csit/libraries/NetconfCallHome.robot

   1 *** Settings ***
   2 Library     SSHLibrary
   3 Library     RequestsLibrary
   4 Resource    SSHKeywords.robot
   5 Resource    ../variables/Variables.robot
   6
   7
   8 *** Variables ***
   9 ${mount_point_url}              /restconf/operational/network-topology:network-topology/topology/topology-netconf/
  10 ${device_status}                /restconf/operational/odl-netconf-callhome-server:netconf-callhome-server
  11 ${whitelist}                    /restconf/config/odl-netconf-callhome-server:netconf-callhome-server/allowed-devices
  12 ${global_config_url}            /restconf/config/odl-netconf-callhome-server:netconf-callhome-server/global/credentials
  13 ${netconf_keystore_url}         /rests/operations/netconf-keystore
  14 ${netconf_keystore_data_url}    /rests/data/netconf-keystore:keystore
  15 ${substring1}                   "netconf-node-topology:connection-status":"connected"
  16 ${substring2}                   "node-id":"netopeer2"
  17 ${substring3}                   "netconf-node-topology:available-capabilities"
  18
  19
  20 *** Keywords ***
  21 Check Device status
  22     [Documentation]    Checks the operational device status.
  23     [Arguments]    ${status}    ${id}=netopeer2
  24     @{expectedValues}    Create List    "unique-id":"${id}"    "callhome-status:device-status":"${status}"
  25     IF    '${status}'=='FAILED_NOT_ALLOWED' or '${status}'=='FAILED_AUTH_FAILURE'
  26         Remove Values From List    ${expectedValues}    "unique-id":"${id}"
  27     END
  28     Utils.Check For Elements At URI    ${device_status}    ${expectedValues}
  29
  30 Apply SSH-based Call-Home configuration
  31     [Documentation]    Upload netopeer2 configuration files needed for SSH transport
  32     SSHLibrary.Put File    ${CURDIR}/../variables/netconf/callhome/configuration-files/ssh/ietf-netconf-server.xml
  33     ...    configuration-files/ietf-netconf-server.xml
  34     SSHLibrary.Put File    ${CURDIR}/../variables/netconf/callhome/configuration-files/ssh/ietf-keystore.xml
  35     ...    configuration-files/ietf-keystore.xml
  36
  37 Apply TLS-based Call-Home configuration
  38     [Documentation]    Upload netopeer2 configuration files needed for TLS transport
  39     Generate certificates for TLS configuration
  40     SSHLibrary.Put File    ${CURDIR}/../variables/netconf/callhome/configuration-files/tls/ietf-keystore.xml
  41     ...    configuration-files/ietf-keystore.xml
  42     SSHLibrary.Put File    ${CURDIR}/../variables/netconf/callhome/configuration-files/tls/ietf-truststore.xml
  43     ...    configuration-files/ietf-truststore.xml
  44     SSHLibrary.Put File    ${CURDIR}/../variables/netconf/callhome/configuration-files/tls/ietf-netconf-server.xml
  45     ...    configuration-files/ietf-netconf-server.xml
  46
  47 Generate certificates for TLS configuration
  48     [Documentation]    Generates certificates for 2-way TLS authentication (ca, server, client)
  49     ${stdout}    SSHLibrary.Execute Command    rm -rf ./certs && mkdir ./certs
  50     SSHLibrary.Put File    ${CURDIR}/../variables/netconf/callhome/x509_v3.cfg    ./x509_v3.cfg
  51     ${stdout}    SSHLibrary.Execute Command    openssl genrsa -out ./certs/ca.key 2048
  52     ${stdout}    SSHLibrary.Execute Command
  53     ...    openssl req -x509 -new -extensions v3_ca -nodes -key ./certs/ca.key -sha256 -days 365 -subj "/C=US/ST=CA/L=Netopeer/O=netopeerCA/CN=netopeerCA" -out ./certs/ca.pem
  54     ${stdout}    SSHLibrary.Execute Command    openssl genrsa -out ./certs/server.key 2048
  55     ${stdout}    SSHLibrary.Execute Command
  56     ...    openssl req -new -sha256 -key ./certs/server.key -subj "/C=US/ST=CA/L=Netopeer/O=Netopeer2/CN=netopeer2-server" -out ./certs/server.csr
  57     ${stdout}    SSHLibrary.Execute Command
  58     ...    openssl x509 -req -in ./certs/server.csr -CA ./certs/ca.pem -CAkey ./certs/ca.key -CAcreateserial -extfile x509_v3.cfg -out ./certs/server.crt -days 365 -sha256
  59     ${stdout}    SSHLibrary.Execute Command    openssl rsa -in ./certs/server.key -pubout > ./certs/server.pub
