pip uninstall -y docker
pip install -U docker==2.7.0
+#reinstall pyopenssl library
+echo "Reinstall pyopenssl library."
+pip uninstall pyopenssl -y
+pip install pyopenssl==17.5.0
+
#Disable proxy - for local run
unset http_proxy https_proxy
# functions
#
+function on_exit(){
+ rc=$?
+ rsync -av "$WORKDIR/" "$WORKSPACE/archives"
+
+ # Record list of active docker containers
+ docker ps --format "{{.Image}}" > "$WORKSPACE/archives/_docker-images.log"
+
+ # show memory consumption after all docker instances initialized
+ docker_stats | tee "$WORKSPACE/archives/_sysinfo-2-after-robot.txt"
+
+ # Run teardown script plan if it exists
+ cd "${TESTPLANDIR}"
+ TEARDOWN="${TESTPLANDIR}/teardown.sh"
+ if [ -f "${TEARDOWN}" ]; then
+ echo "Running teardown script ${TEARDOWN}"
+ source_safely "${TEARDOWN}"
+ fi
+ # TODO: do something with the output
+ exit $rc
+}
+# ensure that teardown and other finalizing steps are always executed
+trap on_exit EXIT
+
function docker_stats(){
#General memory details
echo "> top -bn1 | head -3"
RESULT=$?
load_set
echo "RESULT: $RESULT"
-rsync -av "$WORKDIR/" "$WORKSPACE/archives"
-
-# Record list of active docker containers
-docker ps --format "{{.Image}}" > "$WORKSPACE/archives/_docker-images.log"
-
-# show memory consumption after all docker instances initialized
-docker_stats | tee "$WORKSPACE/archives/_sysinfo-2-after-robot.txt"
-
-# Run teardown script plan if it exists
-cd "${TESTPLANDIR}"
-TEARDOWN="${TESTPLANDIR}/teardown.sh"
-if [ -f "${TEARDOWN}" ]; then
- echo "Running teardown script ${TEARDOWN}"
- source_safely "${TEARDOWN}"
-fi
-
-# TODO: do something with the output
-
+# Note that the final steps are done in on_exit function after this exit!
exit $RESULT
#fatal_deprecations = false
+[auth]
+appkey = h@ss3crtky400fdntc#001
+
[aaf_api]
#
"name": "conductor",
"values": {
"UserName": "admin1",
- "Password": "plan.15"
+ "Password": "22234d3472ef5da8ecba5a096110a024f1db5cf195c665f910d558c9e83db19d"
}
},
{
"name": "policyPlatform",
"values": {
"UserName": "testpdp",
- "Password": "alpha123"
+ "Password": "7a03bdee7a0381daf4ee426b9d2b695e3f4233ffd19a852a3fb0ff0156fbdde7"
}
},
{
"name": "policyClient",
"values": {
"UserName": "python",
- "Password": "test"
+ "Password": "3a3c8546c91f99f4becc069ba0fbb13ef46f4f3028f5bba09f3f4a9030ddc0a0"
}
},
{
"name": "osdfPlacement",
"values": {
"UserName": "test",
- "Password": "testpwd"
+ "Password": "c66b1570ae257375e500f9fe0e62b2a325466137ac5f29581e2e05cce1170212"
}
},
{
"name": "osdfPlacementSO",
"values": {
"UserName": "so_test",
- "Password": "so_testpwd"
+ "Password": "3d62d49b3e4ada38fd4146d2d82f4ba2f09345a46f15970cd439924c991b8202"
}
},
{
"name": "osdfPlacementVFC",
"values": {
"UserName": "vfc_test",
- "Password": "vfc_testpwd"
+ "Password": "1fb1cd581f96060d29ecad06be97151656bf29bce66bad587cd2fbaf5ea1e66d"
}
},
{
"name": "osdfCMScheduler",
"values": {
"UserName": "test1",
- "Password": "testpwd1"
+ "Password": "c5279fb02d7bac5269b1a644ac8e36f41f6ba7a2eae03dc469cb80d71811322b"
}
},
{
"name": "configDb",
"values": {
"UserName": "osdf",
- "Password": "passwd"
+ "Password": "40697f254409c2b97763892ecdeb50c847d605f5beb6f988f1c142a7e0344d0c"
}
},
{
"name": "osdfPCIOpt",
"values": {
"UserName": "pci_test",
- "Password": "pci_testpwd"
+ "Password": "fbf4dcb7f7cda8fdfb742838b0c90ae5bea249801f3f725fdc98941a6e4c347c"
+ }
+ },
+ {
+ "name": "osdfOptEngine",
+ "values": {
+ "UserName": "opt_test",
+ "Password": "02946408ce6353d45540cd01d912686f19f48c3d8a955d5effdc14c6a43477e5"
}
}
]
conductorMinorVersion: 0
# Policy Platform -- requires ClientAuth, Authorization, and Environment
-policyPlatformUrl: http://127.0.0.1:5000/simulated/policy/pdp-has-vcpe-good/getConfig # Policy Dev platform URL
