csit/libraries/NetconfCallHome.robot

   1 *** Settings ***
   2 Library     SSHLibrary
   3 Library     RequestsLibrary
   4 Resource    SSHKeywords.robot
   5 Resource    ../variables/Variables.robot
   6
   7
   8 *** Variables ***
   9 ${mount_point_url}              /restconf/operational/network-topology:network-topology/topology/topology-netconf/
  10 ${device_status}                /restconf/operational/odl-netconf-callhome-server:netconf-callhome-server
  11 ${whitelist}                    /restconf/config/odl-netconf-callhome-server:netconf-callhome-server/allowed-devices
  12 ${global_config_url}            /restconf/config/odl-netconf-callhome-server:netconf-callhome-server/global/credentials
  13 ${netconf_keystore_url}         /rests/operations/netconf-keystore
  14 ${netconf_keystore_data_url}    /rests/data/netconf-keystore:keystore
  15 ${substring1}                   "netconf-node-topology:connection-status":"connected"
  16 ${substring2}                   "node-id":"netopeer2"
  17 ${substring3}                   "netconf-node-topology:available-capabilities"
  18
  19
  20 *** Keywords ***
  21 Check Device status
  22     [Documentation]    Checks the operational device status.
  23     [Arguments]    ${status}    ${id}=netopeer2
  24     @{expectedValues}    Create List    "unique-id":"${id}"    "callhome-status:device-status":"${status}"
  25     IF    '${status}'=='FAILED_NOT_ALLOWED' or '${status}'=='FAILED_AUTH_FAILURE'
  26         Remove Values From List    ${expectedValues}    "unique-id":"${id}"
  27     END
  28     Utils.Check For Elements At URI    ${device_status}    ${expectedValues}
  29
  30 Apply SSH-based Call-Home configuration
  31     [Documentation]    Upload netopeer2 configuration files needed for SSH transport
  32     SSHLibrary.Put File    ${CURDIR}/../variables/netconf/callhome/configuration-files/ssh/ietf-netconf-server.xml
  33     ...    configuration-files/ietf-netconf-server.xml
  34     SSHLibrary.Put File    ${CURDIR}/../variables/netconf/callhome/configuration-files/ssh/ietf-keystore.xml
  35     ...    configuration-files/ietf-keystore.xml
  36
  37 Apply TLS-based Call-Home configuration
  38     [Documentation]    Upload netopeer2 configuration files needed for TLS transport
  39     Generate certificates for TLS configuration
  40     SSHLibrary.Put File    ${CURDIR}/../variables/netconf/callhome/configuration-files/tls/ietf-keystore.xml
  41     ...    configuration-files/ietf-keystore.xml
  42     SSHLibrary.Put File    ${CURDIR}/../variables/netconf/callhome/configuration-files/tls/ietf-truststore.xml
  43     ...    configuration-files/ietf-truststore.xml
  44     SSHLibrary.Put File    ${CURDIR}/../variables/netconf/callhome/configuration-files/tls/ietf-netconf-server.xml
  45     ...    configuration-files/ietf-netconf-server.xml
  46
  47 Generate certificates for TLS configuration
  48     [Documentation]    Generates certificates for 2-way TLS authentication (ca, server, client)
  49     ${stdout}    SSHLibrary.Execute Command    rm -rf ./certs && mkdir ./certs
  50     SSHLibrary.Put File    ${CURDIR}/../variables/netconf/callhome/x509_v3.cfg    ./x509_v3.cfg
  51     ${stdout}    SSHLibrary.Execute Command    openssl genrsa -out ./certs/ca.key 2048
  52     ${stdout}    SSHLibrary.Execute Command
  53     ...    openssl req -x509 -new -extensions v3_ca -nodes -key ./certs/ca.key -sha256 -days 365 -subj "/C=US/ST=CA/L=Netopeer/O=netopeerCA/CN=netopeerCA" -out ./certs/ca.pem
  54     ${stdout}    SSHLibrary.Execute Command    openssl genrsa -out ./certs/server.key 2048
  55     ${stdout}    SSHLibrary.Execute Command
  56     ...    openssl req -new -sha256 -key ./certs/server.key -subj "/C=US/ST=CA/L=Netopeer/O=Netopeer2/CN=netopeer2-server" -out ./certs/server.csr
  57     ${stdout}    SSHLibrary.Execute Command
