def rbac_config_user(no_form=0):
result = True
st.banner(
"{}Configuring User(s) to the DUT.".format("Un-" if no_form else ''))
for each in rbac.cred_list:
each.update({'no_form': no_form})
st.banner("Configuring - {}".format(each), delimiter='*')
config(vars.D1, **each)
if not no_form:
sshapi.ssh_copyid(vars.D2, st.get_mgmt_ip(vars.D1), **each)
if not no_form:
if not verify(vars.D1, 'user_list', verify_list=rbac.user_list):
st.error("Failed to config User in DUT")
result = False
if not verify(vars.D1, 'group_list', verify_list=rbac.group_list):
st.error("Failed to config Groups in DUT")
result = False
for username, role in rbac.user_group.items():
if not verify(
vars.D1, user_group=username, verify_list=[{
'group': role
}]):
st.error('Failed to config User with group in DUT')
result = False
if not result:
st.report_fail('rbac_user_config')
def gnmi_apply(dut, **kwargs):
operation = kwargs.get("operation", "get")
if operation == "patch":
action = "set"
elif operation == "delete":
action = "delete"
else:
action = "get"
xpath = kwargs.get("path")
if not xpath:
st.error("XPATH NOT PROVIDED")
return False
ip_addr = st.get_mgmt_ip(dut)
kwargs.update({"ip_address":kwargs.get("ip_address", ip_addr)})
xpath = convert_rest_url_to_gnmi_url(xpath, kwargs.get("url_params"))
kwargs.update({"json_content":kwargs.get("data")})
kwargs.update({"action":action})
if action == "set":
xpath, data = fix_set_url(xpath, kwargs.get("data"))
kwargs.update({"json_content": data})
else:
xpath = fix_get_url(xpath)
if action in ["get", "set", "delete"]:
return _gnmi_operation(dut, xpath, **kwargs)
else:
st.log("Invalid operation for GNMI -- {}".format(action))
return False
def tf_rest_module_config():
global dut_port
device_ip = st.get_mgmt_ip(vars.D1)
dut_port = random.sample(tf_rest_data.all_ports, k=5)
st.log("Randomly Chosen interfaces - {}".format(dut_port))
if not device_ip:
st.error("Failed to get the DUT IP address.")
report_result(0)
def device_eth0_ip_addr():
"""
To get the ip address of device after reboot.
"""
ipaddress = st.get_mgmt_ip(vars.D1)
st.log("Device ip address - {}".format(ipaddress))
if not ipfeature.ping(vars.D1, ipaddress, family='ipv4', external=True):
st.error("Ping reachability is failed between SNMP server and Device.")
def ssh_call(dut, remote_dut=None, **kwargs):
"""
Call to test SSH session using diff users w.r.t RBAC.
Author : Prudvi Mangadu ([email protected])
:param dut:
:param remote_dut:
:param kwargs:
:return:
"""
st.log('Performing SSH call using - {}'.format(kwargs))
for each in ['login_type', 'username', 'password', 'mode']:
if not kwargs.get(each):
st.error("Mandatory argument is not found - {}".format(each))
return False
dut_ip = st.get_mgmt_ip(dut)
result = {'show': True, 'config': True}
result2 = True
username = kwargs.get('username')
password = kwargs.get('password')
login_type = kwargs.get('login_type')
mode = kwargs.get('mode')
if login_type == 'cred':
ssh_out = st.exec_ssh(dut, username, password,
['show vlan config', 'sudo config vlan add 100\n{}'.format(password)])
st.log(ssh_out)
elif login_type == 'pubkey':
show_out = st.exec_ssh_remote_dut(remote_dut, dut_ip, username, password, 'show vlan config')
config_out = st.exec_ssh_remote_dut(remote_dut, dut_ip, username, password,
'sudo config vlan add 100\n{}'.format(password))
ssh_out = show_out + "\n" + config_out
else:
st.error("Invalid 'login_type' used = {}".format(login_type))
return False
if not ssh_out:
st.report_fail('rbac_call_fail', "SSH", mode, login_type)
if 'Sorry, user {} is not allowed to execute'.format(username) in ssh_out or \
"no askpass program specified" in ssh_out:
result['config'] = False
if 'VID' not in ssh_out:
result['show'] = False
st.log(result)
msg = 'Failed to execute show command using ssh session with mode- {mode}, type- {login_type}'
if mode == 'rw' and not all(result.values()):
st.error(msg.format(**kwargs))
result2 = False
if mode == 'ro' and not (result['show'] and not result['config']):
