def test_mgmt_vrf_tacacs(): tacacs_params = st.get_service_info(vars.D1, "tacacs") if not set_aaa_authentication_properties(vars.D1, 'failthrough', 'enable'): st.report_fail("authentication failthrough config fail") set_tacacs_server(vars.D1, 'add', tacacs_params.hosts[0].ip, tacacs_params.hosts[0].tcp_port, tacacs_params.hosts[0].timeout, tacacs_params.hosts[0].passkey, tacacs_params.hosts[0].auth_type, tacacs_params.hosts[0].priority, use_mgmt_vrf=True) if not verify_tacacs_server( vars.D1, tacacs_params.hosts[0].ip, tacacs_params.hosts[0].tcp_port, tacacs_params.hosts[0].timeout, tacacs_params.hosts[0].passkey, tacacs_params.hosts[0].auth_type, tacacs_params.hosts[0].priority): st.report_fail("Tacacs_server_configs_are_not_successful", tacacs_params.hosts[0].ip) set_aaa_authentication_properties(vars.D1, 'login', 'tacacs+ local') ip_addr = get_ifconfig_inet(vars.D1, 'eth0') if not ip_addr: st.report_fail('ip_verification_fail') if not poll_wait(connect_to_device, 10, ip_addr[0], mgmt_vrf.tacusername, mgmt_vrf.tacpassword, mgmt_vrf.protocol, mgmt_vrf.ssh_port): tacacs_cleanup(vars.D1, tacacs_params) st.report_fail("mgmt_vrf_tacacs", "failed") tacacs_cleanup(vars.D1, tacacs_params) st.report_pass("mgmt_vrf_tacacs", "successful")
def tacacs_config_verify(): st.log("verifying whether configuring tacacs server is successful or not - FtOpSoScTaCm004") tacacs_params = st.get_service_info(vars.D1, "tacacs") if not sconf_obj.verify_running_config(vars.D1, "TACPLUS_SERVER", tacacs_params.hosts[0].ip, "priority", "1"): st.report_fail("running_config_failed", vars.D1, "TACPLUS_SERVER", tacacs_params.hosts[0].ip, "priority","1") else: st.log("tacacs server configuration is successful")
def test_ft_tacacs_modify_server_parameters(): """ Author: Karthik Kumar Goud Battula([email protected]) This Testcase covers the below scenarios Scenario-1: Verify device behavior when TACACS+ application parameters (valid and invalid) are modified while traffic is running. Scenario-2: Verify that the key and timeout options default to global but may be specified to unique values on a per Server basis. Scenario-3: Verify that the NAS will stop communicating with the current server is the server is down after the duration of the configured server timeout or the default timeout value Scenario-4: Verify that Taccacs server key can be configured with more that 4 special characters """ invalid_l4_port = '59' invalid_pass_key = "key123" invalid_timeout = '10' invalid_ip_addr = '10.10.10.1' tacacs_params = st.get_service_info(vars.D1, "tacacs") tacacs_obj.set_tacacs_server(vars.D1, 'delete', tacacs_params.hosts[1].ip) tacacs_obj.set_tacacs_properties(vars.D1, 'passkey', 'secretstring') st.log("Configuring global tacacs server key with special characters") tacacs_obj.set_tacacs_properties(vars.D1, 'passkey', data.passkey) st.log( "Check client authentication by modifing ip address,timeout,passkey") tacacs_obj.set_tacacs_server(vars.D1, 'add', invalid_ip_addr, invalid_l4_port, invalid_timeout, invalid_pass_key, data.auth_type, data.priority_server2) st.log( "Trying to SSH to the device when TACACS+ server is configured with invalid parameters" ) if ssh_obj.connect_to_device(data.ip_address, data.username, data.password, data.protocol, data.ssh_port): st.log( "Deleting the TACACS+ server which is invalid for failed scenario") tacacs_obj.set_tacacs_server(vars.D1, 'delete', invalid_ip_addr) st.report_fail("Login_to_DUT_via_SSH_is_failed") st.log("Deleting the TACACS+ server which is invalid") tacacs_obj.set_tacacs_server(vars.D1, 'delete', invalid_ip_addr) st.log("Creating valid TACACS+ server") tacacs_obj.set_tacacs_server(vars.D1, 'add', data.tacacs_ser_ip_1, data.tcp_port, data.timeout, data.passkey, data.auth_type, data.priority) st.wait(2, "sync the tacacs server after config changes") st.log( "Trying to SSH to the device with TACACS+ server which is configured with the valid parameters" ) if not ssh_obj.connect_to_device(data.ip_address, data.username, data.password, data.protocol, data.ssh_port): debug_info("test_ft_tacacs_modify_server_parameters", data.tacacs_ser_ip_1) st.report_fail("Login_to_DUT_via_SSH_is_failed") st.report_pass("test_case_passed")
