summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authoreconwar <conor.ward@est.tech>2019-01-25 12:05:45 +0000
committereconwar <conor.ward@est.tech>2019-01-25 12:05:45 +0000
commit3acb57a71cf6ce59eae11883277e1915759b7606 (patch)
treea21ca8d74de17afd76d3b4224e6df94898481edb
parenteb87542dbdaf427039eb6e963ee78bbd07ce551b (diff)
Add DR suite that verifies security certs
Change-Id: I75e28171bc5999e8e19f5ca9a236e0a1d17a5a38 Issue-ID: DMAAP-1004 Signed-off-by: econwar <conor.ward@est.tech>
-rwxr-xr-xplans/dmaap-datarouter/ssl-dr-suite/setup.sh68
-rwxr-xr-xplans/dmaap-datarouter/ssl-dr-suite/teardown.sh26
-rwxr-xr-xplans/dmaap-datarouter/ssl-dr-suite/testplan.txt2
-rw-r--r--scripts/dmaap-datarouter/datarouterCA.crt39
-rw-r--r--scripts/dmaap-datarouter/remove_cert_from_ca.py51
-rw-r--r--scripts/dmaap-datarouter/update_ca.py33
-rwxr-xr-xtests/dmaap-datarouter/ssl-dr-suite/ssl-dr-suite.robot76
7 files changed, 295 insertions, 0 deletions
diff --git a/plans/dmaap-datarouter/ssl-dr-suite/setup.sh b/plans/dmaap-datarouter/ssl-dr-suite/setup.sh
new file mode 100755
index 00000000..39217991
--- /dev/null
+++ b/plans/dmaap-datarouter/ssl-dr-suite/setup.sh
@@ -0,0 +1,68 @@
+#!/bin/bash
+#
+# ============LICENSE_START=======================================================
+# Copyright (C) 2019 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+#
+source ${SCRIPTS}/common_functions.sh
+
+# Clone DMaaP Data Router repo
+mkdir -p $WORKSPACE/archives/dmaapdr
+cd $WORKSPACE/archives/dmaapdr
+
+git clone --depth 1 https://gerrit.onap.org/r/dmaap/datarouter -b master
+cd datarouter
+git pull
+cd $WORKSPACE/archives/dmaapdr/datarouter/datarouter-docker-compose/src/main/resources
+
+# start DMaaP DR containers with docker compose and configuration from docker-compose.yml
+docker login -u docker -p docker nexus3.onap.org:10001
+docker-compose up -d
+
+# Wait for initialization of Docker container for datarouter-node, datarouter-prov and mariadb
+for i in {1..10}; do
+ if [ $(docker inspect --format '{{ .State.Running }}' datarouter-node) ] && \
+ [ $(docker inspect --format '{{ .State.Running }}' datarouter-prov) ] && \
+ [ $(docker inspect --format '{{ .State.Running }}' subscriber-node) ] && \
+ [ $(docker inspect --format '{{ .State.Running }}' mariadb) ]
+ then
+ echo "DR Service Running"
+ break
+ else
+ echo sleep $i
+ sleep $i
+ fi
+done
+
+DR_PROV_IP=`get-instance-ip.sh datarouter-prov`
+DR_NODE_IP=`get-instance-ip.sh datarouter-node`
+DR_SUB_IP=`get-instance-ip.sh subscriber-node`
+DR_GATEWAY_IP=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.Gateway}}{{end}}' datarouter-prov)
+
+echo DR_PROV_IP=${DR_PROV_IP}
+echo DR_NODE_IP=${DR_NODE_IP}
+echo DR_SUB_IP=${DR_SUB_IP}
+echo DR_GATEWAY_IP=${DR_GATEWAY_IP}
+
+sudo sed -i "$ a $DR_PROV_IP dmaap-dr-prov" /etc/hosts
+sudo sed -i "$ a $DR_NODE_IP dmaap-dr-node" /etc/hosts
+
+python $WORKSPACE/scripts/dmaap-datarouter/update_ca.py
+
+docker exec -i datarouter-prov sh -c "curl -k -X PUT https://dmaap-dr-prov:8443/internal/api/PROV_AUTH_ADDRESSES?val=dmaap-dr-prov\|$DR_GATEWAY_IP"
+
+ROBOT_VARIABLES="-v DR_SUB_IP:${DR_SUB_IP}" \ No newline at end of file
