Create hvves-ci to include setup step

hvves setup (certificate creation and propagation) is needed priori to run
hvves.

Issue-ID: INT-1594

Signed-off-by: mrichomme <morgan.richomme@orange.com>
Change-Id: I4ecd1522dce36cb46b09e290d1ac0ea065c828b4
Signed-off-by: mrichomme <morgan.richomme@orange.com>

2 files changed, 87 insertions, 0 deletions

diff --git a/robot/testsuites/hvves-ci.robot b/robot/testsuites/hvves-ci.robot
new file mode 100644
index 00000000..74423fe0
--- /dev/null
+++ b/robot/testsuites/hvves-ci.robot
@@ -0,0 +1,24 @@
+*** Settings ***
+Documentation   HV-VES 'Sunny Scenario' Robot Framework test - message is sent to the collector and Kafka topic is checked if the message has been published. Content is decoded and checked.
+Default Tags    hvves   ete
+Test Timeout    1m
+Resource    ../resources/global_properties.robot
+Resource    ../resources/dcae/hvves.robot
+Library    OperatingSystem
+Library    ONAPLibrary.Protobuf
+
+*** Variable ***
+${HVVES_KAFKA_TOPIC}    HV_VES_PERF3GPP
+${HVVES_KAFKA_TOPIC_SSL}    HV_VES_PERF3GPP_SSL
+
+*** Test Cases ***
+HV-VES SSL test case
+    [Setup] Run Process /app/setup-hvves.sh  shell=yes   --option  argument
+    Mode    ${HVVES_CONFIG_SSL}
+    Send Message Over Ssl    ${GLOBAL_DCAE_HVVES_SERVER_NAME}    ${GLOBAL_DCAE_HVVES_SERVER_PORT}
+    Wait Until Keyword Succeeds    10s    2s    Check If Topic Exists    ${GLOBAL_DMAAP_MESSAGE_ROUTER_SERVER_NAME}    ${GLOBAL_DMAAP_MESSAGE_ROUTER_SERVER_PORT}    ${HVVES_KAFKA_TOPIC_SSL}
+    Check Message Router Api    ${GLOBAL_DMAAP_MESSAGE_ROUTER_SERVER_NAME}    ${GLOBAL_DMAAP_MESSAGE_ROUTER_SERVER_PORT}    ${HVVES_KAFKA_TOPIC_SSL}
+    ${msg}=    Decode Last Message From Topic    ${GLOBAL_DMAAP_KAFKA_SERVER_NAME}    ${GLOBAL_DMAAP_KAFKA_SERVER_PORT}    ${HVVES_KAFKA_TOPIC_SSL}    ${GLOBAL_DMAAP_KAFKA_JAAS_USERNAME}    ${GLOBAL_DMAAP_KAFKA_JAAS_PASSWORD}
+    ${results}=    Compare File To Message    ${EXECDIR}/robot/assets/dcae/hvves_msg.raw    ${msg}
+    Should Be True    ${results}
+    [Teardown]      Mode    ${HVVES_CONFIG}
diff --git a/setup-hvves.sh b/setup-hvves.sh
new file mode 100755
index 00000000..040b2fb2
--- /dev/null
+++ b/setup-hvves.sh
@@ -0,0 +1,63 @@
+#!/bin/bash
+
+#
+# Generate HV-VES SSL related certs.
+# Copy the stuff to HV-VES and Robot pods.
+#
+NAMESPACE=${NAMESPACE:-onap}
+DIR=${DIR:"/tmp"}
+
+HVVESPOD=$(kubectl -n $NAMESPACE get pods --no-headers=true -o custom-columns=:metadata.name | grep hv-ves)
+
+
+generate_ca_key_cert () {
+openssl genrsa -out $1/ca.key 2048
+openssl req -new -x509 -days 36500 -key $1/ca.key -out $1/ca.pem -subj /CN=dcae-hv-ves-ca.onap
+}
+
+generate_server_key_csr () {
+openssl genrsa -out $1/server.key 2048
+openssl req -new -key $1/server.key -out $1/server.csr -subj /CN=dcae-hv-ves-collector.onap
+}
+
+generate_client_key_csr () {
+openssl genrsa -out $1/client.key 2048
+openssl req -new -key $1/client.key -out $1/client.csr -subj /CN=dcae-hv-ves-client.onap
+}
+
+sign_server_and_client_cert () {
+openssl x509 -req -days 36500 -in $1/server.csr -CA $1/ca.pem -CAkey $1/ca.key -out $1/server.pem -set_serial 00
+openssl x509 -req -days 36500 -in $1/client.csr -CA $1/ca.pem -CAkey $1/ca.key -out $1/client.pem -set_serial 00
+}
+
+create_pkcs12_ca_and_server () {
+openssl pkcs12 -export -out $1/ca.p12 -inkey $1/ca.key -in $1/ca.pem -passout pass:
+openssl pkcs12 -export -out $1/server.p12 -inkey $1/server.key -in $1/server.pem -passout pass:
+}
+
+copy_server_certs_to_hvves () {
+for f in {ca.p12,server.p12}
+do
+kubectl cp $1/$f $2/$3:$4
+done
+}
+
+copy_client_certs_to_robot () {
+for f in {ca.pem,client.key,client.pem}
+do
+kubectl cp $1/$f $2/$3:$4
+done
+}
+
+cleanup () {
+rm -f $1/{ca,server,client}.???
+}
+
+
+generate_ca_key_cert "$DIR"
+generate_server_key_csr "$DIR"
+generate_client_key_csr "$DIR"
+sign_server_and_client_cert "$DIR"
+create_pkcs12_ca_and_server "$DIR"
+copy_server_certs_to_hvves "$DIR" "$NAMESPACE" "$HVVESPOD" "$DIR"
+cleanup "$DIR"