register global credentials for SSH call-home devices (APIv1) - [Arguments] ${username} ${password} [Documentation] Set global credentials for SSH call-home devices + [Arguments] ${username} ${password} ${template} OperatingSystem.Get File ${CREATE_GLOBAL_CREDENTIALS_REQ} ${body} Replace String ${template} {username} ${username} ${body} Replace String ${body} {password} ${password} @@ -38,10 +123,13 @@ Register global credentials for SSH call-home devices (APIv1) Should Contain ${ALLOWED_STATUS_CODES} ${resp.status_code} Register SSH call-home device in ODL controller (APIv1) - [Arguments] ${device_name} ${hostkey} ${username}=${EMPTY} ${password}=${EMPTY} [Documentation] Registration call-home device with SSH transport - Run Keyword If '${username}' == '${EMPTY}' or '${password}' == '${EMPTY}' Get create device request without credentials template (APIv1) - ... ELSE Get create device request template (APIv1) + [Arguments] ${device_name} ${hostkey} ${username}=${EMPTY} ${password}=${EMPTY} + IF '${username}' == '${EMPTY}' or '${password}' == '${EMPTY}' + Get create device request without credentials template (APIv1) + ELSE + Get create device request template (APIv1) + END ${body} Replace String ${template} {device_name} ${device_name} ${body} Replace String ${body} {username} ${username} ${body} Replace String ${body} {password} ${password} @@ -58,10 +146,13 @@ Get create device request without credentials template (APIv1) Set Test Variable ${template} Register SSH call-home device in ODL controller (APIv2) - [Arguments] ${device_name} ${hostkey} ${username}=${EMPTY} ${password}=${EMPTY} [Documentation] Registration call-home device with SSH transport using latest models - Run Keyword If '${username}' == '${EMPTY}' or '${password}' == '${EMPTY}' Get create device request without credentials template (APIv2) - ... ELSE Get create device request template (APIv2) + [Arguments] ${device_name} ${hostkey} ${username}=${EMPTY} ${password}=${EMPTY} + IF '${username}' == '${EMPTY}' or '${password}' == '${EMPTY}' + Get create device request without credentials template (APIv2) + ELSE + Get create device request template (APIv2) + END ${body} Replace String ${template} {device_name} ${device_name} ${body} Replace String ${body} {username} ${username} ${body} Replace String ${body} {password} ${password} @@ -77,25 +168,48 @@ Get create device request without credentials template (APIv2) ${template} OperatingSystem.Get File ${CREATE_SSH_DEVICE_REQ_V2_HOST_KEY_ONLY} Set Test Variable ${template} +Register TLS call-home device in ODL controller (APIv2) + [Documentation] Registration call-home device with TLS transport + [Arguments] ${device_name} ${key_id} ${certificate_id} + ${template} OperatingSystem.Get File ${CREATE_TLS_DEVICE_REQ} + ${body} Replace String ${template} {device_name} ${device_name} + ${body} Replace String ${body} {key_id} ${key_id} + ${body} Replace String ${body} {certificate_id} ${certificate_id} + ${resp} RequestsLibrary.Post Request session ${whitelist} data=${body} headers=${HEADERS} + Should Contain ${ALLOWED_STATUS_CODES} ${resp.status_code} + Pull Netopeer2 Docker Image [Documentation] Pulls the netopeer image from the docker repository. - ${stdout} ${stderr} ${rc}= SSHLibrary.Execute Command docker pull sysrepo/sysrepo-netopeer2:latest return_stdout=True return_stderr=True + ${stdout} ${stderr} ${rc} SSHLibrary.Execute Command + ... docker pull sysrepo/sysrepo-netopeer2:latest + ... return_stdout=True + ... return_stderr=True ... return_rc=True - ${stdout} ${stderr} ${rc}= SSHLibrary.Execute Command docker images return_stdout=True return_stderr=True + ${stdout} ${stderr} ${rc} SSHLibrary.Execute Command + ... docker images + ... return_stdout=True + ... return_stderr=True ... return_rc=True Install Docker Compose on tools system [Documentation] Install docker-compose on tools system. - ${netopeer_conn_id} = SSHKeywords.Open_Connection_To_Tools_System + ${netopeer_conn_id} SSHKeywords.Open_Connection_To_Tools_System Builtin.Set Suite Variable ${netopeer_conn_id} - SSHLibrary.Write sudo curl -L "https://github.com/docker/compose/releases/download/1.11.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose - ${output}= Wait Until Keyword Succeeds 30s 2s SSHLibrary.Read_Until_Prompt - ${stdout} ${stderr} ${rc}= SSHLibrary.Execute Command sudo chmod +x /usr/local/bin/docker-compose return_stdout=True return_stderr=True + SSHLibrary.Write + ... sudo curl -L "https://github.com/docker/compose/releases/download/1.11.