def rbac_config_user(no_form=0): result = True st.banner( "{}Configuring User(s) to the DUT.".format("Un-" if no_form else '')) for each in rbac.cred_list: each.update({'no_form': no_form}) st.banner("Configuring - {}".format(each), delimiter='*') config(vars.D1, **each) if not no_form: sshapi.ssh_copyid(vars.D2, st.get_mgmt_ip(vars.D1), **each) if not no_form: if not verify(vars.D1, 'user_list', verify_list=rbac.user_list): st.error("Failed to config User in DUT") result = False if not verify(vars.D1, 'group_list', verify_list=rbac.group_list): st.error("Failed to config Groups in DUT") result = False for username, role in rbac.user_group.items(): if not verify( vars.D1, user_group=username, verify_list=[{ 'group': role }]): st.error('Failed to config User with group in DUT') result = False if not result: st.report_fail('rbac_user_config')
def gnmi_apply(dut, **kwargs): operation = kwargs.get("operation", "get") if operation == "patch": action = "set" elif operation == "delete": action = "delete" else: action = "get" xpath = kwargs.get("path") if not xpath: st.error("XPATH NOT PROVIDED") return False ip_addr = st.get_mgmt_ip(dut) kwargs.update({"ip_address":kwargs.get("ip_address", ip_addr)}) xpath = convert_rest_url_to_gnmi_url(xpath, kwargs.get("url_params")) kwargs.update({"json_content":kwargs.get("data")}) kwargs.update({"action":action}) if action == "set": xpath, data = fix_set_url(xpath, kwargs.get("data")) kwargs.update({"json_content": data}) else: xpath = fix_get_url(xpath) if action in ["get", "set", "delete"]: return _gnmi_operation(dut, xpath, **kwargs) else: st.log("Invalid operation for GNMI -- {}".format(action)) return False
def tf_rest_module_config(): global dut_port device_ip = st.get_mgmt_ip(vars.D1) dut_port = random.sample(tf_rest_data.all_ports, k=5) st.log("Randomly Chosen interfaces - {}".format(dut_port)) if not device_ip: st.error("Failed to get the DUT IP address.") report_result(0)
def device_eth0_ip_addr(): """ To get the ip address of device after reboot. """ ipaddress = st.get_mgmt_ip(vars.D1) st.log("Device ip address - {}".format(ipaddress)) if not ipfeature.ping(vars.D1, ipaddress, family='ipv4', external=True): st.error("Ping reachability is failed between SNMP server and Device.")
def ssh_call(dut, remote_dut=None, **kwargs): """ Call to test SSH session using diff users w.r.t RBAC. Author : Prudvi Mangadu ([email protected]) :param dut: :param remote_dut: :param kwargs: :return: """ st.log('Performing SSH call using - {}'.format(kwargs)) for each in ['login_type', 'username', 'password', 'mode']: if not kwargs.get(each): st.error("Mandatory argument is not found - {}".format(each)) return False dut_ip = st.get_mgmt_ip(dut) result = {'show': True, 'config': True} result2 = True username = kwargs.get('username') password = kwargs.get('password') login_type = kwargs.get('login_type') mode = kwargs.get('mode') if login_type == 'cred': ssh_out = st.exec_ssh(dut, username, password, ['show vlan config', 'sudo config vlan add 100\n{}'.format(password)]) st.log(ssh_out) elif login_type == 'pubkey': show_out = st.exec_ssh_remote_dut(remote_dut, dut_ip, username, password, 'show vlan config') config_out = st.exec_ssh_remote_dut(remote_dut, dut_ip, username, password, 'sudo config vlan add 100\n{}'.format(password)) ssh_out = show_out + "\n" + config_out else: st.error("Invalid 'login_type' used = {}".format(login_type)) return False if not ssh_out: st.report_fail('rbac_call_fail', "SSH", mode, login_type) if 'Sorry, user {} is not allowed to execute'.format(username) in ssh_out or \ "no askpass program specified" in ssh_out: result['config'] = False if 'VID' not in ssh_out: result['show'] = False st.log(result) msg = 'Failed to execute show command using ssh session with mode- {mode}, type- {login_type}' if mode == 'rw' and not all(result.values()): st.error(msg.format(**kwargs)) result2 = False if mode == 'ro' and not (result['show'] and not result['config']): st.error(msg.format(**kwargs)) result2 = False if not result2: st.report_fail('rbac_test_status', 'Fail', mode, 'SSH', login_type, result) st.report_pass('rbac_test_status', 'Pass', mode, 'SSH', login_type, result)