st.error(msg.format(**kwargs))
result2 = False
if not result2:
st.report_fail('rbac_test_status', 'Fail', mode, 'SSH', login_type, result)
st.report_pass('rbac_test_status', 'Pass', mode, 'SSH', login_type, result)
def dhcp_server_config():
'''
1. Install dhcp package
2. Update dhcp files - dhcpd6.conf dhcpd.conf isc-dhcp-server
3. Add static routes
4.Restart dhcp process
'''
hdrMsg("Installing and configuring the dhcp server on dut1")
dut = data.dut1
copy_files_to_dut(st.get_mgmt_ip(dut))
# st.config(dut,'sudo mv /tmp/'+data.dhcp_files[0]+' /etc/default/'+server_filename,skip_error_check=True)
# st.config(dut,'sudo mv /tmp/'+data.dhcp_files[1]+' /etc/dhcp/',skip_error_check=True)
# st.config(dut,'sudo mv /tmp/'+data.dhcp_files[2]+' /etc/dhcp/',skip_error_check=True)
basic_api.move_file_to_local_path(dut,
'/tmp/' + data.dhcp_files[0],
'/etc/default/' + server_filename,
sudo=True,
skip_error_check=True)
basic_api.move_file_to_local_path(dut,
'/tmp/' + data.dhcp_files[1],
'/etc/dhcp/',
sudo=True,
skip_error_check=True)
basic_api.move_file_to_local_path(dut,
'/tmp/' + data.dhcp_files[2],
'/etc/dhcp/',
sudo=True,
skip_error_check=True)
for ip in route_list:
ip_api.create_static_route(dut,
next_hop=dut3_loopback_ip_list[0],
static_ip=ip)
basic_api.deploy_package(dut, mode='update')
basic_api.deploy_package(dut,
options='-o Dpkg::Options::=\"--force-confold\"',
packane_name='isc-dhcp-server',
mode='install',
skip_verify_package=True)
#st.config(dut, "systemctl restart isc-dhcp-server")
st.wait(2)
ps_aux = basic_api.get_ps_aux(data.dut1, "dhcpd")
if len(ps_aux) > 1:
hdrMsg("dhcp server is up and running in dut1")
return True
#st.config(dut, "systemctl restart isc-dhcp-server")
basic_api.service_operations_by_systemctl(dut,
operation='restart',
service='isc-dhcp-server')
ps_aux = basic_api.get_ps_aux(data.dut1, "dhcpd")
st.wait(2)
if len(ps_aux) < 1:
hdrMsg("dhcp server is not up and running in dut1")
return False
return True
def get_vars(self, dut):
# try to read the version info
for _ in range(3):
try:
version_data = self.show_version(dut)
break
except Exception:
st.error("Failed to read version info")
version_data = ""
st.wait(1)
continue
# use default values when the show _version is failed
if not version_data:
st.error("Failed to read version info even after retries")
version_data = {
'product': 'unknown',
'hwsku': 'unknown',
'version': 'unknown',
}
retval = dict()
retval["product"] = version_data['product']
retval["hwsku"] = version_data['hwsku']
retval["version"] = version_data['version']
retval["constants"] = st.get_datastore(dut, "constants")
retval["redis_db_cli"] = redis.db_cli_init(dut)
retval["mgmt_ifname"] = st.get_mgmt_ifname(dut)
retval["mgmt_ipv4"] = st.get_mgmt_ip(dut)
try:
retval["mgmt_mac"] = mac.get_sbin_intf_mac(dut,
retval["mgmt_ifname"])
except Exception:
retval["mgmt_mac"] = "unknown"
output = st.show(dut, 'ls /etc/sonic/bcmsim.cfg', skip_tmpl=True)
is_vsonic = not bool(re.search(r'No such file or directory', output))
retval["is_vsonic"] = is_vsonic
output = st.config(dut, "fast-reboot -h", skip_error_check=True)
if "skip the user confirmation" in output:
retval["reboot-confirm"] = True
else:
retval["reboot-confirm"] = False
return retval
def oc_yang_ver_module_hooks(request):
global vars
vars = st.ensure_min_topology("D1")
credentials = st.get_credentials(vars.D1)
oc_yang_data.username = credentials[0]
oc_yang_data.password = credentials[3]
oc_yang_data.dut_ip_addr = st.get_mgmt_ip(vars.D1)
oc_yang_data.base_url = "restconf/data/"
oc_yang_data.version = get_version(vars.D1)
oc_yang_data.new_major_version = new_version(oc_yang_data.version)
oc_yang_data.new_minor_version = new_version(oc_yang_data.version,
flag="minor")
oc_yang_data.new_patch_version = new_version(oc_yang_data.version,
flag="patch")
yield
def copy_files_to_server():
st.log(
"Scp the resyslog.conf file from the current location to /tmp on the server"
)
