diff options
26 files changed, 2629 insertions, 172 deletions
diff --git a/plans/sdnc/sdnc_netconf_tls_post_deploy/certs/Makefile b/plans/sdnc/sdnc_netconf_tls_post_deploy/certs/Makefile new file mode 100644 index 00000000..b284e61e --- /dev/null +++ b/plans/sdnc/sdnc_netconf_tls_post_deploy/certs/Makefile @@ -0,0 +1,110 @@ +all: step_1 step_2 step_3 step_4 step_5 step_6 step_7 step_8 step_9 step_10 step_11 step_12 step_13 step_14 step_15 +.PHONY: all +#Clear certificates +clear: + @echo "***** Clear certificates *****" + rm -f certServiceClient-keystore.jks certServiceServer-keystore.jks root.crt truststore.jks certServiceServer-keystore.p12 + @echo "***** done *****" + +#Generate root private and public keys +step_1: + @echo "***** Generate root private and public keys *****" + keytool -genkeypair -v -alias root -keyalg RSA -keysize 4096 -validity 3650 -keystore root-keystore.jks \ + -dname "CN=root.com, OU=Root Org, O=Root Company, L=Wroclaw, ST=Dolny Slask, C=PL" -keypass secret \ + -storepass secret -ext BasicConstraints:critical="ca:true" + @echo "***** done *****" + +#Export public key as certificate +step_2: + @echo "***** Export public key as certificate *****" + keytool -exportcert -alias root -keystore root-keystore.jks -storepass secret -file root.crt -rfc + @echo "***** done *****" + +#Self-signed root (import root certificate into truststore) +step_3: + @echo "***** Self-signed root import root certificate into truststore *****" + keytool -importcert -alias root -keystore truststore.jks -file root.crt -storepass secret -noprompt + @echo "***** done *****" + +#Generate certService's client private and public keys +step_4: + @echo "***** Generate certService's client private and public keys *****" + keytool -genkeypair -v -alias certServiceClient -keyalg RSA -keysize 2048 -validity 730 \ + -keystore certServiceClient-keystore.jks -storetype JKS \ + -dname "CN=certServiceClient.com,OU=certServiceClient company,O=certServiceClient org,L=Wroclaw,ST=Dolny Slask,C=PL" \ + -keypass secret -storepass secret + @echo "***** done *****" + +#Generate certificate signing request for certService's client +step_5: + @echo "***** Generate certificate signing request for certService's client *****" + keytool -certreq -keystore certServiceClient-keystore.jks -alias certServiceClient -storepass secret -file certServiceClient.csr + @echo "***** done *****" + +#Sign certService's client certificate by root CA +step_6: + @echo "***** Sign certService's client certificate by root CA *****" + keytool -gencert -v -keystore root-keystore.jks -storepass secret -alias root -infile certServiceClient.csr \ + -outfile certServiceClientByRoot.crt -rfc -ext bc=0 -ext ExtendedkeyUsage="serverAuth,clientAuth" + @echo "***** done *****" + +#Import root certificate into client +step_7: + @echo "***** Import root certificate into intermediate *****" + cat root.crt >> certServiceClientByRoot.crt + @echo "***** done *****" + +#Import signed certificate into certService's client +step_8: + @echo "***** Import signed certificate into certService's client *****" + keytool -importcert -file certServiceClientByRoot.crt -destkeystore certServiceClient-keystore.jks -alias certServiceClient -storepass secret -noprompt + @echo "***** done *****" + +#Generate certService private and public keys +step_9: + @echo "***** Generate certService private and public keys *****" + keytool -genkeypair -v -alias aaf-cert-service -keyalg RSA -keysize 2048 -validity 730 \ + -keystore certServiceServer-keystore.jks -storetype JKS \ + -dname "CN=aaf-cert-service,OU=certServiceServer company,O=certServiceServer org,L=Wroclaw,ST=Dolny Slask,C=PL" \ + -keypass secret -storepass secret -ext BasicConstraints:critical="ca:false" + @echo "***** done *****" + +#Generate certificate signing request for certService +step_10: + @echo "***** Generate certificate signing request for certService***** " + keytool -certreq -keystore certServiceServer-keystore.jks -alias aaf-cert-service -storepass secret -file certServiceServer.csr + @echo "***** done *****" + +#Sign certService certificate by root CA +step_11: + @echo "***** Sign certService certificate by root CA *****" + keytool -gencert -v -keystore root-keystore.jks -storepass secret -alias root -infile certServiceServer.csr \ + -outfile certServiceServerByRoot.crt -rfc -ext bc=0 -ext ExtendedkeyUsage="serverAuth,clientAuth" \ + -ext SubjectAlternativeName:="DNS:aaf-cert-service,DNS:localhost" + @echo "***** done *****" + +#Import root certificate into server +step_12: + @echo "***** Import root certificate into intermediate *****" + cat root.crt >> certServiceServerByRoot.crt + @echo "***** done *****" + +#Import signed certificate into certService +step_13: + @echo "***** Import signed certificate into certService *****" + keytool -importcert -file certServiceServerByRoot.crt -destkeystore certServiceServer-keystore.jks -alias aaf-cert-service \ + -storepass secret -noprompt + @echo "***** done *****" + +#Convert certServiceServer-keystore(.jks) to PCKS12 format(.p12) +step_14: + @echo "***** Convert certServiceServer-keystore(.jks) to PCKS12 format(.p12) *****" + keytool -importkeystore -srckeystore certServiceServer-keystore.jks -srcstorepass secret \ + -destkeystore certServiceServer-keystore.p12 -deststoretype PKCS12 -deststorepass secret + @echo "***** done *****" + +#Clear unused certificates +step_15: + @echo "***** Clear unused certificates *****" + rm -f certServiceClientByRoot.crt certServiceClient.csr root-keystore.jks certServiceServerByRoot.crt certServiceServer.csr + @echo "***** done *****" diff --git a/plans/sdnc/sdnc_netconf_tls_post_deploy/sdnc-csit.env b/plans/sdnc/sdnc_netconf_tls_post_deploy/sdnc-csit.env new file mode 100644 index 00000000..45a0a204 --- /dev/null +++ b/plans/sdnc/sdnc_netconf_tls_post_deploy/sdnc-csit.env @@ -0,0 +1,16 @@ +GERRIT_BRANCH=master +NEXUS_USERNAME=docker +NEXUS_PASSWD=docker +SDNC_CONTAINER_NAME=sdnc +SDNC_IMAGE_TAG=1.8.3-STAGING-latest +NEXUS_DOCKER_REPO=nexus3.onap.org:10001 +CLIENT_CONTAINER_NAME=CertServiceClient +SDNC_CERT_PATH=${SCRIPTS}/sdnc/sdnc/certs +REQUEST_DATA_PATH=${SCRIPTS}/sdnc/sdnc/config +NETCONF_PNP_SIM_CONTAINER_NAME=netconf-simulator +EJBCA_CERTPROFILE_PATH=${SCRIPTS}/sdnc/certservice/certprofile +AAF_CERTSERVICE_SCRIPTS_PATH=${SCRIPTS}/sdnc/certservice/scripts +TEMP_DIR_PATH=${WORKSPACE}/tests/sdnc/sdnc_netconf_tls_post_deploy/tmp +NETCONF_CONFIG_PATH=${SCRIPTS}/sdnc/netconf-pnp-simulator/netconf-config +AAF_INITIAL_CERTS=${WORKSPACE}/plans/sdnc/sdnc_netconf_tls_post_deploy/certs +AAF_CERTSERVICE_CONFIG_PATH=${SCRIPTS}/sdnc/certservice/config/cmpServers.json
\ No newline at end of file diff --git a/plans/sdnc/sdnc_netconf_tls_post_deploy/setup.sh b/plans/sdnc/sdnc_netconf_tls_post_deploy/setup.sh index f77b5632..2a0451d1 100644 --- a/plans/sdnc/sdnc_netconf_tls_post_deploy/setup.sh +++ b/plans/sdnc/sdnc_netconf_tls_post_deploy/setup.sh @@ -1,151 +1,172 @@ #!/bin/bash # -# Copyright 2016-2017 Huawei Technologies Co., Ltd. +# ============LICENSE_START======================================================= +# Copyright (C) 2020 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at # -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 # -# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# Modifications copyright (c) 2017 AT&T Intellectual Property -# -# Place the scripts in run order: -SCRIPTS="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" -source ${WORKSPACE}/scripts/sdnc/script1.sh -export DOCKER_SDNC_TAG=1.8-STAGING-latest -export NEXUS_USERNAME=docker -export NEXUS_PASSWD=docker -export NEXUS_DOCKER_REPO=nexus3.onap.org:10001 -export DMAAP_TOPIC=AUTO -export DOCKER_IMAGE_VERSION=1.8-STAGING-latest -export CCSDK_DOCKER_IMAGE_VERSION=0.7-STAGING-latest -export SDNC_GERRIT_BRANCH=frankfurt -export INTEGRATION_GERRIT_BRANCH=master +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +# @author Ajay Deep Singh (ajay.deep.singh@est.tech) + +# Source SDNC, AAF-CertService, Netconf-Pnp-Simulator config env +source "${WORKSPACE}"/plans/sdnc/sdnc_netconf_tls_post_deploy/sdnc-csit.env + +chmod +x "${WORKSPACE}"/tests/sdnc/sdnc_netconf_tls_post_deploy/libraries/config.sh +chmod +x "${WORKSPACE}"/tests/sdnc/sdnc_netconf_tls_post_deploy/libraries/config_tls.sh + +# Export temp directory +export TEMP_DIR_PATH=${TEMP_DIR_PATH} + +# Create temp directory to bind with docker containers +mkdir -m 755 -p "${WORKSPACE}"/tests/sdnc/sdnc_netconf_tls_post_deploy/tmp +mkdir -m 755 -p "${WORKSPACE}"/tests/sdnc/sdnc_netconf_tls_post_deploy/certs +mkdir -m 755 -p "${WORKSPACE}"/tests/sdnc/sdnc_netconf_tls_post_deploy/cert-data export MTU=$(/sbin/ifconfig | grep MTU | sed 's/.*MTU://' | sed 's/ .*//' | sort -n | head -1) if [ "$MTU" == "" ]; then - export MTU="1450" + export MTU="1450" fi -# Clone SDNC repo to get docker-compose for SDNC -mkdir -p $WORKSPACE/archives/integration -cd $WORKSPACE/archives -git clone -b ${INTEGRATION_GERRIT_BRANCH} --single-branch --depth=1 http://gerrit.onap.org/r/integration.git integration -cd $WORKSPACE/archives/integration -git pull -HOST_IP_ADDR=localhost -# Clone SDNC repo to get docker-compose for SDNC -mkdir -p $WORKSPACE/archives/sdnc -cd $WORKSPACE/archives -git clone -b ${SDNC_GERRIT_BRANCH} --single-branch --depth=1 http://gerrit.onap.org/r/sdnc/oam.git sdnc -cd $WORKSPACE/archives/sdnc -git pull -unset http_proxy https_proxy -cd $WORKSPACE/archives/sdnc/installation/src/main/yaml - -sed -i "s/DMAAP_TOPIC_ENV=.*/DMAAP_TOPIC_ENV=\"AUTO\"/g" docker-compose.yml -docker login -u $NEXUS_USERNAME -p $NEXUS_PASSWD $NEXUS_DOCKER_REPO +# Export default Networking bridge created on the host machine +export LOCAL_IP=$(ip -4 addr show docker0 | grep -Po 'inet \K[\d.]