From ad59044d59a02dc26f7a0a58c24a3316c79d16ff Mon Sep 17 00:00:00 2001 From: Krzysztof Kuzmicki Date: Thu, 7 May 2020 13:22:54 +0200 Subject: ROBOT e2e test cases improvements for csar/zip tosca package validation in VNFSDK and SDC Onbarding adding tosca package integrity check SOL004 package security option 1 Issue-ID: INT-1240 Signed-off-by: Krzysztof Kuzmicki Change-Id: Ic9f35fc3cee68975e2899a7a60b6c5cb51e1068d --- .../vnfsdk_validation_template.robot | 53 ++++++++++++++++------ robot/resources/vnfsdk_interface.robot | 2 +- 2 files changed, 41 insertions(+), 14 deletions(-) (limited to 'robot/resources') diff --git a/robot/resources/test_templates/vnfsdk_validation_template.robot b/robot/resources/test_templates/vnfsdk_validation_template.robot index 56cd0b96..cf7fcf23 100644 --- a/robot/resources/test_templates/vnfsdk_validation_template.robot +++ b/robot/resources/test_templates/vnfsdk_validation_template.robot @@ -22,33 +22,60 @@ ${VNFSDK_CSAR_DIRECTORY} ${VNFSDK_TOSCA_ONBOARDING_PACKAGES_DIRECTORY}/temp *** Keywords *** Validate Onboarding Package - [Arguments] ${package_folder} ${scenario}=onap-vtp ${test_suite_name}=validation ${test_case_name}=csar-validate ${pnf}=TRUE ${secured_package}=FALSE ${negative_test_case}=TRUE ${failed_vnfreqNames}=@{empty_list} ${sdc_response}=@{empty_list} ${secure_type}=CMS ${sdc_cert}=sdc-valid + [Arguments] ${package_folder} ${scenario}=onap-dublin ${test_suite_name}=validation ${test_case_name}=csar-validate ${pnf}=TRUE ${integrity_check}=FALSE ${secured_package}=FALSE ${negative_test_case}=TRUE ${failed_vnfreqNames}=@{empty_list} ${sdc_response}=@{empty_list} ${secure_type}=CMS ${sdc_cert}=sdc-valid + Disable Warnings Create Directory ${VNFSDK_CSAR_DIRECTORY} - ${onboarding_package_path}= Run Keyword If "${secured_package}"=='FALSE' Create CSAR Package ${package_folder} - ... ELSE Create Secured CSAR ZIP Package ${package_folder} ${secure_type} ${sdc_cert} + ${onboarding_package_path}= Run Keyword If "${secured_package}"=='FALSE' Create CSAR Package ${package_folder} ${integrity_check} ${sdc_cert} + ... ELSE Create Secured CSAR Package ${package_folder} ${integrity_check} ${secure_type} ${sdc_cert} + Validate Onboarding Package In SDC ${onboarding_package_path} ${package_folder} ${sdc_cert} ${negative_test_case} ${sdc_response} ${sdc_cert} Run Keyword If "${negative_test_case}"=='FALSE' Validate Valid Onboarding Package ${package_folder} ${onboarding_package_path} ${scenario} ${test_suite_name} ${test_case_name} ${pnf} ${secured_package} ... ELSE Validate Not Valid Onboarding Package ${package_folder} ${onboarding_package_path} ${scenario} ${test_suite_name} ${test_case_name} ${pnf} ${failed_vnfreqNames} ${secured_package} - Validate Onboarding Package In SDC ${onboarding_package_path} ${package_folder} ${sdc_cert} ${negative_test_case} ${sdc_response} ${sdc_cert} - Create CSAR Package + [Arguments] ${package_folder} ${integrity_check} ${cert} + ${csar} = Run Keyword If "${integrity_check}"=='FALSE' Create CSAR Package without integrity check ${package_folder} + ... ELSE Create CSAR Package with integrity check ${package_folder} ${integrity_check} ${cert} + [Return] ${csar} + +Create CSAR Package without integrity check [Arguments] ${package_folder} Empty Directory ${VNFSDK_CSAR_DIRECTORY} ${csar}= Catenate ${VNFSDK_CSAR_DIRECTORY}/${package_folder}.csar Copy File ${GLOBAL_TOSCA_ONBOARDING_PACKAGES_FOLDER}/vnfsdk/${package_folder}.csar ${csar} [Return] ${csar} -Create Secured CSAR ZIP Package - [Arguments] ${package_folder} ${secure_type} ${sdc_cert} - ${zip}= Run Keyword If "${secure_type}"=='CMS' Create Secured CSAR ZIP Package with CMS ${package_folder} ${sdc_cert} - ... ELSE Create Secured CSAR ZIP Package with CMS and CERT ${package_folder} ${sdc_cert} +Create CSAR Package with integrity check + [Arguments] ${package_folder} ${integrity_check} ${cert} + Empty Directory ${VNFSDK_CSAR_DIRECTORY} + ${csar}= Catenate ${VNFSDK_CSAR_DIRECTORY}/${package_folder}.csar + Copy Directory ${GLOBAL_TOSCA_ONBOARDING_PACKAGES_FOLDER}/vnfsdk/${package_folder} ${VNFSDK_CSAR_DIRECTORY} + ${meta}= OperatingSystem.Get File ${VNFSDK_CSAR_DIRECTORY}/${package_folder}/TOSCA-Metadata/TOSCA.meta + ${cert_name}= Get Regexp Matches ${meta} (?