From fd6c8fafba3be7a137787a01d6661d943c19c2c0 Mon Sep 17 00:00:00 2001 From: Aleksandra Maciaga Date: Wed, 6 Nov 2019 15:14:11 +0100 Subject: Remove certOnly and basicAuth from authentication methods CSIT VES Issue-ID: DCAEGEN2-1776 Signed-off-by: Aleksandra Maciaga Change-Id: I7e087f70d3458e8477b5cb35132b526bddbb7df2 --- tests/dcaegen2/testcases/resources/DMaaP.py | 24 +------- tests/dcaegen2/testcases/resources/DcaeLibrary.py | 7 +-- .../testcases/resources/collector.properties | 65 ++++++++++------------ .../testcases/resources/dcae_keywords.robot | 60 +++++++++++++++----- .../testcases/resources/dcae_properties.robot | 6 ++ .../testcases/resources/vesc_enable_https_auth.sh | 10 ++-- 6 files changed, 91 insertions(+), 81 deletions(-) (limited to 'tests/dcaegen2/testcases/resources') diff --git a/tests/dcaegen2/testcases/resources/DMaaP.py b/tests/dcaegen2/testcases/resources/DMaaP.py index 092b6081..779397e4 100644 --- a/tests/dcaegen2/testcases/resources/DMaaP.py +++ b/tests/dcaegen2/testcases/resources/DMaaP.py @@ -17,8 +17,6 @@ import jsonschema import json import DcaeVariables import SimpleHTTPServer -from robot.api import logger - try: from cStringIO import StringIO @@ -42,10 +40,6 @@ def enque_event(evt): if DcaeVariables.VESEventQ is not None: try: DcaeVariables.VESEventQ.put(evt) - if DcaeVariables.IsRobotRun: - logger.console("DMaaP Event enqued - size=" + str(len(evt))) - else: - print ("DMaaP Event enqueued - size=" + str(len(evt))) return True except Exception as e: print (str(e)) @@ -55,18 +49,14 @@ def enque_event(evt): def deque_event(wait_sec=25): if DcaeVariables.IsRobotRun: - logger.console("Enter DequeEvent") + pass try: evt = DcaeVariables.VESEventQ.get(True, wait_sec) - if DcaeVariables.IsRobotRun: - logger.console("DMaaP Event dequeued - size=" + str(len(evt))) - else: - print("DMaaP Event dequeued - size=" + str(len(evt))) return evt except Exception as e: if DcaeVariables.IsRobotRun: - logger.console(str(e)) - logger.console("DMaaP Event dequeue timeout") + pass + else: print("DMaaP Event dequeue timeout") return None @@ -79,7 +69,6 @@ class DMaaPHandler(BaseHTTPServer.BaseHTTPRequestHandler): return def do_POST(self): - resp_code = 0 # Parse the form data posted ''' @@ -120,12 +109,6 @@ class DMaaPHandler(BaseHTTPServer.BaseHTTPRequestHandler): content_len = int(self.headers.getheader('content-length', 0)) post_body = self.rfile.read(content_len) - if DcaeVariables.IsRobotRun: - logger.console("\n" + "DMaaP Receive Event:\n" + post_body) - else: - print("\n" + "DMaaP Receive Event:") - print (post_body) - indx = post_body.index("{") if indx != 0: post_body = post_body[indx:] @@ -168,7 +151,6 @@ class DMaaPHandler(BaseHTTPServer.BaseHTTPRequestHandler): self.send_response(200) self.send_header('Content-Type', 'application/json') self.end_headers() - # self.wfile.write("{'responses' : {'200' : {'description' : 'Success'}}}") self.wfile.write("{'count': 1, 'serverTimeMs': 3}") self.wfile.close() else: diff --git a/tests/dcaegen2/testcases/resources/DcaeLibrary.py b/tests/dcaegen2/testcases/resources/DcaeLibrary.py index d4188e30..6b96826c 100644 --- a/tests/dcaegen2/testcases/resources/DcaeLibrary.py +++ b/tests/dcaegen2/testcases/resources/DcaeLibrary.py @@ -64,7 +64,7 @@ class DcaeLibrary(object): return "false" @staticmethod - def enable_vesc_https_auth(): + def enable_vesc_with_certBasicAuth(): global client if 'Windows' in platform.system(): try: @@ -85,14 +85,13 @@ class DcaeLibrary(object): logger.console("Running script: " + script2run) subprocess.call(script2run) time.sleep(5) - return - + return + @staticmethod def dmaap_message_receive(evtobj, action='contain'): evt_str = DMaaP.deque_event() while evt_str != None: - logger.console("DMaaP receive VES Event:\n" + evt_str) if action == 'contain': if evtobj in evt_str: logger.info("DMaaP Receive Expected Publish Event:\n" + evt_str) diff --git a/tests/dcaegen2/testcases/resources/collector.properties b/tests/dcaegen2/testcases/resources/collector.properties index 1c5c8411..c555e485 100755 --- a/tests/dcaegen2/testcases/resources/collector.properties +++ b/tests/dcaegen2/testcases/resources/collector.properties @@ -11,64 +11,55 @@ ## Normally: ## ## - 8080 is http service -## - https is disabled by default (-1) +## - https is disabled by default ## ## - At this time, the server always binds to 0.0.0.0 ## -## The default port when header.authflag is disabled (0) -#collector.service.port=8080 +## +collector.service.port=8080 -## The secure port is required if header.authflag is set to 1 (true) ## Authentication is only supported via secure port ## When enabled - require valid keystore defined collector.service.secure.port=8443 +# auth.method flags: +# +# noAuth - default option - no security (http) +# certOnly - auth by certificate (https) +# basicAuth - auth by basic auth username and password (https) +# certBasicAuth - auth by certificate and basic auth username / password (https) +auth.method=certBasicAuth + +## Combination of userid,hashPassword encoded pwd list to be supported +## userid and pwd comma separated; pipe delimitation between each pair +## Password is generated by crypt-password library using BCrypt algorithm stored in dcaegen2/sdk package +## or https://nexus.onap.org/#nexus-search;quick~crypt-password +header.authlist=sample1,$2a$10$0buh.2WeYwN868YMwnNNEuNEAMNYVU9.FSMJGyIKV3dGET/7oGOi6 + ## The keystore must be setup per installation when secure port is configured -collector.keystore.file.location=../etc/keystore -collector.keystore.passwordfile=./etc/passwordfile -collector.keystore.alias=tomcat +collector.keystore.file.location=etc/keystore +collector.keystore.passwordfile=etc/passwordfile +collector.cert.subject.matcher=etc/certSubjectMatcher.properties -############################################################################### -## Processing -## -## If there's a problem that prevents the collector from processing alarms, -## it's normally better to apply back pressure to the caller than to try to -## buffer beyond a reasonable size limit. With a limit, the server won't crash -## due to being out of memory, and the caller will get a 5xx reply saying the -## server is in trouble. -collector.inputQueue.maxPending=8096 +## The truststore must be setup per installation when mutual tls support is configured +collector.truststore.file.location=etc/truststore +collector.truststore.passwordfile=etc/trustpasswordfile ## Schema Validation checkflag ## default no validation checkflag (-1) ## If enabled (1) - schemafile location must be specified collector.schema.checkflag=1 -collector.schema.file={\"v1\":\"./etc/CommonEventFormat_27.2.json\",\"v2\":\"./etc/CommonEventFormat_27.2.json\",\"v3\":\"./etc/CommonEventFormat_27.2.json\",\"v4\":\"./etc/CommonEventFormat_27.2.json\",\"v5\":\"./etc/CommonEventFormat_28.3.json\"} +collector.schema.file={\"v1\":\"./etc/CommonEventFormat_27.2.json\",\"v2\":\"./etc/CommonEventFormat_27.2.json\",\"v3\":\"./etc/CommonEventFormat_27.2.json\",\"v4\":\"./etc/CommonEventFormat_27.2.json\",\"v5\":\"./etc/CommonEventFormat_28.4.1.json\",\"v7\":\"./etc/CommonEventFormat_30.0.1.json\"} -## List