summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKrzysztof Kuzmicki <krzysztof.kuzmicki@nokia.com>2020-05-07 13:22:54 +0200
committerMarcin Przybysz <marcin.przybysz@nokia.com>2020-05-07 11:47:44 +0000
commitad59044d59a02dc26f7a0a58c24a3316c79d16ff (patch)
treeb48a7badd328b35ef6f6a4edf5ce40f96eba0902
parentbb58461fbc21a3dee052efd411de3d72a04ec270 (diff)
ROBOT e2e test cases improvements for csar/zip tosca package validation in VNFSDK and SDC Onbarding adding tosca package integrity check SOL004 package security option 1
Issue-ID: INT-1240 Signed-off-by: Krzysztof Kuzmicki <krzysztof.kuzmicki@nokia.com> Change-Id: Ic9f35fc3cee68975e2899a7a60b6c5cb51e1068d
-rw-r--r--robot/resources/test_templates/vnfsdk_validation_template.robot53
-rw-r--r--robot/resources/vnfsdk_interface.robot2
-rw-r--r--robot/testsuites/vnfsdk_validation.robot54
3 files changed, 76 insertions, 33 deletions
diff --git a/robot/resources/test_templates/vnfsdk_validation_template.robot b/robot/resources/test_templates/vnfsdk_validation_template.robot
index 56cd0b96..cf7fcf23 100644
--- a/robot/resources/test_templates/vnfsdk_validation_template.robot
+++ b/robot/resources/test_templates/vnfsdk_validation_template.robot
@@ -22,33 +22,60 @@ ${VNFSDK_CSAR_DIRECTORY} ${VNFSDK_TOSCA_ONBOARDING_PACKAGES_DIRECTORY}/temp
*** Keywords ***
Validate Onboarding Package
- [Arguments] ${package_folder} ${scenario}=onap-vtp ${test_suite_name}=validation ${test_case_name}=csar-validate ${pnf}=TRUE ${secured_package}=FALSE ${negative_test_case}=TRUE ${failed_vnfreqNames}=@{empty_list} ${sdc_response}=@{empty_list} ${secure_type}=CMS ${sdc_cert}=sdc-valid
+ [Arguments] ${package_folder} ${scenario}=onap-dublin ${test_suite_name}=validation ${test_case_name}=csar-validate ${pnf}=TRUE ${integrity_check}=FALSE ${secured_package}=FALSE ${negative_test_case}=TRUE ${failed_vnfreqNames}=@{empty_list} ${sdc_response}=@{empty_list} ${secure_type}=CMS ${sdc_cert}=sdc-valid
+ Disable Warnings
Create Directory ${VNFSDK_CSAR_DIRECTORY}
- ${onboarding_package_path}= Run Keyword If "${secured_package}"=='FALSE' Create CSAR Package ${package_folder}
- ... ELSE Create Secured CSAR ZIP Package ${package_folder} ${secure_type} ${sdc_cert}
+ ${onboarding_package_path}= Run Keyword If "${secured_package}"=='FALSE' Create CSAR Package ${package_folder} ${integrity_check} ${sdc_cert}
+ ... ELSE Create Secured CSAR Package ${package_folder} ${integrity_check} ${secure_type} ${sdc_cert}
+ Validate Onboarding Package In SDC ${onboarding_package_path} ${package_folder} ${sdc_cert} ${negative_test_case} ${sdc_response} ${sdc_cert}
Run Keyword If "${negative_test_case}"=='FALSE' Validate Valid Onboarding Package ${package_folder} ${onboarding_package_path} ${scenario} ${test_suite_name} ${test_case_name} ${pnf} ${secured_package}
... ELSE Validate Not Valid Onboarding Package ${package_folder} ${onboarding_package_path} ${scenario} ${test_suite_name} ${test_case_name} ${pnf} ${failed_vnfreqNames} ${secured_package}
- Validate Onboarding Package In SDC ${onboarding_package_path} ${package_folder} ${sdc_cert} ${negative_test_case} ${sdc_response} ${sdc_cert}
-
Create CSAR Package
+ [Arguments] ${package_folder} ${integrity_check} ${cert}
+ ${csar} = Run Keyword If "${integrity_check}"=='FALSE' Create CSAR Package without integrity check ${package_folder}
+ ... ELSE Create CSAR Package with integrity check ${package_folder} ${integrity_check} ${cert}
+ [Return] ${csar}
+
+Create CSAR Package without integrity check
[Arguments] ${package_folder}
