3 Library RequestsLibrary
4 Resource SSHKeywords.robot
5 Resource ../variables/Variables.robot
9 ${mount_point_url} /restconf/operational/network-topology:network-topology/topology/topology-netconf/
10 ${device_status} /restconf/operational/odl-netconf-callhome-server:netconf-callhome-server
11 ${whitelist} /restconf/config/odl-netconf-callhome-server:netconf-callhome-server/allowed-devices
12 ${global_config_url} /restconf/config/odl-netconf-callhome-server:netconf-callhome-server/global/credentials
13 ${netconf_keystore_url} /rests/operations/netconf-keystore
14 ${netconf_keystore_data_url} /rests/data/netconf-keystore:keystore
15 ${substring1} "netconf-node-topology:connection-status":"connected"
16 ${substring2} "node-id":"netopeer2"
17 ${substring3} "netconf-node-topology:available-capabilities"
22 [Documentation] Checks the operational device status.
23 [Arguments] ${status} ${id}=netopeer2
24 @{expectedValues} Create List "unique-id":"${id}" "callhome-status:device-status":"${status}"
25 IF '${status}'=='FAILED_NOT_ALLOWED' or '${status}'=='FAILED_AUTH_FAILURE'
26 Remove Values From List ${expectedValues} "unique-id":"${id}"
28 Utils.Check For Elements At URI ${device_status} ${expectedValues}
30 Apply SSH-based Call-Home configuration
31 [Documentation] Upload netopeer2 configuration files needed for SSH transport
32 SSHLibrary.Put File ${CURDIR}/../variables/netconf/callhome/configuration-files/ssh/ietf-netconf-server.xml
33 ... configuration-files/ietf-netconf-server.xml
34 SSHLibrary.Put File ${CURDIR}/../variables/netconf/callhome/configuration-files/ssh/ietf-keystore.xml
35 ... configuration-files/ietf-keystore.xml
37 Apply TLS-based Call-Home configuration
38 [Documentation] Upload netopeer2 configuration files needed for TLS transport
39 Generate certificates for TLS configuration
40 SSHLibrary.Put File ${CURDIR}/../variables/netconf/callhome/configuration-files/tls/ietf-keystore.xml
41 ... configuration-files/ietf-keystore.xml
42 SSHLibrary.Put File ${CURDIR}/../variables/netconf/callhome/configuration-files/tls/ietf-truststore.xml
43 ... configuration-files/ietf-truststore.xml
44 SSHLibrary.Put File ${CURDIR}/../variables/netconf/callhome/configuration-files/tls/ietf-netconf-server.xml
45 ... configuration-files/ietf-netconf-server.xml
47 Generate certificates for TLS configuration
48 [Documentation] Generates certificates for 2-way TLS authentication (ca, server, client)
49 ${stdout} SSHLibrary.Execute Command rm -rf ./certs && mkdir ./certs
50 SSHLibrary.Put File ${CURDIR}/../variables/netconf/callhome/x509_v3.cfg ./x509_v3.cfg
51 ${stdout} SSHLibrary.Execute Command openssl genrsa -out ./certs/ca.key 2048
52 ${stdout} SSHLibrary.Execute Command
53 ... openssl req -x509 -new -extensions v3_ca -nodes -key ./certs/ca.key -sha256 -days 365 -subj "/C=US/ST=CA/L=Netopeer/O=netopeerCA/CN=netopeerCA" -out ./certs/ca.pem
54 ${stdout} SSHLibrary.Execute Command openssl genrsa -out ./certs/server.key 2048
55 ${stdout} SSHLibrary.Execute Command
56 ... openssl req -new -sha256 -key ./certs/server.key -subj "/C=US/ST=CA/L=Netopeer/O=Netopeer2/CN=netopeer2-server" -out ./certs/server.csr
57 ${stdout} SSHLibrary.Execute Command
58 ... openssl x509 -req -in ./certs/server.csr -CA ./certs/ca.pem -CAkey ./certs/ca.key -CAcreateserial -extfile x509_v3.cfg -out ./certs/server.crt -days 365 -sha256
59 ${stdout} SSHLibrary.Execute Command openssl rsa -in ./certs/server.key -pubout > ./certs/server.pub
60 ${stdout} SSHLibrary.Execute Command openssl genrsa -out ./certs/client.key 2048
61 ${stdout} SSHLibrary.Execute Command
62 ... openssl req -new -sha256 -key ./certs/client.key -subj "/C=US/ST=CA/L=Netopeer/O=Netopeer2/CN=netopeer2-client" -out ./certs/client.csr
63 ${stdout} SSHLibrary.Execute Command
64 ... openssl x509 -req -in ./certs/client.csr -CA ./certs/ca.pem -CAkey ./certs/ca.key -CAcreateserial -extfile x509_v3.cfg -out ./certs/client.crt -days 1024 -sha256
