From 514cdc2ebf3ee4ef91928b7e1de3244d4a10d540 Mon Sep 17 00:00:00 2001 From: Martin Balaz Date: Mon, 10 Feb 2025 13:23:32 +0100 Subject: [PATCH] Fix CSIT Netconf Callhome tests Netconf Callhome robot tests are failing, fix these tests. - instead of envsubst command use python expandvars function, as envsubst is not installed in sysrepo-netopeer2 docker image - store certificates and keys in pem format JIRA: INTTEST-148 Change-Id: I762ffd49bf6a883441c24c78705f5b04251847ca Signed-off-by: Martin Balaz --- csit/libraries/NetconfCallHome.robot | 47 +++++++++++-------- .../netconf/callhome/init_configuration.sh | 18 +++---- .../json/apiv2/add_keystore_entry.json | 2 +- 3 files changed, 37 insertions(+), 30 deletions(-) diff --git a/csit/libraries/NetconfCallHome.robot b/csit/libraries/NetconfCallHome.robot index 04491d7bc7..79d2ac9193 100644 --- a/csit/libraries/NetconfCallHome.robot +++ b/csit/libraries/NetconfCallHome.robot @@ -65,14 +65,30 @@ Generate certificates for TLS configuration ... openssl x509 -req -in ./certs/client.csr -CA ./certs/ca.pem -CAkey ./certs/ca.key -CAcreateserial -extfile x509_v3.cfg -out ./certs/client.crt -days 1024 -sha256 ${stdout} SSHLibrary.Execute Command mv ./certs ./configuration-files/certs +Get certificate file content + [Documentation] Get certificate or key file content + [Arguments] ${file_name} + ${content} ${stderr} CompareStream.Run_Keyword_If_At_Least_Else + ... scandium + ... SSHLibrary.Execute_Command + ... sed -z 's!\\n!\\\\n!g' ./configuration-files/certs/${file_name} + ... return_stdout=True + ... return_stderr=True + ... ELSE + ... SSHLibrary.Execute_Command + ... sed -u '1d; $d' ./configuration-files/certs/${file_name} | sed -z 's!\\n!\\\\n!g' + ... return_stdout=True + ... return_stderr=True + RETURN ${content} + Register keys and certificates in ODL controller [Documentation] Register pre-configured netopeer2 certificates and key in ODL-netconf keystore - ${base64-client-key} ${stderr} SSHLibrary.Execute_Command - ... openssl enc -base64 -A -in ./configuration-files/certs/client.key + ${pem-client-key} ${stderr} SSHLibrary.Execute_Command + ... cat ./configuration-files/certs/client.key ... return_stdout=True ... return_stderr=True ${template} OperatingSystem.Get File ${ADD_KEYSTORE_ENTRY_REQ} - ${body} Replace String ${template} {base64-client-key} ${base64-client-key} + ${body} Replace String ${template} {pem-client-key} ${pem-client-key} ${resp} RequestsLibrary.POST On Session ... session ... url=${netconf_keystore_url}:add-keystore-entry @@ -80,14 +96,8 @@ Register keys and certificates in ODL controller ... headers=${HEADERS} ... expected_status=anything Should Contain ${ALLOWED_STATUS_CODES} ${resp.status_code} - ${client-key} ${stderr} SSHLibrary.Execute_Command - ... sed -u '1d; $d' ./configuration-files/certs/client.key | sed -z 's!\\n!\\\\n!g' - ... return_stdout=True - ... return_stderr=True - ${certificate-chain} ${stderr} SSHLibrary.Execute_Command - ... sed -u '1d; $d' ./configuration-files/certs/client.crt | sed -z 's!\\n!\\\\n!g' - ... return_stdout=True - ... return_stderr=True + ${client-key} Get certificate file content client.key + ${certificate-chain} Get certificate file content client.crt ${template} OperatingSystem.Get File ${ADD_PRIVATE_KEY_REQ} ${body} Replace String ${template} {client-key} ${client-key} ${body} Replace String ${body} {certificate-chain} ${certificate-chain} @@ -98,14 +108,8 @@ Register keys and certificates in ODL controller ... headers=${HEADERS} ... expected_status=anything Should Contain ${ALLOWED_STATUS_CODES} ${resp.status_code} - ${ca-certificate} ${stderr} SSHLibrary.Execute_Command - ... sed -u '1d; $d' ./configuration-files/certs/ca.pem | sed -z 's!\\n!\\\\n!g' - ... return_stdout=True - ... return_stderr=True - ${device-certificate} ${stderr} SSHLibrary.Execute_Command - ... sed -u '1d; $d' ./configuration-files/certs/server.crt | sed -z 's!\\n!