def tacacs_module_hooks(request): # add things at the start of this module global vars vars = st.ensure_min_topology("D1") tacacs_params = st.get_service_info(vars.D1, "tacacs") st.log("Getting IP address of the device") data.clear() data.hosts = ensure_service_params(vars.D1, "tacacs", "hosts") data.tacacs_ser_ip_1 = ensure_service_params(vars.D1, "tacacs", "hosts", 0, "ip") data.tcp_port = ensure_service_params(vars.D1, "tacacs", "hosts", 0, "tcp_port") data.passkey = ensure_service_params(vars.D1, "tacacs", "hosts", 0, "passkey") data.priority = ensure_service_params(vars.D1, "tacacs", "hosts", 0, "priority") data.timeout = ensure_service_params(vars.D1, "tacacs", "hosts", 0, "timeout") data.auth_type = ensure_service_params(vars.D1, "tacacs", "hosts", 0, "auth_type") data.tacacs_ser_ip_2 = ensure_service_params(vars.D1, "tacacs", "hosts", 1, "ip") data.priority_server2 = ensure_service_params(vars.D1, "tacacs", "hosts", 1, "priority") data.time_out = '10' data.username = '******' data.password = '******' data.protocol = 'ssh' data.ssh_port = '22' data.login_type = "tacacs+" data.failthrough_mode = 'enable' data.local_username = '******' data.local_password = '******' data.local_password2 = 'broadcom' data.username1 = 'test' data.password1 = 'test' data.rw_user = {'username': data.username, 'password': data.password, 'mode': 'rw'} data.ro_username = ensure_service_params(vars.D1, "radius", "ro_user", "username") ensure_device_ipaddress() st.log("Configuring authentication login parameter as tacacs+ and local") tacacs_obj.set_aaa_authentication_properties(vars.D1, 'login', 'tacacs+ local') tacacs_obj.set_tacacs_server(vars.D1, 'add', data.tacacs_ser_ip_1, data.tcp_port, data.timeout, data.passkey, data.auth_type, data.priority) yield config_default_tacacs_properties(vars.D1) st.log("Deleting all TACACS+ servers from the device") for i in range(0, 8): tacacs_obj.set_tacacs_server(vars.D1, 'delete', tacacs_params.hosts[i].ip) st.log("Making AAA parameters to default") tacacs_obj.set_aaa_authentication_properties(vars.D1, 'login', 'default') tacacs_obj.set_aaa_authentication_properties(vars.D1, 'failthrough', 'default') clear_vlan_configuration([vars.D1])
def security_warm_reboot_module_hooks(request): # add things at the start of this module init_vars() initialize_variables() get_parms() st.log("Checking whether the platform supports warm-reboot") if not data.platform.lower() in data.constants['WARM_REBOOT_SUPPORTED_PLATFORMS']: st.report_unsupported('test_case_unsupported') st.log("configuring tacacs server") tacacs_config() st.log("Verifying tacacs server details in running-config before warm-reboot") tacacs_config_verify() yield # add things at the end of this module" #Below step will clear the TACACS+ server config from the device tacacs_params = st.get_service_info(vars.D1, "tacacs") tacacs_obj.set_tacacs_server(vars.D1, 'delete', tacacs_params.hosts[0].ip)