def dhcp_server_config(): ''' 1. Install dhcp package 2. Update dhcp files - dhcpd6.conf dhcpd.conf isc-dhcp-server 3. Add static routes 4.Restart dhcp process ''' hdrMsg("Installing and configuring the dhcp server on dut1") dut = data.dut1 copy_files_to_dut(st.get_mgmt_ip(dut)) # st.config(dut,'sudo mv /tmp/'+data.dhcp_files[0]+' /etc/default/'+server_filename,skip_error_check=True) # st.config(dut,'sudo mv /tmp/'+data.dhcp_files[1]+' /etc/dhcp/',skip_error_check=True) # st.config(dut,'sudo mv /tmp/'+data.dhcp_files[2]+' /etc/dhcp/',skip_error_check=True) basic_api.move_file_to_local_path(dut, '/tmp/' + data.dhcp_files[0], '/etc/default/' + server_filename, sudo=True, skip_error_check=True) basic_api.move_file_to_local_path(dut, '/tmp/' + data.dhcp_files[1], '/etc/dhcp/', sudo=True, skip_error_check=True) basic_api.move_file_to_local_path(dut, '/tmp/' + data.dhcp_files[2], '/etc/dhcp/', sudo=True, skip_error_check=True) for ip in route_list: ip_api.create_static_route(dut, next_hop=dut3_loopback_ip_list[0], static_ip=ip) basic_api.deploy_package(dut, mode='update') basic_api.deploy_package(dut, options='-o Dpkg::Options::=\"--force-confold\"', packane_name='isc-dhcp-server', mode='install', skip_verify_package=True) #st.config(dut, "systemctl restart isc-dhcp-server") st.wait(2) ps_aux = basic_api.get_ps_aux(data.dut1, "dhcpd") if len(ps_aux) > 1: hdrMsg("dhcp server is up and running in dut1") return True #st.config(dut, "systemctl restart isc-dhcp-server") basic_api.service_operations_by_systemctl(dut, operation='restart', service='isc-dhcp-server') ps_aux = basic_api.get_ps_aux(data.dut1, "dhcpd") st.wait(2) if len(ps_aux) < 1: hdrMsg("dhcp server is not up and running in dut1") return False return True
def get_vars(self, dut): # try to read the version info for _ in range(3): try: version_data = self.show_version(dut) break except Exception: st.error("Failed to read version info") version_data = "" st.wait(1) continue # use default values when the show _version is failed if not version_data: st.error("Failed to read version info even after retries") version_data = { 'product': 'unknown', 'hwsku': 'unknown', 'version': 'unknown', } retval = dict() retval["product"] = version_data['product'] retval["hwsku"] = version_data['hwsku'] retval["version"] = version_data['version'] retval["constants"] = st.get_datastore(dut, "constants") retval["redis_db_cli"] = redis.db_cli_init(dut) retval["mgmt_ifname"] = st.get_mgmt_ifname(dut) retval["mgmt_ipv4"] = st.get_mgmt_ip(dut) try: retval["mgmt_mac"] = mac.get_sbin_intf_mac(dut, retval["mgmt_ifname"]) except Exception: retval["mgmt_mac"] = "unknown" output = st.show(dut, 'ls /etc/sonic/bcmsim.cfg', skip_tmpl=True) is_vsonic = not bool(re.search(r'No such file or directory', output)) retval["is_vsonic"] = is_vsonic output = st.config(dut, "fast-reboot -h", skip_error_check=True) if "skip the user confirmation" in output: retval["reboot-confirm"] = True else: retval["reboot-confirm"] = False return retval
def oc_yang_ver_module_hooks(request): global vars vars = st.ensure_min_topology("D1") credentials = st.get_credentials(vars.D1) oc_yang_data.username = credentials[0] oc_yang_data.password = credentials[3] oc_yang_data.dut_ip_addr = st.get_mgmt_ip(vars.D1) oc_yang_data.base_url = "restconf/data/" oc_yang_data.version = get_version(vars.D1) oc_yang_data.new_major_version = new_version(oc_yang_data.version) oc_yang_data.new_minor_version = new_version(oc_yang_data.version, flag="minor") oc_yang_data.new_patch_version = new_version(oc_yang_data.version, flag="patch") yield
