From 86ef3959eae52f0b15c260a0d4fd92c1b522d53f Mon Sep 17 00:00:00 2001 From: Filip Krzywka Date: Tue, 11 Sep 2018 12:09:06 +0200 Subject: Write CSIT test case for unencrypted connection Change-Id: I33be06d98b079ed16cdf3840db983dbcc768f0e7 Issue-ID: DCAEGEN2-771 Signed-off-by: Filip Krzywka --- .../testsuites/docker-compose.yml | 19 ++++++++++++ .../testcases/authorization.robot | 35 +++++++++++++++++++--- .../testcases/libraries/XnfSimulatorLibrary.py | 34 ++++++++++++++++----- .../testcases/message-routing.robot | 22 +++++++------- .../testcases/multiple-clients.robot | 4 +-- .../testcases/resources/common-keywords.robot | 30 +++++++++---------- .../authorization/xnf-valid-messages-request.json | 2 +- 7 files changed, 105 insertions(+), 41 deletions(-) (limited to 'test/csit') diff --git a/test/csit/plans/dcaegen2-collectors-hv-ves/testsuites/docker-compose.yml b/test/csit/plans/dcaegen2-collectors-hv-ves/testsuites/docker-compose.yml index 66cbde22f..1673715cb 100644 --- a/test/csit/plans/dcaegen2-collectors-hv-ves/testsuites/docker-compose.yml +++ b/test/csit/plans/dcaegen2-collectors-hv-ves/testsuites/docker-compose.yml @@ -60,6 +60,25 @@ services: networks: - ves-hv-default + unencrypted-ves-hv-collector: + image: $DOCKER_REGISTRY/onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:latest + ports: + - "7060:6060" + - "7061:6061/tcp" + entrypoint: ["java", "-Dio.netty.leakDetection.level=paranoid", "-cp", "*:", "org.onap.dcae.collectors.veshv.main.MainKt"] + command: ["--listen-port", "6061","--config-url", "http://consul:8500/v1/kv/veshv-config", "--ssl-disable"] + healthcheck: + interval: 10s + timeout: 5s + retries: 2 + test: "curl --request GET --fail --silent --show-error localhost:6060/health/ready && nc -vz localhost 6061" + depends_on: + - kafka + volumes: + - ./ssl/:/etc/ves-hv/ + networks: + - ves-hv-default + dcae-app-simulator: image: $DOCKER_REGISTRY/onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-dcae-app-simulator:latest ports: diff --git a/test/csit/tests/dcaegen2-collectors-hv-ves/testcases/authorization.robot b/test/csit/tests/dcaegen2-collectors-hv-ves/testcases/authorization.robot index 1b832f27d..15c1c4896 100644 --- a/test/csit/tests/dcaegen2-collectors-hv-ves/testcases/authorization.robot +++ b/test/csit/tests/dcaegen2-collectors-hv-ves/testcases/authorization.robot @@ -11,21 +11,47 @@ Test Teardown VES-HV Collector Test Shutdown Client Authorization Suite Setup Log Started Suite: VES-HV Client Authorization ${XNF_PORTS_LIST}= Create List 7000 - Configure Invalid xNF Simulators On Ports ${XNF_PORTS_LIST} + ${XNF_WITH_INVALID_CERTIFICATES}= Configure xNF Simulators ${XNF_PORTS_LIST} + ... should_use_valid_certs=${false} + Set Suite Variable ${XNF_WITH_INVALID_CERTIFICATES} + ${XNF_PORTS_LIST}= Create List 7001 + ${XNF_WITHOUT_SSL}= Configure xNF Simulators ${XNF_PORTS_LIST} + ... should_disable_ssl=${true} + Set Suite Variable ${XNF_WITHOUT_SSL} + ${XNF_PORTS_LIST}= Create List 7002 + ${XNF_WITHOUT_SSL_CONNECTING_TO_UNENCRYPTED_HV_VES}= Configure xNF Simulators ${XNF_PORTS_LIST} + ... should_disable_ssl=${true} + ... should_connect_to_unencrypted_hv_ves=${true} + Set