  60     ${stdout}    SSHLibrary.Execute Command    openssl genrsa -out ./certs/client.key 2048
  61     ${stdout}    SSHLibrary.Execute Command
  62     ...    openssl req -new -sha256 -key ./certs/client.key -subj "/C=US/ST=CA/L=Netopeer/O=Netopeer2/CN=netopeer2-client" -out ./certs/client.csr
  63     ${stdout}    SSHLibrary.Execute Command
  64     ...    openssl x509 -req -in ./certs/client.csr -CA ./certs/ca.pem -CAkey ./certs/ca.key -CAcreateserial -extfile x509_v3.cfg -out ./certs/client.crt -days 1024 -sha256
  65     ${stdout}    SSHLibrary.Execute Command    mv ./certs ./configuration-files/certs
  66
  67 Register keys and certificates in ODL controller
  68     [Documentation]    Register pre-configured netopeer2 certificates and key in ODL-netconf keystore
  69     ${base64-client-key}    ${stderr}    SSHLibrary.Execute_Command
  70     ...    openssl enc -base64 -A -in ./configuration-files/certs/client.key
  71     ...    return_stdout=True
  72     ...    return_stderr=True
  73     ${template}    OperatingSystem.Get File    ${ADD_KEYSTORE_ENTRY_REQ}
  74     ${body}    Replace String    ${template}    {base64-client-key}    ${base64-client-key}
  75     ${resp}    RequestsLibrary.POST On Session
  76     ...    session
  77     ...    url=${netconf_keystore_url}:add-keystore-entry
  78     ...    data=${body}
  79     ...    headers=${HEADERS}
  80     ...    expected_status=anything
  81     Should Contain    ${ALLOWED_STATUS_CODES}    ${resp.status_code}
  82     ${client-key}    ${stderr}    SSHLibrary.Execute_Command
  83     ...    sed -u '1d; $d' ./configuration-files/certs/client.key | sed -z 's!\\n!\\\\n!g'
  84     ...    return_stdout=True
  85     ...    return_stderr=True
  86     ${certificate-chain}    ${stderr}    SSHLibrary.Execute_Command
  87     ...    sed -u '1d; $d' ./configuration-files/certs/client.crt | sed -z 's!\\n!\\\\n!g'
  88     ...    return_stdout=True
  89     ...    return_stderr=True
  90     ${template}    OperatingSystem.Get File    ${ADD_PRIVATE_KEY_REQ}
  91     ${body}    Replace String    ${template}    {client-key}    ${client-key}
  92     ${body}    Replace String    ${body}    {certificate-chain}    ${certificate-chain}
  93     ${resp}    RequestsLibrary.POST On Session
  94     ...    session
  95     ...    url=${netconf_keystore_url}:add-private-key
  96     ...    data=${body}
  97     ...    headers=${HEADERS}
  98     ...    expected_status=anything
  99     Should Contain    ${ALLOWED_STATUS_CODES}    ${resp.status_code}
 100     ${ca-certificate}    ${stderr}    SSHLibrary.Execute_Command
 101     ...    sed -u '1d; $d' ./configuration-files/certs/ca.pem | sed -z 's!\\n!\\\\n!g'
 102     ...    return_stdout=True
 103     ...    return_stderr=True
 104     ${device-certificate}    ${stderr}    SSHLibrary.Execute_Command
 105     ...    sed -u '1d; $d' ./configuration-files/certs/server.crt | sed -z 's!\\n!\\\\n!g'
 106     ...    return_stdout=True
 107     ...    return_stderr=True
 108     ${template}    OperatingSystem.Get File    ${ADD_TRUSTED_CERTIFICATE}
 109     ${body}    Replace String    ${template}    {ca-certificate}    ${ca-certificate}
 110     ${body}    Replace String    ${body}    {device-certificate}    ${device-certificate}
 111     ${resp}    RequestsLibrary.POST On Session
 112     ...    session
 113     ...    url=${netconf_keystore_url}:add-trusted-certificate
 114     ...    data=${body}
 115     ...    headers=${HEADERS}
 116     ...    expected_status=anything
 117     Should Contain    ${ALLOWED_STATUS_CODES}    ${resp.status_code}
 118
 119 Register global credentials for SSH call-home devices (APIv1)
 120     [Documentation]    Set global credentials for SSH call-home devices
 121     [Arguments]    ${username}    ${password}
 122     ${template}    OperatingSystem.Get File    ${CREATE_GLOBAL_CREDENTIALS_REQ}
 123     ${body}    Replace String    ${template}    {username}    ${username}
 124     ${body}    Replace String    ${body}    {password}    ${password}
 125     ${resp}    RequestsLibrary.PUT On Session
