summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKrzysztof Kuzmicki <krzysztof.kuzmicki@nokia.com>2020-10-23 11:08:54 +0200
committerKrzysztof Kuzmicki <krzysztof.kuzmicki@nokia.com>2020-10-23 12:15:30 +0200
commitedf1f7fd1621a7e2b4dae4e29e2ce84dfcb6d665 (patch)
tree110da6d6374ad3326adcad27b452ea5b2dc58694
parente4cafb477ef6978c060a9ebd2469810c23188a80 (diff)
Add man in the middle CMPv2 E2E test case in robot test suite certificate SANs verification
Issue-ID: INT-1731 Signed-off-by: Krzysztof Kuzmicki <krzysztof.kuzmicki@nokia.com> Change-Id: I4993c14b295793609c137eb166429e905963d551
-rw-r--r--robot/assets/cmpv2/k8s-pnf-simulator.yaml2
-rw-r--r--robot/resources/test_templates/cmpv2.robot1
-rw-r--r--robot/testsuites/cmpv2.robot42
3 files changed, 41 insertions, 4 deletions
diff --git a/robot/assets/cmpv2/k8s-pnf-simulator.yaml b/robot/assets/cmpv2/k8s-pnf-simulator.yaml
index 24a1030f..0d4b886a 100644
--- a/robot/assets/cmpv2/k8s-pnf-simulator.yaml
+++ b/robot/assets/cmpv2/k8s-pnf-simulator.yaml
@@ -40,6 +40,8 @@ node_templates:
cloudify.interfaces.lifecycle:
start:
inputs:
+ envs:
+ STRICT_HOSTNAME_VERIFICATION: 'true'
ports:
- '5000:0'
properties:
diff --git a/robot/resources/test_templates/cmpv2.robot b/robot/resources/test_templates/cmpv2.robot
index 685306f5..607a4f0b 100644
--- a/robot/resources/test_templates/cmpv2.robot
+++ b/robot/resources/test_templates/cmpv2.robot
@@ -41,5 +41,6 @@ Usecase Teardown
Undeploy Service mongo-dep
Undeploy Service pnf-simulator-dep
Undeploy Service ves-collector-cmpv2-dep
+ Undeploy Service ves-collector-cmpv2-wrong-sans-dep
Delete Blueprint From Inventory ${serviceTypeIdMongo}
Delete Blueprint From Inventory ${serviceTypeIdPnfSimulator} \ No newline at end of file
diff --git a/robot/testsuites/cmpv2.robot b/robot/testsuites/cmpv2.robot
index 3d20606a..1c831f41 100644
--- a/robot/testsuites/cmpv2.robot
+++ b/robot/testsuites/cmpv2.robot
@@ -23,8 +23,10 @@ ${PNF_SIMULATOR_BLUEPRINT_PATH} ${EXECDIR}/robot/assets/cmpv2/k8s-pnf-s
${VES_INPUTS} deployment/VesTlsCmpv2Inputs.jinja
${pnf_ves_integration_request} ves/pnf_registration_request.jinja
${NEXUS3} ${GLOBAL_INJECTED_NEXUS_DOCKER_REPO}
-&{initial entry} correlation_id=dummy PNF_IPv4_address=11.11.11.1 PNF_IPv6_address=2001:0db8:0:0:0:0:1428:57ab
-${PNF_SIMULATOR_ERROR_GREP_COMMAND} kubectl logs $(kubectl get pods -n onap | grep pnf-simulator | awk '{print $1}' | grep -v NAME) -n onap --tail=2 --since=20s | grep 'Error sending message to ves: Received fatal alert: certificate_unknown'
+&{initial entry} correlation_id=dummy PNF_IPv4_address=11.11.11.1 PNF_IPv6_address=2001:0db8:0:0:0:0:1428:57ab
+${PNF_SIMULATOR_ERROR_GREP_COMMAND_CERT} kubectl logs $(kubectl get pods -n onap | grep pnf-simulator | awk '{print $1}' | grep -v NAME) -n onap --tail=2 --since=20s | grep 'Error sending message to ves: Received fatal alert: certificate_unknown'
+${PNF_SIMULATOR_ERROR_GREP_COMMAND_SANS} kubectl logs $(kubectl get pods -n onap | grep pnf-simulator | awk '{print $1}' | grep -v NAME) -n onap --tail=2 --since=20s | egrep "Error(.)*dcae-ves-collector-cmpv2-cert-wrong-sans(.)*wrong-sans(.)*"
+
*** Test Cases ***
@@ -64,6 +66,25 @@ Deploying VES collector with CMPv2
${deployment_data}= Templating.Apply Template deployment ${VES_INPUTS} ${arguments}
Deploy Service ${deployment_data} ves-collector-cmpv2-dep 4 minutes
+Deploying VES collector with CMPv2 and wrong SANs
+ [Documentation]
+ ... This test case deploys second VES instance with "enable_tls": set to true and "external_cert_use_external_tls" (CMPv2) set to true as DCAE applictaion, CMPv2 certificate has wrong SANs
