From: Jamo Luhrsen Date: Mon, 17 Nov 2014 23:13:11 +0000 (-0800) Subject: New Test(s) for AAA (disable/enable authentication and verify) X-Git-Tag: release/helium-sr1.1~15 X-Git-Url: https://git.opendaylight.org/gerrit/gitweb?a=commitdiff_plain;h=85a0317ea61dfc47c8a82b5e5ad082aa8cae46a8;p=integration%2Ftest.git New Test(s) for AAA (disable/enable authentication and verify) Change-Id: I578765894222dba933509c2f4e946ef28a3d143c Signed-off-by: Jamo Luhrsen --- diff --git a/test/csit/libraries/AAAKeywords.txt b/test/csit/libraries/AAAKeywords.txt index fca8ccfffd..b8f1ff04bd 100644 --- a/test/csit/libraries/AAAKeywords.txt +++ b/test/csit/libraries/AAAKeywords.txt @@ -3,7 +3,9 @@ Library ./RequestsLibrary.py Variables ../variables/Variables.py *** Variables *** - +${WORKSPACE} /opt/jenkins-integration/workspace/shared-controller +${BUNDLEFOLDER} distribution-karaf-0.3.0-SNAPSHOT +${AUTHN_CFG_FILE} ${WORKSPACE}/${BUNDLEFOLDER}/etc/org.opendaylight.aaa.authn.cfg *** Keywords *** AAA Login @@ -26,6 +28,38 @@ Create Auth Data ... ${data} [Return] ${data} +Disable Authentication On Controller + [Arguments] ${controller_ip} + [Documentation] Will disable token based authentication. Currently, that is done with a config file change + SSHLibrary.Open Connection ${controller_ip} + Login With Public Key ${MININET_USER} ${USER_HOME}/.ssh/id_rsa any + ${cmd}= Set Variable sed -i 's/^authEnabled=.*$/authEnabled=false/g' ${AUTHN_CFG_FILE} + SSHLibrary.Execute Command ${cmd} + +Enable Authentication On Controller + [Arguments] ${controller_ip} + [Documentation] Will enable token based authentication. Currently, that is done with a config file change + SSHLibrary.Open Connection ${controller_ip} + Login With Public Key ${MININET_USER} ${USER_HOME}/.ssh/id_rsa any + ${cmd}= Set Variable sed -i 's/^authEnabled=.*$/authEnabled=true/g' ${AUTHN_CFG_FILE} + SSHLibrary.Execute Command ${cmd} + +Get Auth Token + [Arguments] ${user}=${USER} ${password}=${PWD} ${scope}=${SCOPE} ${client_id}=${EMPTY} ${client_secret}=${EMPTY} + [Documentation] Wrapper used to login to controller and retrieve an auth token. Optional argumented available for client based credentials. + ${auth_data}= Create Auth Data ${USER} ${PWD} ${scope} ${client_id} ${client_secret} + ${resp}= AAA Login ${CONTROLLER} ${auth_data} + Should Be Equal As Strings ${resp.status_code} 201 + ${auth_token}= Extract Value From Content ${resp.content} /access_token strip + [Return] ${auth_token} + +Revoke Auth Token + [Arguments] ${token} + [Documentation] Requests the given token be revoked via POST to ${REVOKE_TOKEN_API} + ${headers}= Create Dictionary Content-Type application/x-www-form-urlencoded + ${resp}= RequestsLibrary.POST ODL_SESSION ${REVOKE_TOKEN_API} data=${token} headers=${headers} + Should Be Equal As Strings ${resp.status_code} 204 + Validate Token Format [Arguments] ${token} [Documentation] Validates the given string is in the proper "token" format diff --git a/test/csit/suites/karaf-compatible/900__AAA/010_Credential_Authentication.txt b/test/csit/suites/karaf-compatible/900__AAA/010_Credential_Authentication.txt index 94cf7514af..dadfed0023 100644 --- a/test/csit/suites/karaf-compatible/900__AAA/010_Credential_Authentication.txt +++ b/test/csit/suites/karaf-compatible/900__AAA/010_Credential_Authentication.txt @@ -17,12 +17,9 @@ Resource ../../../libraries/AAAKeywords.txt *** Test Cases *** Get Token With Valid Username And Password [Documentation] Sanity test to ensure default user/password can get a token - ${auth_data}= Create Auth Data ${USER} ${PWD} - ${resp}= AAA Login ${CONTROLLER} ${auth_data} - ${auth_token}= Extract Value From Content ${resp.content} /access_token strip + ${auth_token}= Get Auth Token Should Be String ${auth_token} Log Token: ${auth_token} - Should Be Equal As Strings ${resp.status_code} 201 Validate Token