Empty Directory ${VNFSDK_CSAR_DIRECTORY}
${csar}= Catenate ${VNFSDK_CSAR_DIRECTORY}/${package_folder}.csar
Copy File ${GLOBAL_TOSCA_ONBOARDING_PACKAGES_FOLDER}/vnfsdk/${package_folder}.csar ${csar}
[Return] ${csar}
-Create Secured CSAR ZIP Package
- [Arguments] ${package_folder} ${secure_type} ${sdc_cert}
- ${zip}= Run Keyword If "${secure_type}"=='CMS' Create Secured CSAR ZIP Package with CMS ${package_folder} ${sdc_cert}
- ... ELSE Create Secured CSAR ZIP Package with CMS and CERT ${package_folder} ${sdc_cert}
+Create CSAR Package with integrity check
+ [Arguments] ${package_folder} ${integrity_check} ${cert}
+ Empty Directory ${VNFSDK_CSAR_DIRECTORY}
+ ${csar}= Catenate ${VNFSDK_CSAR_DIRECTORY}/${package_folder}.csar
+ Copy Directory ${GLOBAL_TOSCA_ONBOARDING_PACKAGES_FOLDER}/vnfsdk/${package_folder} ${VNFSDK_CSAR_DIRECTORY}
+ ${meta}= OperatingSystem.Get File ${VNFSDK_CSAR_DIRECTORY}/${package_folder}/TOSCA-Metadata/TOSCA.meta
+ ${cert_name}= Get Regexp Matches ${meta} (?<=\ETSI-Entry-Certificate: )(.*)
+ Copy File /tmp/package-robot-${cert}.cert ${VNFSDK_CSAR_DIRECTORY}/${package_folder}/${cert_name}[0]
+ ${files} = List Files In Directory ${VNFSDK_CSAR_DIRECTORY}/${package_folder} *.mf absolute
+ Sign csar manifest file ${integrity_check} ${cert} ${files}[0]
+ ${rc} = Run and Return RC cd ${VNFSDK_CSAR_DIRECTORY}/${package_folder}; zip -r ${csar} *
+ Should Be Equal As Integers ${rc} 0
+ Remove Directory ${VNFSDK_CSAR_DIRECTORY}/${package_folder} recursive=True
+ [Return] ${csar}
+
+Sign csar manifest file
+ [Arguments] ${integrity_check} ${cert} ${manifest}
+ ${rc} = Run Keyword If "${integrity_check}"=='CMS_with_cert' Run and Return RC openssl cms -sign -signer /tmp/package-robot-${cert}.cert -inkey /tmp/package-private-robot-${cert}.key -outform PEM -binary -in ${manifest} >> ${manifest}
+ ... ELSE Run and Return RC openssl cms -sign -signer /tmp/package-robot-${cert}.cert -inkey /tmp/package-private-robot-${cert}.key -outform PEM -binary -nocerts -in ${manifest} >> ${manifest}
+ Should Be Equal As Integers ${rc} 0
+
+Create Secured CSAR Package
+ [Arguments] ${package_folder} ${integrity_check} ${secure_type} ${sdc_cert}
+ ${zip}= Run Keyword If "${secure_type}"=='CMS' Create Secured CSAR ZIP Package with CMS ${package_folder} ${integrity_check} ${sdc_cert}
+ ... ELSE Create Secured CSAR ZIP Package with CMS and CERT ${package_folder} ${integrity_check} ${sdc_cert}
[Return] ${zip}
Create Secured CSAR ZIP Package with CMS
- [Arguments] ${package_folder} ${cert}
+ [Arguments] ${package_folder} ${integrity_check} ${cert}
${zip}= Catenate ${VNFSDK_CSAR_DIRECTORY}/${package_folder}.zip
${cms}= Catenate ${VNFSDK_CSAR_DIRECTORY}/${package_folder}.cms
- ${csar}= Create CSAR Package ${package_folder}
+ ${csar}= Create CSAR Package ${package_folder} ${integrity_check} ${cert}
${rc} = Run and Return RC openssl cms -sign -signer /tmp/package-robot-${cert}.cert -inkey /tmp/package-private-robot-${cert}.key -outform PEM -binary -in ${csar} -out ${cms}
Should Be Equal As Integers ${rc} 0
${rc} = Run and Return RC cd ${VNFSDK_CSAR_DIRECTORY}; zip -r ${zip} *
@@ -56,10 +83,10 @@ Create Secured CSAR ZIP Package with CMS
[Return] ${zip}
Create Secured CSAR ZIP Package with CMS and CERT
- [Arguments] ${package_folder} ${cert}
+ [Arguments] ${package_folder} ${integrity_check} ${cert}
${zip}= Catenate ${VNFSDK_CSAR_DIRECTORY}/${package_folder}.zip
${cms}= Catenate ${VNFSDK_CSAR_DIRECTORY}/${package_folder}.cms
- ${csar}= Create CSAR Package ${package_folder}