diff --git a/plans/dmaap-datarouter/ssl-dr-suite/teardown.sh b/plans/dmaap-datarouter/ssl-dr-suite/teardown.sh
new file mode 100755
index 00000000..3cf35373
--- /dev/null
+++ b/plans/dmaap-datarouter/ssl-dr-suite/teardown.sh
@@ -0,0 +1,26 @@
+#!/bin/bash
+#
+# ============LICENSE_START=======================================================
+# Copyright (C) 2019 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+#
+
+cd $WORKSPACE/archives/dmaapdr/datarouter/datarouter-docker-compose/src/main/resources
+sudo sed -i".bak" '/dmaap-dr-prov/d' /etc/hosts
+sudo sed -i".bak" '/dmaap-dr-node/d' /etc/hosts
+docker-compose down -v
+python $WORKSPACE/scripts/dmaap-datarouter/remove_cert_from_ca.py
diff --git a/plans/dmaap-datarouter/ssl-dr-suite/testplan.txt b/plans/dmaap-datarouter/ssl-dr-suite/testplan.txt
new file mode 100755
index 00000000..5d32c668
--- /dev/null
+++ b/plans/dmaap-datarouter/ssl-dr-suite/testplan.txt
@@ -0,0 +1,2 @@
+# Place the suites in run order.
+dmaap-datarouter/ssl-dr-suite
diff --git a/scripts/dmaap-datarouter/datarouterCA.crt b/scripts/dmaap-datarouter/datarouterCA.crt
new file mode 100644
index 00000000..a8a0ed84
--- /dev/null
+++ b/scripts/dmaap-datarouter/datarouterCA.crt
@@ -0,0 +1,39 @@
+
+# Issuer: C=US,O=ONAP,OU=OSAAF
+# Subject: C=US,O=ONAP,OU=OSAAF
+# Label: ""
+# Serial: 0x9EAEEDC0A7CEB59D
+# MD5 Fingerprint: 77:EB:5E:94:2E:B7:A3:45:97:6C:87:FE:A7:F7:64:0F
+# SHA1 Fingerprint: 90:25:D1:D3:8B:3C:BE:2C:73:E9:6C:1A:48:5B:06:A8:39:0D:54:3B
+# SHA256 Fingerprint: 1F:C2:BB:F6:7E:11:6F:F0:4C:C3:D9:6C:73:E5:99:B7:CA:7D:4D:EF:AA:6C:69:46:0D:2C:7B:A9:E4:23:5F:EA
+-----BEGIN CERTIFICATE-----
+MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV
+BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx
+NDE1MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQK
+DARPTkFQMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
+ggIBAMA5pkgRs7NhGG4ew5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7
+XGie7RYDQK9NmAFF3gruE+6X7wvJiChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUn
+H8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRCXijMt5e9h8XoZY/fKkKcZZUsWNCM
+pTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWiYPqT6o8EvGcgjNqjlZx7
+NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6jIfBkv8PZbXg
+2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPzDIZY
+wYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDd
+ApcUitz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqM
+P3UWYQyqDXSxlUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6
+aFXftS/G4ZVIVZ/LfT1is4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DY
+PdAQOCoajfSvFjqslQ/cPRi/MRCu079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0G
+A1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rtSTAfBgNVHSMEGDAWgBRTVTPyS+vQ
+UbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN
+BgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq/kawNd6IbiMz
+L87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsgbmi9
+7j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBx
+c94Zc3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvf
+jySF5FCNET94oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2
+RtOXDt93ifY1uhoEtEykn4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25h
+PsBTkZA5hpa/rA+mKv6Af4VBViYr8cz4dZCsFChuioVebe9ighrfjB//qKepFjPF
+CyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyimUcTtTMv42bfYD88RKakqSFXE9G+
+Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHwdmC36BhoghzR1jpX751A
+cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR
+ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX
+dYY=
+-----END CERTIFICATE----- \ No newline at end of file
diff --git a/scripts/dmaap-datarouter/remove_cert_from_ca.py b/scripts/dmaap-datarouter/remove_cert_from_ca.py
new file mode 100644
index 00000000..192e274f
--- /dev/null
+++ b/scripts/dmaap-datarouter/remove_cert_from_ca.py
@@ -0,0 +1,51 @@
+#
+# ============LICENSE_START=======================================================
+# Copyright (C) 2019 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+#
+
+import certifi
+import os
+
+cafile = certifi.where()
+number_of_lines_to_delete = 39
+count = 0
+dr_cert_exists = False
+
+with open(cafile, 'r+b', buffering=0) as outfile:
+ for line in outfile.readlines()[-35:-34]:
+ if "# Serial: 0x9EAEEDC0A7CEB59D" in line:
+ dr_cert_exists = True
+ if dr_cert_exists:
+ outfile.seek(0, os.SEEK_END)
+ end = outfile.tell()
+ while outfile.tell() > 0:
+ outfile.seek(-1, os.SEEK_CUR)
+ char = outfile.read(1)
+ if char == b'\n':
+ count += 1
+ if count == number_of_lines_to_delete:
+ outfile.truncate()
+ print("Removed " + str(number_of_lines_to_delete) + " lines from end of CA File")
+ exit(0)
+ outfile.seek(-1, os.SEEK_CUR)
+ else:
+ print("No DR cert in CA File to remove")
+
+if count < number_of_lines_to_delete + 1:
+ print("Number of lines in file less than number of lines to delete. Exiting...")
+ exit(1)
diff --git a/scripts/dmaap-datarouter/update_ca.py b/scripts/dmaap-datarouter/update_ca.py
new file mode 100644
index 00000000..0d76e224
--- /dev/null
+++ b/scripts/dmaap-datarouter/update_ca.py
@@ -0,0 +1,33 @@
+#
+# ============LICENSE_START=======================================================
+# Copyright (C) 2019 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+#
+
+import certifi
+import os
+
+cafile = certifi.where()
+dir_path = os.path.dirname(os.path.realpath(__file__))
+datarouter_ca = dir_path + '/datarouterCA.crt'
+with open(datarouter_ca, 'rb') as infile:
+ customca = infile.read()
+
+with open(cafile, 'ab') as outfile:
+ outfile.write(customca)
+
+print("Added DR Cert to CA")
diff --git a/tests/dmaap-datarouter/ssl-dr-suite/ssl-dr-suite.robot b/tests/dmaap-datarouter/ssl-dr-suite/ssl-dr-suite.robot
new file mode 100755
index 00000000..d2e466d9
--- /dev/null
+++ b/tests/dmaap-datarouter/ssl-dr-suite/ssl-dr-suite.robot
@@ -0,0 +1,76 @@
+*** Settings ***
+Library OperatingSystem
+Library RequestsLibrary
+Library requests
+Library Collections
+Library String
+Library Process
+
+*** Variables ***
+${TARGET_URL} https://dmaap-dr-prov:8443/
+${CREATE_FEED_DATA} {"name": "CSIT_Test", "version": "v1.0.0", "description": "CSIT_Test", "business_description": "CSIT_Test", "suspend": false, "deleted": false, "changeowner": true, "authorization": {"classification": "unclassified", "endpoint_addrs": [], "endpoint_ids": [{"password": "dradmin", "id": "dradmin"}]}}