65 ${stdout} SSHLibrary.Execute Command mv ./certs ./configuration-files/certs
67 Register keys and certificates in ODL controller
68 [Documentation] Register pre-configured netopeer2 certificates and key in ODL-netconf keystore
69 ${base64-client-key} ${stderr} SSHLibrary.Execute_Command
70 ... openssl enc -base64 -A -in ./configuration-files/certs/client.key
71 ... return_stdout=True
72 ... return_stderr=True
73 ${template} OperatingSystem.Get File ${ADD_KEYSTORE_ENTRY_REQ}
74 ${body} Replace String ${template} {base64-client-key} ${base64-client-key}
75 ${resp} RequestsLibrary.POST On Session
77 ... url=${netconf_keystore_url}:add-keystore-entry
79 ... headers=${HEADERS}
80 ... expected_status=anything
81 Should Contain ${ALLOWED_STATUS_CODES} ${resp.status_code}
82 ${client-key} ${stderr} SSHLibrary.Execute_Command
83 ... sed -u '1d; $d' ./configuration-files/certs/client.key | sed -z 's!\\n!\\\\n!g'
84 ... return_stdout=True
85 ... return_stderr=True
86 ${certificate-chain} ${stderr} SSHLibrary.Execute_Command
87 ... sed -u '1d; $d' ./configuration-files/certs/client.crt | sed -z 's!\\n!\\\\n!g'
88 ... return_stdout=True
89 ... return_stderr=True
90 ${template} OperatingSystem.Get File ${ADD_PRIVATE_KEY_REQ}
91 ${body} Replace String ${template} {client-key} ${client-key}
92 ${body} Replace String ${body} {certificate-chain} ${certificate-chain}
93 ${resp} RequestsLibrary.POST On Session
95 ... url=${netconf_keystore_url}:add-private-key
97 ... headers=${HEADERS}
98 ... expected_status=anything
99 Should Contain ${ALLOWED_STATUS_CODES} ${resp.status_code}
100 ${ca-certificate} ${stderr} SSHLibrary.Execute_Command
101 ... sed -u '1d; $d' ./configuration-files/certs/ca.pem | sed -z 's!\\n!\\\\n!g'
102 ... return_stdout=True
103 ... return_stderr=True
104 ${device-certificate} ${stderr} SSHLibrary.Execute_Command
105 ... sed -u '1d; $d' ./configuration-files/certs/server.crt | sed -z 's!\\n!\\\\n!g'
106 ... return_stdout=True
107 ... return_stderr=True
108 ${template} OperatingSystem.Get File ${ADD_TRUSTED_CERTIFICATE}
109 ${body} Replace String ${template} {ca-certificate} ${ca-certificate}
110 ${body} Replace String ${body} {device-certificate} ${device-certificate}
111 ${resp} RequestsLibrary.POST On Session
113 ... url=${netconf_keystore_url}:add-trusted-certificate
115 ... headers=${HEADERS}
116 ... expected_status=anything
117 Should Contain ${ALLOWED_STATUS_CODES} ${resp.status_code}
119 Register global credentials for SSH call-home devices (APIv1)
120 [Documentation] Set global credentials for SSH call-home devices
121 [Arguments] ${username} ${password}
122 ${template} OperatingSystem.Get File ${CREATE_GLOBAL_CREDENTIALS_REQ}
123 ${body} Replace String ${template} {username} ${username}
124 ${body} Replace String ${body} {password} ${password}
125 ${resp} RequestsLibrary.PUT On Session
127 ... url=${global_config_url}
129 ... headers=${HEADERS}
130 ... expected_status=anything
131 Should Contain ${ALLOWED_STATUS_CODES} ${resp.status_code}
133 Register SSH call-home device in ODL controller (APIv1)
134 [Documentation] Registration call-home device with SSH transport
135 [Arguments] ${device_name} ${hostkey} ${username}=${EMPTY} ${password}=${EMPTY}
136 IF '${username}' == '${EMPTY}' or '${password}' == '${EMPTY}'
137 Get create device request without credentials template (APIv1)
139 Get create device request template (APIv1)
141 ${body} Replace String ${template} {device_name} ${device_name}
142 ${body} Replace String ${body} {username} ${username}
143 ${body} Replace String ${body} {password} ${password}
144 ${body} Replace String ${body} {hostkey} ${hostkey}
145 ${resp} RequestsLibrary.POST On Session
149 ... headers=${HEADERS}
150 ... expected_status=anything
151 Should Contain ${ALLOWED_STATUS_CODES} ${resp.status_code}
153 Get create device request template (APIv1)
154 ${template} OperatingSystem.Get File ${CREATE_SSH_DEVICE_REQ_V1}