 126     ...    session
 127     ...    url=${global_config_url}
 128     ...    data=${body}
 129     ...    headers=${HEADERS}
 130     ...    expected_status=anything
 131     Should Contain    ${ALLOWED_STATUS_CODES}    ${resp.status_code}
 132
 133 Register SSH call-home device in ODL controller (APIv1)
 134     [Documentation]    Registration call-home device with SSH transport
 135     [Arguments]    ${device_name}    ${hostkey}    ${username}=${EMPTY}    ${password}=${EMPTY}
 136     IF    '${username}' == '${EMPTY}' or '${password}' == '${EMPTY}'
 137         Get create device request without credentials template (APIv1)
 138     ELSE
 139         Get create device request template (APIv1)
 140     END
 141     ${body}    Replace String    ${template}    {device_name}    ${device_name}
 142     ${body}    Replace String    ${body}    {username}    ${username}
 143     ${body}    Replace String    ${body}    {password}    ${password}
 144     ${body}    Replace String    ${body}    {hostkey}    ${hostkey}
 145     ${resp}    RequestsLibrary.POST On Session
 146     ...    session
 147     ...    url=${whitelist}
 148     ...    data=${body}
 149     ...    headers=${HEADERS}
 150     ...    expected_status=anything
 151     Should Contain    ${ALLOWED_STATUS_CODES}    ${resp.status_code}
 152
 153 Get create device request template (APIv1)
 154     ${template}    OperatingSystem.Get File    ${CREATE_SSH_DEVICE_REQ_V1}
 155     Set Test Variable    ${template}
 156
 157 Get create device request without credentials template (APIv1)
 158     ${template}    OperatingSystem.Get File    ${CREATE_SSH_DEVICE_REQ_V1_HOST_KEY_ONLY}
 159     Set Test Variable    ${template}
 160
 161 Register SSH call-home device in ODL controller (APIv2)
 162     [Documentation]    Registration call-home device with SSH transport using latest models
 163     [Arguments]    ${device_name}    ${hostkey}    ${username}=${EMPTY}    ${password}=${EMPTY}
 164     IF    '${username}' == '${EMPTY}' or '${password}' == '${EMPTY}'
 165         Get create device request without credentials template (APIv2)
 166     ELSE
 167         Get create device request template (APIv2)
 168     END
 169     ${body}    Replace String    ${template}    {device_name}    ${device_name}
 170     ${body}    Replace String    ${body}    {username}    ${username}
 171     ${body}    Replace String    ${body}    {password}    ${password}
 172     ${body}    Replace String    ${body}    {hostkey}    ${hostkey}
 173     ${resp}    RequestsLibrary.POST On Session
 174     ...    session
 175     ...    url=${whitelist}
 176     ...    data=${body}
 177     ...    headers=${HEADERS}
 178     ...    expected_status=anything
 179     Should Contain    ${ALLOWED_STATUS_CODES}    ${resp.status_code}
 180
 181 Get create device request template (APIv2)
 182     ${template}    OperatingSystem.Get File    ${CREATE_SSH_DEVICE_REQ_V2}
 183     Set Test Variable    ${template}
 184
 185 Get create device request without credentials template (APIv2)
 186     ${template}    OperatingSystem.Get File    ${CREATE_SSH_DEVICE_REQ_V2_HOST_KEY_ONLY}
 187     Set Test Variable    ${template}
 188
 189 Register TLS call-home device in ODL controller (APIv2)
 190     [Documentation]    Registration call-home device with TLS transport
 191     [Arguments]    ${device_name}    ${key_id}    ${certificate_id}
 192     ${template}    OperatingSystem.Get File    ${CREATE_TLS_DEVICE_REQ}
 193     ${body}    Replace String    ${template}    {device_name}    ${device_name}
 194     ${body}    Replace String    ${body}    {key_id}    ${key_id}
 195     ${body}    Replace String    ${body}    {certificate_id}    ${certificate_id}
 196     ${resp}    RequestsLibrary.POST On Session
 197     ...    session
 198     ...    url=${whitelist}
 199     ...    data=${body}
 200     ...    headers=${HEADERS}
 201     ...    expected_status=anything
 202     Should Contain    ${ALLOWED_STATUS_CODES}    ${resp.status_code}
 203
 204 Pull Netopeer2 Docker Image
 205     [Documentation]    Pulls the netopeer image from the docker repository.