def copy_files_to_server(): st.log( "Scp the resyslog.conf file from the current location to /tmp on the server" ) ssh = SSHClient() ssh.load_system_host_keys() ssh.set_missing_host_key_policy(AutoAddPolicy()) #ssh.connect(dut_ip, username='******', password='******') ssh.connect(st.get_mgmt_ip(data.dut2_server), username='******', password=st.get_credentials(data.dut2_server)[3]) ssh.exec_command('sudo -i') scp = SCPClient(ssh.get_transport()) for file in data.syslog_file_path: scp.put(file, "/tmp") scp.close()
def send_rest_request(dut, feature, method, parms_data, timeout=30, port=8361): """ Construct URL for rest request and send to device Author: Prudvi Mangadu ([email protected]) Ex:- http://10.130.84.46:80/broadview/bst/clear-bst-thresholds :param dut: :param feature: :param method: :param parms_data: :param timeout: (Default 30sec) :param port: (Default 8361) :return: """ global request_id device_ip = st.get_mgmt_ip(dut) url = 'http://{}:{}/broadview/{}/{}'.format(device_ip, port, feature, method) st.log("URL: {}".format(url)) json_data = '{"jsonrpc": "2.0", "method": "' + method + '", "asic-id": "0","params": ' + \ json.dumps(parms_data) + ',"id": ' + str(request_id) + '}' request_id += 1 st.log("JSON Data: {}".format(json_data)) response_flag = False for retry in range(1, 4): msg = "Trying REST request for iteration '{}'".format(retry) st.log(msg) try: response = requests.post(url, data=json_data, timeout=timeout) response_flag = True break except requests.ConnectionError: st.error("A Connection error occurred.") except requests.Timeout: st.error("The request timed out.") except Exception as e: st.error(e) if not response_flag: return False st.log("Response code : {}".format(response.status_code)) if response.status_code != 200: st.log("Error: Response : {}".format(response)) st.log("Error: Response.text : {}".format(response.text)) return False return response
def ansible_st_module_hooks(request): global dut_dict, dut_ip_dict, host_name_dict, host_name_dict1 dut_dict, dut_ip_dict, host_name_dict, host_name_dict1 = {}, {}, {}, {} st.ensure_min_topology("D1T1:2") dut_list = st.get_dut_names() for index in range(len(dut_list)): dut_name = "dut" + str(index) dut_dict[dut_name] = dut_list[index] dut = dut_list[index] st.log("get host name from DUTs") host_name = basic.get_hostname(dut) host_name_dict[dut_name] = host_name dut_ip_dict[dut_name] = st.get_mgmt_ip(dut) new_host_name = "dut" + str(index) + str(index) + str(index) host_name_dict1[dut_name] = new_host_name st.log("create new host name in DUTs") basic.set_hostname(dut,host_name_dict1[dut_name]) yield st.log("revert host name in DUTs") for key in dut_dict.keys(): basic.set_hostname(dut_dict[key], host_name_dict[key])
def test_ft_ssh_config_reload_docker(): """ Author : Prudvi Mangadu ([email protected]) """ result = True get_docker_ps(vars.D1) count = get_and_match_docker_count(vars.D1) ssh_d1 = connect_to_device(st.get_mgmt_ip(vars.D1), ssh_data.usr_default, ssh_data.pwd_final) if ssh_d1: st.log( "Executing command - 'sudo config reload -y &' in to the SSH session." ) st.log(execute_command(ssh_d1, 'sudo config reload -y &')) st.wait(5, 'After executing "config reload" cmd on SSH session.') st.log("Forcefully disconnecting the SSH session..") ssh_disconnect(ssh_d1) else: st.error('Cannot SSH into Device with default credentials') st.report_fail("ssh_failed") if not poll_wait(verify_docker_status, 180, vars.D1, 'Exited'): st.error( "Post 'config reload' from SSH, dockers are not auto recovered.") result = False if result: if not poll_wait(get_and_match_docker_count, 180, vars.D1, count): st.error("Post 'config reload' from SSH, ALL dockers are not UP.") result = False if not result: st.log("Test Failed: So recovering the device by reboot.") st.reboot(vars.D1) st.report_fail("test_case_failed") st.report_pass("test_case_passed")