all streamid per domain to be supported. The streamid should match to channel name on dmaapfile -collector.dmaap.streamid=fault=sec_fault|syslog=sec_syslog|heartbeat=sec_heartbeat|measurementsForVfScaling=sec_measurement|mobileFlow=sec_mobileflow|other=sec_other|stateChange=sec_statechange|thresholdCrossingAlert=sec_thresholdCrossingAlert|voiceQuality=ves_voicequality|sipSignaling=ves_sipsignaling +## List all streamid per domain to be supported. The streamid should match to channel name on dmaapfile +collector.dmaap.streamid=fault=ves-fault|syslog=ves-syslog|heartbeat=ves-heartbeat|measurementsForVfScaling=ves-measurement|mobileFlow=ves-mobileflow|other=ves-other|stateChange=ves-statechange|thresholdCrossingAlert=ves-thresholdCrossingAlert|voiceQuality=ves-voicequality|sipSignaling=ves-sipsignaling|notification=ves-notification|pnfRegistration=ves-pnfRegistration collector.dmaapfile=./etc/DmaapConfig.json -## Custom ExceptionConfiguration -exceptionConfig=./etc/ExceptionConfig.json - -## authflag control authentication by the collector -## If enabled (1) - then authlist has to be defined -## When authflag is enabled, only secure port will be supported -## To disable enter 0 -header.authflag=1 -## Combination of userid,base64 encoded pwd list to be supported -## userid and pwd comma separated; pipe delimitation between each pair -header.authlist=sample1,c2FtcGxlMQ==|vdnsagg,dmRuc2FnZw== - ## Event transformation Flag - when set expects configurable transformation ## defined under ./etc/eventTransform.json ## Enabled by default; to disable set to 0 event.transform.flag=0 -############################################################################### -## -## Tomcat control -## -#tomcat.maxthreads=(tomcat default, which is usually 200) - +# Describes at what frequency (measured in minutes) should application try to fetch config from CBS +collector.dynamic.config.update.frequency=5 diff --git a/tests/dcaegen2/testcases/resources/dcae_keywords.robot b/tests/dcaegen2/testcases/resources/dcae_keywords.robot index 013f6f03..c4cdbb9c 100644 --- a/tests/dcaegen2/testcases/resources/dcae_keywords.robot +++ b/tests/dcaegen2/testcases/resources/dcae_keywords.robot @@ -1,7 +1,7 @@ *** Settings *** Documentation The main interface for interacting with DCAE. It handles low level stuff like managing the http request library and DCAE required fields Library RequestsLibrary -Library DcaeLibrary +Library DcaeLibrary Library OperatingSystem Library Collections Variables ../resources/DcaeVariables.py @@ -10,6 +10,7 @@ Resource ../resources/dcae_properties.robot *** Variables *** ${DCAE_HEALTH_CHECK_BODY} %{WORKSPACE}/tests/dcae/testcases/assets/json_events/dcae_healthcheck.json + *** Keywords *** Create sessions [Documentation] Create all required sessions @@ -18,6 +19,17 @@ Create sessions ${auth}= Create List ${VESC_HTTPS_USER} ${VESC_HTTPS_PD} Create Session dcae_vesc_url_https ${VESC_URL_HTTPS} auth=${auth} disable_warnings=1 Set Suite Variable ${suite_dcae_vesc_url_https_session} dcae_vesc_url_https + ${wrong_auth}= Create List ${VESC_HTTPS_WRONG_USER} ${VESC_HTTPS_WRONG_PD} + Create Session dcae_vesc_url_https_wrong_auth ${VESC_URL_HTTPS} auth=${wrong_auth} disable_warnings=1 + Set Suite Variable ${suite_dcae_vesc_url_https_wrong_auth_session} dcae_vesc_url_https_wrong_auth + ${certs}= Create List ${VESC_ROOTCA_CERT} ${VESC_ROOTCA_KEY} + Create Client Cert Session dcae_vesc_url_https_cert ${VESC_URL_HTTPS} client_certs=${certs} disable_warnings=1 + Set Suite Variable ${suite_dcae_vesc_url_https_cert_session} dcae_vesc_url_https_cert + ${wrong_certs}= Create List ${VESC_WRONG_CERT} ${VESC_WRONG_KEY} + Create Client Cert Session dcae_vesc_url_https_wrong_cert ${VESC_URL_HTTPS} client_certs=${wrong_certs} disable_warnings=1 verify=${False} + Set Suite Variable ${suite_dcae_vesc_url_https_wrong_cert_session} dcae_vesc_url_https_wrong_cert + Create Session dcae_vesc_url_https_wo_auth ${VESC_URL_HTTPS} disable_warnings=1 + Set Suite Variable ${suite_dcae_vesc_url_https_wo_auth_session} dcae_vesc_url_https_wo_auth Create header ${headers}= Create Dictionary Content-Type=application/json @@ -33,8 +45,8 @@ Get DCAE Nodes Log Received response from dcae consul: ${resp.json()} Should Be Equal As Strings ${resp.status_code} 200 ${NodeList}= Get Json Value List ${resp.text} Node - ${NodeListLength}= Get Length ${NodeList} - ${len}= Get Length ${NodeList} + ${NodeListLength}= Get Length ${NodeList} + ${len}= Get Length ${NodeList} Should Not Be Equal As Integers ${len} 0 [Return] ${NodeList} @@ -56,7 +68,7 @@ DCAE Node Health Check DCAE Check Health Status [Arguments] ${NodeName} ${ItemStatus} ${CheckType} - Should Be Equal As Strings ${ItemStatus} passing + Should Be Equal As Strings ${ItemStatus} passing Log Node: ${NodeName} ${CheckType} check pass ok VES Collector Suite Setup DMaaP @@ -76,11 +88,11 @@ Check DCAE Results @{headers}= Get From Dictionary ${json['returns']} columns # Retrieve column names from headers ${columns}= Create List - :for ${header} in @{headers} + :for ${header} IN @{headers} \ ${colName}= Get From Dictionary ${header} colName \ Append To List ${columns} ${colName} # Process each row making sure status=GREEN - :for ${row} in @{rows} + :for ${row} IN @{rows} \ ${cells}= Get From Dictionary ${row} cells \ ${dict}= Make A Dictionary ${cells} ${columns} \ Dictionary Should Contain Item ${dict} healthTestStatus GREEN @@ -91,15 +103,15 @@ Make A Dictionary ${dict}= Create Dictionary ${collength}= Get Length ${columns} ${namelength}= Get Length ${names} - :for ${index} in range 0 ${collength} + :for ${index} IN RANGE 0 ${collength} \ ${name}= Evaluate ${names}[${index}] \ ${valued}= Evaluate ${columns}[${index}] \ ${value}= Get From Dictionary ${valued} ${valueName} - \ Set To Dictionary ${dict} ${name} ${value} + \ Set To Dictionary ${dict} ${name} ${value} [Return] ${dict} Json String To Dictionary - [Arguments] ${json_string} + [Arguments] ${json_string} ${json_dict}= evaluate json.loads('''${json_string}''') json [Return] ${json_dict} @@ -110,7 +122,7 @@ Dictionary To Json String Get DCAE Service Component Status [Documentation] Get the status of a DCAE Service Component - [Arguments] ${url} ${urlpath} ${usr} ${passwd} + [Arguments] ${url} ${urlpath} ${usr} ${passwd} ${auth}= Create List ${usr} ${passwd} ${session}= Create Session dcae-service-component ${url} auth=${auth} ${resp}= Get Request dcae-service-component ${urlpath} @@ -120,26 +132,46 @@ Publish Event To VES Collector No Auth [Documentation] Send an event to VES Collector [Arguments] ${evtpath} ${evtdata} ${resp}= Post Request ${suite_dcae_vesc_url_session} ${evtpath} data=${evtdata} headers=${suite_headers} - #Log Received response from dcae ${resp.json()} [Return] ${resp} Publish Event To VES Collector [Documentation] Send an event to VES Collector [Arguments] ${evtpath} ${evtdata} ${resp}= Post Request ${suite_dcae_vesc_url_https_session} ${evtpath} data=${evtdata} headers=${suite_headers} - #Log Received response from dcae ${resp.json()} [Return] ${resp} Publish Event To VES Collector With Put Method [Documentation] Send an event to