+policyPlatformUrl: http://127.0.0.1:5000/simulated/policy/pdpx/decision/v1 # Policy Dev platform URL
policyPlatformEnv: TEST # Environment for policy platform
# Config for DMaaP
configDbUrl: http://127.0.0.1:5000/simulated/configdb
configDbGetCellListUrl: 'getCellList'
configDbGetNbrListUrl: 'getNbrList'
+
+#key
+appkey: os35@rrtky400fdntc#001t5
\ No newline at end of file
# run docker containers
OSDF_CONF=/tmp/osdf/properties/osdf_config.yaml
IMAGE_NAME=nexus3.onap.org:10001/onap/optf-osdf
-IMAGE_VER=1.2.4-SNAPSHOT-latest
+IMAGE_VER=2.0.1-SNAPSHOT-latest
mkdir -p /tmp/osdf/properties
mkdir -p /tmp/sms/properties
PDP_HOST=pdp
PDP_PORT=6969
+PDP_CONTEXT_URI=policy/pdpx/v1
PDP_USERNAME=testpdp
PDP_PASSWORD=alpha123
PDP_CLIENT_USERNAME=python
PDP_CLIENT_PASSWORD=test
PDP_ENVIRONMENT=TEST
+GUARD_DISABLED=false
# DCAE DMaaP
AAI_HOST=aai.api.simpledemo.onap.org
AAI_PORT=8443
+AAI_CONTEXT_URI=
AAI_URL=https://aai.api.simpledemo.onap.org:8443
AAI_USERNAME=policy@policy.onap.org
AAI_PASSWORD=demo123456!
SO_HOST=vm1.mso.simpledemo.onap.org
SO_PORT=8080
+SO_CONTEXT_URI=onap/so/infra
SO_URL=http://vm1.mso.simpledemo.onap.org:8080/onap/so/infra
SO_USERNAME=InfraPortalClient
SO_PASSWORD=password1$
VFC_HOST=
VFC_PORT=
+VFC_CONTEXT_URI=api/nslcm/v1
VFC_URL=
VFC_USERNAME=
VFC_PASSWORD=
SDNC_HOST=
SDNC_PORT=
+SDNC_CONTEXT_URI=restconf/operations
SDNC_URL=
SDNC_USERNAME=
SDNC_PASSWORD=
[Documentation] Run with correct env and expected exit code 0
Run Cert Service Client And Validate JKS File Creation And Client Exit Code ${VALID_ENV_FILE} 0
+Cert Service Client successfully creates keystore and truststore with expected data
+ [Tags] AAF-CERT-SERVICE
+ [Documentation] Run with correct env and JKS files created with correct data
+ Run Cert Service Client And Validate JKS Files Contain Expected Data ${VALID_ENV_FILE} 0
+
Run Cert Service Client Container And Validate Exit Code And API Response
[Tags] AAF-CERT-SERVICE
[Documentation] Run with invalid CaName env and expected exit code 5
import os
import shutil
import re
-from OpenSSL import crypto
+from EnvsReader import EnvsReader
from docker.types import Mount
ARCHIVES_PATH = os.getenv("WORKSPACE") + "/archives/"
-MOUNT_PATH = os.getenv("WORKSPACE") + "/tests/aaf/certservice/tmp"
ERROR_API_REGEX = 'Error on API response.*[0-9]{3}'
RESPONSE_CODE_REGEX = '[0-9]{3}'
-
class CertClientManager:
+ def __init__(self, mount_path):
+ self.mount_path = mount_path
+
def run_client_container(self, client_image, container_name, path_to_env, request_url, network):
self.create_mount_dir()
client = docker.from_env()
- environment = self.read_list_env_from_file(path_to_env)
+ environment = EnvsReader().read_env_list_from_file(path_to_env)
environment.append("REQUEST_URL=" + request_url)
container = client.containers.run(
image=client_image,
environment=environment,
network=network,
user='root', #Run container as root to avoid permission issues with volume mount access
- mounts=[Mount(target='/var/certs', source=MOUNT_PATH, type='bind')],
+ mounts=[Mount(target='/var/certs', source=self.mount_path, type='bind')],
detach=True
)
exitcode = container.wait()
return exitcode
- def read_list_env_from_file(self, path):
- f = open(path, "r")
- r_list = []
- for line in f:
- line = line.strip()
- if line[0] != "#":
- r_list.append(line)
- return r_list
-
def remove_client_container_and_save_logs(self, container_name, log_file_name):
client = docker.from_env()
container = client.containers.get(container_name)
- text_file = open(ARCHIVES_PATH + "container_" + log_file_name + ".log", "w")
+ text_file = open(ARCHIVES_PATH + "client_container_" + log_file_name + ".log", "w")
text_file.write(container.logs())
text_file.close()
container.remove()