 206     ${stdout}    ${stderr}    ${rc}    SSHLibrary.Execute Command
 207     ...    docker pull sysrepo/sysrepo-netopeer2:latest
 208     ...    return_stdout=True
 209     ...    return_stderr=True
 210     ...    return_rc=True
 211     ${stdout}    ${stderr}    ${rc}    SSHLibrary.Execute Command
 212     ...    docker images
 213     ...    return_stdout=True
 214     ...    return_stderr=True
 215     ...    return_rc=True
 216
 217 Install Docker Compose on tools system
 218     [Documentation]    Install docker-compose on tools system.
 219     ${netopeer_conn_id}    SSHKeywords.Open_Connection_To_Tools_System
 220     Builtin.Set Suite Variable    ${netopeer_conn_id}
 221     SSHLibrary.Write
 222     ...    sudo curl -L "https://github.com/docker/compose/releases/download/1.11.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
 223     ${output}    Wait Until Keyword Succeeds    30s    2s    SSHLibrary.Read_Until_Prompt
 224     ${stdout}    ${stderr}    ${rc}    SSHLibrary.Execute Command
 225     ...    sudo chmod +x /usr/local/bin/docker-compose
 226     ...    return_stdout=True
 227     ...    return_stderr=True
 228     ...    return_rc=True
 229
 230 Uninstall Docker Compose on tools system
 231     [Documentation]    Uninstall docker-compose on tools system
 232     ${stdout}    ${stderr}    ${rc}    SSHLibrary.Execute Command
 233     ...    pip uninstall docker-compose
 234     ...    return_stdout=True
 235     ...    return_stderr=True
 236     ...    return_rc=True
 237
 238 Test Setup
 239     [Documentation]    Opens session towards ODL controller, set configuration folder, generates a new host key for the container
 240     RequestsLibrary.Create_Session    session    http://${ODL_SYSTEM_IP}:${RESTCONFPORT}    auth=${AUTH}
 241     SSHLibrary.Execute_Command    rm -rf ./configuration-files && mkdir configuration-files
 242     SSHLibrary.Execute_Command    ssh-keygen -q -t rsa -b 2048 -N '' -f ./configuration-files/ssh_host_rsa_key
 243     ${public_key}    SSHLibrary.Execute_Command    cat configuration-files/ssh_host_rsa_key.pub | awk '{print $2}'
 244     Set Test Variable    ${NETOPEER_PUB_KEY}    ${public_key}
 245
 246 Test Teardown
 247     [Documentation]    Tears down the docker running netopeer and deletes entry from the whitelist.