+') -docker pull $NEXUS_DOCKER_REPO/onap/sdnc-image:$DOCKER_SDNC_TAG -docker tag $NEXUS_DOCKER_REPO/onap/sdnc-image:$DOCKER_SDNC_TAG onap/sdnc-image:latest +# Prepare enviroment +echo "Uninstall docker-py and reinstall docker." +pip uninstall -y docker-py +pip uninstall -y docker +pip install -U docker==2.7.0 -docker pull $NEXUS_DOCKER_REPO/onap/sdnc-ansible-server-image:$DOCKER_IMAGE_VERSION -docker tag $NEXUS_DOCKER_REPO/onap/sdnc-ansible-server-image:$DOCKER_IMAGE_VERSION onap/sdnc-ansible-server-image:latest +# Reinstall pyOpenSSL library +echo "Reinstall pyOpenSSL library." +pip uninstall pyopenssl -y +pip install pyopenssl==17.5.0 -docker pull $NEXUS_DOCKER_REPO/onap/ccsdk-dgbuilder-image:$CCSDK_DOCKER_IMAGE_VERSION -docker tag $NEXUS_DOCKER_REPO/onap/ccsdk-dgbuilder-image:$CCSDK_DOCKER_IMAGE_VERSION onap/ccsdk-dgbuilder-image:latest +# Disable Proxy - for local run +unset http_proxy https_proxy -docker pull $NEXUS_DOCKER_REPO/onap/admportal-sdnc-image:$DOCKER_IMAGE_VERSION -docker tag $NEXUS_DOCKER_REPO/onap/admportal-sdnc-image:$DOCKER_IMAGE_VERSION onap/admportal-sdnc-image:latest +# Export AAF Certservice config path +export AAF_INITIAL_CERTS +export EJBCA_CERTPROFILE_PATH +export AAF_CERTSERVICE_CONFIG_PATH +export AAF_CERTSERVICE_SCRIPTS_PATH +export CERT_PROFILE=${EJBCA_CERTPROFILE_PATH} +export SCRIPTS_PATH=${AAF_CERTSERVICE_SCRIPTS_PATH} +export CONFIGURATION_PATH=${AAF_CERTSERVICE_CONFIG_PATH} + +# Generate Keystores, Truststores, Certificates and Keys +make all -C ./certs/ + +cp "${WORKSPACE}"/plans/sdnc/sdnc_netconf_tls_post_deploy/certs/root.crt "${WORKSPACE}"/tests/sdnc/sdnc_netconf_tls_post_deploy/certs/root.crt +openssl pkcs12 -in "${WORKSPACE}"/plans/sdnc/sdnc_netconf_tls_post_deploy/certs/certServiceServer-keystore.p12 -clcerts -nokeys -password pass:secret | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' >"${WORKSPACE}"/tests/sdnc/sdnc_netconf_tls_post_deploy/certs/certServiceServer.crt +openssl pkcs12 -in "${WORKSPACE}"/plans/sdnc/sdnc_netconf_tls_post_deploy/certs/certServiceServer-keystore.p12 -nocerts -nodes -password pass:secret | sed -ne '/-BEGIN PRIVATE KEY-/,/-END PRIVATE KEY-/p' >"${WORKSPACE}"/tests/sdnc/sdnc_netconf_tls_post_deploy/certs/certServiceServer.key + +echo "Generated KeyStores, Server Certificate and Key" + +# Start EJBCA, AAF-CertService Containers with docker-compose and configuration from docker-compose.yml +docker-compose -f "${SCRIPTS}"/sdnc/certservice/docker-compose.yml up -d + +# Check if AAF-Certservice Service is healthy and ready +AAFCERT_IP='none' +for i in {1..9}; do + AAFCERT_IP=$(get-instance-ip.sh aaf-cert-service) + RESP_CODE=$(curl -s https://localhost:8443/actuator/health --cacert ./certs/root.crt --cert-type p12 --cert ./certs/certServiceServer-keystore.p12 --pass secret | + python2 -c 'import json,sys;obj=json.load(sys.stdin);print obj["status"]') + if [[ "${RESP_CODE}" == "UP" ]]; then + echo "AAF Cert Service is Ready." + export AAFCERT_IP=${AAFCERT_IP} + docker exec aafcert-ejbca /opt/primekey/scripts/ejbca-configuration.sh + break + fi + echo "Waiting for AAF Cert Service to Start Up..." + sleep 2m +done -docker pull $NEXUS_DOCKER_REPO/onap/sdnc-ueb-listener-image:$DOCKER_IMAGE_VERSION -docker tag $NEXUS_DOCKER_REPO/onap/sdnc-ueb-listener-image:$DOCKER_IMAGE_VERSION onap/sdnc-ueb-listener-image:latest +if [[ "${AAFCERT_IP}" == "none" || "${AAFCERT_IP}" == '' || "${RESP_CODE}" != "UP" ]]; then + echo "AAF CertService not started Could cause problems for testing activities...!" +fi -docker pull $NEXUS_DOCKER_REPO/onap/sdnc-dmaap-listener-image:$DOCKER_IMAGE_VERSION +############################## SDNC Setup ############################## -docker tag $NEXUS_DOCKER_REPO/onap/sdnc-dmaap-listener-image:$DOCKER_IMAGE_VERSION onap/sdnc-dmaap-listener-image:latest +# Export Mariadb, SDNC tmp, cert directory path +export SDNC_CERT_PATH=${SDNC_CERT_PATH} -CERT_SUBPATH=plans/sdnc/sdnc_netconf_tls_post_deploy/certs +docker pull "${NEXUS_DOCKER_REPO}"/onap/sdnc-image:"${SDNC_IMAGE_TAG}" +docker tag "${NEXUS_DOCKER_REPO}"/onap/sdnc-image:"${SDNC_IMAGE_TAG}" onap/sdnc-image:latest -export SDNC_CERT_PATH=${WORKSPACE}/${CERT_SUBPATH} -sed -i 's/sdnc_controller_container/sdnc_controller_container\n volumes: \n - $SDNC_CERT_PATH:\/opt\/opendaylight\/current\/certs/' docker-compose.yml -# start SDNC containers with docker compose and configuration from docker-compose.yml -docker-compose up -d +# Start Mariadb, SDNC Containers with docker-compose and configuration from docker-compose.yml +docker-compose -f "${SCRIPTS}"/sdnc/sdnc/docker-compose.yml up -d -# PNF simulator has permission problems - creates files as root, which causes build to be unstable -# Commenting it out for now, since netconf mount is not working anyway. -# cd $WORKSPACE/archives/integration/test/mocks/pnfsimulator/pnfsimulator -# docker-compose up -d +# Check if SDNC Service is healthy and ready +for i in {1..10}; do + SDNC_IP=$(get-instance-ip.sh sdnc) + RESP_CODE=$(curl --write-out '%{http_code}' --silent --output /dev/null -H "Authorization: Basic YWRtaW46S3A4Yko0U1hzek0wV1hsaGFrM2VIbGNzZTJnQXc4NHZhb0dHbUp2VXkyVQ==" -X POST -H "X-FromAppId: csit-sdnc" -H "X-TransactionId: csit-sdnc" -H "Accept: application/json" -H "Content-Type: application/json" http://localhost:8282/restconf/operations/SLI-API:healthcheck) + if [[ "${RESP_CODE}" == '200' ]]; then + echo "SDNC Service is Ready." + break + fi + echo "Waiting for SDNC Service to Start Up..." + sleep 2m +done -# WAIT 10 minutes maximum and test every 5 seconds if SDNC is up using HealthCheck API -TIME_OUT=1000 -INTERVAL=30 -TIME=0 -while [ "$TIME" -lt "$TIME_OUT" ]; do - response=$(curl --write-out '%{http_code}' --silent --output /dev/null -H "Authorization: Basic YWRtaW46S3A4Yko0U1hzek0wV1hsaGFrM2VIbGNzZTJnQXc4NHZhb0dHbUp2VXkyVQ==" -X POST -H "X-FromAppId: csit-sdnc" -H "X-TransactionId: csit-sdnc" -H "Accept: application/json" -H "Content-Type: application/json" http://localhost:8282/restconf/operations/SLI-API:healthcheck ); echo $response +if [[ "${SDNC_IP}" == 'none' || "${SDNC_IP}" == '' || "${RESP_CODE}" != '200' ]]; then + echo "SDNC Service not started Could cause problems for testing activities...!" +fi - if [ "$response" == "200" ]; then - echo SDNC started in $TIME seconds - break; +# Check if SDNC-ODL Karaf Session started +for i in {1..15}; do + EXEC_RESP=$(docker exec -it sdnc /opt/opendaylight/current/bin/client system:start-level) + if grep -q 'Level 100' <<<"${EXEC_RESP}"; then + echo "SDNC-ODL Karaf Session Started." + break fi - - echo Sleep: $INTERVAL seconds before testing if SDNC is up. Total wait time up now is: $TIME seconds. Timeout is: $TIME_OUT seconds - sleep $INTERVAL - TIME=$(($TIME+$INTERVAL)) + echo "Waiting for SDNC-ODL Karaf Session to Start Up..." + sleep 2m done -export PNF_IP=$(ip -4 addr show docker0 | grep -Po 'inet \K[\d.]+') -sed -i "s/pnfaddr/$PNF_IP/g" $WORKSPACE/tests/sdnc/sdnc_netconf_tls_post_deploy/data/mount.xml - -if [ "$TIME" -ge "$TIME_OUT" ]; then - echo TIME OUT: Docker containers not started in $TIME_OUT seconds... Could cause problems for testing activities... +if ! grep -q 'Level 100' <<<"${EXEC_RESP}"; then + echo "SDNC-ODL Karaf Session not Started, Could cause problems for testing activities...!" fi -#sleep 800 +echo "Sleeping 5 minutes" +sleep 5m -TIME_OUT=1500 -INTERVAL=60 -TIME=0 -while [ "$TIME" -lt "$TIME_OUT" ]; do - response=$(docker exec -ti sdnc_controller_container /opt/opendaylight/current/bin/client system:start-level) +###################### Netconf-PNP-Simulator Setup ###################### - if grep -q 'Level 100' <<< ${response}; then - echo SDNC karaf started in $TIME seconds - break; - fi +# Export netconf-pnp simulator conf path +export NETCONF_CONFIG_PATH=${NETCONF_CONFIG_PATH} - echo Sleep: $INTERVAL seconds before testing if SDNC is up. Total wait time up now is: $TIME seconds. Timeout is: $TIME_OUT seconds - sleep $INTERVAL - TIME=$(($TIME+$INTERVAL)) -done +# Start Netconf-Pnp-Simulator Container with docker-compose and configuration from docker-compose.yml +docker-compose -f "${SCRIPTS}"/sdnc/netconf-pnp-simulator/docker-compose.yml up -d -if [ "$TIME" -ge "$TIME_OUT" ]; then - echo TIME OUT: karaf session not started in $TIME_OUT seconds... Could cause problems for testing activities... -fi +# Update default Networking bridge IP in mount.json file +sed -i "s/pnfaddr/${LOCAL_IP}/g" "${REQUEST_DATA_PATH}"/mount.xml -response=$(docker exec -ti sdnc_controller_container /opt/opendaylight/current/bin/client system:start-level) +######################################################################### - if grep -q 'Level 100' <<< ${response}; then - num_failed_bundles=$(docker exec -ti sdnc_controller_container /opt/opendaylight/current/bin/client bundle:list | grep Failure | wc -l) - failed_bundles=$(docker exec -ti sdnc_controller_container /opt/opendaylight/current/bin/client bundle:list | grep Failure) - echo There is/are $num_failed_bundles failed bundles out of $num_bundles installed bundles. - fi +echo "Sleeping additional for 3 minutes to give application time to finish" +sleep 3m -if [ "$num_failed_bundles" -ge 1 ]; then - echo "The following bundle(s) are in a failed state: " - echo " $failed_bundles" -fi +# Export SDNC, AAF-Certservice-Cient, Netconf-Pnp-Simulator Continer Names +export REQUEST_DATA_PATH="${REQUEST_DATA_PATH}" +export SDNC_CONTAINER_NAME="${SDNC_CONTAINER_NAME}" +export CLIENT_CONTAINER_NAME="${CLIENT_CONTAINER_NAME}" +export NETCONF_PNP_SIM_CONTAINER_NAME="${NETCONF_PNP_SIM_CONTAINER_NAME}" -# Sleep additional 5 minutes (300 secs) to give application time to finish -sleep 200 +REPO_IP='127.0.0.1' +ROBOT_VARIABLES+=" -v REPO_IP:${REPO_IP} " +ROBOT_VARIABLES+=" -v SCRIPTS:${SCRIPTS} " -# Pass any variables required by Robot test suites in ROBOT_VARIABLES -ROBOT_VARIABLES="-v SCRIPTS:${SCRIPTS}" +echo "Finished executing setup for SDNC-Netconf-TLS-Post-Deploy" diff --git a/plans/sdnc/sdnc_netconf_tls_post_deploy/teardown.sh b/plans/sdnc/sdnc_netconf_tls_post_deploy/teardown.sh index 43294df5..2f451d50 100644 --- a/plans/sdnc/sdnc_netconf_tls_post_deploy/teardown.sh +++ b/plans/sdnc/sdnc_netconf_tls_post_deploy/teardown.sh @@ -1,6 +1,6 @@ #!/bin/bash # -# Copyright 2016-2017 Huawei Technologies Co., Ltd. +# Copyright 2017 ZTE, Inc. and others. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -14,22 +14,13 @@ # See the License for the specific language governing permissions and # limitations under the License. # -# Modifications copyright (c) 2017 AT&T Intellectual Property -# -docker cp sdnc_controller_container:/opt/opendaylight/data/log/karaf.log $WORKSPACE/archives/karaf.log -docker cp sdnc_controller_container:/opt/opendaylight/data/log/installCerts.log $WORKSPACE/archives/installCerts.log -kill-instance.sh sdnc_controller_container -kill-instance.sh sdnc_dgbuilder_container -kill-instance.sh sdnc_portal_container -kill-instance.sh sdnc_db_container -kill-instance.sh sdnc_ueblistener_container -kill-instance.sh sdnc_dmaaplistener_container -kill-instance.sh sdnc_ansible_container -# Commented out startup of PNF simulator due to permission issues. Following lines can be uncommented -# when/if that problem is resolved. -#kill-instance.sh pnfsimulator_pnf-simulator_1 -#kill-instance.sh pnfsimulator_mongo-express_1 -#ill-instance.sh pnfsimulator_mongo_1 +docker-compose -f "${SCRIPTS}"/sdnc/certservice/docker-compose.yml down -v +docker-compose -f "${SCRIPTS}"/sdnc/sdnc/docker-compose.yml down -v +docker-compose -f "${SCRIPTS}"/sdnc/netconf-pnp-simulator/docker-compose.yml down -v + +make clear -C "${WORKSPACE}"/plans/sdnc/sdnc_netconf_tls_post_deploy/certs -# $WORKSPACE/archives/appc deleted with archives folder when tests starts so we keep it at the end for debugging +rm -rf "${WORKSPACE}"/tests/sdnc/sdnc_netconf_tls_post_deploy/tmp +rm -rf "${WORKSPACE}"/tests/sdnc/sdnc_netconf_tls_post_deploy/certs +rm -rf "${WORKSPACE}"/tests/sdnc/sdnc_netconf_tls_post_deploy/cert-data