VES Collector [Arguments] ${evtpath} ${evtdata} ${resp}= Put Request ${suite_dcae_vesc_url_https_session} ${evtpath} data=${evtdata} headers=${suite_headers} - #Log Received response from dcae ${resp.json()} [Return] ${resp} Publish Event To VES Collector With Put Method No Auth [Documentation] Send an event to VES Collector [Arguments] ${evtpath} ${evtdata} ${resp}= Put Request ${suite_dcae_vesc_url_session} ${evtpath} data=${evtdata} headers=${suite_headers} - #Log Received response from dcae ${resp.json()} [Return] ${resp} + +Publish Event To VES Collector With Wrong Auth + [Documentation] Send an event to VES Collector by session with wrong auth + [Arguments] ${evtpath} ${evtdata} + ${resp}= Post Request ${suite_dcae_vesc_url_https_wrong_auth_session} ${evtpath} data=${evtdata} headers=${suite_headers} + [Return] ${resp} + +Publish Event To VES Collector With Cert + [Documentation] Send an event to VES Collector by session with certs + [Arguments] ${evtpath} ${evtdata} + ${resp}= Post Request ${suite_dcae_vesc_url_https_cert_session} ${evtpath} data=${evtdata} headers=${suite_headers} + [Return] ${resp} + +Publish Event To VES Collector With Wrong Cert + [Documentation] Send an event to VES Collector by session with wrong certs + [Arguments] ${evtpath} ${evtdata} + ${resp}= Post Request ${suite_dcae_vesc_url_https_wrong_cert_session} ${evtpath} data=${evtdata} headers=${suite_headers} + [Return] ${resp} + +Publish Event To VES Collector Without Auth And Cert + [Documentation] Send an event to VES Collector by session without Auth and Cert + [Arguments] ${evtpath} ${evtdata} + ${resp}= Post Request ${suite_dcae_vesc_url_https_wo_auth_session} ${evtpath} data=${evtdata} headers=${suite_headers} + [Return] ${resp} diff --git a/tests/dcaegen2/testcases/resources/dcae_properties.robot b/tests/dcaegen2/testcases/resources/dcae_properties.robot index 135ff263..7505fab4 100644 --- a/tests/dcaegen2/testcases/resources/dcae_properties.robot +++ b/tests/dcaegen2/testcases/resources/dcae_properties.robot @@ -12,3 +12,9 @@ ${GLOBAL_DCAE_USERNAME} console ${GLOBAL_DCAE_PASSWORD} ZjJkYjllMjljMTI2M2Iz ${VESC_HTTPS_USER} sample1 ${VESC_HTTPS_PD} sample1 +${VESC_HTTPS_WRONG_PD} sample +${VESC_HTTPS_WRONG_USER} sample +${VESC_ROOTCA_CERT} %{WORKSPACE}/tests/dcaegen2/testcases/assets/certs/rootCA.crt +${VESC_ROOTCA_KEY} %{WORKSPACE}/tests/dcaegen2/testcases/assets/certs/rootCAdec.key +${VESC_WRONG_CERT} %{WORKSPACE}/tests/dcaegen2/testcases/assets/certs/wrong.crt +${VESC_WRONG_KEY} %{WORKSPACE}/tests/dcaegen2/testcases/assets/certs/wrong.key \ No newline at end of file diff --git a/tests/dcaegen2/testcases/resources/vesc_enable_https_auth.sh b/tests/dcaegen2/testcases/resources/vesc_enable_https_auth.sh index 0755f077..29700bc5 100755 --- a/tests/dcaegen2/testcases/resources/vesc_enable_https_auth.sh +++ b/tests/dcaegen2/testcases/resources/vesc_enable_https_auth.sh @@ -14,10 +14,10 @@ # See the License for the specific language governing permissions and # limitations under the License. -docker exec -it vesc /opt/app/VESCollector/bin/VESrestfulCollector.sh stop -sleep 2 +docker exec vesc /opt/app/VESCollector/bin/appController.sh stop +sleep 2 docker cp ${WORKSPACE}/tests/dcaegen2/testcases/resources/collector.properties vesc:/opt/app/VESCollector/etc -sleep 10 -docker exec -id vesc /opt/app/VESCollector/bin/VESrestfulCollector.sh start +sleep 10 +docker exec vesc /opt/app/VESCollector/bin/appController.sh start sleep 5 -echo "VES Collector Restarted" +echo "VES Collector Restarted with certBasicAuth" -- cgit 1.2.3-korg