155 Set Test Variable ${template}
157 Get create device request without credentials template (APIv1)
158 ${template} OperatingSystem.Get File ${CREATE_SSH_DEVICE_REQ_V1_HOST_KEY_ONLY}
159 Set Test Variable ${template}
161 Register SSH call-home device in ODL controller (APIv2)
162 [Documentation] Registration call-home device with SSH transport using latest models
163 [Arguments] ${device_name} ${hostkey} ${username}=${EMPTY} ${password}=${EMPTY}
164 IF '${username}' == '${EMPTY}' or '${password}' == '${EMPTY}'
165 Get create device request without credentials template (APIv2)
167 Get create device request template (APIv2)
169 ${body} Replace String ${template} {device_name} ${device_name}
170 ${body} Replace String ${body} {username} ${username}
171 ${body} Replace String ${body} {password} ${password}
172 ${body} Replace String ${body} {hostkey} ${hostkey}
173 ${resp} RequestsLibrary.POST On Session
177 ... headers=${HEADERS}
178 ... expected_status=anything
179 Should Contain ${ALLOWED_STATUS_CODES} ${resp.status_code}
181 Get create device request template (APIv2)
182 ${template} OperatingSystem.Get File ${CREATE_SSH_DEVICE_REQ_V2}
183 Set Test Variable ${template}
185 Get create device request without credentials template (APIv2)
186 ${template} OperatingSystem.Get File ${CREATE_SSH_DEVICE_REQ_V2_HOST_KEY_ONLY}
187 Set Test Variable ${template}
189 Register TLS call-home device in ODL controller (APIv2)
190 [Documentation] Registration call-home device with TLS transport
191 [Arguments] ${device_name} ${key_id} ${certificate_id}
192 ${template} OperatingSystem.Get File ${CREATE_TLS_DEVICE_REQ}
193 ${body} Replace String ${template} {device_name} ${device_name}
194 ${body} Replace String ${body} {key_id} ${key_id}
195 ${body} Replace String ${body} {certificate_id} ${certificate_id}
196 ${resp} RequestsLibrary.POST On Session
200 ... headers=${HEADERS}
201 ... expected_status=anything
202 Should Contain ${ALLOWED_STATUS_CODES} ${resp.status_code}
204 Pull Netopeer2 Docker Image
205 [Documentation] Pulls the netopeer image from the docker repository.
206 ${stdout} ${stderr} ${rc} SSHLibrary.Execute Command
207 ... docker pull sysrepo/sysrepo-netopeer2:latest
208 ... return_stdout=True
209 ... return_stderr=True
211 ${stdout} ${stderr} ${rc} SSHLibrary.Execute Command
213 ... return_stdout=True
214 ... return_stderr=True
217 Install Docker Compose on tools system
218 [Documentation] Install docker-compose on tools system.
219 ${netopeer_conn_id} SSHKeywords.Open_Connection_To_Tools_System
220 Builtin.Set Suite Variable ${netopeer_conn_id}
222 ... sudo curl -L "https://github.com/docker/compose/releases/download/1.11.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
223 ${output} Wait Until Keyword Succeeds 30s 2s SSHLibrary.Read_Until_Prompt
224 ${stdout} ${stderr} ${rc} SSHLibrary.Execute Command
225 ... sudo chmod +x /usr/local/bin/docker-compose
226 ... return_stdout=True
227 ... return_stderr=True
230 Uninstall Docker Compose on tools system
231 [Documentation] Uninstall docker-compose on tools system
232 ${stdout} ${stderr} ${rc} SSHLibrary.Execute Command
233 ... pip uninstall docker-compose
234 ... return_stdout=True
235 ... return_stderr=True
239 [Documentation] Opens session towards ODL controller, set configuration folder, generates a new host key for the container
240 RequestsLibrary.Create_Session session http://${ODL_SYSTEM_IP}:${RESTCONFPORT} auth=${AUTH}
241 SSHLibrary.Execute_Command rm -rf ./configuration-files && mkdir configuration-files
242 SSHLibrary.Execute_Command ssh-keygen -q -t rsa -b 2048 -N '' -f ./configuration-files/ssh_host_rsa_key
243 ${public_key} SSHLibrary.Execute_Command cat configuration-files/ssh_host_rsa_key.pub | awk '{print $2}'
244 Set Test Variable ${NETOPEER_PUB_KEY} ${public_key}
247 [Documentation] Tears down the docker running netopeer and deletes entry from the whitelist.