\ No newline at end of file diff --git a/scripts/sdnc/certservice/certprofile/certprofile_MY_ENDUSER-1667220921.xml b/scripts/sdnc/certservice/certprofile/certprofile_MY_ENDUSER-1667220921.xml new file mode 100644 index 00000000..92fbdee5 --- /dev/null +++ b/scripts/sdnc/certservice/certprofile/certprofile_MY_ENDUSER-1667220921.xml @@ -0,0 +1,594 @@ +<?xml version="1.0" encoding="UTF-8"?> +<java version="1.7.0_111" class="java.beans.XMLDecoder"> + <object class="java.util.LinkedHashMap"> + <void method="put"> + <string>version</string> + <float>46.0</float> + </void> + <void method="put"> + <string>type</string> + <int>1</int> + </void> + <void method="put"> + <string>certversion</string> + <string>X509v3</string> + </void> + <void method="put"> + <string>encodedvalidity</string> + <string>2y</string> + </void> + <void method="put"> + <string>usecertificatevalidityoffset</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>certificatevalidityoffset</string> + <string>-10m</string> + </void> + <void method="put"> + <string>useexpirationrestrictionforweekdays</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>expirationrestrictionforweekdaysbefore</string> + <boolean>true</boolean> + </void> + <void method="put"> + <string>expirationrestrictionweekdays</string> + <object class="java.util.ArrayList"> + <void method="add"> + <boolean>true</boolean> + </void> + <void method="add"> + <boolean>true</boolean> + </void> + <void method="add"> + <boolean>false</boolean> + </void> + <void method="add"> + <boolean>false</boolean> + </void> + <void method="add"> + <boolean>false</boolean> + </void> + <void method="add"> + <boolean>true</boolean> + </void> + <void method="add"> + <boolean>true</boolean> + </void> + </object> + </void> + <void method="put"> + <string>allowvalidityoverride</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>allowextensionoverride</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>allowdnoverride</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>allowdnoverridebyeei</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>allowbackdatedrevokation</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>usecertificatestorage</string> + <boolean>true</boolean> + </void> + <void method="put"> + <string>storecertificatedata</string> + <boolean>true</boolean> + </void> + <void method="put"> + <string>storesubjectaltname</string> + <boolean>true</boolean> + </void> + <void method="put"> + <string>usebasicconstrants</string> + <boolean>true</boolean> + </void> + <void method="put"> + <string>basicconstraintscritical</string> + <boolean>true</boolean> + </void> + <void method="put"> + <string>usesubjectkeyidentifier</string> + <boolean>true</boolean> + </void> + <void method="put"> + <string>subjectkeyidentifiercritical</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>useauthoritykeyidentifier</string> + <boolean>true</boolean> + </void> + <void method="put"> + <string>authoritykeyidentifiercritical</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>usesubjectalternativename</string> + <boolean>true</boolean> + </void> + <void method="put"> + <string>subjectalternativenamecritical</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>useissueralternativename</string> + <boolean>true</boolean> + </void> + <void method="put"> + <string>issueralternativenamecritical</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>usecrldistributionpoint</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>usedefaultcrldistributionpoint</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>crldistributionpointcritical</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>crldistributionpointuri</string> + <string></string> + </void> + <void method="put"> + <string>usefreshestcrl</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>usecadefinedfreshestcrl</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>freshestcrluri</string> + <string></string> + </void> + <void method="put"> + <string>crlissuer</string> + <string></string> + </void> + <void method="put"> + <string>usecertificatepolicies</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>certificatepoliciescritical</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>certificatepolicies</string> + <object class="java.util.ArrayList"/> + </void> + <void method="put"> + <string>availablekeyalgorithms</string> + <object class="java.util.ArrayList"> + <void method="add"> + <string>DSA</string> + </void> + <void method="add"> + <string>ECDSA</string> + </void> + <void method="add"> + <string>RSA</string> + </void> + </object> + </void> + <void method="put"> + <string>availableeccurves</string> + <object class="java.util.ArrayList"> + <void method="add"> + <string>ANY_EC_CURVE</string> + </void> + </object> + </void> + <void method="put"> + <string>availablebitlengths</string> + <object class="java.util.ArrayList"> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>192</int> + </void> + <void method="add"> + <int>224</int> + </void> + <void method="add"> + <int>239</int> + </void> + <void method="add"> + <int>256</int> + </void> + <void method="add"> + <int>384</int> + </void> + <void method="add"> + <int>512</int> + </void> + <void method="add"> + <int>521</int> + </void> + <void method="add"> + <int>1024</int> + </void> + <void method="add"> + <int>1536</int> + </void> + <void method="add"> + <int>2048</int> + </void> + <void method="add"> + <int>3072</int> + </void> + <void method="add"> + <int>4096</int> + </void> + <void method="add"> + <int>6144</int> + </void> + <void method="add"> + <int>8192</int> + </void> + </object> + </void> + <void method="put"> + <string>minimumavailablebitlength</string> + <int>0</int> + </void> + <void method="put"> + <string>maximumavailablebitlength</string> + <int>8192</int> + </void> + <void method="put"> + <string>signaturealgorithm</string> + <null/> + </void> + <void method="put"> + <string>usekeyusage</string> + <boolean>true</boolean> + </void> + <void method="put"> + <string>keyusage</string> + <object class="java.util.ArrayList"> + <void method="add"> + <boolean>true</boolean> + </void> + <void method="add"> + <boolean>true</boolean> + </void> + <void method="add"> + <boolean>true</boolean> + </void> + <void method="add"> + <boolean>false</boolean> + </void> + <void method="add"> + <boolean>false</boolean> + </void> + <void method="add"> + <boolean>false</boolean> + </void> + <void method="add"> + <boolean>false</boolean> + </void> + <void method="add"> + <boolean>false</boolean> + </void> + <void method="add"> + <boolean>false</boolean> + </void> + </object> + </void> + <void method="put"> + <string>allowkeyusageoverride</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>keyusagecritical</string> + <boolean>true</boolean> + </void> + <void method="put"> + <string>useextendedkeyusage</string> + <boolean>true</boolean> + </void> + <void method="put"> + <string>extendedkeyusage</string> + <object class="java.util.ArrayList"> + <void method="add"> + <string>1.3.6.1.5.5.7.3.2</string> + </void> + <void method="add"> + <string>1.3.6.1.5.5.7.3.4</string> + </void> + <void method="add"> + <string>1.3.6.1.5.5.7.3.1</string> + </void> + </object> + </void> + <void method="put"> + <string>extendedkeyusagecritical</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>usedocumenttypelist</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>documenttypelistcritical</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>documenttypelist</string> + <object class="java.util.ArrayList"/> + </void> + <void method="put"> + <string>availablecas</string> + <object class="java.util.ArrayList"> + <void method="add"> + <int>-1</int> + </void> + <void method="add"> + <int>1295313472</int> + </void> + </object> + </void> + <void method="put"> + <string>usedpublishers</string> + <object class="java.util.ArrayList"/> + </void> + <void method="put"> + <string>useocspnocheck</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>useldapdnorder</string> + <boolean>true</boolean> + </void> + <void method="put"> + <string>usecustomdnorder</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>usemicrosofttemplate</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>microsofttemplate</string> + <string></string> + </void> + <void method="put"> + <string>usecardnumber</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>usecnpostfix</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>cnpostfix</string> + <string></string> + </void> + <void method="put"> + <string>usesubjectdnsubset</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>subjectdnsubset</string> + <object class="java.util.ArrayList"/> + </void> + <void method="put"> + <string>usesubjectaltnamesubset</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>subjectaltnamesubset</string> + <object class="java.util.ArrayList"/> + </void> + <void method="put"> + <string>usepathlengthconstraint</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>pathlengthconstraint</string> + <int>0</int> + </void> + <void method="put"> + <string>useqcstatement</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>usepkixqcsyntaxv2</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>useqcstatementcritical</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>useqcstatementraname</string> + <string></string> + </void> + <void