Suite Variable ${XNF_WITHOUT_SSL_CONNECTING_TO_UNENCRYPTED_HV_VES} Log Suite setup finished - *** Test Cases *** Authorization [Documentation] VES-HV Collector should not authorize XNF with invalid certificate and not route any message ... to topics - ${SIMULATORS_LIST}= Get Invalid xNF Simulators 1 - Send Messages From xNF Simulators ${SIMULATORS_LIST} ${XNF_VALID_MESSAGES_REQUEST} + Send Messages From xNF Simulators ${XNF_WITH_INVALID_CERTIFICATES} ${XNF_VALID_MESSAGES_REQUEST} + + Wait until keyword succeeds 60 sec 5 sec + ... Assert Dcae App Consumed ${DCAE_APP_API_MESSAGES_COUNT_URL} ${AMOUNT_0} + +Unencrypted connection from client + [Documentation] VES-HV Collector should not authorize XNF trying to connect through unencrypted connection + + Send Messages From xNF Simulators ${XNF_WITHOUT_SSL} ${XNF_VALID_MESSAGES_REQUEST} Wait until keyword succeeds 60 sec 5 sec ... Assert Dcae App Consumed ${DCAE_APP_API_MESSAGES_COUNT_URL} ${AMOUNT_0} +Unencrypted connection on both ends + [Documentation] When run without SSL turned on, VES-HV Collector should route all valid messages + ... from xNF trying to connect through unencrypted connection + + Send Messages From xNF Simulators ${XNF_WITHOUT_SSL_CONNECTING_TO_UNENCRYPTED_HV_VES} ${XNF_VALID_MESSAGES_REQUEST} + + Wait until keyword succeeds 60 sec 5 sec + ... Assert Dcae App Consumed ${DCAE_APP_API_MESSAGES_COUNT_URL} ${AMOUNT_5000} + *** Variables *** ${VES_HV_SCENARIOS} %{WORKSPACE}/test/csit/tests/dcaegen2-collectors-hv-ves/testcases/resources/scenarios @@ -33,3 +59,4 @@ ${VES_HV_SCENARIOS} %{WORKSPACE}/test/csit/tests/dcae ${XNF_VALID_MESSAGES_REQUEST} ${VES_HV_SCENARIOS}/authorization/xnf-valid-messages-request.json ${AMOUNT_0} 0 +${AMOUNT_5000} 5000 diff --git a/test/csit/tests/dcaegen2-collectors-hv-ves/testcases/libraries/XnfSimulatorLibrary.py b/test/csit/tests/dcaegen2-collectors-hv-ves/testcases/libraries/XnfSimulatorLibrary.py index 50f66cbbb..26d5a91c2 100644 --- a/test/csit/tests/dcaegen2-collectors-hv-ves/testcases/libraries/XnfSimulatorLibrary.py +++ b/test/csit/tests/dcaegen2-collectors-hv-ves/testcases/libraries/XnfSimulatorLibrary.py @@ -1,4 +1,3 @@ -from VesHvContainersUtilsLibrary import copy_to_container import HttpRequests import os import docker @@ -16,14 +15,21 @@ ONE_SECOND_IN_NANOS = 10 ** 9 class XnfSimulatorLibrary: - def start_xnf_simulators(self, list_of_ports, should_use_valid_certs=True): + def start_xnf_simulators(self, list_of_ports, + should_use_valid_certs=True, + should_disable_ssl=False, + should_connect_to_unencrypted_hv_ves=False): logger.info("Creating " + str(len(list_of_ports)) + " xNF Simulator containers") dockerClient = docker.from_env() self.pullImageIfAbsent(dockerClient) logger.info("Using image: " + SIMULATOR_IMAGE_FULL_NAME) - simulators_addresses = self.create_containers(dockerClient, list_of_ports, should_use_valid_certs) + simulators_addresses = self.create_containers(dockerClient, + list_of_ports, + should_use_valid_certs, + should_disable_ssl, + should_connect_to_unencrypted_hv_ves) self.assert_containers_startup_was_successful(dockerClient) dockerClient.close() @@ -37,10 +43,15 @@ class XnfSimulatorLibrary: "This can take a while.") dockerClient.images.pull(SIMULATOR_IMAGE_FULL_NAME) - def create_containers(self, dockerClient, list_of_ports, should_use_valid_certs): + def create_containers(self, + dockerClient, + list_of_ports, + should_use_valid_certs, + should_disable_ssl, + should_connect_to_unencrypted_hv_ves): simulators_addresses = [] for port in list_of_ports: - xnf = XnfSimulator(port, should_use_valid_certs) + xnf = XnfSimulator(port, should_use_valid_certs, should_disable_ssl, should_connect_to_unencrypted_hv_ves) container = self.run_simulator(dockerClient, xnf) logger.info("Started container: " + container.name + " " + container.id) simulators_addresses.append(container.name + ":" + xnf.port) @@ -111,21 +122,30 @@ class XnfSimulatorLibrary: class XnfSimulator: container_name_prefix = "ves-hv-collector-xnf-simulator" - def __init__(self, port, should_use_valid_certs): + def __init__(self, + port, + should_use_valid_certs, + should_disable_ssl, + should_connect_to_unencrypted_hv_ves): self.port = port cert_name_prefix = "" if should_use_valid_certs else "invalid_" certificates_path_with_file_prefix = collector_certs_lookup_dir + cert_name_prefix self.cert_path = certificates_path_with_file_prefix + "client.crt" self.key_path = certificates_path_with_file_prefix + "client.key" self.trust_cert_path = certificates_path_with_file_prefix + "trust.crt" + self.disable_ssl = should_disable_ssl + self.hv_collector_host = "unencrypted-ves-hv-collector" \ + if should_connect_to_unencrypted_hv_ves else "ves-hv-collector" def get_startup_command(self): startup_command = ["--listen-port", self.port, - "--ves-host", "ves-hv-collector", + "--ves-host", self.hv_collector_host, "--ves-port", "6061", "--cert-file", self.cert_path, "--private-key-file", self.key_path, "--trust-cert-file", self.trust_cert_path] + if (self.disable_ssl): + startup_command.append("--ssl-disable") return startup_command def get_healthcheck_command(self): diff --git a/test/csit/tests/dcaegen2-collectors-hv-ves/testcases/message-routing.robot b/test/csit/tests/dcaegen2-collectors-hv-ves/testcases/message-routing.robot index 6153afa0a..89208e456 100644 --- a/test/csit/tests/dcaegen2-collectors-hv-ves/testcases/message-routing.robot +++ b/test/csit/tests/dcaegen2-collectors-hv-ves/testcases/message-routing.robot @@ -14,7 +14,7 @@ Test Teardown VES-HV Collector Test Shutdown Message Routing Suite Setup Log Started Suite: VES-HV Message Routing ${XNF_PORTS_LIST}= Create List 7000 - Configure Valid xNF Simulators On Ports ${XNF_PORTS_LIST} + Configure xNF Simulators Using Valid Certificates On Ports ${XNF_PORTS_LIST} Log Suite setup finished *** Test Cases *** @@ -22,8 +22,8 @@ Correct Messages Routing [Documentation] VES-HV Collector should route all valid messages to topics specified in configuration ... and do not change message payload generated in XNF simulator - ${SIMULATORS_LIST}= Get Valid xNF Simulators 1 - Send Messages From xNF Simulators ${SIMULATORS_LIST} ${XNF_FIXED_PAYLOAD_REQUEST} + ${XNF_SIMULATOR}= Get xNF Simulators Using Valid Certificates + Send Messages