From 3ad3feae199b5ff2956293de76712dd68844789a Mon Sep 17 00:00:00 2001 From: Jamo Luhrsen Date: Wed, 22 Jan 2020 14:10:22 -0800 Subject: [PATCH] Add new restconf auth suite Change-Id: I4136c93f43489c4c720cf42b62707246355cae89 Signed-off-by: Jamo Luhrsen --- csit/configplans/aaa-authn.txt | 2 + csit/scripts/enable_jolokia_basic_auth.sh | 22 +++++ .../aaa/authn/Restconf_Basic_Auth.robot | 86 +++++++++++++++++++ 3 files changed, 110 insertions(+) create mode 100644 csit/configplans/aaa-authn.txt create mode 100644 csit/scripts/enable_jolokia_basic_auth.sh create mode 100644 csit/suites/aaa/authn/Restconf_Basic_Auth.robot diff --git a/csit/configplans/aaa-authn.txt b/csit/configplans/aaa-authn.txt new file mode 100644 index 0000000000..5412803293 --- /dev/null +++ b/csit/configplans/aaa-authn.txt @@ -0,0 +1,2 @@ +# Place the suites in run order: +integration/test/csit/scripts/enable_jolokia_basic_auth.sh diff --git a/csit/scripts/enable_jolokia_basic_auth.sh b/csit/scripts/enable_jolokia_basic_auth.sh new file mode 100644 index 0000000000..7e523c1c2a --- /dev/null +++ b/csit/scripts/enable_jolokia_basic_auth.sh @@ -0,0 +1,22 @@ +#!/bin/bash + + +cat > ${WORKSPACE}/enable_jolokia_basic_auth.sh <> /tmp/${BUNDLEFOLDER}/etc/org.jolokia.osgi.cfg + echo "org.jolokia.user=admin" >> /tmp/${BUNDLEFOLDER}/etc/org.jolokia.osgi.cfg + echo "org.jolokia.password=admin" >> /tmp/${BUNDLEFOLDER}/etc/org.jolokia.osgi.cfg + cat /tmp/${BUNDLEFOLDER}/etc/org.jolokia.osgi.cfg + +EOF + +echo "Copying config files to ODL Controller folder" +for i in `seq 1 ${NUM_ODL_SYSTEM}` +do + CONTROLLERIP=ODL_SYSTEM_${i}_IP + + echo "Enabling jolokia basic auth with default values on ${!CONTROLLERIP}" + scp ${WORKSPACE}/enable_jolokia_basic_auth.sh ${!CONTROLLERIP}:/tmp/ + ssh ${!CONTROLLERIP} 'bash /tmp/enable_jolokia_basic_auth.sh' + +done diff --git a/csit/suites/aaa/authn/Restconf_Basic_Auth.robot b/csit/suites/aaa/authn/Restconf_Basic_Auth.robot new file mode 100644 index 0000000000..b943838d46 --- /dev/null +++ b/csit/suites/aaa/authn/Restconf_Basic_Auth.robot @@ -0,0 +1,86 @@ +# +# Copyright (c) Lumina Networks 2020 and others. +# All rights reserved. +# +# This program and the accompanying materials are made available under the +# terms of the Eclipse Public License v1.0 which accompanies this distribution, +# and is available at http://www.eclipse.org/legal/epl-v10.html +# + +*** Settings *** +Documentation Test Basic Authentication support in RESTCONF +Suite Teardown Delete All Sessions +Library RequestsLibrary +Library String +Resource ../../../variables/Variables.robot + +*** Variables *** +${RESTCONF_TEST_URL} ${MODULES_API} +${JOLOKIA_TEST_URL} jolokia +${JOLOKIA_USER} ${ODL_RESTCONF_USER} +${JOLOKIA_PW} ${ODL_RESTCONF_PASSWORD} +${JOLOKIA_BAD_USER} bad_user +${BAD_PW} bad_pw +${USERS_REST_URL} auth/v1/users +${USER_USER} user +${USER_PW} user + +*** Test Cases *** +No RESTCONF Credentials + [Documentation] Given no credentials GET RESTCONF fails + Auth Should Fail ${RESTCONF_TEST_URL} ${EMPTY} ${EMPTY} + +Incorrect RESTCONF Password + [Documentation] Given incorrect password GET RESTCONF fails + Auth Should Fail ${RESTCONF_TEST_URL} some_user ${ODL_RESTCONF_PASSWORD} + +Incorrect RESTCONF Username + [Documentation] Given incorrect username GET RESTCONF fails + Auth Should Fail ${RESTCONF_TEST_URL} ${ODL_RESTCONF_USER} ${BAD_PW} + +Correct RESTCONF Credentials + [Documentation] Given correct credentials GET RESTCONF succeeds + Auth Should Pass ${RESTCONF_TEST_URL} ${ODL_RESTCONF_USER} ${ODL_RESTCONF_PASSWORD} + +No Jolokia REST Credentials + [Documentation] Given no credentials, HTTP GET on a Jolokia endpoint fails + Auth Should Fail ${JOLOKIA_TEST_URL} ${EMPTY} ${EMPTY} + +Incorrect Jolokia REST Password + [Documentation] Given incorrect password, GET on a Jolokia endpoint fails + Auth Should Fail ${JOLOKIA_TEST_URL} ${JOLOKIA_USER} ${BAD_PW} + +Incorrect Jolokia REST Username + [Documentation] Given incorrect username, GET on a Jolokia endpoint fails + Auth Should Fail ${JOLOKIA_TEST_URL} ${JOLOKIA_BAD_USER} ${JOLOKIA_PW} + +Correct Jolokia REST Credentials + [Documentation] Given correct credentials, GET on a Jolokia endpoint succeeds + Auth Should Pass ${JOLOKIA_TEST_URL} ${JOLOKIA_USER} ${JOLOKIA_PW} + +IDM Endpoints Only Available To admin Role + [Documentation] A user with a non-"admin" role should not have access to AAA endpoints + ${auth} Create List ${USER_USER} ${USER_PW} + Create Session httpbin http://${ODL_SYSTEM_IP}:${RESTCONFPORT} auth=${auth} headers=${HEADERS} + ${resp} = RequestsLibrary.Get Request httpbin ${USERS_REST_URL} + Should Be Equal As Numbers ${resp.status_code} 401 + +*** Keywords *** +Auth Should Fail + [Arguments] ${url} ${user} ${password} + [Documentation] Checks the given HTTP RESTCONF response for authentication failure + @{auth} = Create List ${user} ${password} + Create Session httpbin http://${ODL_SYSTEM_IP}:${RESTCONFPORT} auth=${auth} headers=${HEADERS} + ${resp} = RequestsLibrary.Get Request httpbin ${url} + Should Be Equal As Strings ${resp.status_code} 401 + ${header_value} = Convert To Uppercase ${resp.headers}[www-authenticate] + Should Contain ${header_value} BASIC + Log ${resp.content} + +Auth Should Pass + [Arguments] ${url} ${user} ${password} + [Documentation] Checks the given HTTP RESTCONF response for authentication failure + @{auth} = Create List ${user} ${password} + Create Session httpbin http://${ODL_SYSTEM_IP}:${RESTCONFPORT} auth=${auth} headers=${HEADERS} + ${resp} = RequestsLibrary.Get Request httpbin ${url} + Should Be Equal As Strings ${resp.status_code} 200 -- 2.36.6