method="put"> + <string>useqcsematicsid</string> + <string></string> + </void> + <void method="put"> + <string>useqcetsiqccompliance</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>useqcetsisignaturedevice</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>useqcetsivaluelimit</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>qcetsivaluelimit</string> + <int>0</int> + </void> + <void method="put"> + <string>qcetsivaluelimitexp</string> + <int>0</int> + </void> + <void method="put"> + <string>qcetsivaluelimitcurrency</string> + <string></string> + </void> + <void method="put"> + <string>useqcetsiretentionperiod</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>qcetsiretentionperiod</string> + <int>0</int> + </void> + <void method="put"> + <string>useqccustomstring</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>qccustomstringoid</string> + <string></string> + </void> + <void method="put"> + <string>qccustomstringtext</string> + <string></string> + </void> + <void method="put"> + <string>qcetsipds</string> + <null/> + </void> + <void method="put"> + <string>qcetsitype</string> + <null/> + </void> + <void method="put"> + <string>usecertificatetransparencyincerts</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>usecertificatetransparencyinocsp</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>usecertificatetransparencyinpublisher</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>usesubjectdirattributes</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>usenameconstraints</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>useauthorityinformationaccess</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>caissuers</string> + <object class="java.util.ArrayList"/> + </void> + <void method="put"> + <string>usedefaultcaissuer</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>usedefaultocspservicelocator</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>ocspservicelocatoruri</string> + <string></string> + </void> + <void method="put"> + <string>cvcaccessrights</string> + <int>3</int> + </void> + <void method="put"> + <string>usedcertificateextensions</string> + <object class="java.util.ArrayList"/> + </void> + <void method="put"> + <string>approvals</string> + <object class="java.util.LinkedHashMap"> + <void method="put"> + <object class="java.lang.Enum" method="valueOf"> + <class>org.cesecore.certificates.ca.ApprovalRequestType</class> + <string>KEYRECOVER</string> + </object> + <int>-1</int> + </void> + <void method="put"> + <object class="java.lang.Enum" method="valueOf"> + <class>org.cesecore.certificates.ca.ApprovalRequestType</class> + <string>ADDEDITENDENTITY</string> + </object> + <int>-1</int> + </void> + <void method="put"> + <object class="java.lang.Enum" method="valueOf"> + <class>org.cesecore.certificates.ca.ApprovalRequestType</class> + <string>REVOCATION</string> + </object> + <int>-1</int> + </void> + </object> + </void> + <void method="put"> + <string>useprivkeyusageperiodnotbefore</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>useprivkeyusageperiod</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>useprivkeyusageperiodnotafter</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>privkeyusageperiodstartoffset</string> + <long>0</long> + </void> + <void method="put"> + <string>privkeyusageperiodlength</string> + <long>63072000</long> + </void> + <void method="put"> + <string>usesingleactivecertificateconstraint</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>overridableextensionoids</string> + <object class="java.util.LinkedHashSet"/> + </void> + <void method="put"> + <string>nonoverridableextensionoids</string> + <object class="java.util.LinkedHashSet"/> + </void> + <void method="put"> + <string>usecustomdnorderldap</string> + <boolean>false</boolean> + </void> + </object> +</java> diff --git a/scripts/sdnc/certservice/certprofile/entityprofile_My_EndEntity-161023208.xml b/scripts/sdnc/certservice/certprofile/entityprofile_My_EndEntity-161023208.xml new file mode 100644 index 00000000..cad4ca7f --- /dev/null +++ b/scripts/sdnc/certservice/certprofile/entityprofile_My_EndEntity-161023208.xml @@ -0,0 +1,917 @@ +<?xml version="1.0" encoding="UTF-8"?> +<java version="1.7.0_111" class="java.beans.XMLDecoder"> + <object class="java.util.LinkedHashMap"> + <void method="put"> + <string>version</string> + <float>14.0</float> + </void> + <void method="put"> + <string>NUMBERARRAY</string> + <object class="java.util.ArrayList"> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>2</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + </object> + </void> + <void method="put"> + <string>SUBJECTDNFIELDORDER</string> + <object class="java.util.ArrayList"> + <void method="add"> + <int>500</int> + </void> + <void method="add"> + <int>1100</int> + </void> + <void method="add"> + <int>1200</int> + </void> + <void method="add"> + <int>1300</int> + </void> + <void method="add"> + <int>1400</int> + </void> + <void method="add"> + <int>1600</int> + </void> + </object> + </void> + <void method="put"> + <string>SUBJECTALTNAMEFIELDORDER</string> + <object class="java.util.ArrayList"> + <void method="add"> + <int>1800</int> + </void> + <void method="add"> + <int>1801</int> + </void> + </object> + </void> + <void method="put"> + <string>SUBJECTDIRATTRFIELDORDER</string> + <object class="java.util.ArrayList"/> + </void> + <void method="put"> + <int>0</int> + <string></string> + </void> + <void method="put"> + <int>20000</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>10000</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30000</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>1</int> + <string></string> + </void> + <void method="put"> + <int>20001</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>10001</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30001</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>95</int> + <string></string> + </void> + <void method="put"> + <int>20095</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10095</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30095</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>96</int> + <string></string> + </void> + <void method="put"> + <int>20096</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10096</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30096</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>5</int> + <string></string> + </void> + <void method="put"> + <int>20005</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>10005</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30005</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>26</int> + <string></string> + </void> + <void method="put"> + <int>20026</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10026</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30026</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>29</int> + <string>1667220921</string> + </void> + <void method="put"> + <int>20029</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>10029</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30029</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30</int> + <string>1667220921</string> + </void> + <void method="put"> + <int>20030</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>10030</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30030</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>31</int> + <string>1</string> + </void> + <void method="put"> + <int>20031</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>10031</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30031</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>32</int> + <string>1;2;3;4</string> + </void> + <void method="put"> + <int>20032</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>10032</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30032</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>33</int> + <string></string> + </void> + <void method="put"> + <int>20033</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>10033</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30033</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>34</int> + <string></string> + </void> + <void method="put"> + <int>20034</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>10034</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>30034</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>38</int> + <string>1295313472</string> + </void> + <void method="put"> + <int>20038</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>10038</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30038</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>37</int> + <string>1295313472</string> + </void> + <void method="put"> + <int>20037</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>10037</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30037</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>98</int> + <string></string> + </void> + <void method="put"> + <int>20098</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10098</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>30098</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>99</int> + <string></string> + </void> + <void method="put"> + <int>20099</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10099</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>30099</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>97</int> + <string></string> + </void> + <void method="put"> + <int>20097</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10097</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>30097</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>91</int> + <string>false</string> + </void> + <void method="put"> + <int>20091</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10091</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>30091</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>94</int> + <string>-1</string> + </void> + <void method="put"> + <int>20094</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>10094</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>30094</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>93</int> + <string>-1</string> + </void> + <void