From 93b32fa69f35af6a8751ce8ac9d2d8ec7740e283 Mon Sep 17 00:00:00 2001 From: Krzysztof Kuzmicki Date: Wed, 2 Mar 2022 12:23:04 +0100 Subject: [ROBOT] ADD CMPv2 test cases that use helm based components Add CMPv2 helm based test cases Signed-off-by: Krzysztof Kuzmicki Issue-ID: INT-1895 Change-Id: Ifbbf80452cd4b65e4b5df5586bfc72c1ecaac731 --- robot/assets/cmpv2/blueprintTemplate.json | 12 -- robot/assets/cmpv2/k8s-mongo-ves-client.yaml | 37 ----- robot/assets/cmpv2/k8s-mongo.yaml | 37 ----- robot/assets/cmpv2/k8s-pnf-simulator.yaml | 73 --------- robot/assets/cmpv2/k8s-ves-client.yaml | 75 --------- robot/assets/cmpv2/ves_client_values_aaf.yaml | 31 ++++ robot/assets/cmpv2/ves_client_values_basic.yaml | 14 ++ robot/assets/cmpv2/ves_client_values_cmpv2.yaml | 18 +++ robot/assets/cmpv2/ves_correct_sans_cmpv2.yaml | 55 +++++++ robot/assets/cmpv2/ves_wrong_sans_cmpv2.yaml | 53 +++++++ robot/assets/helm/ves-client/Chart.yaml | 37 +++++ robot/assets/helm/ves-client/resources/cert.p12 | 0 robot/assets/helm/ves-client/resources/p12.pass | 1 + robot/assets/helm/ves-client/resources/trust.jks | 0 .../helm/ves-client/resources/truststore.pass | 1 + .../assets/helm/ves-client/templates/_helpers.tpl | 175 +++++++++++++++++++++ .../helm/ves-client/templates/certificate.yaml | 28 ++++ .../helm/ves-client/templates/deployment.yaml | 21 +++ robot/assets/helm/ves-client/templates/secret.yaml | 7 + .../assets/helm/ves-client/templates/service.yaml | 15 ++ robot/assets/helm/ves-client/values.yaml | 133 ++++++++++++++++ robot/resources/chart_museum.robot | 22 +-- robot/resources/test_templates/cmpv2.robot | 46 ++++-- .../usecases/5gbulkpm_helm_interface.robot | 8 +- robot/testsuites/cmpv2.robot | 76 +-------- 25 files changed, 640 insertions(+), 335 deletions(-) delete mode 100644 robot/assets/cmpv2/blueprintTemplate.json delete mode 100644 robot/assets/cmpv2/k8s-mongo-ves-client.yaml delete mode 100644 robot/assets/cmpv2/k8s-mongo.yaml delete mode 100644 robot/assets/cmpv2/k8s-pnf-simulator.yaml delete mode 100644 robot/assets/cmpv2/k8s-ves-client.yaml create mode 100644 robot/assets/cmpv2/ves_client_values_aaf.yaml create mode 100644 robot/assets/cmpv2/ves_client_values_basic.yaml create mode 100644 robot/assets/cmpv2/ves_client_values_cmpv2.yaml create mode 100644 robot/assets/cmpv2/ves_correct_sans_cmpv2.yaml create mode 100644 robot/assets/cmpv2/ves_wrong_sans_cmpv2.yaml create mode 100644 robot/assets/helm/ves-client/Chart.yaml create mode 100644 robot/assets/helm/ves-client/resources/cert.p12 create mode 100644 robot/assets/helm/ves-client/resources/p12.pass create mode 100644 robot/assets/helm/ves-client/resources/trust.jks create mode 100644 robot/assets/helm/ves-client/resources/truststore.pass create mode 100644 robot/assets/helm/ves-client/templates/_helpers.tpl create mode 100644 robot/assets/helm/ves-client/templates/certificate.yaml create mode 100644 robot/assets/helm/ves-client/templates/deployment.yaml create mode 100644 robot/assets/helm/ves-client/templates/secret.yaml create mode 100644 robot/assets/helm/ves-client/templates/service.yaml create mode 100644 robot/assets/helm/ves-client/values.yaml diff --git a/robot/assets/cmpv2/blueprintTemplate.json b/robot/assets/cmpv2/blueprintTemplate.json deleted file mode 100644 index f3b87e7d..00000000 --- a/robot/assets/cmpv2/blueprintTemplate.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "asdcResourceId": "", - "asdcServiceId": "", - "asdcServiceURL": "", - "blueprintTemplate": "", - "owner": "robot", - "serviceIds": [], - "serviceLocations": [], - "typeName": "", - "typeVersion": 100, - "vnfTypes": [] -} diff --git a/robot/assets/cmpv2/k8s-mongo-ves-client.yaml b/robot/assets/cmpv2/k8s-mongo-ves-client.yaml deleted file mode 100644 index 42523993..00000000 --- a/robot/assets/cmpv2/k8s-mongo-ves-client.yaml +++ /dev/null @@ -1,37 +0,0 @@ -tosca_definitions_version: cloudify_dsl_1_3 -imports: - - 'http://www.getcloudify.org/spec/cloudify/4.5.5/types.yaml' - - 'plugin:k8splugin?version=>=3.4.2,<4.0.0' -inputs: - tag_version: - type: string - description: Docker image to be used - default: 'mongo' - replicas: - type: integer - description: Number of instances - default: 1 - service_component_type: - type: string - default: "mongo-ves-client" - service_component_name_override: - type: string - default: "mongo-ves-client" -node_templates: - mongo: - type: dcae.nodes.ContainerizedServiceComponent - interfaces: - cloudify.interfaces.lifecycle: - start: - inputs: - envs: - MONGO_INITDB_ROOT_USERNAME: root - MONGO_INITDB_ROOT_PASSWORD: zXcVbN123! - MONGO_INITDB_DATABASE: pnf_simulator - ports: - - '27017:0' - properties: - service_component_type: { get_input: service_component_type } - service_component_name_override: { get_input: service_component_name_override } - image: { get_input: tag_version } - replicas: { get_input: replicas } diff --git a/robot/assets/cmpv2/k8s-mongo.yaml b/robot/assets/cmpv2/k8s-mongo.yaml deleted file mode 100644 index 010eb65c..00000000 --- a/robot/assets/cmpv2/k8s-mongo.yaml +++ /dev/null @@ -1,37 +0,0 @@ -tosca_definitions_version: cloudify_dsl_1_3 -imports: - - 'http://www.getcloudify.org/spec/cloudify/4.5.5/types.yaml' - - 'plugin:k8splugin?version=>=3.4.2,<4.0.0' -inputs: - tag_version: - type: string - description: Docker image to be used - default: 'mongo' - replicas: - type: integer - description: Number of instances - default: 1 - service_component_type: - type: string - default: "mongo" - service_component_name_override: - type: string - default: "mongo" -node_templates: - mongo: - type: dcae.nodes.ContainerizedServiceComponent - interfaces: - cloudify.interfaces.lifecycle: - start: - inputs: - envs: - MONGO_INITDB_ROOT_USERNAME: root - MONGO_INITDB_ROOT_PASSWORD: zXcVbN123! - MONGO_INITDB_DATABASE: pnf_simulator - ports: - - '27017:0' - properties: - service_component_type: { get_input: service_component_type } - service_component_name_override: { get_input: service_component_name_override } - image: { get_input: tag_version } - replicas: { get_input: replicas } diff --git a/robot/assets/cmpv2/k8s-pnf-simulator.yaml b/robot/assets/cmpv2/k8s-pnf-simulator.yaml deleted file mode 100644 index 89e838b9..00000000 --- a/robot/assets/cmpv2/k8s-pnf-simulator.yaml +++ /dev/null @@ -1,73 +0,0 @@ -tosca_definitions_version: cloudify_dsl_1_3 -imports: - - 'http://www.getcloudify.org/spec/cloudify/4.5.5/types.yaml' - - 'plugin:k8splugin?version=>=3.4.2,<4.0.0' -inputs: - tag_version: - type: string - description: Docker image to be used - default: 'nexus3.onap.org:10001/onap/org.onap.integration.simulators.pnfsimulator:latest' - replicas: - type: integer - description: Number of instances - default: 1 - external_cert_cert_type: - type: string - description: Output type - default: 'P12' - external_cert_ca_name: - type: string - description: Name of Certificate Authority configured on CertService side. - default: 'RA' - external_cert_common_name: - type: string - description: Common name which should be present in certificate. - default: 'pnf-simulator' - external_cert_sans: - type: string - description: 'List of Subject Alternative Names (SANs) which should be present - in certificate. Delimiter - , Should contain common_name value and other FQDNs - under which given component is accessible.' - default: 'pnf-simulator' - external_cert_use_external_tls: - type: boolean - description: Flag to indicate external tls enable/disable. - default: true - service_component_type: - type: string - default: "pnf-simulator" - service_component_name_override: - type: string - default: "pnf-simulator" -node_templates: - pnf-simulator: - type: dcae.nodes.ContainerizedServiceComponent - interfaces: - cloudify.interfaces.lifecycle: - start: - inputs: - envs: - STRICT_HOSTNAME_VERIFICATION: 'true' - ports: - - '5000:0' - properties: - service_component_type: { get_input: service_component_type } - service_component_name_override: { get_input: service_component_name_override } - image: { get_input: tag_version } - replicas: { get_input: replicas } - always_pull_image: true - tls_info: - cert_directory: '/app/store/' - external_cert: - external_cert_directory: '/app/store/' - use_external_tls: - get_input: external_cert_use_external_tls - cert_type: - get_input: external_cert_cert_type - ca_name: - get_input: external_cert_ca_name - external_certificate_parameters: - common_name: - get_input: external_cert_common_name - sans: - get_input: external_cert_sans diff --git a/robot/assets/cmpv2/k8s-ves-client.yaml b/robot/assets/cmpv2/k8s-ves-client.yaml deleted file mode 100644 index cfb5fd53..00000000 --- a/robot/assets/cmpv2/k8s-ves-client.yaml +++ /dev/null @@ -1,75 +0,0 @@ -tosca_definitions_version: cloudify_dsl_1_3 -imports: - - 'http://www.getcloudify.org/spec/cloudify/4.5.5/types.yaml' - - 'plugin:k8splugin?version=>=3.4.2,<4.0.0' -inputs: - tag_version: - type: string - description: Docker image to be used - default: 'nexus3.onap.org:10001/onap/org.onap.integration.nfsimulator.vesclient:latest' - replicas: - type: integer - description: Number of instances - default: 1 - external_cert_cert_type: - type: string - description: Output type - default: 'P12' - external_cert_ca_name: - type: string - description: Name of Certificate Authority configured on CertService side. - default: 'RA' - external_cert_common_name: - type: string - description: Common name which should be present in certificate. - default: 'ves-client' - external_cert_sans: - type: string - description: 'List of Subject Alternative Names (SANs) which should be present - in certificate. Delimiter - , Should contain common_name value and other FQDNs - under which given component is accessible.' - default: 'ves-client' - external_cert_use_external_tls: - type: boolean - description: Flag to indicate external tls enable/disable. - default: true - service_component_type: - type: string - default: "ves-client" - service_component_name_override: - type: string - default: "ves-client" -node_templates: - ves-client: - type: dcae.nodes.ContainerizedServiceComponent - interfaces: - cloudify.interfaces.lifecycle: - start: - inputs: - envs: - STRICT_HOSTNAME_VERIFICATION: 'true' - MONGO_HOSTNAME: - concat: ["mongo-", {get_input: service_component_name_override}] - ports: - - '5000:0' - properties: - service_component_type: { get_input: service_component_type } - service_component_name_override: { get_input: service_component_name_override } - image: { get_input: tag_version } - replicas: { get_input: replicas } - always_pull_image: true - tls_info: - cert_directory: '/app/store/' - external_cert: - external_cert_directory: '/app/store/' - use_external_tls: - get_input: external_cert_use_external_tls - cert_type: - get_input: external_cert_cert_type - ca_name: - get_input: external_cert_ca_name - external_certificate_parameters: - common_name: - get_input: external_cert_common_name - sans: - get_input: external_cert_sans diff --git a/robot/assets/cmpv2/ves_client_values_aaf.yaml b/robot/assets/cmpv2/ves_client_values_aaf.yaml new file