+ ... Both CMPv2 and AAF certificates are present
+ [Tags] CMPv2
+ ${resp}= Get Blueprint From Inventory k8s-ves
+ ${json}= Set Variable ${resp.json()}
+ ${serviceTypeIdVes} Set Variable ${json['items'][0]['typeId']}
+ ${image} Get Regexp Matches ${json['items'][0]['blueprintTemplate']} nexus3(.)*?(?=\")
+ ${image} Replace String ${image}[0] nexus3.onap.org:10001 ${NEXUS3}
+ ${arguments}= Create Dictionary serviceTypeId=${serviceTypeIdVes}
+ Set To Dictionary ${arguments} image ${image}
+ Set To Dictionary ${arguments} external_port_tls 32227
+ Set To Dictionary ${arguments} service_component_name_override dcae-ves-collector-cmpv2-cert-wrong-sans
+ Set To Dictionary ${arguments} external_cert_sans wrong-sans
+ Templating.Create Environment deployment ${GLOBAL_TEMPLATE_FOLDER}
+ ${deployment_data}= Templating.Apply Template deployment ${VES_INPUTS} ${arguments}
+ Deploy Service ${deployment_data} ves-collector-cmpv2-wrong-sans-dep 4 minutes
+
Send registration request to CMPv2 VES
[Documentation]
... This test case triggers registration request from PNF Simulator(where is present only CMPv2 certificate) to VES collector
@@ -79,17 +100,30 @@ Send registration request to CMPv2 VES
Pnf simulator send single VES event ${template} dcae-ves-collector-cmpv2-cert 8443 pnf-simulator 5000
Verify PNF Integration Request in A&AI ${PNF_entry_dict}
+Send registration request to CMPv2 VES with wrong SAN-s
+ [Documentation]
+ ... This test case triggers registration request from PNF Simulator (where is present only CMPv2 certificate) to VES collector
+ ... ith enabled CMPv2 (both CMPv2 and AAF certificates are present). CMPv2 certificate has wrong SANs.
+ ... Test expects exception in PNF Simulator logs due to wrong subject alternatives
+ [Tags] CMPv2
+ ${pnf_correlation_id}= Generate Random String 20 [LETTERS][NUMBERS]
+ ${PNF_entry_dict}= Create Dictionary correlation_id=${pnf_correlation_id} PNF_IPv4_address=14.14.14.14 PNF_IPv6_address=2001:0db8:0:0:0:0:1428:57ab
+ Templating.Create Environment ves ${GLOBAL_TEMPLATE_FOLDER}
+ ${template}= Templating.Apply Template ves ${pnf_ves_integration_request} ${PNF_entry_dict}
+ Pnf simulator send single VES event ${template} dcae-ves-collector-cmpv2-cert-wrong-sans 8443 pnf-simulator 5000
+ ${rc} = Run and Return RC ${PNF_SIMULATOR_ERROR_GREP_COMMAND_SANS}
+ Should Be Equal As Integers ${rc} 0
Send registration request to VES without CMPv2 certificate
[Documentation]
... This test case triggers registration request from PNF Simulator (where is present only CMPv2 certificate) to VES collector
... with disabled CMPv2 (only AAF certificate is present - VES collector deployed during whole ONAP deploy).
- ... Test expects exceptyion in PNF Simualtor logs
+ ... Test expects exception in PNF Simulator logs due to wrong certificate
[Tags] CMPv2
${pnf_correlation_id}= Generate Random String 20 [LETTERS][NUMBERS]
${PNF_entry_dict}= Create Dictionary correlation_id=${pnf_correlation_id} PNF_IPv4_address=14.14.14.14 PNF_IPv6_address=2001:0db8:0:0:0:0:1428:57ab
Templating.Create Environment ves ${GLOBAL_TEMPLATE_FOLDER}
${template}= Templating.Apply Template ves ${pnf_ves_integration_request} ${PNF_entry_dict}
Pnf simulator send single VES event ${template} dcae-ves-collector 8443 pnf-simulator 5000
- ${rc} = Run and Return RC ${PNF_SIMULATOR_ERROR_GREP_COMMAND}
+ ${rc} = Run and Return RC ${PNF_SIMULATOR_ERROR_GREP_COMMAND_CERT}
Should Be Equal As Integers ${rc} 0