method="put"> + <int>20093</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10093</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>30093</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>89</int> + <string></string> + </void> + <void method="put"> + <int>20089</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10089</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>30089</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>88</int> + <string></string> + </void> + <void method="put"> + <int>20088</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10088</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>30088</int> + <boolean>true</boolean> + </void> + <void method="put"> + <string>ALLOW_MERGEDN_WEBSERVICES</string> + <boolean>false</boolean> + </void> + <void method="put"> + <int>2</int> + <string></string> + </void> + <void method="put"> + <int>20002</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10002</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10090</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>90</int> + <string>0</string> + </void> + <void method="put"> + <string>REVERSEFFIELDCHECKS</string> + <boolean>false</boolean> + </void> + <void method="put"> + <int>28</int> + <string>false</string> + </void> + <void method="put"> + <int>20028</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10028</int> + <boolean>false</boolean> + </void> + <void method="put"> + <string>REUSECERTIFICATE</string> + <boolean>false</boolean> + </void> + <void method="put"> + <int>35</int> + <string>false</string> + </void> + <void method="put"> + <int>20035</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10035</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10092</int> + <boolean>false</boolean> + </void> + <void method="put"> + <string>USEEXTENSIONDATA</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>PRINTINGUSE</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>PRINTINGDEFAULT</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>PRINTINGREQUIRED</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>PRINTINGCOPIES</string> + <int>1</int> + </void> + <void method="put"> + <string>PRINTINGPRINTERNAME</string> + <string></string> + </void> + <void method="put"> + <string>PRINTINGSVGDATA</string> + <string></string> + </void> + <void method="put"> + <string>PRINTINGSVGFILENAME</string> + <string></string> + </void> + <void method="put"> + <int>11</int> + <string></string> + </void> + <void method="put"> + <int>20011</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>10011</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30011</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>12</int> + <string></string> + </void> + <void method="put"> + <int>20012</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>10012</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30012</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>13</int> + <string></string> + </void> + <void method="put"> + <int>20013</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>10013</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30013</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>14</int> + <string></string> + </void> + <void method="put"> + <int>20014</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>10014</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30014</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>16</int> + <string></string> + </void> + <void method="put"> + <int>20016</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>10016</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30016</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>18</int> + <string></string> + </void> + <void method="put"> + <int>20018</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>10018</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30018</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>118</int> + <string></string> + </void> + <void method="put"> + <int>20118</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>10118</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30118</int> + <boolean>true</boolean> + </void> + </object> +</java> diff --git a/scripts/sdnc/certservice/config/cmpServers.json b/scripts/sdnc/certservice/config/cmpServers.json new file mode 100644 index 00000000..ce427c53 --- /dev/null +++ b/scripts/sdnc/certservice/config/cmpServers.json @@ -0,0 +1,24 @@ +{ + "cmpv2Servers": [ + { + "caName": "Client", + "url": "http://aafcert-ejbca:8080/ejbca/publicweb/cmp/cmp", + "issuerDN": "CN=My_ManagementCA", + "caMode": "CLIENT", + "authentication": { + "iak": "mypassword", + "rv": "mypassword" + } + }, + { + "caName": "RA", + "url": "http://aafcert-ejbca:8080/ejbca/publicweb/cmp/cmpRA", + "issuerDN": "CN=My_ManagementCA", + "caMode": "RA", + "authentication": { + "iak": "mypassword", + "rv": "mypassword" + } + } + ] +} diff --git a/scripts/sdnc/certservice/docker-compose.yml b/scripts/sdnc/certservice/docker-compose.yml new file mode 100644 index 00000000..6e4c4b60 --- /dev/null +++ b/scripts/sdnc/certservice/docker-compose.yml @@ -0,0 +1,46 @@ +version: "2.1" + +services: + ejbca: + image: primekey/ejbca-ce:6.15.2.5 + hostname: cahostname + container_name: aafcert-ejbca + ports: + - "80:8080" + - "443:8443" + volumes: + - $SCRIPTS_PATH:/opt/primekey/scripts + - $CERT_PROFILE:/opt/primekey/certprofile + healthcheck: + test: ["CMD-SHELL", "curl -kI https://localhost:8443/ejbca/publicweb/healthcheck/ejbcahealth"] + interval: 20s + timeout: 3s + retries: 9 + networks: + - certservice + + aaf-cert-service: + image: nexus3.onap.org:10001/onap/org.onap.aaf.certservice.aaf-certservice-api:latest + volumes: + - $CONFIGURATION_PATH:/etc/onap/aaf/certservice/cmpServers.json + - $AAF_INITIAL_CERTS/truststore.jks:/etc/onap/aaf/certservice/certs/truststore.jks + - $AAF_INITIAL_CERTS/root.crt:/etc/onap/aaf/certservice/certs/root.crt + - $AAF_INITIAL_CERTS/certServiceServer-keystore.jks:/etc/onap/aaf/certservice/certs/certServiceServer-keystore.jks + - $AAF_INITIAL_CERTS/certServiceServer-keystore.p12:/etc/onap/aaf/certservice/certs/certServiceServer-keystore.p12 + container_name: aaf-cert-service + ports: + - "8443:8443" + depends_on: + ejbca: + condition: service_healthy + healthcheck: + test: ["CMD-SHELL", "curl https://localhost:8443/actuator/health --cacert /etc/onap/aaf/certservice/certs/root.crt --cert-type p12 --cert /etc/onap/aaf/certservice/certs/certServiceServer-keystore.p12 --pass secret"] + interval: 10s + timeout: 3s + retries: 15 + networks: + - certservice + +networks: + certservice: + driver: bridge
\ No newline at end of file diff --git a/scripts/sdnc/certservice/scripts/cmp.cmpRA.dump b/scripts/sdnc/certservice/scripts/cmp.cmpRA.dump new file mode 100644 index 00000000..900e676d --- /dev/null +++ b/scripts/sdnc/certservice/scripts/cmp.cmpRA.dump @@ -0,0 +1,6 @@ +cmpRA.operationmode = ra +cmpRA.responseprotection = pbe +cmpRA.ra.endentityprofileid = 161023208 +cmpRA.ra.certificateprofile = MY_ENDUSER +cmpRA.ra.caname = My_ManagementCA +cmpRA.allowautomatickeyupdate = true
\ No newline at end of file diff --git a/scripts/sdnc/certservice/scripts/ejbca-configuration.sh b/scripts/sdnc/certservice/scripts/ejbca-configuration.sh new file mode 100755 index 00000000..64045a7f --- /dev/null +++ b/scripts/sdnc/certservice/scripts/ejbca-configuration.sh @@ -0,0 +1,13 @@ +#!/bin/bash + +configureEjbca() { + ejbca.sh ca init My_ManagementCA "C=SE,O=PrimeKey,CN=My_ManagementCA" soft foo123 2048 RSA 365 --policy 2.5.29.32.0 SHA256WithRSA + ejbca.sh ca editca --caname My_ManagementCA --field cmpRaAuthSecret --value mypassword + ejbca.sh config cmp addalias --alias cmpRA + ejbca.sh ca importprofiles -d /opt/primekey/certprofile + ejbca.sh config cmp uploadfile --alias cmpRA --file /opt/primekey/scripts/cmp.cmpRA.dump + ejbca.sh config cmp dumpalias --alias cmpRA + ejbca.sh ca getcacert --caname My_ManagementCA -f /dev/stdout > cacert.pem +} + +configureEjbca diff --git a/scripts/sdnc/netconf-pnp-simulator/docker-compose.yml b/scripts/sdnc/netconf-pnp-simulator/docker-compose.yml new file mode 100755 index 00000000..67a75c94 --- /dev/null +++ b/scripts/sdnc/netconf-pnp-simulator/docker-compose.yml @@ -0,0 +1,12 @@ +version: '3' + +services: + netconf-pnp-simulator: + image: nexus3.onap.org:10001/onap/integration/simulators/netconf-pnp-simulator:2.8.5 + container_name: netconf-simulator + restart: always + ports: + - "830:830" + - "6513:6513" + volumes: + - ${NETCONF_CONFIG_PATH}:/config/modules/mynetconf diff --git a/scripts/sdnc/netconf-pnp-simulator/netconf-config/data.json b/scripts/sdnc/netconf-pnp-simulator/netconf-config/data.json new file mode 100644 index 00000000..63872eef --- /dev/null +++ b/scripts/sdnc/netconf-pnp-simulator/netconf-config/data.json @@ -0,0 +1,10 @@ +{ + "mynetconf:netconflist": { + "netconf": [ + { + "netconf-id": 3, + "netconf-param": 3 + } + ] + } +} diff --git a/scripts/sdnc/netconf-pnp-simulator/netconf-config/model.yang b/scripts/sdnc/netconf-pnp-simulator/netconf-config/model.yang new file mode 100644 index 00000000..6c8c36ab --- /dev/null +++ b/scripts/sdnc/netconf-pnp-simulator/netconf-config/model.yang @@ -0,0 +1,29 @@ +module mynetconf { + yang-version 1.1; + namespace "urn:mynetconf:test"; + + prefix nft; + + organization + "mynetconf"; + contact + "my netconf address"; + description + "yang model for mynetconf"; + revision "2019-03-01" { + description + "initial version"; + } + + container netconflist { + list netconf { + key netconf-id; + leaf netconf-id { + type uint16; + } + leaf netconf-param { + type uint32; + } + } + } +} diff --git a/scripts/sdnc/netconf-pnp-simulator/netconf-config/subscriber.py b/scripts/sdnc/netconf-pnp-simulator/netconf-config/subscriber.py new file mode 100755 index 00000000..61272967 --- /dev/null +++ b/scripts/sdnc/netconf-pnp-simulator/netconf-config/subscriber.py @@ -0,0 +1,136 @@ +#!