248 ${stdout} ${stderr} ${rc} SSHLibrary.Execute Command
249 ... docker-compose logs
250 ... return_stdout=True
251 ... return_stderr=True
254 ${stdout} ${stderr} ${rc} SSHLibrary.Execute Command
255 ... docker-compose down
256 ... return_stdout=True
257 ... return_stderr=True
259 ${stdout} ${stderr} ${rc} SSHLibrary.Execute Command
261 ... return_stdout=True
262 ... return_stderr=True
264 SSHLibrary.Execute_Command rm -rf ./configuration-files
265 ${resp} RequestsLibrary.Delete_On_Session
268 ... expected_status=anything
269 ${resp} RequestsLibrary.Delete_On_Session
271 ... url=${netconf_keystore_data_url}
272 ... expected_status=anything
275 [Documentation] Get the suite ready for callhome test cases.
276 Install Docker Compose on tools system
277 Pull Netopeer2 Docker Image
278 SSHLibrary.Put File ${CURDIR}/../variables/netconf/callhome/docker-compose.yaml .
279 SSHLibrary.Put File ${CURDIR}/../variables/netconf/callhome/init_configuration.sh .
280 SSHLibrary.Execute_Command sed -i -e 's/ODL_SYSTEM_IP/${ODL_SYSTEM_IP}/g' docker-compose.yaml
281 ${netconf_cl_ssh_port} Set_Variable_If_At_Least_Sulfur 4334 6666
282 SSHLibrary.Execute_Command sed -i -e 's/NETCONF_CH_SSH/${netconf_cl_ssh_port}/g' docker-compose.yaml
283 SSHLibrary.Execute_Command sed -i -e 's/NETCONF_CH_TLS/4335/g' docker-compose.yaml
284 ${netconf_mount_expected_values} Create list ${substring1} ${substring2} ${substring3}
285 Set Suite Variable ${netconf_mount_expected_values}
287 ... ${CREATE_SSH_DEVICE_REQ_V1}
288 ... ${CURDIR}/../variables/netconf/callhome/json/apiv1/create_device.json
290 ... ${CREATE_SSH_DEVICE_REQ_V1_HOST_KEY_ONLY}
291 ... ${CURDIR}/../variables/netconf/callhome/json/apiv1/create_device_hostkey_only.json
293 ... ${CREATE_GLOBAL_CREDENTIALS_REQ}
294 ... ${CURDIR}/../variables/netconf/callhome/json/apiv1/create_global_credentials.json
296 ... ${CREATE_SSH_DEVICE_REQ_V2}
297 ... ${CURDIR}/../variables/netconf/callhome/json/apiv2/create_ssh_device.json
299 ... ${CREATE_SSH_DEVICE_REQ_V2_HOST_KEY_ONLY}
300 ... ${CURDIR}/../variables/netconf/callhome/json/apiv2/create_device_hostkey_only.json
302 ... ${CREATE_TLS_DEVICE_REQ}
303 ... ${CURDIR}/../variables/netconf/callhome/json/apiv2/create_tls_device.json
305 ... ${ADD_KEYSTORE_ENTRY_REQ}
306 ... ${CURDIR}/../variables/netconf/callhome/json/apiv2/add_keystore_entry.json
308 ... ${ADD_PRIVATE_KEY_REQ}
309 ... ${CURDIR}/../variables/netconf/callhome/json/apiv2/add_private_key.json
311 ... ${ADD_TRUSTED_CERTIFICATE}
312 ... ${CURDIR}/../variables/netconf/callhome/json/apiv2/add_trusted_certificate.json
315 [Documentation] Tearing down the setup.
316 Uninstall Docker Compose on tools system
317 RequestsLibrary.Delete_All_Sessions
318 SSHLibrary.Close_All_Connections