mode 100644 index 00000000..09661297 --- /dev/null +++ b/robot/assets/cmpv2/ves_client_values_aaf.yaml @@ -0,0 +1,31 @@ +certMethod: "aaf" + +fullnameOverride: "ves-client-aaf" +secretName: ves-client-secret-aaf +configMapName: ves-client-configmap-aaf +certificateName: ves-client-certificate-aaf + +config: + useCerts: true + mongoDbName: ves-client-db-aaf + +mongodb: + fullnameOverride: "ves-client-db-aaf" + +certInitializer: + nameOverride: vesclient-cert-initializer-aaf + +certificates: + name: ves-client-cert-aaf + secretName: ves-client-secret-aaf + keystores: + jks: + create: true + passwordSecretRef: + name: ves-client-secret-aaf + key: p12.pass + pkcs12: + create: true + passwordSecretRef: + name: ves-client-secret-aaf + key: p12.pass diff --git a/robot/assets/cmpv2/ves_client_values_basic.yaml b/robot/assets/cmpv2/ves_client_values_basic.yaml new file mode 100644 index 00000000..157136f2 --- /dev/null +++ b/robot/assets/cmpv2/ves_client_values_basic.yaml @@ -0,0 +1,14 @@ +fullnameOverride: "ves-client-basic" +secretName: "ves-client-secret-basic" +configMapName: "ves-client-configmap-basic" +certificateName: "ves-client-certificate-basic" + +config: + useCerts: false + mongoDbName: ves-client-db-basic + +mongodb: + fullnameOverride: "ves-client-db-basic" + +certInitializer: + nameOverride: vesclient-cert-initializer-basic diff --git a/robot/assets/cmpv2/ves_client_values_cmpv2.yaml b/robot/assets/cmpv2/ves_client_values_cmpv2.yaml new file mode 100644 index 00000000..f6eae10e --- /dev/null +++ b/robot/assets/cmpv2/ves_client_values_cmpv2.yaml @@ -0,0 +1,18 @@ +certMethod: "cmpv2" + +fullnameOverride: "ves-client-cmpv2" +nameOverride: "ves-client-cmpv2" +secretName: ves-client-secret-cmpv2 +configMapName: ves-client-configmap-cmpv2 +certificateName: ves-client-certificate-cmpv2 + +config: + useCerts: true + strictHost: true + mongoDbName: ves-client-db-cmpv2 + +mongodb: + fullnameOverride: "ves-client-db-cmpv2" + +certInitializer: + nameOverride: vesclient-cert-initializer-cmpv2 diff --git a/robot/assets/cmpv2/ves_correct_sans_cmpv2.yaml b/robot/assets/cmpv2/ves_correct_sans_cmpv2.yaml new file mode 100644 index 00000000..4cea2296 --- /dev/null +++ b/robot/assets/cmpv2/ves_correct_sans_cmpv2.yaml @@ -0,0 +1,55 @@ +# TLS role -- set to true if microservice acts as server +# If true, an init container will retrieve a server cert +# and key from AAF and mount them in certDirectory. +tlsServer: false + +global: + centralizedLoggingEnabled: false + cmpv2Enabled: true + masterPassword: "test" + + +nameOverride: "dcae-ves-cmpv2-cert-corect-sans" +fullnameOverride: "dcae-ves-cmpv2-cert-corect-sans" + + +# CMPv2 certificate +# It is used only when: +# - certDirectory is set +# - global cmpv2Enabled flag is set to true +# - flag useCmpv2Certificates is set to true +# Disabled by default +useCmpv2Certificates: true +certificates: + - mountPath: /opt/app/dcae-certificate/external + commonName: dcae-ves-collector-cmpv2-cert + dnsNames: + - dcae-ves-collector-cmpv2-cert + - ves-collector-cmpv2-cert + - ves-cmpv2-cert + keystore: + outputType: + - jks + passwordSecretRef: + name: ves-cmpv2-keystore-password + key: password + create: true + +# service configuration +service: + type: NodePort + name: dcae-ves-collector-cmpv2-cert + ports: + - name: http + port: 8443 + plain_port: 8080 + port_protocol: http + nodePort: 18 + useNodePortExt: true + + +#Pods Service Account +serviceAccount: + nameOverride: dcae-ves-cmpv2-cert-corect-sans + roles: + - read diff --git a/robot/assets/cmpv2/ves_wrong_sans_cmpv2.yaml b/robot/assets/cmpv2/ves_wrong_sans_cmpv2.yaml new file mode 100644 index 00000000..db86b581 --- /dev/null +++ b/robot/assets/cmpv2/ves_wrong_sans_cmpv2.yaml @@ -0,0 +1,53 @@ +# TLS role -- set to true if microservice acts as server +# If true, an init container will retrieve a server cert +# and key from AAF and mount them in certDirectory. +tlsServer: false + +global: + centralizedLoggingEnabled: false + cmpv2Enabled: true + masterPassword: "test" + + +nameOverride: "dcae-ves-cmpv2-cert-wrong-sans" +fullnameOverride: "dcae-ves-cmpv2-cert-wrong-sans" + + +# CMPv2 certificate +# It is used only when: +# - certDirectory is set +# - global flag is set to true +# - flag useCmpv2Certificates is set to true +# Disabled by default +useCmpv2Certificates: true +certificates: + - mountPath: /opt/app/dcae-certificate/external + commonName: wrong-sans + dnsNames: + - wrong-sans + keystore: + outputType: + - jks + passwordSecretRef: + name: ves-cmpv2-keystore-password-wrong-sans + key: password + create: true + +# service configuration +service: + type: NodePort + name: dcae-ves-collector-cmpv2-cert-wrong-sans + ports: + - name: http + port: 8443 + plain_port: 8080 + port_protocol: http + nodePort: 19 + useNodePortExt: true + + +#Pods Service Account +serviceAccount: + nameOverride: dcae-ves-cmpv2-cert-wrong-sans + roles: + - read diff --git a/robot/assets/helm/ves-client/Chart.yaml b/robot/assets/helm/ves-client/Chart.yaml new file mode 100644 index 00000000..14d36ba0 --- /dev/null +++ b/robot/assets/helm/ves-client/Chart.yaml @@ -0,0 +1,37 @@ +apiVersion: v2 +name: ves-client +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +appVersion: 1.0.1 +dependencies: + - name: mongodb + version: 10.x + repository: https://charts.bitnami.com/bitnami + condition: mongodb.enabled + - name: certInitializer + version: ~x.x-0 + repository: '@chart-museum' + - name: common + version: ~x.