/usr/bin/env python3 + +__author__ = "Mislav Novakovic <mislav.novakovic@sartura.hr>" +__copyright__ = "Copyright 2018, Deutsche Telekom AG" +__license__ = "Apache 2.0" + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This sample application demonstrates use of Python programming language bindings for sysrepo library. +# Original c application was rewritten in Python to show similarities and differences +# between the two. +# +# Most notable difference is in the very different nature of languages, c is weakly statically typed language +# while Python is strongly dynamically typed. Python code is much easier to read and logic easier to comprehend +# for smaller scripts. Memory safety is not an issue but lower performance can be expected. +# +# The original c implementation is also available in the source, so one can refer to it to evaluate trade-offs. + +import sysrepo as sr +import sys + + +# Helper function for printing changes given operation, old and new value. +def print_change(op, old_val, new_val): + if op == sr.SR_OP_CREATED: + print(f"CREATED: {new_val.to_string()}") + elif op == sr.SR_OP_DELETED: + print(f"DELETED: {old_val.to_string()}") + elif op == sr.SR_OP_MODIFIED: + print(f"MODIFIED: {old_val.to_string()} to {new_val.to_string()}") + elif op == sr.SR_OP_MOVED: + print(f"MOVED: {new_val.xpath()} after {old_val.xpath()}") + + +# Helper function for printing events. +def ev_to_str(ev): + if ev == sr.SR_EV_VERIFY: + return "verify" + elif ev == sr.SR_EV_APPLY: + return "apply" + elif ev == sr.SR_EV_ABORT: + return "abort" + else: + return "unknown" + + +# Function to print current configuration state. +# It does so by loading all the items of a session and printing them out. +def print_current_config(session, module_name): + select_xpath = f"/{module_name}:*//*" + + values = session.get_items(select_xpath) + + if values is not None: + print("========== BEGIN CONFIG ==========") + for i in range(values.val_cnt()): + print(values.val(i).to_string(), end='') + print("=========== END CONFIG ===========") + + +# Function to be called for subscribed client of given session whenever configuration changes. +def module_change_cb(sess, module_name, event, private_ctx): + try: + print("========== Notification " + ev_to_str(event) + " =============================================") + if event == sr.SR_EV_APPLY: + print_current_config(sess, module_name) + + print("========== CHANGES: =============================================") + + change_path = f"/{module_name}:*" + + it = sess.get_changes_iter(change_path) + + while True: + change = sess.get_change_next(it) + if change is None: + break + print_change(change.oper(), change.old_val(), change.new_val()) + + print("========== END OF CHANGES =======================================") + except Exception as e: + print(e) + + return sr.SR_ERR_OK + + +def main(): + # Notable difference between c implementation is using exception mechanism for open handling unexpected events. + # Here it is useful because `Connection`, `Session` and `Subscribe` could throw an exception. + try: + module_name = "ietf-interfaces" + if len(sys.argv) > 1: + module_name = sys.argv[1] + else: + print("\nYou can pass the module name to be subscribed as the first argument") + + print(f"Application will watch for changes in {module_name}") + + # connect to sysrepo + conn = sr.Connection(module_name) + + # start session + sess = sr.Session(conn) + + # subscribe for changes in running config */ + subscribe = sr.Subscribe(sess) + + subscribe.module_change_subscribe(module_name, module_change_cb) + + try: + print_current_config(sess, module_name) + except Exception as e: + print(e) + + print("========== STARTUP CONFIG APPLIED AS RUNNING ==========") + + sr.global_loop() + + print("Application exit requested, exiting.") + + except Exception as e: + print(e) + + +if __name__ == '__main__': + main() diff --git a/plans/sdnc/sdnc_netconf_tls_post_deploy/certs/certs.properties b/scripts/sdnc/sdnc/certs/certs.properties index f8f3fa72..f8f3fa72 100644 --- a/plans/sdnc/sdnc_netconf_tls_post_deploy/certs/certs.properties +++ b/scripts/sdnc/sdnc/certs/certs.properties diff --git a/plans/sdnc/sdnc_netconf_tls_post_deploy/certs/keys0.zip b/scripts/sdnc/sdnc/certs/keys0.zip Binary files differindex 48b4d90a..48b4d90a 100644 --- a/plans/sdnc/sdnc_netconf_tls_post_deploy/certs/keys0.zip +++ b/scripts/sdnc/sdnc/certs/keys0.zip diff --git a/tests/sdnc/sdnc_netconf_tls_post_deploy/data/mount.xml b/scripts/sdnc/sdnc/config/mount.xml index 108369bc..04305252 100644 --- a/tests/sdnc/sdnc_netconf_tls_post_deploy/data/mount.xml +++ b/scripts/sdnc/sdnc/config/mount.xml @@ -1,5 +1,5 @@ <node xmlns="urn:TBD:params:xml:ns:yang:network-topology"> - <node-id>netopeer2</node-id> + <node-id>PNFDemo</node-id> <key-based xmlns="urn:opendaylight:netconf-node-topology"> <key-id xmlns="urn:opendaylight:netconf-node-topology">ODL_private_key_0</key-id> <username xmlns="urn:opendaylight:netconf-node-topology">netconf</username> @@ -10,5 +10,5 @@ <protocol xmlns="urn:opendaylight:netconf-node-topology"> <name xmlns="urn:opendaylight:netconf-node-topology">TLS</name> </protocol> - <max-connection-attempts xmlns="urn:opendaylight:netconf-node-topology">2</max-connection-attempts> + <max-connection-attempts xmlns="urn:opendaylight:netconf-node-topology">5</max-connection-attempts> </node> diff --git a/scripts/sdnc/sdnc/docker-compose.yml b/scripts/sdnc/sdnc/docker-compose.yml new file mode 100755 index 00000000..c47fab50 --- /dev/null +++ b/scripts/sdnc/sdnc/docker-compose.yml @@ -0,0 +1,50 @@ +version: '3' + +services: + mariadb: + image: nexus3.onap.org:10001/mariadb:10.1.11 + ports: + - "3306:3306" + container_name: mariadb + volumes: + - /etc/localtime:/etc/localtime:ro + environment: + - MYSQL_ROOT_PASSWORD=password + hostname: + mariadb.so.testlab.onap.org + logging: + driver: "json-file" + options: + max-size: "30m" + max-file: "5" + + sdnc: + image: onap/sdnc-image:latest + container_name: sdnc + volumes: + - /etc/localtime:/etc/localtime:ro + - $SDNC_CERT_PATH:/opt/opendaylight/current/certs + entrypoint: ["/opt/onap/sdnc/bin/startODL.sh"] + ports: + - "8282:8181" + hostname: + sdnc + environment: + - MYSQL_ROOT_PASSWORD=password + - SDNC_CONFIG_DIR=/opt/onap/sdnc/data/properties + - MYSQL_PASSWD=password + - ODL_ADMIN_USERNAME=admin + - ODL_ADMIN_PASSWORD=Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U + depends_on: + - mariadb + dns: + - ${DNS_IP_ADDR-10.0.100.1} + logging: + driver: "json-file" + options: + max-size: "30m" + max-file: "5" + extra_hosts: + - sdnctldb02:${LOCAL_IP} + - sdnctldb01:${LOCAL_IP} + - dbhost:${LOCAL_IP}
\ No newline at end of file diff --git a/tests/sdnc/sdnc_netconf_tls_post_deploy/_init_.robot b/tests/sdnc/sdnc_netconf_tls_post_deploy/__init__.robot index d7353060..d7353060 100644 --- a/tests/sdnc/sdnc_netconf_tls_post_deploy/_init_.robot +++ b/tests/sdnc/sdnc_netconf_tls_post_deploy/__init__.robot diff --git a/tests/sdnc/sdnc_netconf_tls_post_deploy/csr/netconf_pnp_simulator_csr.env b/tests/sdnc/sdnc_netconf_tls_post_deploy/csr/netconf_pnp_simulator_csr.env new file mode 100644 index 00000000..557860de --- /dev/null +++ b/tests/sdnc/sdnc_netconf_tls_post_deploy/csr/netconf_pnp_simulator_csr.env @@ -0,0 +1,16 @@ +#Client Envs +REQUEST_TIMEOUT=30000 +OUTPUT_PATH=/var/certs +CA_NAME=RA +KEYSTORE_PATH=/etc/onap/aaf/certservice/certs/certServiceClient-keystore.jks +KEYSTORE_PASSWORD=secret +TRUSTSTORE_PATH=/etc/onap/aaf/certservice/certs/truststore.jks +TRUSTSTORE_PASSWORD=secret +#CSR Config Envs +COMMON_NAME=netconf.pnp.simulator.onap.org +ORGANIZATION=Linux-Foundation +ORGANIZATION_UNIT=ONAP +LOCATION=San-Francisco +STATE=California +COUNTRY=US +SANS=netconf.com:netconfsimulator.com diff --git a/tests/sdnc/sdnc_netconf_tls_post_deploy/csr/sdnc_csr.env b/tests/sdnc/sdnc_netconf_tls_post_deploy/csr/sdnc_csr.env new file mode 100644 index 00000000..28411797 --- /dev/null +++ b/tests/sdnc/sdnc_netconf_tls_post_deploy/csr/sdnc_csr.env @@ -0,0 +1,16 @@ +#Client CSR +REQUEST_TIMEOUT=30000 +OUTPUT_PATH=/var/certs +CA_NAME=RA +KEYSTORE_PATH=/etc/onap/aaf/certservice/certs/certServiceClient-keystore.jks +KEYSTORE_PASSWORD=secret +TRUSTSTORE_PATH=/etc/onap/aaf/certservice/certs/truststore.jks +TRUSTSTORE_PASSWORD=secret +#CSR Config Envs +COMMON_NAME=sdnc.onap.org +ORGANIZATION=Linux-Foundation +ORGANIZATION_UNIT=ONAP +LOCATION=San-Francisco +STATE=California +COUNTRY=US +SANS=example.com:sample.com
\ No newline at end of file diff --git a/tests/sdnc/sdnc_netconf_tls_post_deploy/libraries/ClientManager.py b/tests/sdnc/sdnc_netconf_tls_post_deploy/libraries/ClientManager.py new file mode 100644 index 00000000..ceff9742 --- /dev/null +++ b/tests/sdnc/sdnc_netconf_tls_post_deploy/libraries/ClientManager.py @@ -0,0 +1,179 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2020 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +__author__ = "Ajay Deep Singh (ajay.deep.singh@est.tech)" +__copyright__ = "Copyright (C) 2020 Nordix Foundation" +__license__ = "Apache 2.0" + +import os +import shutil +import subprocess + +import docker +from OpenSSL import crypto +from docker.types import Mount + +DEV_NULL = open(os.devnull, 'wb') +NETCONF_PNP_SIM_CONTAINER_NAME = 'netconf-simulator' +ARCHIVES_PATH = os.getenv("WORKSPACE") + "/archives/" + + +class ClientManager: + + def __init__(self, mount_path, truststore_path): + self.mount_path = mount_path + self.truststore_path = truststore_path + self.caCertPem = mount_path + '/ca.pem' + self.serverKeyPem = mount_path + '/server_key.pem' + self.serverCertPem = mount_path + '/server_cert.pem' + self.keystoreJksPath = mount_path + '/keystore.jks' + self.keystorePassPath = mount_path + '/keystore.pass' + self.truststoreJksPath = mount_path + '/truststore.jks' + self.truststorePassPath = mount_path + '/truststore.pass' + + # Function Create docker container. + def run_client_container(self, client_image, container_name, path_to_env, request_url, network): + self.create_mount_dir() + client = docker.from_env() + environment = self.read_env_list_from_file(path_to_env) + environment.append("REQUEST_URL=" + request_url) + container = client.containers.run( + image=client_image, + name=container_name, + environment=environment, + network=network, + user='root', + mounts=[Mount(target='/var/certs', source=self.mount_path, type='bind'), + Mount(target='/etc/onap/aaf/certservice/certs/', source=self.truststore_path, type='bind')], + detach=True + ) + exitcode = container.wait() + return exitcode + + # Function to validate keystore.jks/truststore.jks can be opened with generated pass-phrase. + def can_open_keystore_and_truststore_with_pass(self): + can_open_keystore = self.can_open_jks_file_with_pass_file(self.keystorePassPath, self.keystoreJksPath) + can_open_truststore = self.can_open_jks_file_with_pass_file(self.truststorePassPath, self.truststoreJksPath) + return can_open_keystore & can_open_truststore + + # Method for Uploading Certificate in SDNC-Container. + # Creating/Uploading Server-key, Server-cert, Ca-cert PEM files in Netconf-Pnp-Simulator. + def can_install_keystore_and_truststore_certs(self, cmd, container_name): + continue_exec = True + if container_name == NETCONF_PNP_SIM_CONTAINER_NAME: + print("Generating PEM files for {0} from JKS files".format(container_name)) + continue_exec = self.create_pem(self.keystorePassPath, self.keystoreJksPath, self.truststorePassPath, + self.truststoreJksPath) + if continue_exec: + print("Initiate Configuration Push for : {0}".format(container_name)) + resp_code = self.execute_bash_config(cmd, container_name) + if resp_code == 0: + print("Execution Successful for: {0}".format(container_name)) + return True + else: + print("Execution Failed for: {0}".format(container_name)) + return False + + def create_pem(self, keystore_pass_file_path, keystore_jks_file_path, truststore_pass_file_path, + truststore_jks_file_path): + # Create [server_key.pem, server_cert.pem, ca.pem] files for Netconf-Pnp-Simulation/TLS Configuration. + try: + keystore_p12 = self.get_pkcs12(keystore_pass_file_path, keystore_jks_file_path) + truststore_p12 = self.get_pkcs12(truststore_pass_file_path, truststore_jks_file_path) + with open(self.serverKeyPem, "wb+") as key_file: + key_file.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, keystore_p12.get_privatekey())) + with open(self.serverCertPem, "wb+") as server_cert_file: + server_cert_file.write(crypto.dump_certificate(crypto.FILETYPE_PEM, keystore_p12.get_certificate())) + with open(self.caCertPem, "wb+") as ca_cert_file: + ca_cert_file.write( + crypto.dump_certificate(crypto.FILETYPE_PEM, truststore_p12.get_ca_certificates()[0])) + return True + except IOError as err: + print("I/O Error: {0}".format(err)) + return False + except Exception as e: + print("UnExpected Error: {0}".format(e)) + return False + + def can_open_jks_file_with_pass_file(self, pass_file_path, jks_file_path): + try: + if jks_file_path.split('/')[-1] == 'truststore.jks': + pkcs12 = self.get_pkcs12(pass_file_path, jks_file_path).get_ca_certificates()[0] + else: + pkcs12 = self.get_pkcs12(pass_file_path, jks_file_path).get_certificate() + if pkcs12 is None: + return False + return True + except IOError as err: + print("I/O Error PKCS12 Creation failed: {0}".format(err)) + return False + except Exception as e: + print("UnExpected Error PKCS12 Creation failed: {0}".format(e)) + return False + + def remove_client_container_and_save_logs(self, container_name, log_file_name): + client = docker.from_env() + container = client.containers.get(container_name) + text_file = open(ARCHIVES_PATH + container_name + '_' + log_file_name + ".log", "w") + text_file.write(container.logs()) + text_file.close() + container.remove() + self.remove_mount_dir() + + def create_mount_dir(self): + if not os.path.exists(self.mount_path): + os.makedirs(self.mount_path) + + def remove_mount_dir(self): + shutil.rmtree(self.mount_path) + + @staticmethod + def get_pkcs12(pass_file_path, jks_file_path): + # Load PKCS12 Object + password = open(pass_file_path, 'rb').read() + p12 = crypto.load_pkcs12(open(jks_file_path, 'rb').read(), password) + return p12 + + @staticmethod + def execute_bash_config(cmd, container_name): + # Run command with arguments. Wait for command to complete or timeout, return code attribute. + try: + resp_code = subprocess.call(["%s %s" % (cmd, container_name)], shell=True, stdout=DEV_NULL, + stderr=subprocess.STDOUT) + print("Response Code from Config.sh execution: {0}".format(resp_code)) + return resp_code + except subprocess.CalledProcessError as e: + print("CalledProcessError Certificate installation failed in SDNC-ODL Container: {0}".format(e)) + return 1 # Return Error Code + + @staticmethod + def get_container_logs(container_name): + client = docker.from_env() + container = client.containers.get(container_name) + logs = container.logs() + return logs + + @staticmethod + def read_env_list_from_file(path): + f = open(path, "r") + r_list = [] + for line in f: + line = line.strip() + if line[0] != "#": + r_list.append(line) + return r_list diff --git a/tests/sdnc/sdnc_netconf_tls_post_deploy/libraries/config.sh b/tests/sdnc/sdnc_netconf_tls_post_deploy/libraries/config.sh new file mode 100755 index 00000000..cc6bf188 --- /dev/null +++ b/tests/sdnc/sdnc_netconf_tls_post_deploy/libraries/config.sh @@ -0,0 +1,129 @@ +#!/bin/bash + +# +# ============LICENSE_START======================================================= +# Copyright (C) 2020 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +# @author Ajay Deep Singh (ajay.deep.singh@est.tech) + +CONTAINER_NAME="$1" +LOGFILE="${WORKSPACE}"/archives/config.log +CONTAINER_ID=$(docker inspect --format="{{.Id}}" "$CONTAINER_NAME") + +OWNER="odl" +DEST_DIR="/tmp" + +CERT_DIR="${WORKSPACE}"/tests/sdnc/sdnc_netconf_tls_post_deploy/cert-data/* + +function now_ms() { + date +"%Y-%m-%d %H:%M:%S.%3N" +} + +function log() { + local level=$1 + shift + local message="$*" + printf "%s %-5s %s\n" "$(now_ms)" "$level" "$message" >>"$LOGFILE" +} + +# Copy [keystore.jks, truststore.jks, truststore.pass, keystore.pass] files into SDNC container. +function docker_cp() { + local file=$1 + docker cp "$file" "$CONTAINER_ID":"$DEST_DIR" + docker exec -u 0 "$CONTAINER_ID" chown "$OWNER":"$OWNER" "$DEST_DIR"/"${file##*/}" +} + +# Run installCerts.py script to push X509 Certificates to SDNC-ODL Keystore/Truststore. +function sdnc_conf() { + log INFO "Configuring SDNC-ODL Keystore..." + count=0 + exit_code=false + for i in {1..4}; do + for file in $CERT_DIR; do + if [[ -f $file ]]; then + log INFO "Uploading file :" "$file" + docker_cp "$file" + count=$((count + 1)) + fi + done + if [[ $count -eq 4 ]]; then + log INFO "SDNC JKS files upload successful" + exit_code=true + break + fi + log DEBUG "Waiting for JKS files to be uploaded to SDNC container.." + sleep 2m + done + if [[ "$exit_code" != "true" ]]; then + log DEBUG "JKS files Not found in $CERT_DIR" + exit 1 # Return error code + fi + sleep 2m + docker exec "$CONTAINER_ID" rm -rf /tmp/certs.properties + docker exec "$CONTAINER_ID" rm -rf /tmp/keys0.zip + if ! docker exec "$CONTAINER_ID" /usr/bin/python /opt/onap/sdnc/bin/installCerts.py; then + log DEBUG "Issue executing installCerts.py script" + docker cp "$CONTAINER_ID":/opt/opendaylight/data/log/installCerts.log "${WORKSPACE}"/archives + exit 1 # Return error code + fi + log INFO "Configuring SDNC-ODL Keystore successful" +} + +# Copy [Server_key.pem, Server_cert.pem, Ca.pem] files into Netconf-Simulator container. +# Reconfigure TLS config by invoking reconfigure-tls.sh script. +function netconf-simulator_conf() { + log INFO "Configuring Netconf-Pnp-Simulator..." + count=0 + exit_code=false + for i in {1..4}; do + for file in $CERT_DIR; do + if [[ -f $file && ${file: -4} == ".pem" ]]; then + log INFO "Uploading file :" "$file" + docker cp "$file" "$CONTAINER_ID":/config/tls + count=$((count + 1)) + fi + done + if [[ $count -eq 3 ]]; then + log INFO "PEM files upload successful" + exit_code=true + break + fi + log DEBUG "Waiting for PEM files to be uploaded to Netconf-Pnp-Simulator.." + sleep 2m + done + if [[ "$exit_code" != "true" ]]; then + log DEBUG "PEM files Not found in $CERT_DIR" + exit 1 # Return error code + fi + sleep 2m + if ! docker exec "$CONTAINER_ID" /opt/bin/reconfigure-tls.sh; then + log DEBUG "Issue executing reconfigure-tls.sh script" + docker logs "$CONTAINER_ID" > "${WORKSPACE}"/archives/simulator.log + exit 1 # Return error code + fi + log INFO "Configuring Netconf-Pnp-Simulator successful" +} + +# Push Config on SDNC, Netconf-Simulator. +if [[ -n $CONTAINER_ID ]]; then + log INFO "Container Name: $CONTAINER_NAME, Container Id: $CONTAINER_ID" + if [[ "$CONTAINER_NAME" == "sdnc" ]]; then + sdnc_conf + elif [[ "$CONTAINER_NAME" == "netconf-simulator" ]]; then + netconf-simulator_conf + fi +fi diff --git a/tests/sdnc/sdnc_netconf_tls_post_deploy/resources/sdnc-keywords.robot b/tests/sdnc/sdnc_netconf_tls_post_deploy/resources/sdnc-keywords.robot new file mode 100644 index 00000000..8e36e65f --- /dev/null +++ b/tests/sdnc/sdnc_netconf_tls_post_deploy/resources/sdnc-keywords.robot @@ -0,0 +1,84 @@ +*** Settings *** + +Resource ../../../common.robot +Resource ./sdnc-properties.robot + +Library Collections +Library RequestsLibrary +Library HttpLibrary.HTTP +Library ../libraries/ClientManager.py ${MOUNT_PATH} ${TRUSTSTORE_PATH} + +*** Keywords *** + +Create sessions + [Documentation] Create all required sessions + ${certs}= Create List ${CERTSERVICE_SERVER_CRT} ${CERTSERVICE_SERVER_KEY} + Create Client Cert Session alias ${AAFCERT_URL} client_certs=${certs} verify=${ROOTCA} disable_warnings=1 + Set Suite Variable ${https_valid_cert_session} alias + +Run Healthcheck + [Documentation] Run Healthcheck + ${resp}= Get Request ${https_valid_cert_session} /actuator/health + Should Be Equal As Strings ${resp.status_code} 200 + Validate Recieved Response ${resp} status UP + +Validate Recieved Response + [Documentation] Validate message that has been received + [Arguments] ${resp} ${key} ${expected_value} + ${json}= Parse Json ${resp.content} + ${value}= Get From Dictionary ${json} ${key} + Should Be Equal As Strings ${value} ${expected_value} + +Send Get Request And Validate Response + [Documentation] Send request to passed url and validate received response + [Arguments] ${path} ${resp_code} + ${resp}= Get Request ${https_valid_cert_session} ${path} + Should Be Equal As Strings ${resp.status_code} ${resp_code} + +Send Get Request And Validate Response Sdnc + [Documentation] Send request to passed url and validate received response + [Arguments] ${path} ${resp_code} + Create Session sdnc_restconf ${SDNC_RESTCONF_URL} + &{headers}= Create Dictionary Authorization=Basic YWRtaW46S3A4Yko0U1hzek0wV1hsaGFrM2VIbGNzZTJnQXc4NHZhb0dHbUp2VXkyVQ== Content-Type=application/json Accept=application/json + ${resp}= Get Request sdnc_restconf ${path} headers=${headers} + Should Be Equal As Strings ${resp.status_code} ${resp_code} + +Send