ssh = SSHClient()
ssh.load_system_host_keys()
ssh.set_missing_host_key_policy(AutoAddPolicy())
#ssh.connect(dut_ip, username='******', password='******')
ssh.connect(st.get_mgmt_ip(data.dut2_server),
username='******',
password=st.get_credentials(data.dut2_server)[3])
ssh.exec_command('sudo -i')
scp = SCPClient(ssh.get_transport())
for file in data.syslog_file_path:
scp.put(file, "/tmp")
scp.close()
def send_rest_request(dut, feature, method, parms_data, timeout=30, port=8361):
"""
Construct URL for rest request and send to device
Author: Prudvi Mangadu ([email protected])
Ex:- http://10.130.84.46:80/broadview/bst/clear-bst-thresholds
:param dut:
:param feature:
:param method:
:param parms_data:
:param timeout: (Default 30sec)
:param port: (Default 8361)
:return:
"""
global request_id
device_ip = st.get_mgmt_ip(dut)
url = 'http://{}:{}/broadview/{}/{}'.format(device_ip, port, feature, method)
st.log("URL: {}".format(url))
json_data = '{"jsonrpc": "2.0", "method": "' + method + '", "asic-id": "0","params": ' + \
json.dumps(parms_data) + ',"id": ' + str(request_id) + '}'
request_id += 1
st.log("JSON Data: {}".format(json_data))
response_flag = False
for retry in range(1, 4):
msg = "Trying REST request for iteration '{}'".format(retry)
st.log(msg)
try:
response = requests.post(url, data=json_data, timeout=timeout)
response_flag = True
break
except requests.ConnectionError:
st.error("A Connection error occurred.")
except requests.Timeout:
st.error("The request timed out.")
except Exception as e:
st.error(e)
if not response_flag:
return False
st.log("Response code : {}".format(response.status_code))
if response.status_code != 200:
st.log("Error: Response : {}".format(response))
st.log("Error: Response.text : {}".format(response.text))
return False
return response
def ansible_st_module_hooks(request):
global dut_dict, dut_ip_dict, host_name_dict, host_name_dict1
dut_dict, dut_ip_dict, host_name_dict, host_name_dict1 = {}, {}, {}, {}
st.ensure_min_topology("D1T1:2")
dut_list = st.get_dut_names()
for index in range(len(dut_list)):
dut_name = "dut" + str(index)
dut_dict[dut_name] = dut_list[index]
dut = dut_list[index]
st.log("get host name from DUTs")
host_name = basic.get_hostname(dut)
host_name_dict[dut_name] = host_name
dut_ip_dict[dut_name] = st.get_mgmt_ip(dut)
new_host_name = "dut" + str(index) + str(index) + str(index)
host_name_dict1[dut_name] = new_host_name
st.log("create new host name in DUTs")
basic.set_hostname(dut,host_name_dict1[dut_name])
yield
st.log("revert host name in DUTs")
for key in dut_dict.keys():
basic.set_hostname(dut_dict[key], host_name_dict[key])
def test_ft_ssh_config_reload_docker():
"""
Author : Prudvi Mangadu ([email protected])
"""
result = True
get_docker_ps(vars.D1)
count = get_and_match_docker_count(vars.D1)
ssh_d1 = connect_to_device(st.get_mgmt_ip(vars.D1), ssh_data.usr_default,
ssh_data.pwd_final)
if ssh_d1:
st.log(
"Executing command - 'sudo config reload -y &' in to the SSH session."
)
st.log(execute_command(ssh_d1, 'sudo config reload -y &'))
st.wait(5, 'After executing "config reload" cmd on SSH session.')
st.log("Forcefully disconnecting the SSH session..")
ssh_disconnect(ssh_d1)
else:
st.error('Cannot SSH into Device with default credentials')
st.report_fail("ssh_failed")
if not poll_wait(verify_docker_status, 180, vars.D1, 'Exited'):
st.error(
"Post 'config reload' from SSH, dockers are not auto recovered.")
result = False
if result:
if not poll_wait(get_and_match_docker_count, 180, vars.D1, count):
st.error("Post 'config reload' from SSH, ALL dockers are not UP.")
result = False
if not result:
st.log("Test Failed: So recovering the device by reboot.")
st.reboot(vars.D1)
st.report_fail("test_case_failed")
st.report_pass("test_case_passed")
def ping_validation():
if not ping_poll(
vars.D2, st.get_mgmt_ip(vars.D1), family='ipv4', iter=3, delay=10):
dump_mgmt_connectivity_info(vars.D1)
st.error("D2->D1: Ping reachability is failed.")