def test_ft_tacacs_maximum_servers(): """ Author: Karthik Kumar Goud Battula([email protected]) This testcase covers the below scenarios Scenario-1: Verify that more than one TACACS server can be configured on the NAS, upto the maximum number of servers that are allowed. Scenario-2: Verify that TACACS+ servers with IPv4 and IPv6 address can be added at the same time. Scenario-3: Verify that Maximum number of TACACS IPv4 servers can be configured on DUT. Scenario-4: Verify that Maximum number of TACACS IPv6 servers can be configured on DUT. Scenario-5: Verify the Save and Reload Functionality for TACACS IPv6 feature. """ tacacs_params = st.get_service_info(vars.D1, "tacacs") for i in range(2, 8): ip_addr = ensure_service_params(vars.D1, "tacacs", "hosts", i, "ip") priority = ensure_service_params(vars.D1, "tacacs", "hosts", i, "priority") tacacs_obj.set_tacacs_server(vars.D1, 'add', ip_addr, data.tcp_port, data.timeout, data.passkey, data.auth_type, priority) if not tacacs_obj.verify_tacacs_details(vars.D1, tacacs_params.hosts): st.report_fail("Tacacs_server_configs_are_not_successful", tacacs_params.hosts) st.report_pass("test_case_passed")
def tacacs_config(): st.log("configuring tacacs server") tacacs_params = st.get_service_info(vars.D1, "tacacs") tacacs_obj.set_tacacs_server(vars.D1, 'add', tacacs_params.hosts[0].ip, tacacs_params.hosts[0].tcp_port, tacacs_params.hosts[0].timeout, tacacs_params.hosts[0].passkey, tacacs_params.hosts[0].auth_type, tacacs_params.hosts[0].priority)
def ensure_service_params(dut, *argv): """ Author : Prudvi Mangadu ([email protected]) :param dut: :param argv: Service Name, follower by keys or list index. :return: How to use?: # Importing module: import utilities.utils as utils_obj # Below API call will check and get the tftp ip addresses from "sonic_services.yaml". # Also it first check weather "tftp" service is present in "sonic_services.yaml" or not , # if present then checks for "ip" and return the ip addresses. # If any of "tftp" or "ip" no present in "sonic_services.yaml" file, then test case aborted and # moved to the "NES" state " saying "Test case Not Executed(s) - Required service parameters # is not defined " tftp->ip." tftp_ip = utils_obj.ensure_service_params(dut,"tftp","ip") tftp_path = utils_obj.ensure_service_params(dut,"tftp","path") tacacs_first_server = utils_obj.ensure_service_params(dut, "tacacs", "hosts",0,"ip") tacacs_first_username = utils_obj.ensure_service_params(dut, "tacacs", "hosts",0,"username") tacacs_first_password = utils_obj.ensure_service_params(dut, "tacacs", "hosts",0,"password") tacacs_second_server = utils_obj.ensure_service_params(dut, "tacacs", "hosts",1,"ip") tacacs_second_username = utils_obj.ensure_service_params(dut, "tacacs", "hosts",1,"username") tacacs_second_password = utils_obj.ensure_service_params(dut, "tacacs", "hosts",1,"password") """ if not argv: st.error("Provide atleast one service to ensure") return None service_string = ' -> '.join([str(e) for e in argv]) st.log("Ensure service parameter(s) - {}".format(service_string)) output = st.get_service_info(dut, argv[0]) if not output: st.error("'{}' is not specified in services/default.".format(argv[0])) st.report_env_fail("test_case_not_executed_s_service", service_string) for each in argv[1:]: try: output = output[each] except KeyError as e1: st.log(e1) st.error( "Inside key '{}' : parameter {} is not specified in services/default." .format(argv[0], e1)) st.report_env_fail("test_case_not_executed_s_service", service_string) except IndexError as e2: st.log(e2) st.error( "Inside Key '{}' : list index '{}' is not specified in services/default." .format(argv[0], each)) st.report_env_fail("test_case_not_executed_s_service", service_string) except Exception as e3: st.log(e3) st.error("Service or Parm '{}' not found.".format(each)) st.report_env_fail("test_case_not_executed_s_service", service_string) st.log("Return : {}".format(output)) return output
def global_vars(): global data data = SpyTestDict() data.device_ip = st.get_mgmt_ip(vars.D1) data.ansible_params = st.get_service_info(vars.D1, "ansible") data.ansible_hosts = data.ansible_params.hosts