  58     ...    openssl x509 -req -in ./certs/server.csr -CA ./certs/ca.pem -CAkey ./certs/ca.key -CAcreateserial -extfile x509_v3.cfg -out ./certs/server.crt -days 365 -sha256
  59     ${stdout}    SSHLibrary.Execute Command    openssl rsa -in ./certs/server.key -pubout > ./certs/server.pub
  60     ${stdout}    SSHLibrary.Execute Command    openssl genrsa -out ./certs/client.key 2048
  61     ${stdout}    SSHLibrary.Execute Command
  62     ...    openssl req -new -sha256 -key ./certs/client.key -subj "/C=US/ST=CA/L=Netopeer/O=Netopeer2/CN=netopeer2-client" -out ./certs/client.csr
  63     ${stdout}    SSHLibrary.Execute Command
  64     ...    openssl x509 -req -in ./certs/client.csr -CA ./certs/ca.pem -CAkey ./certs/ca.key -CAcreateserial -extfile x509_v3.cfg -out ./certs/client.crt -days 1024 -sha256
  65     ${stdout}    SSHLibrary.Execute Command    mv ./certs ./configuration-files/certs
  66
  67 Register keys and certificates in ODL controller
  68     [Documentation]    Register pre-configured netopeer2 certificates and key in ODL-netconf keystore
  69     ${base64-client-key}    ${stderr}    SSHLibrary.Execute_Command
  70     ...    openssl enc -base64 -A -in ./configuration-files/certs/client.key
  71     ...    return_stdout=True
  72     ...    return_stderr=True
  73     ${template}    OperatingSystem.Get File    ${ADD_KEYSTORE_ENTRY_REQ}
  74     ${body}    Replace String    ${template}    {base64-client-key}    ${base64-client-key}
  75     ${resp}    RequestsLibrary.Post Request
  76     ...    session
  77     ...    ${netconf_keystore_url}:add-keystore-entry
  78     ...    data=${body}
  79     ...    headers=${HEADERS}
  80     Should Contain    ${ALLOWED_STATUS_CODES}    ${resp.status_code}
  81     ${client-key}    ${stderr}    SSHLibrary.Execute_Command
  82     ...    sed -u '1d; $d' ./configuration-files/certs/client.key | sed -z 's!\\n!\\\\n!g'
  83     ...    return_stdout=True
  84     ...    return_stderr=True
  85     ${certificate-chain}    ${stderr}    SSHLibrary.Execute_Command
  86     ...    sed -u '1d; $d' ./configuration-files/certs/client.crt | sed -z 's!\\n!\\\\n!g'
  87     ...    return_stdout=True
  88     ...    return_stderr=True
  89     ${template}    OperatingSystem.Get File    ${ADD_PRIVATE_KEY_REQ}
  90     ${body}    Replace String    ${template}    {client-key}    ${client-key}
  91     ${body}    Replace String    ${body}    {certificate-chain}    ${certificate-chain}
  92     ${resp}    RequestsLibrary.Post Request
  93     ...    session
  94     ...    ${netconf_keystore_url}:add-private-key
  95     ...    data=${body}
  96     ...    headers=${HEADERS}
  97     Should Contain    ${ALLOWED_STATUS_CODES}    ${resp.status_code}
  98     ${ca-certificate}    ${stderr}    SSHLibrary.Execute_Command
  99     ...    sed -u '1d; $d' ./configuration-files/certs/ca.pem | sed -z 's!\\n!\\\\n!g'
 100     ...    return_stdout=True
 101     ...    return_stderr=True
 102     ${device-certificate}    ${stderr}    SSHLibrary.Execute_Command
 103     ...    sed -u '1d; $d' ./configuration-files/certs/server.crt | sed -z 's!\\n!\\\\n!g'
 104     ...    return_stdout=True
 105     ...    return_stderr=True
 106     ${template}    OperatingSystem.Get File    ${ADD_TRUSTED_CERTIFICATE}
 107     ${body}    Replace String    ${template}    {ca-certificate}    ${ca-certificate}
 108     ${body}    Replace String    ${body}    {device-certificate}    ${device-certificate}
 109     ${resp}    RequestsLibrary.Post Request
 110     ...    session
 111     ...    ${netconf_keystore_url}:add-trusted-certificate
 112     ...    data=${body}
 113     ...    headers=${HEADERS}
 114     Should Contain    ${ALLOWED_STATUS_CODES}    ${resp.status_code}
 115
 116 Register global credentials for SSH call-home devices (APIv1)
 117     [Documentation]    Set global credentials for SSH call-home devices
 118     [Arguments]    ${username}    ${password}
 119     ${template}    OperatingSystem.Get File    ${CREATE_GLOBAL_CREDENTIALS_REQ}
