From e33ae18f424593d336417bfdf02d3a77400406ee Mon Sep 17 00:00:00 2001
From: Lorand Jakab <lojakab@cisco.com>
Date: Tue, 15 Mar 2016 20:35:59 +0200
Subject: [PATCH] Add auth key for 0.0.0.0/0 in LISP perf tests

We recently discovered a security issue in lispflowmapping and an
explicitly configured authentication key is needed since the fix was
committed to allow southbound Map-Register messages to write into the
mapping database.  This patch adds such a key for the Map-Register tests
to produce usable results (notifies/s graph has value 0).

Change-Id: I14bac6c92f040abce71f40a24c531b9ca8e312b3
Signed-off-by: Lorand Jakab <lojakab@cisco.com>
---
 .../performance/010_Southbound_MapRequest.robot       |  6 ++++++
 .../lispflowmapping/Be/rpc_add-key_default.json       | 11 +++++++++++
 2 files changed, 17 insertions(+)
 create mode 100644 csit/variables/lispflowmapping/Be/rpc_add-key_default.json

diff --git a/csit/suites/lispflowmapping/performance/010_Southbound_MapRequest.robot b/csit/suites/lispflowmapping/performance/010_Southbound_MapRequest.robot
index 0dbff1d42c..96ba70d9fa 100644
--- a/csit/suites/lispflowmapping/performance/010_Southbound_MapRequest.robot
+++ b/csit/suites/lispflowmapping/performance/010_Southbound_MapRequest.robot
@@ -8,6 +8,7 @@ Library           OperatingSystem
 Library           RequestsLibrary
 Library           String
 Resource          ../../../libraries/Utils.robot
+Resource          ../../../libraries/LISPFlowMapping.robot
 Variables         ../../../variables/Variables.py
 
 *** Variables ***
@@ -44,6 +45,7 @@ Generate Map-Request Test Traffic
     Set Suite Variable    ${get_seconds_mreq}
 
 Generate Map-Register Test Traffic
+    Allow Unauthenticated Map-Registers
     ${result}=    Run Process With Logging And Status Check    /usr/local/bin/udpreplay    --pps    ${REPLAY_PPS}    --repeat    ${REPLAY_CNT}
     ...    --host    ${ODL_SYSTEM_IP}    --port    4342    ${REPLAY_FILE_MREG}
     ${partial}=    Fetch From Left    ${result.stdout}    s =
@@ -73,6 +75,10 @@ Reset Stats
     Log    ${resp.content}
     Should Be Equal As Strings    ${resp.status_code}    200
 
+Allow Unauthenticated Map-Registers
+    ${add_key}=    OperatingSystem.Get File    ${JSON_DIR}/rpc_add-key_default.json
+    Post Log Check    ${LFM_RPC_API}:add-key    ${add_key}
+
 Get Transmitted Map-Requests Stats
     ${resp}=    RequestsLibrary.Post Request    session    ${LFM_SB_RPC_API}:get-stats
     Log    ${resp.content}
diff --git a/csit/variables/lispflowmapping/Be/rpc_add-key_default.json b/csit/variables/lispflowmapping/Be/rpc_add-key_default.json
new file mode 100644
index 0000000000..47ac82ba04
--- /dev/null
+++ b/csit/variables/lispflowmapping/Be/rpc_add-key_default.json
@@ -0,0 +1,11 @@
+{
+    "input": {
+        "eid": {
+            "address-type": "ietf-lisp-address-types:ipv4-prefix-afi",
+            "ipv4-prefix": "0.0.0.0/0"
+        },
+        "mapping-authkey": {
+            "key-type": 0
+        }
+    }
+}
-- 
2.36.6