Variables ../variables/Variables.py
*** Variables ***
-
+${WORKSPACE} /opt/jenkins-integration/workspace/shared-controller
+${BUNDLEFOLDER} distribution-karaf-0.3.0-SNAPSHOT
+${AUTHN_CFG_FILE} ${WORKSPACE}/${BUNDLEFOLDER}/etc/org.opendaylight.aaa.authn.cfg
*** Keywords ***
AAA Login
... ${data}
[Return] ${data}
+Disable Authentication On Controller
+ [Arguments] ${controller_ip}
+ [Documentation] Will disable token based authentication. Currently, that is done with a config file change
+ SSHLibrary.Open Connection ${controller_ip}
+ Login With Public Key ${MININET_USER} ${USER_HOME}/.ssh/id_rsa any
+ ${cmd}= Set Variable sed -i 's/^authEnabled=.*$/authEnabled=false/g' ${AUTHN_CFG_FILE}
+ SSHLibrary.Execute Command ${cmd}
+
+Enable Authentication On Controller
+ [Arguments] ${controller_ip}
+ [Documentation] Will enable token based authentication. Currently, that is done with a config file change
+ SSHLibrary.Open Connection ${controller_ip}
+ Login With Public Key ${MININET_USER} ${USER_HOME}/.ssh/id_rsa any
+ ${cmd}= Set Variable sed -i 's/^authEnabled=.*$/authEnabled=true/g' ${AUTHN_CFG_FILE}
+ SSHLibrary.Execute Command ${cmd}
+
+Get Auth Token
+ [Arguments] ${user}=${USER} ${password}=${PWD} ${scope}=${SCOPE} ${client_id}=${EMPTY} ${client_secret}=${EMPTY}
+ [Documentation] Wrapper used to login to controller and retrieve an auth token. Optional argumented available for client based credentials.
+ ${auth_data}= Create Auth Data ${USER} ${PWD} ${scope} ${client_id} ${client_secret}
+ ${resp}= AAA Login ${CONTROLLER} ${auth_data}
+ Should Be Equal As Strings ${resp.status_code} 201
+ ${auth_token}= Extract Value From Content ${resp.content} /access_token strip
+ [Return] ${auth_token}
+
+Revoke Auth Token
+ [Arguments] ${token}
+ [Documentation] Requests the given token be revoked via POST to ${REVOKE_TOKEN_API}
+ ${headers}= Create Dictionary Content-Type application/x-www-form-urlencoded
+ ${resp}= RequestsLibrary.POST ODL_SESSION ${REVOKE_TOKEN_API} data=${token} headers=${headers}
+ Should Be Equal As Strings ${resp.status_code} 204
+
Validate Token Format
[Arguments] ${token}
[Documentation] Validates the given string is in the proper "token" format
*** Test Cases ***
Get Token With Valid Username And Password
[Documentation] Sanity test to ensure default user/password can get a token
- ${auth_data}= Create Auth Data ${USER} ${PWD}
- ${resp}= AAA Login ${CONTROLLER} ${auth_data}
- ${auth_token}= Extract Value From Content ${resp.content} /access_token strip
+ ${auth_token}= Get Auth Token
Should Be String ${auth_token}
Log Token: ${auth_token}
- Should Be Equal As Strings ${resp.status_code} 201
Validate Token Format ${auth_token}
Fail To Get Token With Invalid Username And Password
Create Token with Client Authorization
[Documentation] Get a token using client domain
- ${auth_data}= Create Auth Data ${USER} ${PWD} ${SCOPE} dlux secrete
- ${resp}= AAA Login ${CONTROLLER} ${auth_data}
- ${auth_token}= Extract Value From Content ${resp.content} /access_token strip
+ ${auth_token}= Get Auth Token ${USER} ${PWD} ${SCOPE} dlux secrete
Should Be String ${auth_token}
Log Token: ${auth_token}
- Should Be Equal As Strings ${resp.status_code} 201
Validate Token Format ${auth_token}
