Add new restconf auth suite

Change-Id: I4136c93f43489c4c720cf42b62707246355cae89
Signed-off-by: Jamo Luhrsen <jluhrsen@gmail.com>

diff --git a/csit/configplans/aaa-authn.txt b/csit/configplans/aaa-authn.txt
new file mode 100644 (file)
index 0000000..5412803
--- /dev/null
+++ b/csit/configplans/aaa-authn.txt
@@ -0,0 +1,2 @@
+# Place the suites in run order:
+integration/test/csit/scripts/enable_jolokia_basic_auth.sh

diff --git a/csit/scripts/enable_jolokia_basic_auth.sh b/csit/scripts/enable_jolokia_basic_auth.sh
new file mode 100644 (file)
index 0000000..7e523c1
--- /dev/null
+++ b/csit/scripts/enable_jolokia_basic_auth.sh
@@ -0,0 +1,22 @@
+#!/bin/bash
+
+
+cat > ${WORKSPACE}/enable_jolokia_basic_auth.sh <<EOF
+
+    echo "org.jolokia.authMode=basic" >> /tmp/${BUNDLEFOLDER}/etc/org.jolokia.osgi.cfg
+    echo "org.jolokia.user=admin" >> /tmp/${BUNDLEFOLDER}/etc/org.jolokia.osgi.cfg
+    echo "org.jolokia.password=admin" >> /tmp/${BUNDLEFOLDER}/etc/org.jolokia.osgi.cfg
+    cat /tmp/${BUNDLEFOLDER}/etc/org.jolokia.osgi.cfg
+
+EOF
+
+echo "Copying config files to ODL Controller folder"
+for i in `seq 1 ${NUM_ODL_SYSTEM}`
+do
+        CONTROLLERIP=ODL_SYSTEM_${i}_IP
+
+        echo "Enabling jolokia basic auth with default values on ${!CONTROLLERIP}"
+        scp ${WORKSPACE}/enable_jolokia_basic_auth.sh ${!CONTROLLERIP}:/tmp/
+        ssh ${!CONTROLLERIP} 'bash /tmp/enable_jolokia_basic_auth.sh'
+
+done

diff --git a/csit/suites/aaa/authn/Restconf_Basic_Auth.robot b/csit/suites/aaa/authn/Restconf_Basic_Auth.robot
new file mode 100644 (file)
index 0000000..b943838
--- /dev/null
+++ b/csit/suites/aaa/authn/Restconf_Basic_Auth.robot
@@ -0,0 +1,86 @@
+#
+# Copyright (c) Lumina Networks 2020 and others.
+# All rights reserved.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Eclipse Public License v1.0 which accompanies this distribution,
+# and is available at http://www.eclipse.org/legal/epl-v10.html
+#
+
+*** Settings ***
+Documentation     Test Basic Authentication support in RESTCONF
+Suite Teardown    Delete All Sessions
+Library           RequestsLibrary
+Library           String
+Resource          ../../../variables/Variables.robot
+
+*** Variables ***
+${RESTCONF_TEST_URL}    ${MODULES_API}
+${JOLOKIA_TEST_URL}    jolokia
+${JOLOKIA_USER}    ${ODL_RESTCONF_USER}
+${JOLOKIA_PW}     ${ODL_RESTCONF_PASSWORD}
+${JOLOKIA_BAD_USER}    bad_user
+${BAD_PW}         bad_pw
+${USERS_REST_URL}    auth/v1/users
+${USER_USER}      user
+${USER_PW}        user
+
+*** Test Cases ***
+No RESTCONF Credentials
+    [Documentation]    Given no credentials GET RESTCONF fails
+    Auth Should Fail    ${RESTCONF_TEST_URL}    ${EMPTY}    ${EMPTY}
+
+Incorrect RESTCONF Password
+    [Documentation]    Given incorrect password GET RESTCONF fails
+    Auth Should Fail    ${RESTCONF_TEST_URL}    some_user    ${ODL_RESTCONF_PASSWORD}
+
+Incorrect RESTCONF Username
+    [Documentation]    Given incorrect username GET RESTCONF fails
+    Auth Should Fail    ${RESTCONF_TEST_URL}    ${ODL_RESTCONF_USER}    ${BAD_PW}
+
+Correct RESTCONF Credentials
+    [Documentation]    Given correct credentials GET RESTCONF succeeds
+    Auth Should Pass    ${RESTCONF_TEST_URL}    ${ODL_RESTCONF_USER}    ${ODL_RESTCONF_PASSWORD}
+
+No Jolokia REST Credentials
+    [Documentation]    Given no credentials, HTTP GET on a Jolokia endpoint fails
+    Auth Should Fail    ${JOLOKIA_TEST_URL}    ${EMPTY}    ${EMPTY}
+
+Incorrect Jolokia REST Password
+    [Documentation]    Given incorrect password, GET on a Jolokia endpoint fails
+    Auth Should Fail    ${JOLOKIA_TEST_URL}    ${JOLOKIA_USER}    ${BAD_PW}
+
+Incorrect Jolokia REST Username
+    [Documentation]    Given incorrect username, GET on a Jolokia endpoint fails
+    Auth Should Fail    ${JOLOKIA_TEST_URL}    ${JOLOKIA_BAD_USER}    ${JOLOKIA_PW}
+
+Correct Jolokia REST Credentials
+    [Documentation]    Given correct credentials, GET on a Jolokia endpoint succeeds
+    Auth Should Pass    ${JOLOKIA_TEST_URL}    ${JOLOKIA_USER}    ${JOLOKIA_PW}
+
+IDM Endpoints Only Available To admin Role
+    [Documentation]    A user with a non-"admin" role should not have access to AAA endpoints
+    ${auth}    Create List    ${USER_USER}    ${USER_PW}
+    Create Session    httpbin    http://${ODL_SYSTEM_IP}:${RESTCONFPORT}    auth=${auth}    headers=${HEADERS}
+    ${resp} =    RequestsLibrary.Get Request    httpbin    ${USERS_REST_URL}
+    Should Be Equal As Numbers    ${resp.status_code}    401
+
+*** Keywords ***
+Auth Should Fail
+    [Arguments]    ${url}    ${user}    ${password}
+    [Documentation]    Checks the given HTTP RESTCONF response for authentication failure
+    @{auth} =    Create List    ${user}    ${password}
+    Create Session    httpbin    http://${ODL_SYSTEM_IP}:${RESTCONFPORT}    auth=${auth}    headers=${HEADERS}
+    ${resp} =    RequestsLibrary.Get Request    httpbin    ${url}
+    Should Be Equal As Strings    ${resp.status_code}    401
+    ${header_value} =    Convert To Uppercase    ${resp.headers}[www-authenticate]
+    Should Contain    ${header_value}    BASIC
+    Log    ${resp.content}
+
+Auth Should Pass
+    [Arguments]    ${url}    ${user}    ${password}
+    [Documentation]    Checks the given HTTP RESTCONF response for authentication failure
+    @{auth} =    Create List    ${user}    ${password}
+    Create Session    httpbin    http://${ODL_SYSTEM_IP}:${RESTCONFPORT}    auth=${auth}    headers=${HEADERS}
+    ${resp} =    RequestsLibrary.Get Request    httpbin    ${url}
+    Should Be Equal As Strings    ${resp.status_code}    200