+${SUBSCRIBE_DATA} {"delivery":{ "url":"http://${DR_SUB_IP}:7070/", "user":"LOGIN", "password":"PASSWORD", "use100":true}, "metadataOnly":false, "suspend":false, "groupid":29, "subscriber":"dmaap-subscriber"}
+${FEED_CONTENT_TYPE} application/vnd.att-dr.feed
+${SUBSCRIBE_CONTENT_TYPE} application/vnd.att-dr.subscription
+${PUBLISH_FEED_CONTENT_TYPE} application/octet-stream
+${CLI_VERIFY_SUB_RECEIVED_FILE} docker exec subscriber-node /bin/sh -c "ls /opt/app/subscriber/delivery | grep csit_test"
+
+*** Test Cases ***
+Run Feed Creation
+ [Documentation] Feed Creation
+ [Timeout] 1 minute
+ ${resp}= PostCall ${TARGET_URL} ${CREATE_FEED_DATA} ${FEED_CONTENT_TYPE} dradmin
+ log ${TARGET_URL}
+ log ${resp.text}
+ Should Be Equal As Strings ${resp.status_code} 201
+ log 'JSON Response Code:'${resp}
+
+Run Subscribe to Feed
+ [Documentation] Subscribe to Feed
+ [Timeout] 1 minute
+ ${resp}= PostCall ${TARGET_URL}subscribe/1 ${SUBSCRIBE_DATA} ${SUBSCRIBE_CONTENT_TYPE} dradmin
+ log ${TARGET_URL}subscribe/1
+ log ${resp.text}
+ Should Be Equal As Strings ${resp.status_code} 201
+ log 'JSON Response Code:'${resp}
+
+Run Publish to Feed
+ [Documentation] Publish to Feed
+ [Timeout] 1 minute
+ Sleep 10s Behaviour was noticed where feed was not created in time for publish to be sent
+ ${resp}= PutCall ${TARGET_URL}publish/1/csit_test ${CREATE_FEED_DATA} ${PUBLISH_FEED_CONTENT_TYPE} dradmin
+ log ${TARGET_URL}publish/1/csit_test
+ ${redirect_location}= Set Variable ${resp.headers['Location']}
+ log ${redirect_location}
+ ${resp}= PutCall ${redirect_location} ${CREATE_FEED_DATA} ${PUBLISH_FEED_CONTENT_TYPE} dradmin
+ log ${resp.text}
+ Should Be Equal As Strings ${resp.status_code} 204
+ log 'JSON Response Code:'${resp}
+
+Verify Subscriber Received Published File
+ [Documentation] Verify file is delivered on datarouter-subscriber
+ [Timeout] 1 minute
+ Sleep 5s Time to allow subscriber to receive the file
+ ${cli_cmd_output}= Run Process ${CLI_VERIFY_SUB_RECEIVED_FILE} shell=yes
+ Log ${cli_cmd_output.stdout}
+ Should Be Equal As Strings ${cli_cmd_output.rc} 0
+ Should Contain ${cli_cmd_output.stdout} csit_test
+
+*** Keywords ***
+PostCall
+ [Arguments] ${url} ${data} ${content_type} ${user}
+ ${headers}= Create Dictionary X-ATT-DR-ON-BEHALF-OF=${user} Content-Type=${content_type}
+ ${resp}= Evaluate requests.post('${url}', data='${data}', headers=${headers}, verify=True) requests
+ [Return] ${resp}
+
+PutCall
+ [Arguments] ${url} ${data} ${content_type} ${user}
+ ${headers}= Create Dictionary X-ATT-DR-ON-BEHALF-OF=${user} Content-Type=${content_type} Authorization=Basic ZHJhZG1pbjpkcmFkbWlu
+ ${resp}= Evaluate requests.put('${url}', data='${data}', headers=${headers}, verify=True, allow_redirects=False) requests
+ [Return] ${resp}
+
+DeleteCall
+ [Arguments] ${url} ${user}
+ ${headers}= Create Dictionary X-ATT-DR-ON-BEHALF-OF=${user}
+ ${resp}= Evaluate requests.delete('${url}', headers=${headers}, verify=True) requests
+ [Return] ${resp}