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) + repository: '@chart-museum' diff --git a/robot/assets/helm/ves-client/resources/cert.p12 b/robot/assets/helm/ves-client/resources/cert.p12 new file mode 100644 index 00000000..e69de29b diff --git a/robot/assets/helm/ves-client/resources/p12.pass b/robot/assets/helm/ves-client/resources/p12.pass new file mode 100644 index 00000000..25acfbf5 --- /dev/null +++ b/robot/assets/helm/ves-client/resources/p12.pass @@ -0,0 +1 @@ +collector \ No newline at end of file diff --git a/robot/assets/helm/ves-client/resources/trust.jks b/robot/assets/helm/ves-client/resources/trust.jks new file mode 100644 index 00000000..e69de29b diff --git a/robot/assets/helm/ves-client/resources/truststore.pass b/robot/assets/helm/ves-client/resources/truststore.pass new file mode 100644 index 00000000..25acfbf5 --- /dev/null +++ b/robot/assets/helm/ves-client/resources/truststore.pass @@ -0,0 +1 @@ +collector \ No newline at end of file diff --git a/robot/assets/helm/ves-client/templates/_helpers.tpl b/robot/assets/helm/ves-client/templates/_helpers.tpl new file mode 100644 index 00000000..e8940d78 --- /dev/null +++ b/robot/assets/helm/ves-client/templates/_helpers.tpl @@ -0,0 +1,175 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "ves-client.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "ves-client.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "ves-client.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "ves-client.labels" -}} +helm.sh/chart: {{ include "ves-client.chart" . }} +{{ include "ves-client.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "ves-client.selectorLabels" -}} +app.kubernetes.io/name: {{ include "ves-client.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "ves-client.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "ves-client.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + +{{/* +Common namespace +*/}} +{{- define "ves-client.namespace" -}} + {{- default .Release.Namespace .Values.nsPrefix -}} +{{- end -}} + +{{/* +Define dns names in certificate +*/}} +{{- define "ves-client.dnsNames" -}} +{{- range $dnsName := $.Values.certificates.dnsNames }} +- {{ $dnsName }} +{{- end }} +{{- end }} + +{{/* +Define dns names in certificate +*/}} +{{- define "ves-client.init" -}} +{{ if eq .Values.certMethod "wrongCert" }} +- name: {{ include "common.name" . }}-readiness + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: {{ .Values.certInitializer.image }} + imagePullPolicy: {{ .Values.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - name: {{ .Values.aafVolumeName }} + mountPath: /opt/app/osaaf +{{- end }} +{{- end }} + +{{- define "ves-client.containers" -}} +- env: + - name: MONGO_HOSTNAME + value: {{ .Values.config.mongoDbName | quote }} + - name: USE_CERTIFICATE_FOR_AUTHORIZATION + value: {{ .Values.config.useCerts | quote }} + - name: STRICT_HOSTNAME_VERIFICATION + value: {{ .Values.config.strictHost | quote }} + name: {{ .Values.configMapName }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - containerPort: {{ .Values.service.port }} + protocol: TCP + livenessProbe: + httpGet: + path: /simulator/config + port: 5000 + initialDelaySeconds: 10 + periodSeconds: 30 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 + readinessProbe: + httpGet: + path: /simulator/config + port: 5000 + initialDelaySeconds: 60 + periodSeconds: 15 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 + resources: + {{- toYaml .Values.resources | nindent 12 }} + volumeMounts: + {{ if eq .Values.certMethod "wrongCert" }} + - name: certstore + mountPath: /app/store/cert.p12 + subPath: cert.p12 + - name: certstore + mountPath: /app/store/p12.pass + subPath: p12.pass + - name: {{ .Values.aafVolumeName }} + mountPath: /app/store + {{- end }} + {{ if eq .Values.certMethod "cmpv2" }} + - name: certstore + mountPath: /app/store + {{- end }} +{{- end }} + +{{- define "ves-client.volumes" -}} +{{ if or ( eq .Values.certMethod "cmpv2" ) ( eq .Values.certMethod "wrongCert" ) }} +- name: certstore + projected: + sources: + - secret: + name: ves-client-secret-cmpv2 + items: + - key: keystore.p12 + path: cert.p12 + - key: p12.pass + path: p12.pass + - key: p12.pass + path: truststore.pass + - key: truststore.jks + path: trust.jks +{{- end }} +{{ if eq .Values.certMethod "wrongCert" }} +{{ include "common.certInitializer.volumes" . | nindent 8 }} +- name: {{ .Values.aafVolumeName }} + emptyDir: {} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/robot/assets/helm/ves-client/templates/certificate.yaml b/robot/assets/helm/ves-client/templates/certificate.yaml new file mode 100644 index 00000000..a8bbbd72 --- /dev/null +++ b/robot/assets/helm/ves-client/templates/certificate.yaml @@ -0,0 +1,28 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: '{{ include "ves-client.fullname" . }}-cert' + namespace: {{ include "ves-client.namespace" . }} +spec: + secretName: ves-client-secret-cmpv2 + commonName: {{ include "ves-client.fullname" . }} + renewBefore: {{ .Values.certificates.renewBefore }} + duration: {{ .Values.certificates.duration }} + subject: + organizations: + - {{ .Values.certificates.subject.organization }} + countries: + - {{ .Values.certificates.subject.country }} + localities: + - {{ .Values.certificates.subject.locality }} + provinces: + - {{ .Values.certificates.subject.province }} + organizationalUnits: + - {{ .Values.certificates.subject.organizationalUnit }} + issuerRef: + group: {{ .Values.certificates.issuerRef.group }} + kind: {{ .Values.certificates.issuerRef.kind }} + name: {{ .Values.certificates.issuerRef.name }} + dnsNames: {{ include "ves-client.dnsNames" . | indent 4 }} + keystores: + {{ toYaml .Values.certificates.keystores | nindent 4 }} diff --git a/robot/assets/helm/ves-client/templates/deployment.yaml b/robot/assets/helm/ves-client/templates/deployment.yaml new file mode 100644 index 00000000..8a054f44 --- /dev/null +++ b/robot/assets/helm/ves-client/templates/deployment.yaml @@ -0,0 +1,21 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "ves-client.fullname" . }} + labels: + {{ include "ves-client.