Get Request And Validate TLS Connection Response + [Documentation] Send request to passed url and validate received response + [Arguments] ${path} ${resp_code} + Create Session sdnc_restconf ${SDNC_RESTCONF_URL} + ${mount}= Get File ${REQUEST_DATA_PATH}${/}mount.xml + &{headers}= Create Dictionary Authorization=Basic YWRtaW46S3A4Yko0U1hzek0wV1hsaGFrM2VIbGNzZTJnQXc4NHZhb0dHbUp2VXkyVQ== Content-Type=application/xml Accept=application/xml + ${resp}= Put Request sdnc_restconf ${path} data=${mount} headers=${headers} + Should Be Equal As Strings ${resp.status_code} 201 + Sleep 30 + &{headers1}= Create Dictionary Authorization=Basic YWRtaW46S3A4Yko0U1hzek0wV1hsaGFrM2VIbGNzZTJnQXc4NHZhb0dHbUp2VXkyVQ== Content-Type=application/json Accept=application/json + ${resp1}= Get Request sdnc_restconf ${PNFSIM_MOUNT_PATH} headers=${headers1} + Should Be Equal As Strings ${resp1.status_code} ${resp_code} + Should Contain ${resp1.content} netconf-id + Should Contain ${resp1.content} netconf-param + +Send Delete Request And Validate PNF Mount Deleted + [Documentation] Send request to passed url and validate received response + [Arguments] ${path} ${resp_code} + Create Session sdnc_restconf ${SDNC_RESTCONF_URL} + ${mount}= Get File ${REQUEST_DATA_PATH}${/}mount.xml + &{headers}= Create Dictionary Authorization=Basic YWRtaW46S3A4Yko0U1hzek0wV1hsaGFrM2VIbGNzZTJnQXc4NHZhb0dHbUp2VXkyVQ== Content-Type=application/json Accept=application/json + ${deleteresponse}= Delete Request sdnc_restconf ${path} data=${mount} headers=${headers} + Should Be Equal As Strings ${deleteresponse.status_code} ${resp_code} + Sleep 30 + ${del_topology}= Delete Request sdnc_restconf ${SDNC_NETWORK_TOPOLOGY} + ${del_keystore}= Delete Request sdnc_restconf ${SDNC_KEYSTORE_CONFIG_PATH} + Should Be Equal As Strings ${del_keystore.status_code} ${resp_code} + Should Be Equal As Strings ${del_topology.status_code} ${resp_code} + +Run Cert Service Client And Validate JKS File Creation And Client Exit Code + [Documentation] Run Cert Service Client Container And Validate Exit Code For SDNC + [Arguments] ${env_file} ${CONTAINER_NAME} ${expected_exit_code} + ${exit_code}= Run Client Container ${DOCKER_CLIENT_IMAGE} ${CLIENT_CONTAINER_NAME} ${env_file} ${CERT_SERVICE_ADDRESS}${CERT_SERVICE_ENDPOINT} ${CERT_SERVICE_NETWORK} + ${can_open}= Can Open Keystore And Truststore With Pass + ${install_certs}= Can Install Keystore And Truststore Certs ${CONF_SCRIPT} ${CONTAINER_NAME} + Remove Client Container And Save Logs ${CLIENT_CONTAINER_NAME} positive_path + Should Be Equal As Strings ${exit_code} ${expected_exit_code} Client return: ${exitcode} exit code, but expected: ${expected_exit_code} + Should Be True ${can_open} Cannot Open Keystore/TrustStore by Passphrase + Should Be True ${install_certs} Cannot Install Keystore/Truststore
\ No newline at end of file diff --git a/tests/sdnc/sdnc_netconf_tls_post_deploy/resources/sdnc-properties.robot b/tests/sdnc/sdnc_netconf_tls_post_deploy/resources/sdnc-properties.robot new file mode 100644 index 00000000..131a52f9 --- /dev/null +++ b/tests/sdnc/sdnc_netconf_tls_post_deploy/resources/sdnc-properties.robot @@ -0,0 +1,37 @@ +*** Variables *** + +# AAF CertService +${NEXUS_DOCKER_REPO} nexus3.onap.org:10001 + +${RA_CA_NAME} RA +${CERT_SERVICE_PORT} 8443 +${CERT_SERVICE_CONTAINER_NAME} aaf-cert-service +${CERT_SERVICE_NETWORK} certservice_certservice +${AAFCERT_URL} https://localhost:${CERT_SERVICE_PORT} +${CERT_SERVICE_ENDPOINT} /v1/certificate/ +${CERT_SERVICE_ADDRESS} https://${CERT_SERVICE_CONTAINER_NAME}:${CERT_SERVICE_PORT} +${ROOTCA} %{WORKSPACE}/tests/sdnc/sdnc_netconf_tls_post_deploy/certs/root.crt +${CERTSERVICE_SERVER_CRT} %{WORKSPACE}/tests/sdnc/sdnc_netconf_tls_post_deploy/certs/certServiceServer.crt +${CERTSERVICE_SERVER_KEY} %{WORKSPACE}/tests/sdnc/sdnc_netconf_tls_post_deploy/certs/certServiceServer.key + +#AAF CerService Client +${CLIENT_CONTAINER_NAME} %{CLIENT_CONTAINER_NAME} +${DOCKER_CLIENT_IMAGE} nexus3.onap.org:10001/onap/org.onap.aaf.certservice.aaf-certservice-client:latest +${TRUSTSTORE_PATH} %{WORKSPACE}/plans/sdnc/sdnc_netconf_tls_post_deploy/certs + +# SDNC Configuration +${REQUEST_DATA_PATH} %{REQUEST_DATA_PATH} +${SDNC_CONTAINER_NAME} %{SDNC_CONTAINER_NAME} +${SDNC_RESTCONF_URL} http://localhost:8282/restconf +${SDNC_KEYSTORE_CONFIG_PATH} /config/netconf-keystore:keystore +${SDNC_NETWORK_TOPOLOGY} /config/network-topology:network-topology +${MOUNT_PATH} %{WORKSPACE}/tests/sdnc/sdnc_netconf_tls_post_deploy/cert-data +${SDNC_CSR_FILE} %{WORKSPACE}/tests/sdnc/sdnc_netconf_tls_post_deploy/csr/sdnc_csr.env +${SDNC_MOUNT_PATH} /config/network-topology:network-topology/topology/topology-netconf/node/PNFDemo +${PNFSIM_MOUNT_PATH} /config/network-topology:network-topology/topology/topology-netconf/node/PNFDemo/yang-ext:mount/mynetconf:netconflist + +# Netconf-Pnp-Simulator +${NETCONF_PNP_SIM_CONTAINER_NAME} %{NETCONF_PNP_SIM_CONTAINER_NAME} +${NETCONF_PNP_SIM_CSR_FILE} %{WORKSPACE}/tests/sdnc/sdnc_netconf_tls_post_deploy/csr/netconf_pnp_simulator_csr.env +${CONF_SCRIPT} %{WORKSPACE}/tests/sdnc/sdnc_netconf_tls_post_deploy/libraries/config.sh +${CONF_TLS_SCRIPT} %{WORKSPACE}/tests/sdnc/sdnc_netconf_tls_post_deploy/libraries/config_tls.sh
\ No newline at end of file diff --git a/tests/sdnc/sdnc_netconf_tls_post_deploy/sdnc_post_deploy_cert_check.robot b/tests/sdnc/sdnc_netconf_tls_post_deploy/sdnc_post_deploy_cert_check.robot index 75283dcb..c2b35e12 100644 --- a/tests/sdnc/sdnc_netconf_tls_post_deploy/sdnc_post_deploy_cert_check.robot +++ b/tests/sdnc/sdnc_netconf_tls_post_deploy/sdnc_post_deploy_cert_check.robot @@ -1,39 +1,60 @@ *** Settings *** -Library Collections -Library RequestsLibrary -Library OperatingSystem -Library json -Library String - -*** Variables *** -${SDNC_KEYSTORE_CONFIG_PATH} /config/netconf-keystore:keystore -${SDNC_MOUNT_PATH} /config/network-topology:network-topology/topology/topology-netconf/node/netopeer2 -${PNFSIM_MOUNT_PATH} /config/network-topology:network-topology/topology/topology-netconf/node/netopeer2/yang-ext:mount/mynetconf:netconflist - - *** Test Cases *** - Test SDNC Keystore - [Documentation] Checking keystore after SDNC installation - Create Session sdnc http://localhost:8282/restconf - &{headers}= Create Dictionary Authorization=Basic YWRtaW46S3A4Yko0U1hzek0wV1hsaGFrM2VIbGNzZTJnQXc4NHZhb0dHbUp2VXkyVQ== Content-Type=application/json Accept=application/json - ${resp}= Get Request sdnc ${SDNC_KEYSTORE_CONFIG_PATH} headers=${headers} - Should Be Equal As Strings ${resp.status_code} 200 - ${keystoreContent}= Convert To String ${resp.content} - Log to console ************************* - Log to console ${resp.content} - Log to console ************************* - -# Test SDNC PNF Mount -# [Documentation] Checking PNF mount after SDNC installation -# Create Session sdnc http://localhost:8282/restconf -# ${mount}= Get File ${CURDIR}${/}data${/}mount.xml -# Log to console ${mount} -# &{headers}= Create Dictionary Authorization=Basic YWRtaW46S3A4Yko0U1hzek0wV1hsaGFrM2VIbGNzZTJnQXc4NHZhb0dHbUp2VXkyVQ== Content-Type=application/xml Accept=application/xml -# ${resp}= Put Request sdnc ${SDNC_MOUNT_PATH} data=${mount} headers=${headers} -# Should Be Equal As Strings ${resp.status_code} 201 -# Sleep 30 -# &{headers1}= Create Dictionary Authorization=Basic YWRtaW46S3A4Yko0U1hzek0wV1hsaGFrM2VIbGNzZTJnQXc4NHZhb0dHbUp2VXkyVQ== Content-Type=application/json Accept=application/json -# ${resp1}= Get Request sdnc ${PNFSIM_MOUNT_PATH} headers=${headers1} -# Should Be Equal As Strings ${resp1.status_code} 200 -# Log to console ${resp1.content} -# Should Contain ${resp1.content} netconf-id -# Should Contain ${resp1.content} netconf-param
\ No newline at end of file + +Documentation SDNC, Netconf-Pnp-Simulator E2E Test Case Scenarios + +Library RequestsLibrary +Resource ./resources/sdnc-keywords.robot + +Suite Setup Create sessions + +*** Test Cases *** + +Health Check AAF CertService + [Tags] AAF-CERT-SERVICE + [Documentation] Service is Up and Running + Run health check + +Reload AAF CertService Configuration + [Tags] AAF-CERT-SERVICE + [Documentation] Configuration is Reloaded + Send Get Request And Validate Response /reload 200 + +Check AAF CertService Container Is Ready + [Tags] AAF-CERT-SERVICE + [Documentation] Send Request to /ready Endpoint and Expect 200 + Send Get Request And Validate Response /ready 200 + +Check SDNC Keystore For Netopeer2 Certificates + [Tags] SDNC-NETOPEER2-CERT-DEPLOYMENT + [Documentation] Checking Keystore after SDNC istallation + Send Get Request And Validate Response Sdnc ${SDNC_KEYSTORE_CONFIG_PATH} 200 + +Check SDNC And PNF TLS Connection Over Netopeer2 Certificates + [Tags] SDNC-PNF-TLS-CONNECTION-CHECK + [Documentation] Checking PNF Mount after SDNC Installation + Send Get Request And Validate TLS Connection Response ${SDNC_MOUNT_PATH} 200 + +Check PNF Delete And Remove Netopeer2 Certificates From Keystore + [Tags] SDNC-PNF-MOUNT-DELETE-CLEAR-KEYSTORE + [Documentation] Checking PNF Mount Delete from SDNC + Send Delete Request And Validate PNF Mount Deleted ${SDNC_MOUNT_PATH} 200 + +Check AAF-CertService Successfully Creates Certificates for SDNC + [Tags] AAF-CERT-SERVICE-SDNC + [Documentation] Run with SDNC CSR and Expected Exit Code 0 + Run Cert Service Client And Validate JKS File Creation And Client Exit Code ${SDNC_CSR_FILE} ${SDNC_CONTAINER_NAME} 0 + +Check SDNC-ODL Certificates Installation In Keystore And Truststore + [Tags] SDNC-ODL-CERTIFICATE-KEYSTORE-VALIDATE + [Documentation] Validate Certificates Got Installed in SDNC-ODL Keystore + Send Get Request And Validate Response Sdnc ${SDNC_KEYSTORE_CONFIG_PATH} 200 + +Check AAF-CertService Successfully Creates Certificates for Netconf-Pnp-Simulator + [Tags] AAF-CERT-SERVICE-NETCONF_PNP_SIMULATOR + [Documentation] Run with NETCONF-PNP-SIMULATOR CSR and Expect Exit Code 0 + Run Cert Service Client And Validate JKS File Creation And Client Exit Code ${NETCONF_PNP_SIM_CSR_FILE} ${NETCONF_PNP_SIM_CONTAINER_NAME} 0 + +Check SDNC-ODL Netconf-Pnp-Simulatore TLS Connection Establishment + [Tags] SDNC-ODL-NETCONF-PNP_SIMULATION-TLS-CONNECTION + [Documentation] Validate SDNC-ODL and Netconf-Pnp-Simulation TLS Connection Establishment + Send Get Request And Validate TLS Connection Response ${SDNC_MOUNT_PATH} 200
\ No newline at end of file |