Format ${auth_token} Fail To Get Token With Invalid Username And Password @@ -37,48 +34,47 @@ Fail To Get Token With Invalid Username And Password Create Token with Client Authorization [Documentation] Get a token using client domain - ${auth_data}= Create Auth Data ${USER} ${PWD} ${SCOPE} dlux secrete - ${resp}= AAA Login ${CONTROLLER} ${auth_data} - ${auth_token}= Extract Value From Content ${resp.content} /access_token strip + ${auth_token}= Get Auth Token ${USER} ${PWD} ${SCOPE} dlux secrete Should Be String ${auth_token} Log Token: ${auth_token} - Should Be Equal As Strings ${resp.status_code} 201 Validate Token Format ${auth_token} Token Authentication In REST Request [Documentation] Use a token to make a successful REST transaction - ${auth_data}= Create Auth Data ${USER} ${PWD} - ${resp}= AAA Login ${CONTROLLER} ${auth_data} - ${auth_token}= Extract Value From Content ${resp.content} /access_token strip - Create Session ODL_SESSION http://${CONTROLLER}:8181 - ${headers}= Create Dictionary Content-Type application/x-www-form-urlencoded - Set To Dictionary ${headers} Authorization Bearer ${auth_token} - ${resp}= RequestsLibrary.GET ODL_SESSION ${OPERATIONAL_NODES_API} headers=${headers} - Log STATUS_CODE: ${resp.status_code} CONTENT: ${resp.content} - Should Be Equal As Strings ${resp.status_code} 200 - Should Contain ${resp.content} nodes + ${auth_token}= Get Auth Token + Make REST Transaction 200 ${auth_token} -Revoke Token +Revoke Token And Verify Transaction Fails [Documentation] negative test to revoke valid token and check that REST transaction fails - ${auth_data}= Create Auth Data ${USER} ${PWD} - ${resp}= AAA Login ${CONTROLLER} ${auth_data} - ${auth_token}= Extract Value From Content ${resp.content} /access_token strip + ${auth_token}= Get Auth Token + Make REST Transaction 200 ${auth_token} + Revoke Auth Token ${auth_token} + Make REST Transaction 401 ${auth_token} + +Disable Authentication And Re-Enable Authentication + [Documentation] Toggles authentication off and verifies that no login credentials are needed for REST transactions + Disable Authentication On Controller ${CONTROLLER} + Wait Until Keyword Succeeds 10s 1s Make REST Transaction 200 + Enable Authentication On Controller ${CONTROLLER} + Wait Until Keyword Succeeds 10s 1s Validate That Authentication Fails With Wrong Token + ${auth_token}= Get Auth Token + Make REST Transaction 200 ${auth_token} + +*** Keywords *** +Validate That Authentication Fails With Wrong Token + ${bad_token}= Set Variable notARealToken + Make REST Transaction 401 ${bad_token} + +Make REST Transaction + [Arguments] ${expected_status_code} ${auth_data}=${EMPTY} Create Session ODL_SESSION http://${CONTROLLER}:8181 ${headers}= Create Dictionary Content-Type application/x-www-form-urlencoded - Set To Dictionary ${headers} Authorization Bearer ${auth_token} + Run Keyword If "${auth_data}" != "${EMPTY}" Set To Dictionary ${headers} Authorization Bearer ${auth_data} ${resp}= RequestsLibrary.GET ODL_SESSION ${OPERATIONAL_NODES_API} headers=${headers} Log STATUS_CODE: ${resp.status_code} CONTENT: ${resp.content} - Should Be Equal As Strings ${resp.status_code} 200 + Should Be Equal As Strings ${resp.status_code} ${expected_status_code} Should Contain ${resp.content} nodes - ${headers}= Create Dictionary Content-Type application/x-www-form-urlencoded - ${resp}= RequestsLibrary.POST ODL_SESSION ${REVOKE_TOKEN_API} data=${auth_token} headers=${headers} - Should Be Equal As Strings ${resp.status_code} 204 - Set To Dictionary ${headers} Authorization Bearer ${auth_token} - ${resp}= RequestsLibrary.GET ODL_SESSION ${OPERATIONAL_NODES_API} headers=${headers} - Log STATUS_CODE: ${resp.status_code} CONTENT: ${resp.content} - Should Be Equal As Strings ${resp.status_code} 401 -*** Keywords *** Credential Authentication Suite Setup Log Suite Setup