st.report_fail('ping_fail_from_DUT_to_DUt', "D2", "D1")
def test_ft_ssh_add_user_verify():
"""
Author : Prudvi Mangadu ([email protected])
"""
user_ssh = 0
acl_sshv4 = 0
acl_sshv6 = 0
acl_snmp = 0
if not snmp_config(config='add'): acl_snmp = +1
ipaddress = st.get_mgmt_ip(vars.D1)
if not ipaddress:
st.report_env_fail("ip_verification_fail")
snmp_cmd = "snmpget -Oqv -v 2c -c {} {} {}".format(ssh_data.ro_community,
ipaddress,
ssh_data.oid_sysName)
out = config_nondefault_user()
if not out: user_ssh = +1
st.log("connecting to device with username={},password={}".format(
ssh_data.usr_default, ssh_data.pwd_final))
if not st.exec_ssh(vars.D1, ssh_data.usr_default, ssh_data.pwd_final,
ssh_data.commands_to_verify):
st.error('Cannot SSH into Device with default credentials')
user_ssh = +1
st.log('connecting to device with username={},password={}'.format(
ssh_data.usr_non_default, ssh_data.pwd_non_default))
if not st.exec_ssh(vars.D1, ssh_data.usr_non_default,
ssh_data.pwd_non_default, ssh_data.commands_to_verify):
st.error('Cannot SSH into Device with non-default credentials')
user_ssh = +1
output = verify_ssh_connection(vars.D2, ssh_data.ipv4_address_D1D2P2,
ssh_data.usr_default, ssh_data.pwd_final)
if not output:
user_ssh = +1
IPAddr = ensure_service_params(vars.D1, "snmptrap", "ip") + "/32"
change_acl_rules(acl_data.acl_json_config_control_plane, "SNMP_SSH|RULE_1",
"SRC_IP", IPAddr)
change_acl_rules(acl_data.acl_json_config_control_plane, "SNMP_SSH|RULE_2",
"SRC_IP", IPAddr)
change_acl_rules(acl_data.acl_json_config_control_plane, "SNMP_SSH|RULE_3",
"SRC_IP", ssh_data.ipv4_network)
change_acl_rules(acl_data.acl_json_config_control_plane,
"V6_SSH_ONLY|RULE_1", "SRC_IPV6",
ssh_data.ipv6_network_D1)
acl_config = acl_data.acl_json_config_control_plane
st.log("ACL_DATA: {}".format(acl_config))
acl_obj.apply_acl_config(vars.D1, acl_config)
acl_obj.show_acl_table(vars.D1)
acl_obj.show_acl_rule(vars.D1)
if not poll_wait(acl_obj.verify_acl_table_rule, 5, vars.D1, "SNMP_SSH",
"RULE_1"):
st.error("Failed to create ACL rule '{}' ".format("SNMP_SSH"))
acl_snmp = +1
if not poll_wait(acl_obj.verify_acl_table_rule, 5, vars.D1, "SNMP_SSH",
"RULE_2"):
st.error("Failed to create ACL rule '{}' ".format("SNMP_SSH"))
acl_sshv4 = +1
if not poll_wait(acl_obj.verify_acl_table_rule, 5, vars.D1, "V6_SSH_ONLY",
"RULE_1"):
st.error("Failed to create ACL rule '{}' ".format("V6_SSH_ONLY"))
acl_sshv6 = +1
hostname = get_hostname(vars.D1)
st.log("HOSTNAME: {}".format(hostname))
snmp_out = execute_command(ssh_conn_obj, snmp_cmd)
if hostname not in snmp_out:
st.error("SNMP walk operation is failed")
acl_snmp = +1
st.log("connecting to device with default username={},password={}".format(
ssh_data.usr_default, ssh_data.pwd_final))
output = verify_ssh_connection(vars.D2, ssh_data.ipv4_address_D1D2P2,
ssh_data.usr_default, ssh_data.pwd_final)
if output: acl_sshv4 = +1
output = verify_ssh_connection(vars.D2, ssh_data.ipv6_address_D1D2P2,
ssh_data.usr_default, ssh_data.pwd_final)
if output: acl_sshv6 = +1
output = verify_ssh_connection(vars.D2, ssh_data.ipv4_address_D1D2P1,
ssh_data.usr_default, ssh_data.pwd_final)
if not output: acl_sshv4 = +1
output = verify_ssh_connection(vars.D2, ssh_data.ipv6_address_D1D2P1,
ssh_data.usr_default, ssh_data.pwd_final)
if not output: acl_sshv6 = +1
st.log(
"connecting to device with non default username={},password={}".format(
ssh_data.usr_non_default, ssh_data.pwd_non_default))
output = verify_ssh_connection(vars.D2, ssh_data.ipv4_address_D1D2P1,
ssh_data.usr_non_default,
ssh_data.pwd_non_default)
if not output: acl_sshv4 = +1
output = verify_ssh_connection(vars.D2, ssh_data.ipv6_address_D1D2P1,
ssh_data.usr_non_default,
ssh_data.pwd_non_default)
if not output: acl_sshv6 = +1
config_save(vars.D1)
st.log('rebooting the device.')