self.remove_mount_dir()
- def can_open_keystore_and_truststore_with_pass(self):
- keystore_pass_path = MOUNT_PATH + '/keystore.pass'
- keystore_jks_path = MOUNT_PATH + '/keystore.jks'
- can_open_keystore = self.can_open_jks_file_by_pass_file(keystore_pass_path, keystore_jks_path)
-
- truststore_pass_path = MOUNT_PATH + '/truststore.pass'
- truststore_jks_path = MOUNT_PATH + '/truststore.jks'
- can_open_truststore = self.can_open_jks_file_by_pass_file(truststore_pass_path, truststore_jks_path)
-
- return can_open_keystore & can_open_truststore
-
- def can_open_jks_file_by_pass_file(self, pass_file_path, jks_file_path):
- try:
- password = open(pass_file_path, 'rb').read()
- crypto.load_pkcs12(open(jks_file_path, 'rb').read(), password)
- return True
- except:
- return False
-
def create_mount_dir(self):
- if not os.path.exists(MOUNT_PATH):
- os.makedirs(MOUNT_PATH)
+ if not os.path.exists(self.mount_path):
+ os.makedirs(self.mount_path)
def remove_mount_dir(self):
- shutil.rmtree(MOUNT_PATH)
+ shutil.rmtree(self.mount_path)
def can_find_api_response_in_logs(self, container_name):
logs = self.get_container_logs(container_name)
--- /dev/null
+
+class EnvsReader:
+
+ def read_env_list_from_file(self, path):
+ f = open(path, "r")
+ r_list = []
+ for line in f:
+ line = line.strip()
+ if line[0] != "#":
+ r_list.append(line)
+ return r_list
--- /dev/null
+from OpenSSL import crypto
+from cryptography.x509.oid import ExtensionOID
+from cryptography import x509
+from EnvsReader import EnvsReader
+
+class JksFilesValidator:
+
+ def __init__(self, mount_path):
+ self.keystorePassPath = mount_path + '/keystore.pass'
+ self.keystoreJksPath = mount_path + '/keystore.jks'
+ self.truststorePassPath = mount_path + '/truststore.pass'
+ self.truststoreJksPath = mount_path + '/truststore.jks'
+
+ def get_and_compare_data(self, path_to_env):
+ data = self.get_data(path_to_env)
+ return data, self.contains_expected_data(data)
+
+ def can_open_keystore_and_truststore_with_pass(self):
+ can_open_keystore = self.can_open_jks_file_with_pass_file(self.keystorePassPath, self.keystoreJksPath)
+ can_open_truststore = self.can_open_jks_file_with_pass_file(self.truststorePassPath, self.truststoreJksPath)
+
+ return can_open_keystore & can_open_truststore
+
+ def can_open_jks_file_with_pass_file(self, pass_file_path, jks_file_path):
+ try:
+ self.get_certificate(pass_file_path, jks_file_path)
+ return True
+ except:
+ return False
+
+ def get_data(self, path_to_env):
+ envs = self.get_envs_as_dict(EnvsReader().read_env_list_from_file(path_to_env))
+ certificate = self.get_certificate(self.keystorePassPath, self.keystoreJksPath)
+ data = self.get_owner_data_from_certificate(certificate)
+ data['SANS'] = self.get_sans(certificate)
+ return type('', (object,), {"expectedData": envs, "actualData": data})
+
+ def contains_expected_data(self, data):
+ expectedData = data.expectedData
+ actualData = data.actualData
+ return cmp(expectedData, actualData) == 0
+
+ def get_owner_data_from_certificate(self, certificate):
+ list = certificate.get_subject().get_components()
+ return dict((k, v) for k, v in list)
+
+ def get_certificate(self, pass_file_path, jks_file_path):
+ password = open(pass_file_path, 'rb').read()
+ crypto.load_pkcs12(open(jks_file_path, 'rb').read(), password)
+ return crypto.load_pkcs12(open(jks_file_path, 'rb').read(), password).get_certificate()
+
+ def get_sans(self, cert):
+ extension = cert.to_cryptography().extensions.get_extension_for_oid(ExtensionOID.SUBJECT_ALTERNATIVE_NAME)
+ dnsList = extension.value.get_values_for_type(x509.DNSName)
+ return ':'.join(map(lambda dns: dns.encode('ascii','ignore'), dnsList))
+
+ def get_envs_as_dict(self, list):
+ envs = self.get_list_of_pairs_by_mappings(list)