def ping_validation(): if not ping_poll( vars.D2, st.get_mgmt_ip(vars.D1), family='ipv4', iter=3, delay=10): dump_mgmt_connectivity_info(vars.D1) st.error("D2->D1: Ping reachability is failed.") st.report_fail('ping_fail_from_DUT_to_DUt', "D2", "D1")
def test_ft_ssh_add_user_verify(): """ Author : Prudvi Mangadu ([email protected]) """ user_ssh = 0 acl_sshv4 = 0 acl_sshv6 = 0 acl_snmp = 0 if not snmp_config(config='add'): acl_snmp = +1 ipaddress = st.get_mgmt_ip(vars.D1) if not ipaddress: st.report_env_fail("ip_verification_fail") snmp_cmd = "snmpget -Oqv -v 2c -c {} {} {}".format(ssh_data.ro_community, ipaddress, ssh_data.oid_sysName) out = config_nondefault_user() if not out: user_ssh = +1 st.log("connecting to device with username={},password={}".format( ssh_data.usr_default, ssh_data.pwd_final)) if not st.exec_ssh(vars.D1, ssh_data.usr_default, ssh_data.pwd_final, ssh_data.commands_to_verify): st.error('Cannot SSH into Device with default credentials') user_ssh = +1 st.log('connecting to device with username={},password={}'.format( ssh_data.usr_non_default, ssh_data.pwd_non_default)) if not st.exec_ssh(vars.D1, ssh_data.usr_non_default, ssh_data.pwd_non_default, ssh_data.commands_to_verify): st.error('Cannot SSH into Device with non-default credentials') user_ssh = +1 output = verify_ssh_connection(vars.D2, ssh_data.ipv4_address_D1D2P2, ssh_data.usr_default, ssh_data.pwd_final) if not output: user_ssh = +1 IPAddr = ensure_service_params(vars.D1, "snmptrap", "ip") + "/32" change_acl_rules(acl_data.acl_json_config_control_plane, "SNMP_SSH|RULE_1", "SRC_IP", IPAddr) change_acl_rules(acl_data.acl_json_config_control_plane, "SNMP_SSH|RULE_2", "SRC_IP", IPAddr) change_acl_rules(acl_data.acl_json_config_control_plane, "SNMP_SSH|RULE_3", "SRC_IP", ssh_data.ipv4_network) change_acl_rules(acl_data.acl_json_config_control_plane, "V6_SSH_ONLY|RULE_1", "SRC_IPV6", ssh_data.ipv6_network_D1) acl_config = acl_data.acl_json_config_control_plane st.log("ACL_DATA: {}".format(acl_config)) acl_obj.apply_acl_config(vars.D1, acl_config) acl_obj.show_acl_table(vars.D1) acl_obj.show_acl_rule(vars.D1) if not poll_wait(acl_obj.verify_acl_table_rule, 5, vars.D1, "SNMP_SSH", "RULE_1"): st.error("Failed to create ACL rule '{}' ".format("SNMP_SSH")) acl_snmp = +1 if not poll_wait(acl_obj.verify_acl_table_rule, 5, vars.D1, "SNMP_SSH", "RULE_2"): st.error("Failed to create ACL rule '{}' ".format("SNMP_SSH")) acl_sshv4 = +1 if not poll_wait(acl_obj.verify_acl_table_rule, 5, vars.D1, "V6_SSH_ONLY", "RULE_1"): st.error("Failed to create ACL rule '{}' ".format("V6_SSH_ONLY")) acl_sshv6 = +1 hostname = get_hostname(vars.D1) st.log("HOSTNAME: {}".format(hostname)) snmp_out = execute_command(ssh_conn_obj, snmp_cmd) if hostname not in snmp_out: st.error("SNMP walk operation is failed") acl_snmp = +1 st.log("connecting to device with default username={},password={}".format( ssh_data.usr_default, ssh_data.pwd_final)) output = verify_ssh_connection(vars.D2, ssh_data.ipv4_address_D1D2P2, ssh_data.usr_default, ssh_data.pwd_final) if output: acl_sshv4 = +1 output = verify_ssh_connection(vars.D2, ssh_data.ipv6_address_D1D2P2, ssh_data.usr_default, ssh_data.pwd_final) if output: acl_sshv6 = +1 output = verify_ssh_connection(vars.D2, ssh_data.ipv4_address_D1D2P1, ssh_data.usr_default, ssh_data.pwd_final) if not output: acl_sshv4 = +1 output = verify_ssh_connection(vars.D2, ssh_data.ipv6_address_D1D2P1, ssh_data.usr_default, ssh_data.pwd_final) if not output: acl_sshv6 = +1 st.log( "connecting to device with non default username={},password={}".format( ssh_data.usr_non_default, ssh_data.pwd_non_default)) output = verify_ssh_connection(vars.D2, ssh_data.ipv4_address_D1D2P1, ssh_data.usr_non_default, ssh_data.pwd_non_default) if not output: acl_sshv4 = +1 output = verify_ssh_connection(vars.D2, ssh_data.ipv6_address_D1D2P1, ssh_data.usr_non_default, ssh_data.pwd_non_default) if not output: acl_sshv6 = +1 