From xNF Simulators ${XNF_SIMULATOR} ${XNF_FIXED_PAYLOAD_REQUEST} Wait until keyword succeeds 60 sec 5 sec ... Assert Dcae App Consumed ${DCAE_APP_API_MESSAGES_COUNT_URL} ${AMOUNT_25000} @@ -33,8 +33,8 @@ Correct Messages Routing Too big payload message handling [Documentation] VES-HV Collector should interrupt the stream when encountered message with too big payload - ${SIMULATORS_LIST}= Get Valid xNF Simulators 1 - Send Messages From xNF Simulators ${SIMULATORS_LIST} ${XNF_TOO_BIG_PAYLOAD_REQUEST} + ${XNF_SIMULATOR}= Get xNF Simulators Using Valid Certificates + Send Messages From xNF Simulators ${XNF_SIMULATOR} ${XNF_TOO_BIG_PAYLOAD_REQUEST} Wait until keyword succeeds 60 sec 5 sec ... Assert Dcae App Consumed Less Equal Than ${DCAE_APP_API_MESSAGES_COUNT_URL} ${AMOUNT_25000} @@ -43,8 +43,8 @@ Too big payload message handling Invalid wire frame message handling [Documentation] VES-HV Collector should skip messages with invalid wire frame - ${SIMULATORS_LIST}= Get Valid xNF Simulators 1 - Send Messages From xNF Simulators ${SIMULATORS_LIST} ${XNF_INVALID_WIRE_FRAME_REQUEST} + ${XNF_SIMULATOR}= Get xNF Simulators Using Valid Certificates + Send Messages From xNF Simulators ${XNF_SIMULATOR} ${XNF_INVALID_WIRE_FRAME_REQUEST} Wait until keyword succeeds 60 sec 5 sec ... Assert Dcae App Consumed ${DCAE_APP_API_MESSAGES_COUNT_URL} ${AMOUNT_50000} @@ -54,8 +54,8 @@ Invalid wire frame message handling Invalid GPB data message handling [Documentation] VES-HV Collector should skip messages with invalid GPB data - ${SIMULATORS_LIST}= Get Valid xNF Simulators 1 - Send Messages From xNF Simulators ${SIMULATORS_LIST} ${XNF_INVALID_GPB_DATA_REQUEST} + ${XNF_SIMULATOR}= Get xNF Simulators Using Valid Certificates + Send Messages From xNF Simulators ${XNF_SIMULATOR} ${XNF_INVALID_GPB_DATA_REQUEST} Wait until keyword succeeds 60 sec 5 sec ... Assert Dcae App Consumed ${DCAE_APP_API_MESSAGES_COUNT_URL} ${AMOUNT_50000} @@ -65,8 +65,8 @@ Invalid GPB data message handling Unsupported domain message handling [Documentation] VES-HV Collector should skip messages with unsupported domain - ${SIMULATORS_LIST}= Get Valid xNF Simulators 1 - Send Messages From xNF Simulators ${SIMULATORS_LIST} ${XNF_UNSUPPORTED_DOMAIN_REQUEST} + ${XNF_SIMULATOR}= Get xNF Simulators Using Valid Certificates + Send Messages From xNF Simulators ${XNF_SIMULATOR} ${XNF_UNSUPPORTED_DOMAIN_REQUEST} Wait until keyword succeeds 60 sec 5 sec ... Assert Dcae App Consumed ${DCAE_APP_API_MESSAGES_COUNT_URL} ${AMOUNT_50000} diff --git a/test/csit/tests/dcaegen2-collectors-hv-ves/testcases/multiple-clients.robot b/test/csit/tests/dcaegen2-collectors-hv-ves/testcases/multiple-clients.robot index 862a2bc6a..9b1982a6b 100644 --- a/test/csit/tests/dcaegen2-collectors-hv-ves/testcases/multiple-clients.robot +++ b/test/csit/tests/dcaegen2-collectors-hv-ves/testcases/multiple-clients.robot @@ -11,14 +11,14 @@ Test Teardown VES-HV Collector Test Shutdown Multiple Clients Handling Suite Setup Log Started Suite: VES-HV Multiple Clients Handling ${XNF_PORTS_LIST}= Create List 7000 7001 7002 - Configure Valid xNF Simulators On Ports ${XNF_PORTS_LIST} + Configure