 120     ${body}    Replace String    ${template}    {username}    ${username}
 121     ${body}    Replace String    ${body}    {password}    ${password}
 122     ${resp}    RequestsLibrary.Put Request    session    ${global_config_url}    data=${body}    headers=${HEADERS}
 123     Should Contain    ${ALLOWED_STATUS_CODES}    ${resp.status_code}
 124
 125 Register SSH call-home device in ODL controller (APIv1)
 126     [Documentation]    Registration call-home device with SSH transport
 127     [Arguments]    ${device_name}    ${hostkey}    ${username}=${EMPTY}    ${password}=${EMPTY}
 128     IF    '${username}' == '${EMPTY}' or '${password}' == '${EMPTY}'
 129         Get create device request without credentials template (APIv1)
 130     ELSE
 131         Get create device request template (APIv1)
 132     END
 133     ${body}    Replace String    ${template}    {device_name}    ${device_name}
 134     ${body}    Replace String    ${body}    {username}    ${username}
 135     ${body}    Replace String    ${body}    {password}    ${password}
 136     ${body}    Replace String    ${body}    {hostkey}    ${hostkey}
 137     ${resp}    RequestsLibrary.Post Request    session    ${whitelist}    data=${body}    headers=${HEADERS}
 138     Should Contain    ${ALLOWED_STATUS_CODES}    ${resp.status_code}
 139
 140 Get create device request template (APIv1)
 141     ${template}    OperatingSystem.Get File    ${CREATE_SSH_DEVICE_REQ_V1}
 142     Set Test Variable    ${template}
 143
 144 Get create device request without credentials template (APIv1)
 145     ${template}    OperatingSystem.Get File    ${CREATE_SSH_DEVICE_REQ_V1_HOST_KEY_ONLY}
 146     Set Test Variable    ${template}
 147
 148 Register SSH call-home device in ODL controller (APIv2)
 149     [Documentation]    Registration call-home device with SSH transport using latest models
 150     [Arguments]    ${device_name}    ${hostkey}    ${username}=${EMPTY}    ${password}=${EMPTY}
 151     IF    '${username}' == '${EMPTY}' or '${password}' == '${EMPTY}'
 152         Get create device request without credentials template (APIv2)
 153     ELSE
 154         Get create device request template (APIv2)
 155     END
 156     ${body}    Replace String    ${template}    {device_name}    ${device_name}
 157     ${body}    Replace String    ${body}    {username}    ${username}
 158     ${body}    Replace String    ${body}    {password}    ${password}
 159     ${body}    Replace String    ${body}    {hostkey}    ${hostkey}
 160     ${resp}    RequestsLibrary.Post Request    session    ${whitelist}    data=${body}    headers=${HEADERS}
 161     Should Contain    ${ALLOWED_STATUS_CODES}    ${resp.status_code}
 162
 163 Get create device request template (APIv2)
 164     ${template}    OperatingSystem.Get File    ${CREATE_SSH_DEVICE_REQ_V2}
 165     Set Test Variable    ${template}
 166
 167 Get create device request without credentials template (APIv2)
 168     ${template}    OperatingSystem.Get File    ${CREATE_SSH_DEVICE_REQ_V2_HOST_KEY_ONLY}
 169     Set Test Variable    ${template}
 170
 171 Register TLS call-home device in ODL controller (APIv2)
 172     [Documentation]    Registration call-home device with TLS transport
 173     [Arguments]    ${device_name}    ${key_id}    ${certificate_id}
 174     ${template}    OperatingSystem.Get File    ${CREATE_TLS_DEVICE_REQ}
 175     ${body}    Replace String    ${template}    {device_name}    ${device_name}
 176     ${body}    Replace String    ${body}    {key_id}    ${key_id}
 177     ${body}    Replace String    ${body}    {certificate_id}    ${certificate_id}
 178     ${resp}    RequestsLibrary.Post Request    session    ${whitelist}    data=${body}    headers=${HEADERS}
 179     Should Contain    ${ALLOWED_STATUS_CODES}    ${resp.status_code}
 180
 181 Pull Netopeer2 Docker Image
 182     [Documentation]    Pulls the netopeer image from the docker repository.
