diff options
author | Krzysztof Kuzmicki <krzysztof.kuzmicki@nokia.com> | 2021-01-07 09:24:11 +0000 |
---|---|---|
committer | Gerrit Code Review <gerrit@onap.org> | 2021-01-07 09:24:11 +0000 |
commit | 3e769c7df167e2b7dccc04ad2dbe3fa37f1ff43f (patch) | |
tree | 7e6a4042af9102b8278c45a4d14bc32dec20908b | |
parent | fedb1804c8a90e05e6818fee9f59671cdf732ce7 (diff) | |
parent | 81df68b2c91759c109f75511c5b38f5fb5acd95a (diff) |
Merge "Add tests for CSAR security validation."
-rw-r--r-- | tests/vnfsdk-refrepo/csar/invalid_with_security.csar | bin | 0 -> 10824 bytes | |||
-rw-r--r-- | tests/vnfsdk-refrepo/csar_validation_tests.robot | 50 | ||||
-rw-r--r-- | tests/vnfsdk-refrepo/resources/vnfsdk_properties.robot | 12 |
3 files changed, 61 insertions, 1 deletions
diff --git a/tests/vnfsdk-refrepo/csar/invalid_with_security.csar b/tests/vnfsdk-refrepo/csar/invalid_with_security.csar Binary files differnew file mode 100644 index 00000000..c2560bd5 --- /dev/null +++ b/tests/vnfsdk-refrepo/csar/invalid_with_security.csar diff --git a/tests/vnfsdk-refrepo/csar_validation_tests.robot b/tests/vnfsdk-refrepo/csar_validation_tests.robot index 9994d567..a7c2c402 100644 --- a/tests/vnfsdk-refrepo/csar_validation_tests.robot +++ b/tests/vnfsdk-refrepo/csar_validation_tests.robot @@ -10,6 +10,7 @@ Perform vnf refrepo healthcheck ${response}= Get Request refrepo /PackageResource/healthcheck Should Be Equal As Strings ${response.status_code} 200 + Validate correct, no security CSAR [Documentation] Valid CSAR with no security should PASS validation and should return no error @@ -18,13 +19,60 @@ Validate correct, no security CSAR # those strings are dependent on validation response and may need to be changed if vnf refrepo response changes ${response}= Remove String ${response} \\\\ \\u003c \\u003e \\" ${json_response}= evaluate json.loads('''${response}''') json - Should Be Equal As Strings ${json_response[0]["results"]["criteria"]} PASS + Should Be Equal As Strings ${json_response[0]["results"]["criteria"]} ${OPERATION_STATUS_PASS} FOR ${resault} IN @{json_response[0]["results"]["results"]} Should Be Equal As Strings ${resault["errors"]} [] Should Be Equal As Strings ${resault["passed"]} True + run keyword if "${resault["vnfreqName"]}" == "${CERTIFICATION_RULE}" + ... Should Be Equal As Strings ${resault["warnings"]} ${expected_valid_no_security_warnings} + END + + +Validate secure CSAR with invalid certificate + [Documentation] Valid CSAR with cms signature in manifest file and certificate in TOSCA, containing individual signatures for multiple artifacts, using common certificate and individual certificate + + ${response}= Validate CSAR usign Post request ${csar_invalid_with_security} ${execute_security_csar_validation} + # Removing strings that are causing errors during evaluation, + # those strings are dependent on validation response and may need to be changed if vnf refrepo response changes + ${response}= Remove String ${response} \\\\ \\u003c \\u003e \\" + ${json_response}= evaluate json.loads('''${response}''') json + Should Be Equal As Strings ${json_response[0]["results"]["criteria"]} ${OPERATION_STATUS_FAILED} + ${validated_rules}= Get Length ${json_response[0]["results"]["results"]} + Should Be Equal As Strings ${validated_rules} 14 + FOR ${resault} IN @{json_response[0]["results"]["results"]} + ${validation_errors}= Get Length ${resault["errors"]} + run keyword if "${resault["vnfreqName"]}" == "${CERTIFICATION_RULE}" + ... Should Be Equal As Strings ${validation_errors} 7 + run keyword if "${resault["vnfreqName"]}" == "${PM_DICTIONARY_YAML_RULE}" + ... Should Be Equal As Strings ${validation_errors} 1 + run keyword if "${resault["vnfreqName"]}" == "${MANIFEST_FILE_RULE}" + ... Should Be Equal As Strings ${validation_errors} 1 + run keyword if "${resault["vnfreqName"]}" == "${NON_MANO_FILES_RULE}" + ... Should Be Equal As Strings ${validation_errors} 4 END +Validate CSAR using selected rules + [Documentation] Valid CSAR using only selected rules provided in request parameters + + ${response}= Validate CSAR usign Post request ${csar_invalid_with_security} ${execute_security_csar_validation_selected_rules} + # Removing strings that are causing errors during evaluation, + # those strings are dependent on validation response and may need to be changed if vnf refrepo response changes + ${response}= Remove String ${response} \\\\ \\u003c \\u003e \\" + ${json_response}= evaluate json.loads('''${response}''') json + Should Be Equal As Strings ${json_response[0]["results"]["criteria"]} ${OPERATION_STATUS_FAILED} + ${validated_rules}= Get Length ${json_response[0]["results"]["results"]} + Should Be Equal As Strings ${validated_rules} 3 + FOR ${resault} IN @{json_response[0]["results"]["results"]} + ${validation_errors}= Get Length ${resault["errors"]} + run keyword if "${resault["vnfreqName"]}" == "${CERTIFICATION_RULE}" + ... Should Be Equal As Strings ${validation_errors} 7 + run keyword if "${resault["vnfreqName"]}" == "${PM_DICTIONARY_YAML_RULE}" + ... Should Be Equal As Strings ${validation_errors} 1 + END + + + Validate CSAR using rule r130206 and use get method to receive outcome [Documentation] Validate CSAR with invalid PM_Dictionary (r130206) using rule r130206 , then use get method with validation id to receive valdiation outcome diff --git a/tests/vnfsdk-refrepo/resources/vnfsdk_properties.robot b/tests/vnfsdk-refrepo/resources/vnfsdk_properties.robot index e46eba6f..bc9684d6 100644 --- a/tests/vnfsdk-refrepo/resources/vnfsdk_properties.robot +++ b/tests/vnfsdk-refrepo/resources/vnfsdk_properties.robot @@ -3,8 +3,20 @@ ${base_url}= http://${REFREPO_IP}:8702/onapapi/vnfsdk-marketplace/v1 ${csarpath}= ${SCRIPTS}/../tests/vnfsdk-refrepo/csar +${CERTIFICATION_RULE}= r130206 +${PM_DICTIONARY_YAML_RULE}= r816745 +${MANIFEST_FILE_RULE}= r01123 +${NON_MANO_FILES_RULE}= r146092 +${OPERATION_STATUS_FAILED}= FAILED +${OPERATION_STATUS_PASS}= PASS + ${csar_valid_no_security}= valid_no_security.csar ${execute_no_security_csar_validation}= [{"scenario": "onap-dublin","testSuiteName": "validation","testCaseName": "csar-validate","parameters": {"csar": "file://${csar_valid_no_security}","pnf":"true"}}] +${expected_valid_no_security_warnings}= [{u'lineNumber': -1, u'message': u'Warning. Consider adding package integrity and authenticity assurance according to ETSI NFV-SOL 004 Security Option 1', u'code': u'0x1006', u'file': u'', u'vnfreqNo': u'R130206'}] + +${csar_invalid_with_security}= invalid_with_security.csar +${execute_security_csar_validation}= [{"scenario": "onap-dublin","testSuiteName": "validation","testCaseName": "csar-validate","parameters": {"csar": "file://${csar_invalid_with_security}","pnf":"true"}}] +${execute_security_csar_validation_selected_rules}= [{"scenario": "onap-dublin","testSuiteName": "validation","testCaseName": "csar-validate","parameters": {"csar": "file://${csar_invalid_with_security}","pnf":"true","rules":"${CERTIFICATION_RULE},${PM_DICTIONARY_YAML_RULE}"}}] ${csar_invalid_pm_dictionary}= invalid_pm_dictionary.csar ${execute_invalid_pm_dictionary_r130206_validation}= [{"scenario": "onap-dublin","testSuiteName": "validation","testCaseName": "csar-validate-r130206","parameters": {"csar": "file://${csar_invalid_pm_dictionary}","pnf":"true"}}] |