st.reboot(vars.D1, 'fast')
acl_obj.show_acl_table(vars.D1)
acl_obj.show_acl_rule(vars.D1)
if not poll_wait(acl_obj.verify_acl_table_rule, 5, vars.D1, "SNMP_SSH",
"RULE_2"):
st.log("Failed to create ACL rule '{}' ".format("SSH_SSH"))
acl_sshv4 = +1
if not poll_wait(acl_obj.verify_acl_table_rule, 5, vars.D1, "V6_SSH_ONLY",
"RULE_1"):
st.log("Failed to create ACL rule '{}' ".format("V6_SSH_ONLY"))
acl_sshv4 = +1
if not poll_wait(acl_obj.verify_acl_table_rule, 5, vars.D1, "SNMP_SSH",
"RULE_1"):
st.error("Failed to create ACL rule '{}' ".format("SNMP_SSH"))
acl_snmp = +1
ipaddress = st.get_mgmt_ip(vars.D1)
if not ipaddress or not ip_obj.ping(vars.D1, IPAddr.strip('/32')):
st.error(
"Ping to SNMP server or getting ip address to the dut is failed after reload"
)
acl_obj.acl_delete(vars.D1)
config_nondefault_user(config='remove')
st.report_fail("ip_verification_fail")
snmp_cmd = "snmpget -Oqv -v 2c -c {} {} {}".format(ssh_data.ro_community,
ipaddress,
ssh_data.oid_sysName)
hostname = get_hostname(vars.D1)
snmp_out = execute_command(ssh_conn_obj, snmp_cmd)
if hostname not in snmp_out:
st.error("SNMP walk operation is failed after reload")
acl_snmp = +1
st.log('Verifying SNMP ACL with invalid source address')
change_acl_rules(acl_data.acl_json_config_control_plane, "SNMP_SSH|RULE_1",
"SRC_IP", "2.2.2.0/24")
acl_config = acl_data.acl_json_config_control_plane
acl_obj.acl_delete(vars.D1)
acl_obj.apply_acl_config(vars.D1, acl_config)
st.wait(3, "Waiting to apply acl rules")
snmp_out = execute_command(ssh_conn_obj, snmp_cmd)
if "Timeout" not in snmp_out: acl_snmp = +1
st.log("connecting to device with default username={},password={}".format(
ssh_data.usr_default, ssh_data.pwd_final))
output = verify_ssh_connection(vars.D2, ssh_data.ipv4_address_D1D2P2,
ssh_data.usr_default, ssh_data.pwd_final)
if output: acl_sshv4 = +1
output = verify_ssh_connection(vars.D2, ssh_data.ipv6_address_D1D2P2,
ssh_data.usr_default, ssh_data.pwd_final)
if output: acl_sshv6 = +1
output = verify_ssh_connection(vars.D2, ssh_data.ipv4_address_D1D2P1,
ssh_data.usr_default, ssh_data.pwd_final)
if not output: acl_sshv4 = +1
output = verify_ssh_connection(vars.D2, ssh_data.ipv6_address_D1D2P1,
ssh_data.usr_default, ssh_data.pwd_final)
if not output: acl_sshv6 = +1
if acl_sshv4:
st.report_tc_fail("test_ft_controlplane_acl_service_sshv4",
"ssh_failed",
"with control plane ACL service SSHv4 after reboot")
else:
st.report_tc_pass("test_ft_controlplane_acl_service_sshv4",
"ssh_failed",
"with control plane ACL service SSHv4 after reboot")
if acl_sshv6:
st.report_tc_fail("test_ft_controlplane_acl_service_sshv6",
"ssh_failed",
"with control plane ACL service SSHv6 after reboot")
else:
st.report_tc_pass("test_ft_controlplane_acl_service_sshv6",
"ssh_failed",
"with control plane ACL service SSHv6 after reboot")
if acl_snmp:
st.report_tc_fail("test_ft_controlplane_acl_service_snmp",
"snmp_output_failed",
"with control plane ACL service SNMP after reboot")
else:
st.report_tc_pass("test_ft_controlplane_acl_service_snmp",
"snmp_output_failed",
"with control plane ACL service SNMP after reboot")
acl_obj.acl_delete(vars.D1)
if acl_sshv4 or acl_sshv6 or acl_snmp:
st.generate_tech_support(vars.D1,
"controlplane_acl_services_after_reboot")
st.log('Verifying SSH connection after removing control plane ACLs')
st.log("connecting to device with username={},password={}".format(
ssh_data.usr_default, ssh_data.pwd_final))
if not st.exec_ssh(vars.D1, ssh_data.usr_default, ssh_data.pwd_final,
ssh_data.commands_to_verify):
st.error(
'Cannot SSH into Device with default credentials after reboot')
user_ssh = +1
st.log('connecting to device with username={},password={}'.format(
ssh_data.usr_non_default, ssh_data.pwd_non_default))
if not st.exec_ssh(vars.D1, ssh_data.usr_non_default,
ssh_data.pwd_non_default, ssh_data.commands_to_verify):
st.error(
'Cannot SSH into Device with non-default credentials after reboot')
user_ssh = +1
config_nondefault_user(config='remove')
if (user_ssh or acl_snmp or acl_sshv4 or acl_sshv6):
st.report_fail("test_case_failed")
st.report_pass("test_case_passed")
def rest_rbac_call(dut, **kwargs):
"""
Call to test REST sessions using diff users w.r.t RBAC.