\\\\n!g' - ... return_stdout=True - ... return_stderr=True + ${ca-certificate} Get certificate file content ca.pem + ${device-certificate} Get certificate file content server.crt ${template} OperatingSystem.Get File ${ADD_TRUSTED_CERTIFICATE} ${body} Replace String ${template} {ca-certificate} ${ca-certificate} ${body} Replace String ${body} {device-certificate} ${device-certificate} @@ -240,7 +244,7 @@ Test Setup [Documentation] Opens session towards ODL controller, set configuration folder, generates a new host key for the container RequestsLibrary.Create_Session session http://${ODL_SYSTEM_IP}:${RESTCONFPORT} auth=${AUTH} SSHLibrary.Execute_Command rm -rf ./configuration-files && mkdir configuration-files - SSHLibrary.Execute_Command ssh-keygen -q -t rsa -b 2048 -N '' -f ./configuration-files/ssh_host_rsa_key + SSHLibrary.Execute_Command ssh-keygen -q -t rsa -b 2048 -N '' -m pem -f ./configuration-files/ssh_host_rsa_key ${public_key} SSHLibrary.Execute_Command cat configuration-files/ssh_host_rsa_key.pub | awk '{print $2}' Set Test Variable ${NETOPEER_PUB_KEY} ${public_key} @@ -311,6 +315,9 @@ Suite Setup Set Suite Variable ... ${ADD_TRUSTED_CERTIFICATE} ... ${CURDIR}/../variables/netconf/callhome/json/apiv2/add_trusted_certificate.json + SSHLibrary.Execute_Command ssh-keygen -q -t rsa -b 2048 -N '' -m pem -f ./incorrect_ssh_host_rsa_key + ${incorrect_public_key} SSHLibrary.Execute_Command awk '{print $2}' incorrect_ssh_host_rsa_key.pub + Set Suite Variable ${INCORRECT_PUB_KEY} ${incorrect_public_key} Suite Teardown [Documentation] Tearing down the setup. diff --git a/csit/variables/netconf/callhome/init_configuration.sh b/csit/variables/netconf/callhome/init_configuration.sh index e8925e6362..b2e68cf38b 100644 --- a/csit/variables/netconf/callhome/init_configuration.sh +++ b/csit/variables/netconf/callhome/init_configuration.sh @@ -33,7 +33,7 @@ import_module() fi # Replace placeholders in templates with ENV variables - envsubst < $CONFIG_PATH/$MODULE_NAME.xml > $MODULE_NAME.tmp + python3 -c "import os, sys; print(os.path.expandvars(sys.stdin.read()))" < $CONFIG_PATH/$MODULE_NAME.xml > $MODULE_NAME.tmp cat $MODULE_NAME.tmp > $CONFIG_PATH/$MODULE_NAME.xml rm $MODULE_NAME.tmp @@ -54,16 +54,16 @@ cp $CONFIG_PATH/ssh_host_rsa_key.pub /etc/ssh/ssh_host_rsa_key.pub # These variables will replace corresponding placeholders inside configuration templates SAVEIFS=$IFS IFS= -export NP_PRIVKEY=`cat /etc/ssh/ssh_host_rsa_key | sed -u '1d; $d'` -export NP_PUBKEY=`openssl rsa -in /etc/ssh/ssh_host_rsa_key -pubout | sed -u '1d; $d'` +export NP_PRIVKEY=`cat /etc/ssh/ssh_host_rsa_key | sed -u '1d; $d' | tr -d '\n'` +export NP_PUBKEY=`openssl rsa -in /etc/ssh/ssh_host_rsa_key -pubout | sed -u '1d; $d' | tr -d '\n'` if [ -d "$CONFIG_PATH/certs" ]; then - export NP_CA_CERT=`sed -u '1d; $d' $CONFIG_PATH/certs/ca.pem` - export NP_CLIENT_CERT=`sed -u '1d; $d' $CONFIG_PATH/certs/client.crt` - export NP_SERVER_PRIVATE_KEY=`sed -u '1d; $d' $CONFIG_PATH/certs/server.key` - export NP_SERVER_PUBLIC_KEY=`sed -u '1d; $d' $CONFIG_PATH/certs/server.pub` - export NP_SERVER_CERTIFICATE=`sed -u '1d; $d' $CONFIG_PATH/certs/server.crt` - export NP_CLIENT_CERT_FINGERPRINT=`openssl x509 -noout -fingerprint -in $CONFIG_PATH/certs/ca.pem -sha1 | cut -d'=' -f2-` + export NP_CA_CERT=`sed -u '1d; $d' $CONFIG_PATH/certs/ca.pem | tr -d '\n'` + export NP_CLIENT_CERT=`sed -u '1d; $d' $CONFIG_PATH/certs/client.crt | tr -d '\n'` + export NP_SERVER_PRIVATE_KEY=`sed -u '1d; $d' $CONFIG_PATH/certs/server.key | tr -d '\n'` + export NP_SERVER_PUBLIC_KEY=`sed -u '1d; $d' $CONFIG_PATH/certs/server.pub | tr -d '\n'` + export NP_SERVER_CERTIFICATE=`sed -u '1d; $d' $CONFIG_PATH/certs/server.crt | tr -d '\n'` + export NP_CLIENT_CERT_FINGERPRINT=`openssl x509 -noout -fingerprint -in $CONFIG_PATH/certs/ca.pem -sha1 | cut -d'=' -f2- | tr -d '\n'` fi IFS=$SAVEIFS diff --git a/csit/variables/netconf/callhome/json/apiv2/add_keystore_entry.json b/csit/variables/netconf/callhome/json/apiv2/add_keystore_entry.json index 66181686ce..d08cc4c797 100644 --- a/csit/variables/netconf/callhome/json/apiv2/add_keystore_entry.json +++ b/csit/variables/netconf/callhome/json/apiv2/add_keystore_entry.json @@ -3,7 +3,7 @@ "key-credential": [ { "key-id": "tls-device-key", - "private-key": "{base64-client-key}", + "private-key": "{pem-client-key}", "passphrase": "" } ] -- 2.36.6