config_save(vars.D1) st.log('rebooting the device.') st.reboot(vars.D1, 'fast') acl_obj.show_acl_table(vars.D1) acl_obj.show_acl_rule(vars.D1) if not poll_wait(acl_obj.verify_acl_table_rule, 5, vars.D1, "SNMP_SSH", "RULE_2"): st.log("Failed to create ACL rule '{}' ".format("SSH_SSH")) acl_sshv4 = +1 if not poll_wait(acl_obj.verify_acl_table_rule, 5, vars.D1, "V6_SSH_ONLY", "RULE_1"): st.log("Failed to create ACL rule '{}' ".format("V6_SSH_ONLY")) acl_sshv4 = +1 if not poll_wait(acl_obj.verify_acl_table_rule, 5, vars.D1, "SNMP_SSH", "RULE_1"): st.error("Failed to create ACL rule '{}' ".format("SNMP_SSH")) acl_snmp = +1 ipaddress = st.get_mgmt_ip(vars.D1) if not ipaddress or not ip_obj.ping(vars.D1, IPAddr.strip('/32')): st.error( "Ping to SNMP server or getting ip address to the dut is failed after reload" ) acl_obj.acl_delete(vars.D1) config_nondefault_user(config='remove') st.report_fail("ip_verification_fail") snmp_cmd = "snmpget -Oqv -v 2c -c {} {} {}".format(ssh_data.ro_community, ipaddress, ssh_data.oid_sysName) hostname = get_hostname(vars.D1) snmp_out = execute_command(ssh_conn_obj, snmp_cmd) if hostname not in snmp_out: st.error("SNMP walk operation is failed after reload") acl_snmp = +1 st.log('Verifying SNMP ACL with invalid source address') change_acl_rules(acl_data.acl_json_config_control_plane, "SNMP_SSH|RULE_1", "SRC_IP", "2.2.2.0/24") acl_config = acl_data.acl_json_config_control_plane acl_obj.acl_delete(vars.D1) acl_obj.apply_acl_config(vars.D1, acl_config) st.wait(3, "Waiting to apply acl rules") snmp_out = execute_command(ssh_conn_obj, snmp_cmd) if "Timeout" not in snmp_out: acl_snmp = +1 st.log("connecting to device with default username={},password={}".format( ssh_data.usr_default, ssh_data.pwd_final)) output = verify_ssh_connection(vars.D2, ssh_data.ipv4_address_D1D2P2, ssh_data.usr_default, ssh_data.pwd_final) if output: acl_sshv4 = +1 output = verify_ssh_connection(vars.D2, ssh_data.ipv6_address_D1D2P2, ssh_data.usr_default, ssh_data.pwd_final) if output: acl_sshv6 = +1 output = verify_ssh_connection(vars.D2, ssh_data.ipv4_address_D1D2P1, ssh_data.usr_default, ssh_data.pwd_final) if not output: acl_sshv4 = +1 output = verify_ssh_connection(vars.D2, ssh_data.ipv6_address_D1D2P1, ssh_data.usr_default, ssh_data.pwd_final) if not output: acl_sshv6 = +1 if acl_sshv4: st.report_tc_fail("test_ft_controlplane_acl_service_sshv4", "ssh_failed", "with control plane ACL service SSHv4 after reboot") else: st.report_tc_pass("test_ft_controlplane_acl_service_sshv4", "ssh_failed", "with control plane ACL service SSHv4 after reboot") if acl_sshv6: st.report_tc_fail("test_ft_controlplane_acl_service_sshv6", "ssh_failed", "with control plane ACL service SSHv6 after reboot") else: st.report_tc_pass("test_ft_controlplane_acl_service_sshv6", "ssh_failed", "with control plane ACL service SSHv6 after reboot") if acl_snmp: st.report_tc_fail("test_ft_controlplane_acl_service_snmp", "snmp_output_failed", "with control plane ACL service SNMP after reboot") else: st.report_tc_pass("test_ft_controlplane_acl_service_snmp", "snmp_output_failed", "with control plane ACL service SNMP after reboot") acl_obj.acl_delete(vars.D1) if acl_sshv4 or acl_sshv6 or acl_snmp: st.generate_tech_support(vars.D1, "controlplane_acl_services_after_reboot") st.log('Verifying SSH connection after removing control plane ACLs') st.log("connecting to device with username={},password={}".format( ssh_data.usr_default, ssh_data.pwd_final)) if not st.exec_ssh(vars.D1, ssh_data.usr_default, ssh_data.pwd_final, ssh_data.commands_to_verify): st.error( 'Cannot SSH into Device with default credentials after reboot') user_ssh = +1 st.log('connecting to device with username={},password={}'.format( ssh_data.usr_non_default, ssh_data.pwd_non_default)) if not st.exec_ssh(vars.D1, ssh_data.usr_non_default, ssh_data.pwd_non_default, ssh_data.commands_to_verify): st.error( 'Cannot SSH into Device with non-default credentials after reboot') user_ssh = +1 config_nondefault_user(config='remove') if (user_ssh or acl_snmp or acl_sshv4 or acl_sshv6): st.report_fail("test_case_failed") st.report_pass("test_case_passed")