+ ${csar}= Create CSAR Package ${package_folder} ${integrity_check} ${cert}
Copy File /tmp/package-robot-${cert}.cert ${VNFSDK_CSAR_DIRECTORY}/${package_folder}.cert
${rc} = Run and Return RC openssl cms -sign -signer /tmp/package-robot-${cert}.cert -inkey /tmp/package-private-robot-${cert}.key -outform PEM -binary -nocerts -in ${csar} -out ${cms}
Should Be Equal As Integers ${rc} 0
diff --git a/robot/resources/vnfsdk_interface.robot b/robot/resources/vnfsdk_interface.robot
index fea6b31a..c54b330e 100644
--- a/robot/resources/vnfsdk_interface.robot
+++ b/robot/resources/vnfsdk_interface.robot
@@ -24,7 +24,7 @@ Run VNFSDK Get Request
Run VNFSDK Post Request
[Documentation] Runs VNFSDK Get request
- [Arguments] ${data_path} ${files} ${headers}
+ [Arguments] ${data_path} ${files}
${session}= Create Session vnfsdk ${VNFSDK_ENDPOINT}
${resp}= Post Request vnfsdk ${data_path} files=${files}
Log Received response from VNFSDK ${resp}
diff --git a/robot/testsuites/vnfsdk_validation.robot b/robot/testsuites/vnfsdk_validation.robot
index 993efca7..48ce94ae 100644
--- a/robot/testsuites/vnfsdk_validation.robot
+++ b/robot/testsuites/vnfsdk_validation.robot
@@ -9,17 +9,19 @@ Default Tags vnfsdk
*** Variables ***
-@{allMandatoryEntriesDefinedInTOSCAMeta} r146092
-@{no_pnfd_release_date_time_error} r57019
-@{non_mano_artifact_sets_is_mandatory} r146092
-@{noETSI-Entry-ManifestOrETSI-Entry-Change-Log} r293901
-@{PNFD_missing} SOL004 r10087 r87234 r35854 r15837 r17852 r293901 r146092 r57019 r787965
-@{allMandatoryEntriesDefinedInTOSCAMeta_sdc_message} Following entry not supported in TOSCA.meta Entry-Tests=Artifacts/Tests Manifest contains invalid line : #The manifest file shall include a list of all files contained in or referenced from the VNF package with their location
-@{no_pnfd_release_date_time_error_sdc_message} Following entry not supported in TOSCA.meta Entry-Tests=Artifacts/Tests Manifest contains invalid line : #The manifest file shall include a list of all files contained in or referenced from the VNF package with their location
-@{non_mano_artifact_sets_is_mandatory_sdc_message} Following entry not supported in TOSCA.meta Entry-Tests=Artifacts/Tests Manifest contains invalid line : #The manifest file shall include a list of all files contained in or referenced from the VNF package with their location
-@{noETSI-Entry-ManifestOrETSI-Entry-Change-Log_sdc_message} Manifest contains invalid line : #The manifest file shall include a list of all files contained in or referenced from the VNF package with their location
+@{allMandatoryEntriesDefinedInTOSCAMeta} r146092 r130206
+@{no_pnfd_release_date_time_error} r57019 r130206
+@{non_mano_artifact_sets_is_mandatory} r146092 r130206
+@{noETSI-Entry-ManifestOrETSI-Entry-Change-Log} r293901 r130206
+@{PNFD_missing} SOL004 r10087 r87234 r35854 r15837 r17852 r293901 r146092 r57019 r787965 r130206
+@{missing_entry_in_manifest}
+@{allMandatoryEntriesDefinedInTOSCAMeta_sdc_message} Following entry not supported in TOSCA.meta Entry-Tests Manifest contains invalid line: 7: #The manifest file shall include a list of all files contained in or referenced from the VNF package with their location
+@{no_pnfd_release_date_time_error_sdc_message} Following entry not supported in TOSCA.meta Entry-Tests Invalid Manifest metadata entry: '#The manifest file shall include a list of all files contained in or referenced from the VNF package with their location'.;\nAt line 6: '#The manifest file shall include a list of all files contained in or referenced from the VNF package with their location'.