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose + ${output} Wait Until Keyword Succeeds 30s 2s SSHLibrary.Read_Until_Prompt + ${stdout} ${stderr} ${rc} SSHLibrary.Execute Command + ... sudo chmod +x /usr/local/bin/docker-compose + ... return_stdout=True + ... return_stderr=True ... return_rc=True Uninstall Docker Compose on tools system [Documentation] Uninstall docker-compose on tools system - ${stdout} ${stderr} ${rc}= SSHLibrary.Execute Command pip uninstall docker-compose return_stdout=True return_stderr=True + ${stdout} ${stderr} ${rc} SSHLibrary.Execute Command + ... pip uninstall docker-compose + ... return_stdout=True + ... return_stderr=True ... return_rc=True Test Setup @@ -108,15 +222,25 @@ Test Setup Test Teardown [Documentation] Tears down the docker running netopeer and deletes entry from the whitelist. - ${stdout} ${stderr} ${rc}= SSHLibrary.Execute Command docker-compose logs return_stdout=True return_stderr=True + ${stdout} ${stderr} ${rc} SSHLibrary.Execute Command + ... docker-compose logs + ... return_stdout=True + ... return_stderr=True ... return_rc=True Log ${stdout} - ${stdout} ${stderr} ${rc}= SSHLibrary.Execute Command docker-compose down return_stdout=True return_stderr=True + ${stdout} ${stderr} ${rc} SSHLibrary.Execute Command + ... docker-compose down + ... return_stdout=True + ... return_stderr=True ... return_rc=True - ${stdout} ${stderr} ${rc}= SSHLibrary.Execute Command docker ps -a return_stdout=True return_stderr=True + ${stdout} ${stderr} ${rc} SSHLibrary.Execute Command + ... docker ps -a + ... return_stdout=True + ... return_stderr=True ... return_rc=True SSHLibrary.Execute_Command rm -rf ./configuration-files - ${resp} = RequestsLibrary.Delete_Request session ${whitelist} + ${resp} RequestsLibrary.Delete_On_Session session ${whitelist} + ${resp} RequestsLibrary.Delete_On_Session session ${netconf_keystore_data_url} Suite Setup [Documentation] Get the suite ready for callhome test cases. @@ -125,13 +249,38 @@ Suite Setup SSHLibrary.Put File ${CURDIR}/../variables/netconf/callhome/docker-compose.yaml . SSHLibrary.Put File ${CURDIR}/../variables/netconf/callhome/init_configuration.sh . SSHLibrary.Execute_Command sed -i -e 's/ODL_SYSTEM_IP/${ODL_SYSTEM_IP}/g' docker-compose.yaml + ${netconf_cl_ssh_port} Set_Variable_If_At_Least_Sulfur 4334 6666 + SSHLibrary.Execute_Command sed -i -e 's/NETCONF_CH_SSH/${netconf_cl_ssh_port}/g' docker-compose.yaml + SSHLibrary.Execute_Command sed -i -e 's/NETCONF_CH_TLS/4335/g' docker-compose.yaml ${netconf_mount_expected_values} Create list ${substring1} ${substring2} ${substring3} Set Suite Variable ${netconf_mount_expected_values} - Set Suite Variable ${CREATE_SSH_DEVICE_REQ_V1} ${CURDIR}/../variables/netconf/callhome/json/apiv1/create_device.json - Set Suite Variable ${CREATE_SSH_DEVICE_REQ_V1_HOST_KEY_ONLY} ${CURDIR}/../variables/netconf/callhome/json/apiv1/create_device_hostkey_only.json - Set Suite Variable ${CREATE_GLOBAL_CREDENTIALS_REQ} ${CURDIR}/../variables/netconf/callhome/json/apiv1/create_global_credentials.json - Set Suite Variable ${CREATE_SSH_DEVICE_REQ_V2} ${CURDIR}/../variables/netconf/callhome/json/apiv2/create_ssh_device.json - Set Suite Variable ${CREATE_SSH_DEVICE_REQ_V2_HOST_KEY_ONLY} ${CURDIR}/../variables/netconf/callhome/json/apiv2/create_device_hostkey_only.json + Set Suite Variable + ... ${CREATE_SSH_DEVICE_REQ_V1} + ... ${CURDIR}/../variables/netconf/callhome/json/apiv1/create_device.json + Set Suite Variable + ... ${CREATE_SSH_DEVICE_REQ_V1_HOST_KEY_ONLY} + ... ${CURDIR}/../variables/netconf/callhome/json/apiv1/create_device_hostkey_only.json + Set Suite Variable + ... ${CREATE_GLOBAL_CREDENTIALS_REQ} + ... ${CURDIR}/../variables/netconf/callhome/json/apiv1/create_global_credentials.json + Set Suite Variable + ... ${CREATE_SSH_DEVICE_REQ_V2} + ... ${CURDIR}/../variables/netconf/callhome/json/apiv2/create_ssh_device.json + Set Suite Variable + ... ${CREATE_SSH_DEVICE_REQ_V2_HOST_KEY_ONLY} + ... ${CURDIR}/../variables/netconf/callhome/json/apiv2/create_device_hostkey_only.json + Set Suite Variable + ... ${CREATE_TLS_DEVICE_REQ} + ... ${CURDIR}/../variables/netconf/callhome/json/apiv2/create_tls_device.json + Set Suite Variable + ... ${ADD_KEYSTORE_ENTRY_REQ} + ... ${CURDIR}/../variables/netconf/callhome/json/apiv2/add_keystore_entry.json + Set Suite Variable + ... ${ADD_PRIVATE_KEY_REQ} + ... ${CURDIR}/../variables/netconf/callhome/json/apiv2/add_private_key.json + Set Suite Variable + ... ${ADD_TRUSTED_CERTIFICATE} + ... ${CURDIR}/../variables/netconf/callhome/json/apiv2/add_trusted_certificate.json Suite Teardown [Documentation] Tearing down the setup.