def rest_rbac_call(dut, **kwargs): """ Call to test REST sessions using diff users w.r.t RBAC. Author : Prudvi Mangadu ([email protected]) :param dut: :param kwargs: :return: """ banner_log('Performing REST call using - {}'.format(kwargs)) for each in ['login_type', 'username', 'password', 'mode']: if not kwargs.get(each): st.error("Mandatory argument is not found - {}".format(each)) return False result = {'get': True, 'put': True} result2 = True pass_status = [200, 204] fail_status = [401, 403] username = kwargs.get('username') password = kwargs.get('password') login_type = kwargs.get('login_type') mode = kwargs.get('mode') operation_down = {"sonic-port:admin_status": "down"} operation_up = {"sonic-port:admin_status": "up"} port = st.get_free_ports(dut)[0] device_ip = st.get_mgmt_ip(dut) cert = kwargs.get("cert") url = 'restconf/data/sonic-port:sonic-port/PORT/PORT_LIST={}/admin_status'.format( port) if login_type == 'cred': headers1 = { 'Content-Type': 'application/yang-data+json', 'Accept': 'application/yang-data+json' } rest_get_out = rest_call(dut, headers=headers1, username=username, password=password, url=url, call_type='get') st.log(rest_get_out) rest_put_out = rest_call(dut, headers=headers1, username=username, password=password, url=url, call_type='put', data=operation_down) st.log(rest_put_out) elif login_type == 'token': headers2 = { 'Content-Type': 'application/yang-data+json', 'Accept': 'application/yang-data+json', 'Authorization': 'Bearer {}' } tocken = get_jwt_token(dut, username=username, password=password) if not tocken: st.report_fail('rbac_test_jwt_token_fail', mode, login_type) headers2['Authorization'] = headers2['Authorization'].format(tocken) rest_get_out = rest_call(dut, headers=headers2, url=url, call_type='get') st.log(rest_get_out) rest_put_out = rest_call(dut, headers=headers2, url=url, call_type='put', data=operation_up) st.log(rest_put_out) elif login_type == 'cert': get_curl = 'curl --key {} --cert {} ' \ '"https://localhost/restconf/data/sonic-port:sonic-port/PORT/PORT_LIST={}/admin_status"' \ ' -k'.format(cert[0], cert[1], port) out = st.show(dut, get_curl, skip_tmpl=True, skip_error_check=True) rest_get_out = {'status': 401} rest_put_out = {'status': 200} if 'sonic-port:admin_status' in out: rest_get_out = {'status': 200} else: st.error("Invalid 'login_type' used = {}".format(login_type)) return False if not (rest_get_out and rest_put_out): st.report_fail('rbac_call_fail', "REST", mode, login_type) msg = 'Failed to authenticate using rest session with mode- {mode}, type- {login_type}' if mode == 'rw' and not (rest_get_out["status"] in pass_status and rest_put_out["status"] in pass_status): st.error(msg.format(**kwargs)) result2 = False if mode == 'ro' and not (rest_get_out["status"] in pass_status and rest_put_out["status"] in fail_status): st.error(msg.format(**kwargs)) result2 = False if not result2: st.report_fail('rbac_test_status', 'Fail', mode, 'REST', login_type, result) st.report_pass('rbac_test_status', 'Pass', mode, 'REST', login_type, result)
def verify_server(**kwargs): mgmt_intf = kwargs.get('mgmt_intf', None) phy = kwargs.get('phy', None) vlan = kwargs.get('vlan', None) pc = kwargs.get('pc', None) loop_bk = kwargs.get('loop_bk', None) #source_intf = kwargs.get('source_intf','') #remote_port = kwargs.get('remote_port','') #source_intf_name = kwargs.get('source_intf_name',None) vrf = kwargs.get('vrf', None) config = kwargs.get('config', '') family = kwargs.get('family', 'ip') if mgmt_intf != None: host = st.get_mgmt_ip( data.dut2_server) if family != 'ipv6' else data.dut2_mgmt_ipv6[0] result = log_obj.verify_remote_syslog_server(dut=data.dut1_client, host=host, config=config) return result if phy != None: if vrf != None: host = data.dut2_dut3_ip[ 0] if family != 'ipv6' else data.dut2_dut3_ipv6[0] result = log_obj.verify_remote_syslog_server( dut=data.dut3_client, host=host, source_intf=data.d3_d2_ports[0], vrf=data.dut3_vrf_phy) else: host = data.dut2_dut1_ip[ 0] if family != 'ipv6' else data.dut2_dut1_ipv6[0] result = log_obj.verify_remote_syslog_server( dut=data.dut1_client, host=host, source_intf=data.d1_d2_ports[0]) return result if vlan != None: if vrf != None: host = data.dut2_dut3_ip[ 1] if family != 'ipv6' else data.dut2_dut3_ipv6[1] result = log_obj.verify_remote_syslog_server( dut=data.dut3_client, host=host, source_intf='Vlan' + data.dut2_dut3_vlan[0], vrf=data.dut3_vrf_vlan) else: host = data.dut2_dut1_ip[ 1] if family != 'ipv6' else data.dut2_dut1_ipv6[1] result = log_obj.verify_remote_syslog_server( dut=data.dut1_client, host=host, source_intf='Vlan' + data.dut1_dut2_vlan[0]) return result if pc != None: if vrf != None: host = data.dut2_dut3_ip[ 2] if family != 'ipv6' else data.dut2_dut3_ipv6[2] result = log_obj.verify_remote_syslog_server( dut=data.dut3_client, host=host, source_intf=data.portchannel_2, vrf=data.dut3_vrf_pc) else: host = data.dut2_dut1_ip[ 2] if family != 'ipv6' else data.dut2_dut1_ipv6[2] result = log_obj.verify_remote_syslog_server( dut=data.dut1_client, host=host, source_intf=data.portchannel) return result if loop_bk != None: if vrf != None: host = data.dut2_loopback_ip[ 1] if family != 'ipv6' else data.dut2_loopback_ipv6[1] result = log_obj.verify_remote_syslog_server( dut=data.dut3_client, host=host, source_intf=data.dut3_loopback[1], vrf=data.dut3_vrf_phy) else: host = data.dut2_loopback_ip[ 0] if family != 'ipv6' else data.dut2_loopback_ipv6[0] result = log_obj.verify_remote_syslog_server( dut=data.dut1_client, host=host, source_intf=data.dut1_loopback[0]) return result
def rest_call(dut, **kwargs): """ Rest call to perform GET, POST, PUT operation with auth and JWT token. Author: Prudvi Mangadu ([email protected]) :param dut: :param kwargs: :return: Usage: # User based calls rest_call(dut, headers=headers1, username='******', password='******', url='restconf/data/sonic-port:sonic-port/PORT/PORT_LIST=Ethernet0/admin_status', call_type='get') rest_call(dut, headers=headers1, username='******', password='******', url='restconf/data/sonic-port:sonic-port/PORT/PORT_LIST=Ethernet0/admin_status', call_type='put', data={"sonic-port:admin_status":"down"}) rest_call(dut, headers=headers1, username='******', password='******', url='restconf/data/sonic-port:sonic-port/PORT/PORT_LIST=Ethernet0/admin_status', call_type='get') # Token based calls rest_call(dut, headers=headers2, url='restconf/data/sonic-port:sonic-port/PORT/PORT_LIST=Ethernet0/admin_status', call_type='get') rest_call(dut, headers=headers2, url='restconf/data/sonic-port:sonic-port/PORT/PORT_LIST=Ethernet0/admin_status', call_type='put', data={"sonic-port:admin_status":"up"}) rest_call(dut, headers=headers2, url='restconf/data/sonic-port:sonic-port/PORT/PORT_LIST=Ethernet0/admin_status', call_type='get') """ device_ip = st.get_mgmt_ip(dut) call_type = kwargs.get('call_type', 'get') port = kwargs.get('port', '443') url = kwargs.get('url') headers = kwargs.get('headers') data = kwargs.get('data') username = kwargs.get('username') password = kwargs.get('password') timeout = kwargs.get('timeout', 30) cert = kwargs.get('cert') verify = kwargs.get('verify', False) if port: final_url = "https://{}:{}/{}".format(device_ip, port, url) else: final_url = "https://{}/{}".format(device_ip, url) st.log("{} - URL : {}".format(call_type.upper(), final_url)) call_data = {'verify': verify, 'timeout': timeout} if data: if isinstance(data, dict): call_data['data'] = json.dumps(data) else: call_data['data'] = data if username and password: call_data['auth'] = (username, password) if headers: call_data['headers'] = headers if cert: call_data['cert'] = cert st.log("Call Data : {}".format(call_data)) # response type warnings.filterwarnings('ignore', message='Unverified HTTPS request') try: if call_type == 'put': response = requests.put(final_url, **call_data) elif call_type == 'post': response = requests.post(final_url, **call_data) elif call_type == 'patch': response = requests.patch(final_url, **call_data) elif call_type == 'delete': response = requests.delete(final_url, **call_data) else: response = requests.get(final_url, **call_data) except requests.ConnectionError: st.error("A Connection error occurred.") return False except requests.Timeout: st.error("The request timed out.") return False except Exception as e: st.error(e) return False st.log("Response Code: {}, Text: {}".format(response.status_code, response.text)) return {"status": response.status_code, "output": response.text}
def snmp_func_hooks(request): global ipaddress ipaddress = st.get_mgmt_ip(vars.D1) yield
def test_ft_ansible_playbooks_chk_use_vdi(): device_ip = st.get_mgmt_ip(vars.D1) result = True if not ansible_obj.verify_ansible_playbook_vdi( vars.D1, "ping.yml", host=device_ip, ok="1", fail="0"): result = False st.report_tc_fail("ft_ansible_host_ping_playbook", "ansible_fail") st.report_tc_fail("ft_ansible_host_ping_using_pwd", "ansible_fail") st.report_tc_fail("ft_ansible_host_ping_using_ssh", "ansible_fail") st.report_tc_fail("ft_ansible_host_multiple_grp_ping", "ansible_fail") else: st.report_tc_pass("ft_ansible_host_ping_playbook", "ansible_playbook_success") st.report_tc_pass("ft_ansible_host_ping_using_pwd", "ansible_playbook_success") st.report_tc_pass("ft_ansible_host_ping_using_ssh", "ansible_playbook_success") st.report_tc_pass("ft_ansible_host_multiple_grp_ping", "ansible_playbook_success") if not ansible_obj.verify_ansible_playbook_vdi( vars.D1, "fact.yml", host=device_ip, ok="2", fail="0"): result = False st.report_tc_fail("ft_ansible_host_fact_playbook", "ansible_fail") else: st.report_tc_pass("ft_ansible_host_fact_playbook", "ansible_playbook_success") if not ansible_obj.verify_ansible_playbook_vdi( vars.D1, "fact_false.yml", host=device_ip, ok="1", fail="0"): result = False st.report_tc_fail("ft_ansible_fact_cmd_line", "ansible_fail") st.report_tc_fail("ft_ansible_host_adhoc_cmd", "ansible_fail") else: st.report_tc_pass("ft_ansible_fact_cmd_line", "ansible_playbook_success") st.report_tc_pass("ft_ansible_host_adhoc_cmd", "ansible_playbook_success") if not ansible_obj.verify_ansible_playbook_vdi( vars.D1, "copy.yml", host=device_ip, ok="2", fail="0"): result = False st.report_tc_fail("ft_ansible_copy_playbook", "ansible_fail") else: st.report_tc_pass("ft_ansible_copy_playbook", "ansible_playbook_success") if not ansible_obj.verify_ansible_playbook_vdi( vars.D1, "role_test.yml", host=device_ip, fail="0"): result = False st.report_tc_fail("ft_ansible_playbook_role", "ansible_fail") st.report_tc_fail("ft_ansible_playbook_tags", "ansible_fail") st.report_tc_fail("ft_ansible_package_chk_using_cmd", "ansible_fail") else: st.report_tc_pass("ft_ansible_playbook_role", "ansible_playbook_success") st.report_tc_pass("ft_ansible_playbook_tags", "ansible_playbook_success") st.report_tc_pass("ft_ansible_package_chk_using_cmd", "ansible_playbook_success") if not ansible_obj.verify_ansible_playbook_vdi( vars.D1, "handler.yml", host=device_ip, fail="0"): result = False st.report_tc_fail("ft_ansible_playbook_handler", "ansible_fail") else: st.report_tc_pass("ft_ansible_playbook_handler", "ansible_playbook_success") if result: st.report_pass("ansible_playbook_success") else: st.report_fail("ansible_fail")
def global_vars(): global data data = SpyTestDict() data.device_ip = st.get_mgmt_ip(vars.D1) data.ansible_params = st.get_service_info(vars.D1, "ansible") data.ansible_hosts = data.ansible_params.hosts