+@{non_mano_artifact_sets_is_mandatory_sdc_message} Following entry not supported in TOSCA.meta Entry-Tests Manifest contains invalid line: 7: #The manifest file shall include a list of all files contained in or referenced from the VNF package with their location
+@{noETSI-Entry-ManifestOrETSI-Entry-Change-Log_sdc_message} Manifest contains invalid line: 7: #The manifest file shall include a list of all files contained in or referenced from the VNF package with their location Manifest contains invalid line: 7: #The manifest file shall include a list of all files contained in or referenced from the VNF package with their location
@{PNFD_missing_sdc_message} TOSCA.meta file in TOSCA-metadata directory missing entry Created-By
@{invalid_certificate} Could not verify signature!
+@{missing_entry_in_manifest_sdc_message} 'pnf_main_descriptor.cert' artifact is not being referenced in manifest file
*** Test Cases ***
@@ -58,42 +60,56 @@ Validate Onboarding PNFD_missing
... Runs VNFSDK validation and comapres with list of expected errors.
PNFD_missing failed_vnfreqNames=@{PNFD_missing} sdc_response=@{PNFD_missing_sdc_message}
-Validate Onboarding test_SDC_and_VNFSDK_API
+Validate Onboarding test_SDC_and_VNFSDK_API, integrity_check CMS_with_cert
[Documentation]
... This test case creates TOSCA csar software package for PNF, based on /var/opt/ONAP/demo/tosca/vnfsdk/test_SDC_and_VNFSDK_API
... Imports it as csar VSP package to SDC and expects success.
... Runs VNFSDK validation and and expects success.
- test_SDC_and_VNFSDK_API negative_test_case=FALSE
+ test_SDC_and_VNFSDK_API_with_hash negative_test_case=FALSE integrity_check=CMS_with_cert
-Validate Onboarding test_SDC_and_VNFSDK_API, secured csar, CMS only, valid certificate
+Validate Onboarding test_SDC_and_VNFSDK_API, integrity_check CMS_without_cert
+ [Documentation]
+ ... This test case creates TOSCA csar software package for PNF, based on /var/opt/ONAP/demo/tosca/vnfsdk/test_SDC_and_VNFSDK_API
+ ... Imports it as csar VSP package to SDC and expects success.
+ ... Runs VNFSDK validation and and expects success.
+ test_SDC_and_VNFSDK_API_with_hash negative_test_case=FALSE integrity_check=CMS_without_cert
+
+Validate Onboarding package with missing entry in manifest, integrity_check CMS_with_cert
+ [Documentation]
+ ... This test case creates TOSCA csar software package for PNF, based on /var/opt/ONAP/demo/tosca/vnfsdk/test_SDC_and_VNFSDK_API
+ ... Imports it as csar VSP package to SDC and expects success.
+ ... Runs VNFSDK validation and and expects success.