Author : Prudvi Mangadu ([email protected])
:param dut:
:param kwargs:
:return:
"""
banner_log('Performing REST call using - {}'.format(kwargs))
for each in ['login_type', 'username', 'password', 'mode']:
if not kwargs.get(each):
st.error("Mandatory argument is not found - {}".format(each))
return False
result = {'get': True, 'put': True}
result2 = True
pass_status = [200, 204]
fail_status = [401, 403]
username = kwargs.get('username')
password = kwargs.get('password')
login_type = kwargs.get('login_type')
mode = kwargs.get('mode')
operation_down = {"sonic-port:admin_status": "down"}
operation_up = {"sonic-port:admin_status": "up"}
port = st.get_free_ports(dut)[0]
device_ip = st.get_mgmt_ip(dut)
cert = kwargs.get("cert")
url = 'restconf/data/sonic-port:sonic-port/PORT/PORT_LIST={}/admin_status'.format(
port)
if login_type == 'cred':
headers1 = {
'Content-Type': 'application/yang-data+json',
'Accept': 'application/yang-data+json'
}
rest_get_out = rest_call(dut,
headers=headers1,
username=username,
password=password,
url=url,
call_type='get')
st.log(rest_get_out)
rest_put_out = rest_call(dut,
headers=headers1,
username=username,
password=password,
url=url,
call_type='put',
data=operation_down)
st.log(rest_put_out)
elif login_type == 'token':
headers2 = {
'Content-Type': 'application/yang-data+json',
'Accept': 'application/yang-data+json',
'Authorization': 'Bearer {}'
}
tocken = get_jwt_token(dut, username=username, password=password)
if not tocken:
st.report_fail('rbac_test_jwt_token_fail', mode, login_type)
headers2['Authorization'] = headers2['Authorization'].format(tocken)
rest_get_out = rest_call(dut,
headers=headers2,
url=url,
call_type='get')
st.log(rest_get_out)
rest_put_out = rest_call(dut,
headers=headers2,
url=url,
call_type='put',
data=operation_up)
st.log(rest_put_out)
elif login_type == 'cert':
get_curl = 'curl --key {} --cert {} ' \
'"https://localhost/restconf/data/sonic-port:sonic-port/PORT/PORT_LIST={}/admin_status"' \
' -k'.format(cert[0], cert[1], port)
out = st.show(dut, get_curl, skip_tmpl=True, skip_error_check=True)
rest_get_out = {'status': 401}
rest_put_out = {'status': 200}
if 'sonic-port:admin_status' in out:
rest_get_out = {'status': 200}
else:
st.error("Invalid 'login_type' used = {}".format(login_type))
return False
if not (rest_get_out and rest_put_out):
st.report_fail('rbac_call_fail', "REST", mode, login_type)
msg = 'Failed to authenticate using rest session with mode- {mode}, type- {login_type}'
if mode == 'rw' and not (rest_get_out["status"] in pass_status
and rest_put_out["status"] in pass_status):
st.error(msg.format(**kwargs))
result2 = False
if mode == 'ro' and not (rest_get_out["status"] in pass_status
and rest_put_out["status"] in fail_status):
st.error(msg.format(**kwargs))
result2 = False
if not result2:
st.report_fail('rbac_test_status', 'Fail', mode, 'REST', login_type,
result)
st.report_pass('rbac_test_status', 'Pass', mode, 'REST', login_type,
result)
def verify_server(**kwargs):
mgmt_intf = kwargs.get('mgmt_intf', None)
phy = kwargs.get('phy', None)
vlan = kwargs.get('vlan', None)
pc = kwargs.get('pc', None)
loop_bk = kwargs.get('loop_bk', None)
#source_intf = kwargs.get('source_intf','')
#remote_port = kwargs.get('remote_port','')
#source_intf_name = kwargs.get('source_intf_name',None)
vrf = kwargs.get('vrf', None)
config = kwargs.get('config', '')
family = kwargs.get('family', 'ip')
if mgmt_intf != None:
host = st.get_mgmt_ip(
data.dut2_server) if family != 'ipv6' else data.dut2_mgmt_ipv6[0]
result = log_obj.verify_remote_syslog_server(dut=data.dut1_client,
host=host,
config=config)
return result
if phy != None:
if vrf != None:
host = data.dut2_dut3_ip[
0] if family != 'ipv6' else data.dut2_dut3_ipv6[0]
result = log_obj.verify_remote_syslog_server(
dut=data.dut3_client,
host=host,
source_intf=data.d3_d2_ports[0],
vrf=data.dut3_vrf_phy)
else:
host = data.dut2_dut1_ip[
0] if family != 'ipv6' else data.dut2_dut1_ipv6[0]
result = log_obj.verify_remote_syslog_server(
dut=data.dut1_client,
host=host,
source_intf=data.d1_d2_ports[0])