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + {{ include "ves-client.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{ include "ves-client.selectorLabels" . | nindent 8 }} + spec: + initContainers: + {{ include "ves-client.init" . | nindent 8 }} + containers: + {{ include "ves-client.containers" . | nindent 8 }} + volumes: + {{ include "ves-client.volumes" . | nindent 8 }} diff --git a/robot/assets/helm/ves-client/templates/secret.yaml b/robot/assets/helm/ves-client/templates/secret.yaml new file mode 100644 index 00000000..354e52cb --- /dev/null +++ b/robot/assets/helm/ves-client/templates/secret.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Secret +metadata: + name: ves-client-secret-cmpv2 +data: + p12.pass: MjNlOTE3NzVjOTE4ZTRmNjY4ZTFhYzgyZDY5ZjExYWU0ZWU0ZGM2MTM3YzUwMzZkZjE3MmEyODJhYTA5 +type: Opaque diff --git a/robot/assets/helm/ves-client/templates/service.yaml b/robot/assets/helm/ves-client/templates/service.yaml new file mode 100644 index 00000000..a118388b --- /dev/null +++ b/robot/assets/helm/ves-client/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.nameOverride }} + labels: + {{ include "ves-client.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: {{ .Values.service.port }} + protocol: TCP + name: {{ .Values.service.name }} + selector: + {{ include "ves-client.selectorLabels" . | nindent 4 }} diff --git a/robot/assets/helm/ves-client/values.yaml b/robot/assets/helm/ves-client/values.yaml new file mode 100644 index 00000000..cc063180 --- /dev/null +++ b/robot/assets/helm/ves-client/values.yaml @@ -0,0 +1,133 @@ +global: + importCustomCertsEnabled: false + +certMethod: "aaf" +aafVolumeName: aaf-vol-store + +replicaCount: 1 + +image: + repository: onap/org.onap.integration.nfsimulator.vesclient + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "ves-client" + +config: + strictHost: false + useCerts: false + mongoDbName: ves-client-db + +templatesDir: "/app/template" +certsDir: "/app/store" + +ingress: + enabled: false + +certInitializer: + nameOverride: vesclient-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + # aafDeployCredsExternalSecret: some secret + fqdn: ves-client + fqi: ves-client@vesclient.onap.org + public_fqdn: ves-client.onap.org + fqi_namespace: "org.onap.vesclient" + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + image: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 + mountPath: "/opt/app/osaaf" + appMountPath: "/opt/app/osaaf" + +podAnnotations: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: NodePort + port: 5000 + name: ves-client-port-name + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +mongodb: + fullnameOverride: "ves-client-db" + persistence: + enabled: false + auth: + rootPassword: zXcVbN123! + database: simulator + username: root + +certificates: + name: ves-client-cert + secretName: ves-client-secret + commonName: ves-client + dnsNames: + - ves-client + renewBefore: 720h #30 days + duration: 8760h #365 days + subject: + organization: "Linux-Foundation" + country: "US" + locality: "San-Francisco" + province: "California" + organizationalUnit: "ONAP" +# issuer: +# group: certmanager.onap.org +# kind: CMPv2Issuer +# name: cmpv2-issuer-onap + issuerRef: + group: certmanager.onap.org + kind: CMPv2Issuer + name: cmpv2-issuer-onap + +# ipAddresses: "127.0.0.1" + keystores: + jks: + create: true + passwordSecretRef: + name: ves-client-secret-cmpv2 + key: p12.pass + pkcs12: + create: true + passwordSecretRef: + name: ves-client-secret-cmpv2 + key: p12.pass diff --git a/robot/resources/chart_museum.robot b/robot/resources/chart_museum.robot index 7b46deb3..173e2347 100644 --- a/robot/resources/chart_museum.robot +++ b/robot/resources/chart_museum.robot @@ -40,38 +40,24 @@ Package and add charts to repository Install helm charts [Documentation] Install DCAE Servcie using helm charts - [Arguments] ${chart_repo_name} ${dcae_servcie_helm_charts} ${dcae_service_helm_name} ${wait_time}=2 min ${set_values_override}=${EMPTY} - ${helm_install}= Set Variable helm install ${dcae_service_helm_name} ${chart_repo_name}/${dcae_servcie_helm_charts} --set global.repository=${registry_ovveride} ${set_values_override} + [Arguments] ${chart_repo_name} ${dcae_servcie_helm_charts} ${dcae_service_helm_name} ${wait_time}=6m0s ${set_values_override}=${EMPTY} + ${helm_install}= Set Variable helm install ${dcae_service_helm_name} ${chart_repo_name}/${dcae_servcie_helm_charts} --set global.repository=${registry_ovveride} ${set_values_override} --wait --timeout ${wait_time} ${helm_install_command_output} = Run And Return Rc And Output ${helm_install} Log ${helm_install_command_output[1]} Should Be Equal As Integers ${helm_install_command_output[0]} 0 - Wait Until Keyword Succeeds ${wait_time} 20 sec Checking Status Of Deployed Appliction Using Helm ${dcae_servcie_helm_charts} ${dcae_service_helm_name} Install helm charts from folder [Documentation] Install DCAE Servcie using helm charts not in repo - [Arguments] ${chart_folder} ${dcae_service_helm_name} ${wait_time}=2 