+ test_SDC_and_VNFSDK_API_missing_entry_in_manifest negative_test_case=TRUE failed_vnfreqNames=@{missing_entry_in_manifest} sdc_response=@{missing_entry_in_manifest_sdc_message} integrity_check=CMS_with_cert
+
+Validate Onboarding test_SDC_and_VNFSDK_API, secured csar - CMS only - sdc valid certificate, integrity_check CMS_without_cert
[Documentation]
... This test case creates TOSCA csar software package for PNF, based on /var/opt/ONAP/demo/tosca/vnfsdk/test_SDC_and_VNFSDK_API
... Next sign with certificate that is imported to SDC onabarding POD using CMS only method (CMS file signs csar, zip contains only csar and cms files )
... Imports it as zip VSP package to SDC and expects success.
... Runs VNFSDK validation and and expects success.
- test_SDC_and_VNFSDK_API secured_package=TRUE negative_test_case=FALSE secure_type=CMS sdc_cert=sdc-valid
+ test_SDC_and_VNFSDK_API_with_hash secured_package=TRUE negative_test_case=FALSE integrity_check=CMS_without_cert secure_type=CMS sdc_cert=sdc-valid
-Validate Onboarding test_SDC_and_VNFSDK_API, secured csar, CMS and CERT, valid certificate
+Validate Onboarding test_SDC_and_VNFSDK_API, secured csar - CMS and CERT - sdc valid certificate, integrity_check CMS_with_cert
[Documentation]
... This test case creates TOSCA csar software package for PNF, based on /var/opt/ONAP/demo/tosca/vnfsdk/test_SDC_and_VNFSDK_API
... Next sign with certificate that is imported to SDC onabarding POD using CMS and CERT method (CMS file signs csar, zip contains csar, certificate and cms files )
... Imports it as zip VSP package to SDC and expects success.
... Runs VNFSDK validation and and expects success.
- test_SDC_and_VNFSDK_API secured_package=TRUE negative_test_case=FALSE secure_type=CMS_AND_CERT sdc_cert=sdc-valid
+ test_SDC_and_VNFSDK_API_with_hash secured_package=TRUE negative_test_case=FALSE integrity_check=CMS_with_cert secure_type=CMS_AND_CERT sdc_cert=sdc-valid
-Validate Onboarding test_SDC_and_VNFSDK_API secured csar, CMS only, invalid certificate
+Validate Onboarding test_SDC_and_VNFSDK_API, secured csar - CMS only - sdc invalid certificate, integrity_check CMS_without_cert
[Documentation]
... This test case creates TOSCA csar software package for PNF, based on /var/opt/ONAP/demo/tosca/vnfsdk/test_SDC_and_VNFSDK_API
... Next sign with certificate that is not imported to SDC onabarding POD using CMS only method (CMS file signs csar, zip contains only csar and cms files )
... Imports it as zip VSP package to SDC and expects error due to issues with certificate validation.
... Runs VNFSDK validation and and expects success.
- test_SDC_and_VNFSDK_API secured_package=TRUE negative_test_case=FALSE sdc_response=@{invalid_certificate} secure_type=CMS sdc_cert=sdc-invalid
+ test_SDC_and_VNFSDK_API_with_hash secured_package=TRUE negative_test_case=FALSE integrity_check=CMS_without_cert sdc_response=@{invalid_certificate} secure_type=CMS sdc_cert=sdc-invalid
-Validate Onboarding test_SDC_and_VNFSDK_API secured csar, CMS and CERT, invalid certificate
+Validate Onboarding test_SDC_and_VNFSDK_API, secured csar - CMS and CERT - sdc invalid certificate, integrity_check CMS_with_cert
[Documentation]
... This test case creates TOSCA csar software package for PNF, based on /var/opt/ONAP/demo/tosca/vnfsdk/test_SDC_and_VNFSDK_API
... Next sign with certificate that is not imported to SDC onabarding POD using CMS and CERT method (CMS file signs csar, zip contains csar, certificate and cms files )
... Imports it as zip VSP package to SDC and expects error due to issues with certificate validation.
... Runs VNFSDK validation and and expects success
- test_SDC_and_VNFSDK_API secured_package=TRUE negative_test_case=FALSE sdc_response=@{invalid_certificate} secure_type=CMS_AND_CERT sdc_cert=sdc-invalid
+ test_SDC_and_VNFSDK_API_with_hash secured_package=TRUE negative_test_case=FALSE integrity_check=CMS_with_cert sdc_response=@{invalid_certificate} secure_type=CMS_AND_CERT sdc_cert=sdc-invalid