return result
if vlan != None:
if vrf != None:
host = data.dut2_dut3_ip[
1] if family != 'ipv6' else data.dut2_dut3_ipv6[1]
result = log_obj.verify_remote_syslog_server(
dut=data.dut3_client,
host=host,
source_intf='Vlan' + data.dut2_dut3_vlan[0],
vrf=data.dut3_vrf_vlan)
else:
host = data.dut2_dut1_ip[
1] if family != 'ipv6' else data.dut2_dut1_ipv6[1]
result = log_obj.verify_remote_syslog_server(
dut=data.dut1_client,
host=host,
source_intf='Vlan' + data.dut1_dut2_vlan[0])
return result
if pc != None:
if vrf != None:
host = data.dut2_dut3_ip[
2] if family != 'ipv6' else data.dut2_dut3_ipv6[2]
result = log_obj.verify_remote_syslog_server(
dut=data.dut3_client,
host=host,
source_intf=data.portchannel_2,
vrf=data.dut3_vrf_pc)
else:
host = data.dut2_dut1_ip[
2] if family != 'ipv6' else data.dut2_dut1_ipv6[2]
result = log_obj.verify_remote_syslog_server(
dut=data.dut1_client, host=host, source_intf=data.portchannel)
return result
if loop_bk != None:
if vrf != None:
host = data.dut2_loopback_ip[
1] if family != 'ipv6' else data.dut2_loopback_ipv6[1]
result = log_obj.verify_remote_syslog_server(
dut=data.dut3_client,
host=host,
source_intf=data.dut3_loopback[1],
vrf=data.dut3_vrf_phy)
else:
host = data.dut2_loopback_ip[
0] if family != 'ipv6' else data.dut2_loopback_ipv6[0]
result = log_obj.verify_remote_syslog_server(
dut=data.dut1_client,
host=host,
source_intf=data.dut1_loopback[0])
return result
def rest_call(dut, **kwargs):
"""
Rest call to perform GET, POST, PUT operation with auth and JWT token.
Author: Prudvi Mangadu ([email protected])
:param dut:
:param kwargs:
:return:
Usage:
# User based calls
rest_call(dut, headers=headers1, username='******', password='******',
url='restconf/data/sonic-port:sonic-port/PORT/PORT_LIST=Ethernet0/admin_status', call_type='get')
rest_call(dut, headers=headers1, username='******', password='******',
url='restconf/data/sonic-port:sonic-port/PORT/PORT_LIST=Ethernet0/admin_status', call_type='put',
data={"sonic-port:admin_status":"down"})
rest_call(dut, headers=headers1, username='******', password='******',
url='restconf/data/sonic-port:sonic-port/PORT/PORT_LIST=Ethernet0/admin_status', call_type='get')
# Token based calls
rest_call(dut, headers=headers2,
url='restconf/data/sonic-port:sonic-port/PORT/PORT_LIST=Ethernet0/admin_status', call_type='get')
rest_call(dut, headers=headers2,
url='restconf/data/sonic-port:sonic-port/PORT/PORT_LIST=Ethernet0/admin_status', call_type='put',
data={"sonic-port:admin_status":"up"})
rest_call(dut, headers=headers2,
url='restconf/data/sonic-port:sonic-port/PORT/PORT_LIST=Ethernet0/admin_status', call_type='get')
"""
device_ip = st.get_mgmt_ip(dut)
call_type = kwargs.get('call_type', 'get')
port = kwargs.get('port', '443')
url = kwargs.get('url')
headers = kwargs.get('headers')
data = kwargs.get('data')
username = kwargs.get('username')
password = kwargs.get('password')
timeout = kwargs.get('timeout', 30)
cert = kwargs.get('cert')
verify = kwargs.get('verify', False)
if port:
final_url = "https://{}:{}/{}".format(device_ip, port, url)
else:
final_url = "https://{}/{}".format(device_ip, url)
st.log("{} - URL : {}".format(call_type.upper(), final_url))
call_data = {'verify': verify, 'timeout': timeout}
if data:
if isinstance(data, dict):
call_data['data'] = json.dumps(data)
else:
call_data['data'] = data
if username and password:
call_data['auth'] = (username, password)
if headers:
call_data['headers'] = headers
if cert:
call_data['cert'] = cert
st.log("Call Data : {}".format(call_data))
# response type
warnings.filterwarnings('ignore', message='Unverified HTTPS request')
try:
if call_type == 'put':
response = requests.put(final_url, **call_data)
elif call_type == 'post':
response = requests.post(final_url, **call_data)
elif call_type == 'patch':
response = requests.patch(final_url, **call_data)
elif call_type == 'delete':
response = requests.delete(final_url, **call_data)
else:
response = requests.get(final_url, **call_data)
except requests.ConnectionError:
st.error("A Connection error occurred.")