xNF Simulators Using Valid Certificates On Ports ${XNF_PORTS_LIST} Log Suite setup finished *** Test Cases *** Handle Multiple Connections [Documentation] VES-HV Collector should handle multiple incoming transmissions - ${SIMULATORS_LIST}= Get Valid xNF Simulators 3 + ${SIMULATORS_LIST}= Get xNF Simulators Using Valid Certificates 3 Send Messages From xNF Simulators ${SIMULATORS_LIST} ${XNF_SMALLER_PAYLOAD_REQUEST} Wait until keyword succeeds 60 sec 5 sec diff --git a/test/csit/tests/dcaegen2-collectors-hv-ves/testcases/resources/common-keywords.robot b/test/csit/tests/dcaegen2-collectors-hv-ves/testcases/resources/common-keywords.robot index bc03de232..58f5cbc16 100644 --- a/test/csit/tests/dcaegen2-collectors-hv-ves/testcases/resources/common-keywords.robot +++ b/test/csit/tests/dcaegen2-collectors-hv-ves/testcases/resources/common-keywords.robot @@ -4,30 +4,28 @@ Library VesHvContainersUtilsLibrary Library Collections *** Keywords *** -Configure Valid xNF Simulators On Ports +Configure xNF Simulators Using Valid Certificates On Ports [Arguments] ${XNF_PORTS_LIST} - ${VALID_XNF_SIMULATORS_ADDRESSES}= Start Xnf Simulators ${XNF_PORTS_LIST} ${true} + ${VALID_XNF_SIMULATORS_ADDRESSES}= Configure xNF Simulators ${XNF_PORTS_LIST} Set Suite Variable ${VALID_XNF_SIMULATORS_ADDRESSES} - -Configure Invalid xNF Simulators On Ports +Configure xNF Simulators [Arguments] ${XNF_PORTS_LIST} - ${INVALID_XNF_SIMULATORS_ADDRESSES}= Start Xnf Simulators ${XNF_PORTS_LIST} ${false} - Set Suite Variable ${INVALID_XNF_SIMULATORS_ADDRESSES} - - -Get Valid xNF Simulators - [Arguments] ${AMOUNT} + ... ${should_use_valid_certs}=${true} + ... ${should_disable_ssl}=${false} + ... ${should_connect_to_unencrypted_hv_ves}=${false} + ${XNF_SIMULATORS_ADDRESSES}= Start Xnf Simulators ${XNF_PORTS_LIST} + ... ${should_use_valid_certs} + ... ${should_disable_ssl} + ... ${should_connect_to_unencrypted_hv_ves} + [Return] ${XNF_SIMULATORS_ADDRESSES} + +Get xNF Simulators Using Valid Certificates + [Arguments] ${AMOUNT}=1 ${SIMULATORS}= Get Slice From List ${VALID_XNF_SIMULATORS_ADDRESSES} 0 ${AMOUNT} [Return] ${SIMULATORS} -Get Invalid xNF Simulators - [Arguments] ${AMOUNT} - ${SIMULATORS}= Get Slice From List ${INVALID_XNF_SIMULATORS_ADDRESSES} 0 ${AMOUNT} - [Return] ${SIMULATORS} - - Send Messages From xNF Simulators [Arguments] ${XNF_HOSTS_LIST} ${MESSAGE_FILEPATH} :FOR ${HOST} IN @{XNF_HOSTS_LIST} diff --git a/test/csit/tests/dcaegen2-collectors-hv-ves/testcases/resources/scenarios/authorization/xnf-valid-messages-request.json b/test/csit/tests/dcaegen2-collectors-hv-ves/testcases/resources/scenarios/authorization/xnf-valid-messages-request.json index c71793d7d..75d938766 100644 --- a/test/csit/tests/dcaegen2-collectors-hv-ves/testcases/resources/scenarios/authorization/xnf-valid-messages-request.json +++ b/test/csit/tests/dcaegen2-collectors-hv-ves/testcases/resources/scenarios/authorization/xnf-valid-messages-request.json @@ -18,6 +18,6 @@ "sourceName": "sample-source-name" }, "messageType": "VALID", - "messagesAmount": 500000 + "messagesAmount": 5000 } ] \ No newline at end of file -- cgit 1.2.3-korg