 183     ${stdout}    ${stderr}    ${rc}    SSHLibrary.Execute Command
 184     ...    docker pull sysrepo/sysrepo-netopeer2:latest
 185     ...    return_stdout=True
 186     ...    return_stderr=True
 187     ...    return_rc=True
 188     ${stdout}    ${stderr}    ${rc}    SSHLibrary.Execute Command
 189     ...    docker images
 190     ...    return_stdout=True
 191     ...    return_stderr=True
 192     ...    return_rc=True
 193
 194 Install Docker Compose on tools system
 195     [Documentation]    Install docker-compose on tools system.
 196     ${netopeer_conn_id}    SSHKeywords.Open_Connection_To_Tools_System
 197     Builtin.Set Suite Variable    ${netopeer_conn_id}
 198     SSHLibrary.Write
 199     ...    sudo curl -L "https://github.com/docker/compose/releases/download/1.11.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
 200     ${output}    Wait Until Keyword Succeeds    30s    2s    SSHLibrary.Read_Until_Prompt
 201     ${stdout}    ${stderr}    ${rc}    SSHLibrary.Execute Command
 202     ...    sudo chmod +x /usr/local/bin/docker-compose
 203     ...    return_stdout=True
 204     ...    return_stderr=True
 205     ...    return_rc=True
 206
 207 Uninstall Docker Compose on tools system
 208     [Documentation]    Uninstall docker-compose on tools system
 209     ${stdout}    ${stderr}    ${rc}    SSHLibrary.Execute Command
 210     ...    pip uninstall docker-compose
 211     ...    return_stdout=True
 212     ...    return_stderr=True
 213     ...    return_rc=True
 214
 215 Test Setup
 216     [Documentation]    Opens session towards ODL controller, set configuration folder, generates a new host key for the container
 217     RequestsLibrary.Create_Session    session    http://${ODL_SYSTEM_IP}:${RESTCONFPORT}    auth=${AUTH}
 218     SSHLibrary.Execute_Command    rm -rf ./configuration-files && mkdir configuration-files
 219     SSHLibrary.Execute_Command    ssh-keygen -q -t rsa -b 2048 -N '' -f ./configuration-files/ssh_host_rsa_key
 220     ${public_key}    SSHLibrary.Execute_Command    cat configuration-files/ssh_host_rsa_key.pub | awk '{print $2}'
 221     Set Test Variable    ${NETOPEER_PUB_KEY}    ${public_key}
 222
 223 Test Teardown
 224     [Documentation]    Tears down the docker running netopeer and deletes entry from the whitelist.