 248     ${stdout}    ${stderr}    ${rc}    SSHLibrary.Execute Command
 249     ...    docker-compose logs
 250     ...    return_stdout=True
 251     ...    return_stderr=True
 252     ...    return_rc=True
 253     Log    ${stdout}
 254     ${stdout}    ${stderr}    ${rc}    SSHLibrary.Execute Command
 255     ...    docker-compose down
 256     ...    return_stdout=True
 257     ...    return_stderr=True
 258     ...    return_rc=True
 259     ${stdout}    ${stderr}    ${rc}    SSHLibrary.Execute Command
 260     ...    docker ps -a
 261     ...    return_stdout=True
 262     ...    return_stderr=True
 263     ...    return_rc=True
 264     SSHLibrary.Execute_Command    rm -rf ./configuration-files
 265     ${resp}    RequestsLibrary.Delete_On_Session
 266     ...    session
 267     ...    url=${whitelist}
 268     ...    expected_status=anything
 269     ${resp}    RequestsLibrary.Delete_On_Session
 270     ...    session
 271     ...    url=${netconf_keystore_data_url}
 272     ...    expected_status=anything
 273
 274 Suite Setup
 275     [Documentation]    Get the suite ready for callhome test cases.
 276     Install Docker Compose on tools system
 277     Pull Netopeer2 Docker Image
 278     SSHLibrary.Put File    ${CURDIR}/../variables/netconf/callhome/docker-compose.yaml    .
 279     SSHLibrary.Put File    ${CURDIR}/../variables/netconf/callhome/init_configuration.sh    .
 280     SSHLibrary.Execute_Command    sed -i -e 's/ODL_SYSTEM_IP/${ODL_SYSTEM_IP}/g' docker-compose.yaml
 281     ${netconf_cl_ssh_port}    Set_Variable_If_At_Least_Sulfur    4334    6666
 282     SSHLibrary.Execute_Command    sed -i -e 's/NETCONF_CH_SSH/${netconf_cl_ssh_port}/g' docker-compose.yaml
 283     SSHLibrary.Execute_Command    sed -i -e 's/NETCONF_CH_TLS/4335/g' docker-compose.yaml
 284     ${netconf_mount_expected_values}    Create list    ${substring1}    ${substring2}    ${substring3}
 285     Set Suite Variable    ${netconf_mount_expected_values}
 286     Set Suite Variable
 287     ...    ${CREATE_SSH_DEVICE_REQ_V1}
 288     ...    ${CURDIR}/../variables/netconf/callhome/json/apiv1/create_device.json
 289     Set Suite Variable
 290     ...    ${CREATE_SSH_DEVICE_REQ_V1_HOST_KEY_ONLY}
 291     ...    ${CURDIR}/../variables/netconf/callhome/json/apiv1/create_device_hostkey_only.json
 292     Set Suite Variable
 293     ...    ${CREATE_GLOBAL_CREDENTIALS_REQ}
 294     ...    ${CURDIR}/../variables/netconf/callhome/json/apiv1/create_global_credentials.json
 295     Set Suite Variable
 296     ...    ${CREATE_SSH_DEVICE_REQ_V2}
 297     ...    ${CURDIR}/../variables/netconf/callhome/json/apiv2/create_ssh_device.json
 298     Set Suite Variable
 299     ...    ${CREATE_SSH_DEVICE_REQ_V2_HOST_KEY_ONLY}
 300     ...    ${CURDIR}/../variables/netconf/callhome/json/apiv2/create_device_hostkey_only.json
 301     Set Suite Variable
 302     ...    ${CREATE_TLS_DEVICE_REQ}
 303     ...    ${CURDIR}/../variables/netconf/callhome/json/apiv2/create_tls_device.json
 304     Set Suite Variable
 305     ...    ${ADD_KEYSTORE_ENTRY_REQ}
 306     ...    ${CURDIR}/../variables/netconf/callhome/json/apiv2/add_keystore_entry.json
 307     Set Suite Variable
 308     ...    ${ADD_PRIVATE_KEY_REQ}
 309     ...    ${CURDIR}/../variables/netconf/callhome/json/apiv2/add_private_key.json
 310     Set Suite Variable
 311     ...    ${ADD_TRUSTED_CERTIFICATE}
 312     ...    ${CURDIR}/../variables/netconf/callhome/json/apiv2/add_trusted_certificate.json
 313
 314 Suite Teardown
 315     [Documentation]    Tearing down the setup.
 316     Uninstall Docker Compose on tools system
 317     RequestsLibrary.Delete_All_Sessions
 318     SSHLibrary.Close_All_Connections