min ${set_values_override}=${EMPTY} + [Arguments] ${chart_folder} ${dcae_service_helm_name} ${wait_time}=2m0s ${set_values_override}=${EMPTY} ${helm_dependency_update}= Set Variable helm dependency update ${chart_folder} ${helm_dependency_update_output} = Run And Return Rc And Output ${helm_dependency_update} Log ${helm_dependency_update_output[1]} Should Be Equal As Integers ${helm_dependency_update_output[0]} 0 ${rest} ${dcae_servcie_helm_charts} = Split String From Right ${chart_folder} / 1 - ${helm_install}= Set Variable helm install ${dcae_service_helm_name} ${chart_folder} --set global.repository=${registry_ovveride} ${set_values_override} + ${helm_install}= Set Variable helm install ${dcae_service_helm_name} ${chart_folder} --set global.repository=${registry_ovveride} ${set_values_override} --wait --timeout ${wait_time} ${helm_install_command_output} = Run And Return Rc And Output ${helm_install} Log ${helm_install_command_output[1]} Should Be Equal As Integers ${helm_install_command_output[0]} 0 - Wait Until Keyword Succeeds ${wait_time} 20 sec Checking Status Of Deployed Appliction Using Helm ${dcae_servcie_helm_charts} ${dcae_service_helm_name} - -Checking Status Of Deployed Appliction Using Helm - [Arguments] ${dcae_servcie_helm_charts} ${dcae_service_helm_name} - ${pod_status}= Set Variable kubectl get pods -n onap | grep ${dcae_service_helm_name} | awk '{print $3}' - ${pod_status_command_output} = Run And Return Rc And Output ${pod_status} - Should Be Equal As Integers ${pod_status_command_output[0]} 0 - Should Be Equal As Strings ${pod_status_command_output[1]} Running - ${pod_ready}= Set Variable kubectl get pods -n onap | grep ${dcae_service_helm_name} | awk '{print $2}' - ${pod_ready_command_output} = Run And Return Rc And Output ${pod_ready} - Should Be Equal As Integers ${pod_ready_command_output[0]} 0 - ${pre} ${post} = Split String ${pod_ready_command_output[1]} / 1 - Should Be Equal As Strings ${pre} ${post} Uninstall helm charts [Documentation] Uninstall DCAE Servcie using helm charts diff --git a/robot/resources/test_templates/cmpv2.robot b/robot/resources/test_templates/cmpv2.robot index 43570f25..3c948846 100644 --- a/robot/resources/test_templates/cmpv2.robot +++ b/robot/resources/test_templates/cmpv2.robot @@ -7,9 +7,10 @@ Library ONAPLibrary.JSON Library ONAPLibrary.Utilities Library ONAPLibrary.Templating WITH NAME Templating Resource pnf_registration_without_SO_template.robot -Resource ../dcae/deployment.robot -Resource ../dcae/inventory.robot Resource ../global_properties.robot +Resource ../resources/test_templates/pnf_registration_without_SO_template.robot +Resource ../chart_museum.robot + *** Variables *** @@ -18,9 +19,38 @@ ${VES_ENDPOINT} ${GLOBAL_DCAE_VES_HTTPS_PROTOCOL}://${GLOBAL_INJECTED_DCAE_VE ${VES_data_path} eventListener/v7 ${single_event_data_path} /simulator/event ${users} ${EXECDIR}/robot/assets/cmpv2/mongo-users.json - +${HELM_RELEASE} kubectl --namespace onap get pods | sed 's/ .*//' | grep robot | sed 's/-.*//' +${CMPv2_helm_values} ${EXECDIR}/robot/assets/cmpv2 +${VES_Client_helm_charts} ${EXECDIR}/robot/assets/helm/ves-client *** Keywords *** + +Suite setup + [Arguments] ${PNF_entry_dict} + Send VES integration request ${PNF_entry_dict} + ${command_output} = Run And Return Rc And Output ${HELM_RELEASE} + Should Be Equal As Integers ${command_output[0]} 0 + Set Global Variable ${ONAP_HELM_RELEASE} ${command_output[1]} + Log To Console Deploying VES Client + Install VES Client + Log To Console Deploying VES collector with CMPv2 and correct sans + Install VES collector with CMPv2 + Log To Console Deploying VES collector with CMPv2 and wrong SANs + Install VES collector with CMPv2 and wrong SANs + +Install VES Client + [Arguments] ${cert}=cmpv2 + ${override} = Set Variable -f ${CMPv2_helm_values}/ves_client_values_cmpv2.yaml --set fullnameOverride=${ONAP_HELM_RELEASE}-ves-client-cmpv2 --set mongodb.fullnameOverride=${ONAP_HELM_RELEASE}-ves-db-client-cmpv2 --set config.mongoDbName=${ONAP_HELM_RELEASE}-ves-db-client-cmpv2 --set certMethod=${cert} --debug + Install helm charts from folder ${VES_Client_helm_charts} ${ONAP_HELM_RELEASE}-ves-client set_values_override=${override} + +Install VES collector with CMPv2 + ${override} = Set Variable -f ${CMPv2_helm_values}/ves_correct_sans_cmpv2.yaml --debug + Install helm charts chart-museum dcae-ves-collector ${ONAP_HELM_RELEASE}-dcae-ves-cmpv2-cert-corect-sans 3m ${override} + +Install VES collector with CMPv2 and wrong SANs + ${override} = Set Variable -f ${CMPv2_helm_values}/ves_wrong_sans_cmpv2.yaml --debug + Install helm charts chart-museum dcae-ves-collector ${ONAP_HELM_RELEASE}-dcae-ves-cmpv2-cert-wrong-sans 3m ${override} + VES Client send single VES event [Arguments] ${event} ${ves_host} ${ves_port} ${pnf_sim_host} ${pnf_sim_port} ${http_reposnse_code}=202 ${pnf_sim_endpoint}= Set Variable http://${pnf_sim_host}.onap:${pnf_sim_port} @@ -36,11 +66,7 @@ VES Client send single VES event Log VES has accepted event with status code ${post_resp.status_code} [Return] ${post_resp} - Usecase Teardown - Undeploy Service ${mongo-dep} - Undeploy Service ${ves-client-dep} - Undeploy Service ves-collector-cmpv2-dep - Undeploy Service ves-collector-cmpv2-wrong-sans-dep - Delete Blueprint From Inventory ${serviceTypeIdMongo} - Delete Blueprint From Inventory ${serviceTypeIdPnfSimulator} \ No newline at end of file + Uninstall helm charts ${ONAP_HELM_RELEASE}-ves-client + Uninstall helm charts ${ONAP_HELM_RELEASE}-dcae-ves-cmpv2-cert-corect-sans + Uninstall helm charts ${ONAP_HELM_RELEASE}-dcae-ves-cmpv2-cert-wrong-sans diff --git a/robot/resources/usecases/5gbulkpm_helm_interface.robot b/robot/resources/usecases/5gbulkpm_helm_interface.robot index 695cf5cd..218f89b2 100644 --- a/robot/resources/usecases/5gbulkpm_helm_interface.robot +++ b/robot/resources/usecases/5gbulkpm_helm_interface.robot @@ -176,10 +176,10 @@ Check Known Hosts In Env [Return] ${output} Deploying Data File Collector - Install helm charts chart-museum dcae-datafile-collector ${ONAP_HELM_RELEASE}-dcae-datafile-collector 3 min --set useCmpv2Certificates=true --set global.cmpv2Enabled=true --set masterPasswordOverride=test --set global.centralizedLoggingEnabled=false --debug + Install helm charts chart-museum dcae-datafile-collector ${ONAP_HELM_RELEASE}-dcae-datafile-collector 6m --set useCmpv2Certificates=true --set global.cmpv2Enabled=true --set masterPasswordOverride=test --debug Deploying 3GPP PM Mapper - Install helm charts chart-museum dcae-pm-mapper ${ONAP_HELM_RELEASE}-dcae-pm-mapper 3 min --set global.centralizedLoggingEnabled=false --set applicationConfig.enable_tls=true --set applicationConfig.enable_http=false --set applicationConfig.aaf_identity=dcae@dcae.onap.org --set applicationConfig.aaf_password=demo123456! --set applicationConfig.key_store_path=/opt/app/pm-mapper/etc/cert/cert.jks --set applicationConfig.key_store_pass_path=/opt/app/pm-mapper/etc/cert/jks.pass --set applicationConfig.trust_store_path=/opt/app/pm-mapper/etc/cert/trust.jks --set applicationConfig.trust_store_pass_path=/opt/app/pm-mapper/etc/cert/trust.pass --debug + Install helm charts chart-museum dcae-pm-mapper ${ONAP_HELM_RELEASE}-dcae-pm-mapper 6m --debug Deploying SFTP Server As xNF ${override} = Set Variable --set fullnameOverride=${ONAP_HELM_RELEASE}-sftp --debug @@ -219,7 +219,7 @@ DR PM Mapper Subscriber Check Setting KNOWN_HOSTS_FILE_PATH Environment Variable in DFC ${rc}= Run and Return RC ${SET_KNOWN_HOSTS_FILE_PATH} Should Be Equal As Integers ${rc} 0 - Wait Until Keyword Succeeds 5 min 10s Check Known Hosts In Env ${CHECK_ENV_SET} + Wait Until Keyword Succeeds 7 min 10s Check Known Hosts In Env ${CHECK_ENV_SET} ${GET_RSA_KEY}= Set Variable kubectl exec $(kubectl get pod -n onap | grep ${ONAP_HELM_RELEASE}-sftp | awk '{print $1}') -n onap -- ssh-keyscan -t rsa ${ONAP_HELM_RELEASE}-sftp > /tmp/known_hosts ${rc}= Run and Return RC ${GET_RSA_KEY} Should Be Equal As Integers ${rc} 0 @@ -276,7 +276,7 @@ Change DFC httpsHostnameVerify configuration in Consul Should Be Equal As Strings ${resp.status_code} 200 ${rc} = Run and Return RC kubectl delete pods -n onap $(kubectl get pods -n onap | grep datafile-collector | awk '{print $1}' | grep -v NAME) Should Be Equal As Integers ${rc} 0 - Wait Until Keyword Succeeds 120 sec 5 sec Check logs kubectl logs -n onap $(kubectl get pods -n onap | grep datafile-collector | awk '{print $1}' | grep -v NAME) ${container_name}-datafile-collector + Wait Until Keyword Succeeds 360 sec 15 sec Check logs kubectl logs -n onap $(kubectl get pods -n onap | grep datafile-collector | awk '{print $1}' | grep -v NAME) ${container_name}-datafile-collector Sending File Ready Event to VES Collector for HTTPS Server [Arguments] ${https-server_host} diff --git a/robot/testsuites/cmpv2.robot b/robot/testsuites/cmpv2.robot index 89bdb982..d0cf7028 100644 --- a/robot/testsuites/cmpv2.robot +++ b/robot/testsuites/cmpv2.robot @@ -9,12 +9,9 @@ Library JSONLibrary Library ONAPLibrary.JSON Library ONAPLibrary.Utilities Library ONAPLibrary.Templating WITH NAME Templating -Resource ../resources/dcae/deployment.robot -Resource ../resources/dcae/inventory.robot Resource ../resources/global_properties.robot Resource ../resources/test_templates/cmpv2.robot -Resource ../resources/test_templates/pnf_registration_without_SO_template.robot -Suite Setup Send VES integration request ${initial entry} +Suite Setup Suite setup ${initial entry} Suite Teardown Usecase Teardown *** Variables *** @@ -23,71 +20,10 @@ ${PNF_SIMULATOR_BLUEPRINT_PATH} ${EXECDIR}/robot/assets/cmpv2/k8s-ves-c ${VES_INPUTS} deployment/VesTlsCmpv2Inputs.jinja ${pnf_ves_integration_request} ves/pnf_registration_request.jinja ${NEXUS3} ${GLOBAL_INJECTED_NEXUS_DOCKER_REPO} -&{initial entry} correlation_id=dummy PNF_IPv4_address=11.11.11.1 PNF_IPv6_address=2001:0db8:0:0:0:0:1428:57ab - +&{initial entry} correlation_id=dummy PNF_IPv4_address=11.11.11.1 PNF_IPv6_address=2001:0db8:0:0:0:0:1428:57ab *** Test Cases *** -Deploying VES Client - [Documentation] - ... This test case deploys VES Client with "enable_tls": set to false and "external_cert_use_external_tls" (CMPv2) set to true as DCAE applictaion - [Tags] CMPv2 - ${rand} Generate Random String 5 [NUMBERS][LOWER] - Set Suite Variable ${ves_client_hostname} ves-client-${rand} - ${serviceTypeIdMongo} Load Blueprint To Inventory ${MONGO_BLUEPRINT_PATH} mongo-${rand} - ${serviceTypeIdPnfSimulator} Load Blueprint To Inventory ${PNF_SIMULATOR_BLUEPRINT_PATH} ves-client-${rand} - Set Suite Variable ${serviceTypeIdMongo} - Set Suite Variable ${serviceTypeIdPnfSimulator} - ${deployment_data}= Set Variable {"serviceTypeId":"${serviceTypeIdMongo}", "inputs":{"service_component_name_override":"mongo-${ves_client_hostname}","service_component_type":"mongo-${ves_client_hostname}"}} - Set Suite Variable ${mongo-dep} mongo-dep-${rand} - Deploy Service ${deployment_data} ${mongo-dep} 2 minutes - ${resp}= Get Blueprint From Inventory ves-client-${rand} - ${json}= Set Variable ${resp.json()} - ${image} Get Regexp Matches ${json['items'][0]['blueprintTemplate']} nexus3(.)