 225     ${stdout}    ${stderr}    ${rc}    SSHLibrary.Execute Command
 226     ...    docker-compose logs
 227     ...    return_stdout=True
 228     ...    return_stderr=True
 229     ...    return_rc=True
 230     Log    ${stdout}
 231     ${stdout}    ${stderr}    ${rc}    SSHLibrary.Execute Command
 232     ...    docker-compose down
 233     ...    return_stdout=True
 234     ...    return_stderr=True
 235     ...    return_rc=True
 236     ${stdout}    ${stderr}    ${rc}    SSHLibrary.Execute Command
 237     ...    docker ps -a
 238     ...    return_stdout=True
 239     ...    return_stderr=True
 240     ...    return_rc=True
 241     SSHLibrary.Execute_Command    rm -rf ./configuration-files
 242     ${resp}    RequestsLibrary.Delete_On_Session    session    ${whitelist}
 243     ${resp}    RequestsLibrary.Delete_On_Session    session    ${netconf_keystore_data_url}
 244
 245 Suite Setup
 246     [Documentation]    Get the suite ready for callhome test cases.
 247     Install Docker Compose on tools system
 248     Pull Netopeer2 Docker Image
 249     SSHLibrary.Put File    ${CURDIR}/../variables/netconf/callhome/docker-compose.yaml    .
 250     SSHLibrary.Put File    ${CURDIR}/../variables/netconf/callhome/init_configuration.sh    .
 251     SSHLibrary.Execute_Command    sed -i -e 's/ODL_SYSTEM_IP/${ODL_SYSTEM_IP}/g' docker-compose.yaml
 252     ${netconf_cl_ssh_port}    Set_Variable_If_At_Least_Sulfur    4334    6666
 253     SSHLibrary.Execute_Command    sed -i -e 's/NETCONF_CH_SSH/${netconf_cl_ssh_port}/g' docker-compose.yaml
 254     SSHLibrary.Execute_Command    sed -i -e 's/NETCONF_CH_TLS/4335/g' docker-compose.yaml
 255     ${netconf_mount_expected_values}    Create list    ${substring1}    ${substring2}    ${substring3}
 256     Set Suite Variable    ${netconf_mount_expected_values}
 257     Set Suite Variable
 258     ...    ${CREATE_SSH_DEVICE_REQ_V1}
 259     ...    ${CURDIR}/../variables/netconf/callhome/json/apiv1/create_device.json
 260     Set Suite Variable
 261     ...    ${CREATE_SSH_DEVICE_REQ_V1_HOST_KEY_ONLY}
 262     ...    ${CURDIR}/../variables/netconf/callhome/json/apiv1/create_device_hostkey_only.json
 263     Set Suite Variable
 264     ...    ${CREATE_GLOBAL_CREDENTIALS_REQ}
 265     ...    ${CURDIR}/../variables/netconf/callhome/json/apiv1/create_global_credentials.json
 266     Set Suite Variable
 267     ...    ${CREATE_SSH_DEVICE_REQ_V2}
 268     ...    ${CURDIR}/../variables/netconf/callhome/json/apiv2/create_ssh_device.json
 269     Set Suite Variable
 270     ...    ${CREATE_SSH_DEVICE_REQ_V2_HOST_KEY_ONLY}
 271     ...    ${CURDIR}/../variables/netconf/callhome/json/apiv2/create_device_hostkey_only.json
 272     Set Suite Variable
 273     ...    ${CREATE_TLS_DEVICE_REQ}
 274     ...    ${CURDIR}/../variables/netconf/callhome/json/apiv2/create_tls_device.json
 275     Set Suite Variable
 276     ...    ${ADD_KEYSTORE_ENTRY_REQ}
 277     ...    ${CURDIR}/../variables/netconf/callhome/json/apiv2/add_keystore_entry.json
 278     Set Suite Variable
 279     ...    ${ADD_PRIVATE_KEY_REQ}
 280     ...    ${CURDIR}/../variables/netconf/callhome/json/apiv2/add_private_key.json
 281     Set Suite Variable
 282     ...    ${ADD_TRUSTED_CERTIFICATE}
 283     ...    ${CURDIR}/../variables/netconf/callhome/json/apiv2/add_trusted_certificate.json
 284
 285 Suite Teardown
 286     [Documentation]    Tearing down the setup.
 287     Uninstall Docker Compose on tools system
 288     RequestsLibrary.Delete_All_Sessions
 289     SSHLibrary.Close_All_Connections