Token Authentication In REST Request
[Documentation] Use a token to make a successful REST transaction
- ${auth_data}= Create Auth Data ${USER} ${PWD}
- ${resp}= AAA Login ${CONTROLLER} ${auth_data}
- ${auth_token}= Extract Value From Content ${resp.content} /access_token strip
- Create Session ODL_SESSION http://${CONTROLLER}:8181
- ${headers}= Create Dictionary Content-Type application/x-www-form-urlencoded
- Set To Dictionary ${headers} Authorization Bearer ${auth_token}
- ${resp}= RequestsLibrary.GET ODL_SESSION ${OPERATIONAL_NODES_API} headers=${headers}
- Log STATUS_CODE: ${resp.status_code} CONTENT: ${resp.content}
- Should Be Equal As Strings ${resp.status_code} 200
- Should Contain ${resp.content} nodes
+ ${auth_token}= Get Auth Token
+ Make REST Transaction 200 ${auth_token}
-Revoke Token
+Revoke Token And Verify Transaction Fails
[Documentation] negative test to revoke valid token and check that REST transaction fails
- ${auth_data}= Create Auth Data ${USER} ${PWD}
- ${resp}= AAA Login ${CONTROLLER} ${auth_data}
- ${auth_token}= Extract Value From Content ${resp.content} /access_token strip
+ ${auth_token}= Get Auth Token
+ Make REST Transaction 200 ${auth_token}
+ Revoke Auth Token ${auth_token}
+ Make REST Transaction 401 ${auth_token}
+
+Disable Authentication And Re-Enable Authentication
+ [Documentation] Toggles authentication off and verifies that no login credentials are needed for REST transactions
+ Disable Authentication On Controller ${CONTROLLER}
+ Wait Until Keyword Succeeds 10s 1s Make REST Transaction 200
+ Enable Authentication On Controller ${CONTROLLER}
+ Wait Until Keyword Succeeds 10s 1s Validate That Authentication Fails With Wrong Token
+ ${auth_token}= Get Auth Token
+ Make REST Transaction 200 ${auth_token}
+
+*** Keywords ***
+Validate That Authentication Fails With Wrong Token
+ ${bad_token}= Set Variable notARealToken
+ Make REST Transaction 401 ${bad_token}
+
+Make REST Transaction
+ [Arguments] ${expected_status_code} ${auth_data}=${EMPTY}
Create Session ODL_SESSION http://${CONTROLLER}:8181
${headers}= Create Dictionary Content-Type application/x-www-form-urlencoded
- Set To Dictionary ${headers} Authorization Bearer ${auth_token}
+ Run Keyword If "${auth_data}" != "${EMPTY}" Set To Dictionary ${headers} Authorization Bearer ${auth_data}
${resp}= RequestsLibrary.GET ODL_SESSION ${OPERATIONAL_NODES_API} headers=${headers}
Log STATUS_CODE: ${resp.status_code} CONTENT: ${resp.content}
- Should Be Equal As Strings ${resp.status_code} 200
+ Should Be Equal As Strings ${resp.status_code} ${expected_status_code}
Should Contain ${resp.content} nodes
- ${headers}= Create Dictionary Content-Type application/x-www-form-urlencoded
- ${resp}= RequestsLibrary.POST ODL_SESSION ${REVOKE_TOKEN_API} data=${auth_token} headers=${headers}
- Should Be Equal As Strings ${resp.status_code} 204
- Set To Dictionary ${headers} Authorization Bearer ${auth_token}
- ${resp}= RequestsLibrary.GET ODL_SESSION ${OPERATIONAL_NODES_API} headers=${headers}
- Log STATUS_CODE: ${resp.status_code} CONTENT: ${resp.content}
- Should Be Equal As Strings ${resp.status_code} 401
-*** Keywords ***
Credential Authentication Suite Setup
Log Suite Setup