*?(?=\') - ${image} Replace String ${image}[0] nexus3.onap.org:10001 ${NEXUS3} - ${deployment_data}= Set Variable {"serviceTypeId":"${serviceTypeIdPnfSimulator}", "inputs":{"tag_version": "${image}", "service_component_name_override":"${ves_client_hostname}"}} - Set Suite Variable ${ves-client-dep} ves-client-dep-${rand} - Deploy Service ${deployment_data} ${ves-client-dep} 4 minutes - - -Deploying VES collector with CMPv2 - [Documentation] - ... This test case deploys second VES instance with "enable_tls": set to true and "external_cert_use_external_tls" (CMPv2) set to true as DCAE applictaion - ... Both CMPv2 and AAF certificates are present - [Tags] CMPv2 - ${resp}= Get Blueprint From Inventory k8s-ves - ${json}= Set Variable ${resp.json()} - ${serviceTypeIdVes} Set Variable ${json['items'][0]['typeId']} - ${image} Get Regexp Matches ${json['items'][0]['blueprintTemplate']} nexus3(.)*?(?=\") - ${image} Replace String ${image}[0] nexus3.onap.org:10001 ${NEXUS3} - ${arguments}= Create Dictionary serviceTypeId=${serviceTypeIdVes} - Set To Dictionary ${arguments} image ${image} - Set To Dictionary ${arguments} external_port_tls 32226 - Set To Dictionary ${arguments} service_component_name_override dcae-ves-collector-cmpv2-cert - Set To Dictionary ${arguments} external_cert_sans dcae-ves-collector-cmpv2-cert,ves-collector-cmpv2-cert,ves-cmpv2-cert - Templating.Create Environment deployment ${GLOBAL_TEMPLATE_FOLDER} - ${deployment_data}= Templating.Apply Template deployment ${VES_INPUTS} ${arguments} - Deploy Service ${deployment_data} ves-collector-cmpv2-dep 4 minutes - -Deploying VES collector with CMPv2 and wrong SANs - [Documentation] - ... This test case deploys second VES instance with "enable_tls": set to true and "external_cert_use_external_tls" (CMPv2) set to true as DCAE applictaion, CMPv2 certificate has wrong SANs - ... Both CMPv2 and AAF certificates are present - [Tags] CMPv2 - ${resp}= Get Blueprint From Inventory k8s-ves - ${json}= Set Variable ${resp.json()} - ${serviceTypeIdVes} Set Variable ${json['items'][0]['typeId']} - ${image} Get Regexp Matches ${json['items'][0]['blueprintTemplate']} nexus3(.)*?(?=\") - ${image} Replace String ${image}[0] nexus3.onap.org:10001 ${NEXUS3} - ${arguments}= Create Dictionary serviceTypeId=${serviceTypeIdVes} - Set To Dictionary ${arguments} image ${image} - Set To Dictionary ${arguments} external_port_tls 32227 - Set To Dictionary ${arguments} service_component_name_override dcae-ves-collector-cmpv2-cert-wrong-sans - Set To Dictionary ${arguments} external_cert_sans wrong-sans - Templating.Create Environment deployment ${GLOBAL_TEMPLATE_FOLDER} - ${deployment_data}= Templating.Apply Template deployment ${VES_INPUTS} ${arguments} - Deploy Service ${deployment_data} ves-collector-cmpv2-wrong-sans-dep 4 minutes - Send registration request to CMPv2 VES [Documentation] ... This test case triggers registration request from VES Client (where is present only CMPv2 certificate) to VES collector @@ -100,7 +36,7 @@ Send registration request to CMPv2 VES Create PNF initial entry in A&AI ${PNF_entry_dict} Templating.Create Environment ves ${GLOBAL_TEMPLATE_FOLDER} ${template}= Templating.Apply Template ves ${pnf_ves_integration_request} ${PNF_entry_dict} - VES Client send single VES event ${template} dcae-ves-collector-cmpv2-cert 8443 ${ves_client_hostname} 5000 + VES Client send single VES event ${template} dcae-ves-collector-cmpv2-cert 8443 ves-client-cmpv2 5000 Verify PNF Integration Request in A&AI ${PNF_entry_dict} Send registration request to CMPv2 VES with wrong SAN-s @@ -112,7 +48,7 @@ Send registration request to CMPv2 VES with wrong SAN-s ${PNF_entry_dict}= Create Dictionary correlation_id=${pnf_correlation_id} PNF_IPv4_address=14.14.14.14 PNF_IPv6_address=2001:0db8:0:0:0:0:1428:57ab Templating.Create Environment ves ${GLOBAL_TEMPLATE_FOLDER} ${template}= Templating.Apply Template ves ${pnf_ves_integration_request} ${PNF_entry_dict} - ${resp}= VES Client send single VES event ${template} dcae-ves-collector-cmpv2-cert-wrong-sans 8443 ${ves_client_hostname} 5000 421 + ${resp}= VES Client send single VES event ${template} dcae-ves-collector-cmpv2-cert-wrong-sans 8443 ves-client-cmpv2 5000 421 Should Contain ${resp.json().get('message')} wrong-sans Send registration request to VES without CMPv2 certificate @@ -120,10 +56,12 @@ Send registration request to VES without CMPv2 certificate ... This test case triggers registration request from VES Client (where is present only CMPv2 certificate) to VES collector ... with disabled CMPv2 (only AAF certificate is present - VES collector deployed during whole ONAP deploy). [Tags] CMPv2 + Uninstall helm charts ${ONAP_HELM_RELEASE}-ves-client + Install VES Client wrongCert ${pnf_correlation_id}= Generate Random String 20 [LETTERS][NUMBERS] ${PNF_entry_dict}= Create Dictionary correlation_id=${pnf_correlation_id} PNF_IPv4_address=14.14.14.14 PNF_IPv6_address=2001:0db8:0:0:0:0:1428:57ab Templating.Create Environment ves ${GLOBAL_TEMPLATE_FOLDER} ${template}= Templating.Apply Template ves ${pnf_ves_integration_request} ${PNF_entry_dict} - ${resp}= VES Client send single VES event ${template} dcae-ves-collector 8443 ${ves_client_hostname} 5000 421 + ${resp}= VES Client send single VES event ${template} dcae-ves-collector 8443 ves-client-cmpv2 5000 421 Should Contain ${resp.json().get('message')} certificate_unknown -- cgit 1.2.3-korg