+ return self.remove_nones_from_dict(envs)
+
+ def remove_nones_from_dict(self, dictionary):
+ return dict((k, v) for k, v in dictionary.iteritems() if k is not None)
+
+ def get_list_of_pairs_by_mappings(self, list):
+ mappings = self.get_mappings()
+ listOfEnvs = map(lambda k: k.split('='), list)
+ return dict((mappings.get(a[0]), a[1]) for a in listOfEnvs)
+
+ def get_mappings(self):
+ return {'COMMON_NAME':'CN', 'ORGANIZATION':'O', 'ORGANIZATION_UNIT':'OU', 'LOCATION':'L', 'STATE':'ST', 'COUNTRY':'C', 'SANS':'SANS'}
*** Settings ***
+Resource ../../../common.robot
+Resource ./cert-service-properties.robot
Library RequestsLibrary
Library HttpLibrary.HTTP
Library Collections
-Library ../libraries/CertClientManager.py
-Resource ../../../common.robot
-Resource ./cert-service-properties.robot
+Library ../libraries/CertClientManager.py ${MOUNT_PATH}
+Library ../libraries/JksFilesValidator.py ${MOUNT_PATH}
*** Keywords ***
Should Be Equal As Strings ${exit_code} ${expected_exit_code} Client return: ${exitcode} exit code, but expected: ${expected_exit_code}
Should Be True ${can_open} Cannot Open Keystore/TrustStore by passpshase
+Run Cert Service Client And Validate JKS Files Contain Expected Data
+ [Documentation] Run Cert Service Client Container And Validate JKS Files Contain Expected Data
+ [Arguments] ${env_file} ${expected_exit_code}
+ ${exit_code}= Run Client Container ${DOCKER_CLIENT_IMAGE} ${CLIENT_CONTAINER_NAME} ${env_file} ${CERT_SERVICE_ADDRESS}${CERT_SERVICE_ENDPOINT} ${CERT_SERVICE_NETWORK}
+ ${data} ${isEqual}= Get And Compare Data ${env_file}
+ Remove Client Container And Save Logs ${CLIENT_CONTAINER_NAME} positive_path_with_data
+ Should Be Equal As Strings ${exit_code} ${expected_exit_code} Client return: ${exitcode} exit code, but expected: ${expected_exit_code}
+ Should Be True ${isEqual} Keystore doesn't contain ${data.expectedData}. Actual data is: ${data.actualData}
+
Run Cert Service Client And Validate Http Response Code And Client Exit Code
[Documentation] Run Cert Service Client Container And Validate Exit Code
[Arguments] ${env_file} ${expected_api_response_code} ${expected_exit_code}
${DOCKER_CLIENT_IMAGE} nexus3.onap.org:10001/onap/org.onap.aaf.certservice.aaf-certservice-client:latest
${CLIENT_CONTAINER_NAME} %{ClientContainerName}
${CERT_SERVICE_NETWORK} certservice_certservice
+${MOUNT_PATH} %{WORKSPACE}/tests/aaf/certservice/tmp
Should Be Equal As Integers ${resp.status_code} 202
Should Be Equal accepted ${response_json['requestStatus']}
-#SendPCIOptimizationWithAuth
-# [Documentation] It sends a POST request PCI Optimization service
-#
-# ${data}= Get Binary File ${CURDIR}${/}data${/}pci-opt-request.json
-# ${resp}= Http Post host=${osdf_host} restUrl=/api/oof/v1/pci data=${data} auth=${pci_auth}
-# ${response_json} json.loads ${resp.content}
-# Should Be Equal As Integers ${resp.status_code} 202
-# Should Be Equal accepted ${response_json['requestStatus']}
+SendPCIOptimizationWithAuth
+ [Documentation] It sends a POST request PCI Optimization service
+
+ ${data}= Get Binary File ${CURDIR}${/}data${/}pci-opt-request.json
+ ${resp}= Http Post host=${osdf_host} restUrl=/api/oof/v1/pci data=${data} auth=${pci_auth}
+ ${response_json} json.loads ${resp.content}
+ Should Be Equal As Integers ${resp.status_code} 202
+ Should Be Equal accepted ${response_json['requestStatus']}
Resource sdc_dcaed_interface.robot
*** Test Cases ***
-# This test case implements the steps described in
+# For now, this test case implements the steps described in
# https://wiki.onap.org/display/DW/How+to+Create+a+Service+with+a+Monitoring+Configuration+using+SDC
Create Service With Monitoring Configuration Test
[Tags] sdc-dcae-d