<=\ETSI-Entry-Certificate: )(.*) + Copy File /tmp/package-robot-${cert}.cert ${VNFSDK_CSAR_DIRECTORY}/${package_folder}/${cert_name}[0] + ${files} = List Files In Directory ${VNFSDK_CSAR_DIRECTORY}/${package_folder} *.mf absolute + Sign csar manifest file ${integrity_check} ${cert} ${files}[0] + ${rc} = Run and Return RC cd ${VNFSDK_CSAR_DIRECTORY}/${package_folder}; zip -r ${csar} * + Should Be Equal As Integers ${rc} 0 + Remove Directory ${VNFSDK_CSAR_DIRECTORY}/${package_folder} recursive=True + [Return] ${csar} + +Sign csar manifest file + [Arguments] ${integrity_check} ${cert} ${manifest} + ${rc} = Run Keyword If "${integrity_check}"=='CMS_with_cert' Run and Return RC openssl cms -sign -signer /tmp/package-robot-${cert}.cert -inkey /tmp/package-private-robot-${cert}.key -outform PEM -binary -in ${manifest} >> ${manifest} + ... ELSE Run and Return RC openssl cms -sign -signer /tmp/package-robot-${cert}.cert -inkey /tmp/package-private-robot-${cert}.key -outform PEM -binary -nocerts -in ${manifest} >> ${manifest} + Should Be Equal As Integers ${rc} 0 + +Create Secured CSAR Package + [Arguments] ${package_folder} ${integrity_check} ${secure_type} ${sdc_cert} + ${zip}= Run Keyword If "${secure_type}"=='CMS' Create Secured CSAR ZIP Package with CMS ${package_folder} ${integrity_check} ${sdc_cert} + ... ELSE Create Secured CSAR ZIP Package with CMS and CERT ${package_folder} ${integrity_check} ${sdc_cert} [Return] ${zip} Create Secured CSAR ZIP Package with CMS - [Arguments] ${package_folder} ${cert} + [Arguments] ${package_folder} ${integrity_check} ${cert} ${zip}= Catenate ${VNFSDK_CSAR_DIRECTORY}/${package_folder}.zip ${cms}= Catenate ${VNFSDK_CSAR_DIRECTORY}/${package_folder}.cms - ${csar}= Create CSAR Package ${package_folder} + ${csar}= Create CSAR Package ${package_folder} ${integrity_check} ${cert} ${rc} = Run and Return RC openssl cms -sign -signer /tmp/package-robot-${cert}.cert -inkey /tmp/package-private-robot-${cert}.key -outform PEM -binary -in ${csar} -out ${cms} Should Be Equal As Integers ${rc} 0 ${rc} = Run and Return RC cd ${VNFSDK_CSAR_DIRECTORY}; zip -r ${zip} * @@ -56,10 +83,10 @@ Create Secured CSAR ZIP Package with CMS [Return] ${zip} Create Secured CSAR ZIP Package with CMS and CERT - [Arguments] ${package_folder} ${cert} + [Arguments] ${package_folder} ${integrity_check} ${cert} ${zip}= Catenate ${VNFSDK_CSAR_DIRECTORY}/${package_folder}.zip ${cms}= Catenate ${VNFSDK_CSAR_DIRECTORY}/${package_folder}.cms - ${csar}= Create CSAR Package ${package_folder} + ${csar}= Create CSAR Package ${package_folder} ${integrity_check} ${cert} Copy File /tmp/package-robot-${cert}.cert ${VNFSDK_CSAR_DIRECTORY}/${package_folder}.cert ${rc} = Run and Return RC openssl cms -sign -signer /tmp/package-robot-${cert}.cert -inkey /tmp/package-private-robot-${cert}.key -outform PEM -binary -nocerts -in ${csar} -out ${cms} Should Be Equal As Integers ${rc} 0 diff --git a/robot/resources/vnfsdk_interface.robot b/robot/resources/vnfsdk_interface.robot index fea6b31a..c54b330e 100644 --- a/robot/resources/vnfsdk_interface.robot +++ b/robot/resources/vnfsdk_interface.robot @@ -24,7 +24,7 @@ Run VNFSDK Get Request Run VNFSDK Post Request [Documentation] Runs VNFSDK Get request - [Arguments] ${data_path} ${files} ${headers} + [Arguments] ${data_path} ${files} ${session}= Create Session vnfsdk ${VNFSDK_ENDPOINT} ${resp}= Post Request vnfsdk ${data_path} files=${files} Log Received response from VNFSDK ${resp} -- cgit 1.2.3-korg