return False
except requests.Timeout:
st.error("The request timed out.")
return False
except Exception as e:
st.error(e)
return False
st.log("Response Code: {}, Text: {}".format(response.status_code,
response.text))
return {"status": response.status_code, "output": response.text}
def snmp_func_hooks(request):
global ipaddress
ipaddress = st.get_mgmt_ip(vars.D1)
yield
def test_ft_ansible_playbooks_chk_use_vdi():
device_ip = st.get_mgmt_ip(vars.D1)
result = True
if not ansible_obj.verify_ansible_playbook_vdi(
vars.D1, "ping.yml", host=device_ip, ok="1", fail="0"):
result = False
st.report_tc_fail("ft_ansible_host_ping_playbook", "ansible_fail")
st.report_tc_fail("ft_ansible_host_ping_using_pwd", "ansible_fail")
st.report_tc_fail("ft_ansible_host_ping_using_ssh", "ansible_fail")
st.report_tc_fail("ft_ansible_host_multiple_grp_ping", "ansible_fail")
else:
st.report_tc_pass("ft_ansible_host_ping_playbook",
"ansible_playbook_success")
st.report_tc_pass("ft_ansible_host_ping_using_pwd",
"ansible_playbook_success")
st.report_tc_pass("ft_ansible_host_ping_using_ssh",
"ansible_playbook_success")
st.report_tc_pass("ft_ansible_host_multiple_grp_ping",
"ansible_playbook_success")
if not ansible_obj.verify_ansible_playbook_vdi(
vars.D1, "fact.yml", host=device_ip, ok="2", fail="0"):
result = False
st.report_tc_fail("ft_ansible_host_fact_playbook", "ansible_fail")
else:
st.report_tc_pass("ft_ansible_host_fact_playbook",
"ansible_playbook_success")
if not ansible_obj.verify_ansible_playbook_vdi(
vars.D1, "fact_false.yml", host=device_ip, ok="1", fail="0"):
result = False
st.report_tc_fail("ft_ansible_fact_cmd_line", "ansible_fail")
st.report_tc_fail("ft_ansible_host_adhoc_cmd", "ansible_fail")
else:
st.report_tc_pass("ft_ansible_fact_cmd_line",
"ansible_playbook_success")
st.report_tc_pass("ft_ansible_host_adhoc_cmd",
"ansible_playbook_success")
if not ansible_obj.verify_ansible_playbook_vdi(
vars.D1, "copy.yml", host=device_ip, ok="2", fail="0"):
result = False
st.report_tc_fail("ft_ansible_copy_playbook", "ansible_fail")
else:
st.report_tc_pass("ft_ansible_copy_playbook",
"ansible_playbook_success")
if not ansible_obj.verify_ansible_playbook_vdi(
vars.D1, "role_test.yml", host=device_ip, fail="0"):
result = False
st.report_tc_fail("ft_ansible_playbook_role", "ansible_fail")
st.report_tc_fail("ft_ansible_playbook_tags", "ansible_fail")
st.report_tc_fail("ft_ansible_package_chk_using_cmd", "ansible_fail")
else:
st.report_tc_pass("ft_ansible_playbook_role",
"ansible_playbook_success")
st.report_tc_pass("ft_ansible_playbook_tags",
"ansible_playbook_success")
st.report_tc_pass("ft_ansible_package_chk_using_cmd",
"ansible_playbook_success")
if not ansible_obj.verify_ansible_playbook_vdi(
vars.D1, "handler.yml", host=device_ip, fail="0"):
result = False
st.report_tc_fail("ft_ansible_playbook_handler", "ansible_fail")
else:
st.report_tc_pass("ft_ansible_playbook_handler",
"ansible_playbook_success")
if result:
st.report_pass("ansible_playbook_success")
else:
st.report_fail("ansible_fail")
def global_vars():
global data
data = SpyTestDict()
data.device_ip = st.get_mgmt_ip(vars.D1)
data.ansible_params = st.get_service_info(vars.D1, "ansible")
data.ansible_hosts = data.ansible_params.hosts
