smoketest: ocserv: implement config file validation

(cherry picked from commit bd102eac6d0c97a5f75324d1248814ebdad42da5)
author: Christian Poessinger <christian@poessinger.com> 2022-08-15 20:04:29 +0200
committer: Christian Poessinger <christian@poessinger.com> 2022-08-15 20:34:18 +0200
commit: 923728b19a790728685027ef8fadabffee20e5bc (patch)
tree: 966b29967550a63c3cda4edd7d8b16ae65f4d81f /smoketest
parent: 50bdb0e9e450a26ea12acb37022fb5b0aa63d50b (diff)
download: vyos-1x-923728b19a790728685027ef8fadabffee20e5bc.tar.gz
vyos-1x-923728b19a790728685027ef8fadabffee20e5bc.zip
1 files changed, 54 insertions, 13 deletions
diff --git a/smoketest/scripts/cli/test_vpn_openconnect.py b/smoketest/scripts/cli/test_vpn_openconnect.py
index ccac0820d..999d7267d 100755
--- a/smoketest/scripts/cli/test_vpn_openconnect.py
+++ b/smoketest/scripts/cli/test_vpn_openconnect.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 #
-# Copyright (C) 2020 VyOS maintainers and contributors
+# Copyright (C) 2020-2022 VyOS maintainers and contributors
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2 or later as
@@ -19,36 +19,77 @@ import unittest
 from base_vyostest_shim import VyOSUnitTestSHIM
 from vyos.util import process_named_running
 from vyos.util import cmd
+from vyos.util import read_file
 from os import path, mkdir
 
-OCSERV_CONF = '/run/ocserv/ocserv.conf'
 base_path   = ['vpn', 'openconnect']
 cert_dir    = '/config/auth/'
 ca_cert     = f'{cert_dir}ca.crt'
 ssl_cert    = f'{cert_dir}server.crt'
 ssl_key     = f'{cert_dir}server.key'
 
-class TestVpnOpenconnect(VyOSUnitTestSHIM.TestCase):
+PROCESS_NAME = 'ocserv-main'
+config_file = '/run/ocserv/ocserv.conf'
+auth_file = '/run/ocserv/ocpasswd'
+otp_file = '/run/ocserv/users.oath'
+
+class TestVPNOpenConnect(VyOSUnitTestSHIM.TestCase):
+    @classmethod
+    def setUpClass(cls):
+        super(TestVPNOpenConnect, cls).setUpClass()
+
+        # ensure we can also run this test on a live system - so lets clean
+        # out the current configuration :)
+        cls.cli_delete(cls, base_path)
+
+        cls.cli_set(cls, base_path + ["ssl", "ca-cert-file", ca_cert])
+        cls.cli_set(cls, base_path + ["ssl", "cert-file", ssl_cert])
+        cls.cli_set(cls, base_path + ["ssl", "key-file", ssl_key])
+
     def tearDown(self):
+        self.assertTrue(process_named_running(PROCESS_NAME))
+
         # Delete vpn openconnect configuration
         self.cli_delete(base_path)
         self.cli_commit()
 
-    def test_vpn(self):
+        self.assertFalse(process_named_running(PROCESS_NAME))
+
+    def test_ocserv(self):
         user = 'vyos_user'
         password = 'vyos_pass'
-        self.cli_delete(base_path)
-        self.cli_set(base_path + ["authentication", "local-users", "username", user, "password", password])
-        self.cli_set(base_path + ["authentication", "mode", "local"])
-        self.cli_set(base_path + ["network-settings", "client-ip-settings", "subnet", "192.0.2.0/24"])
-        self.cli_set(base_path + ["ssl", "ca-cert-file", ca_cert])
-        self.cli_set(base_path + ["ssl", "cert-file", ssl_cert])
-        self.cli_set(base_path + ["ssl", "key-file", ssl_key])
+
+        v4_subnet = '192.0.2.0/24'
+        v6_prefix = '2001:db8:1000::/64'
+        v6_len = '126'
+        name_server = ['1.2.3.4', '1.2.3.5', '2001:db8::1']
+
+        self.cli_set(base_path + ['authentication', 'local-users', 'username', user, 'password', password])
+        self.cli_set(base_path + ['authentication', 'mode', "local"])
+        self.cli_set(base_path + ["network-settings", "client-ip-settings", "subnet", v4_subnet])
+        self.cli_set(base_path + ['network-settings', 'client-ip-settings', 'subnet', v4_subnet])
+        self.cli_set(base_path + ['network-settings', 'client-ipv6-pool', 'prefix', v6_prefix])
+        self.cli_set(base_path + ['network-settings', 'client-ipv6-pool', 'mask', v6_len])
+
+        for ns in name_server:
+            self.cli_set(base_path + ['network-settings', 'name-server', ns])
 
         self.cli_commit()
 
-        # Check for running process
-        self.assertTrue(process_named_running('ocserv-main'))
+        # Verify configuration
+        daemon_config = read_file(config_file)
+
+        # authentication mode local password-otp
+        self.assertIn(f'auth = "plain[/run/ocserv/ocpasswd]"', daemon_config)
+        self.assertIn(f'ipv4-network = {v4_subnet}', daemon_config)
+        self.assertIn(f'ipv6-network = {v6_prefix}', daemon_config)
+        self.assertIn(f'ipv6-subnet-prefix = {v6_len}', daemon_config)
+
+        for ns in name_server:
+            self.assertIn(f'dns = {ns}', daemon_config)
+
+        auth_config = read_file(auth_file)
+        self.assertIn(f'{user}:*:$', auth_config)
 
 if __name__ == '__main__':
     if not path.exists(cert_dir):
author	Christian Poessinger <christian@poessinger.com>	2022-08-15 20:04:29 +0200
committer	Christian Poessinger <christian@poessinger.com>	2022-08-15 20:34:18 +0200
commit	923728b19a790728685027ef8fadabffee20e5bc (patch)
tree	966b29967550a63c3cda4edd7d8b16ae65f4d81f /smoketest
parent	50bdb0e9e450a26ea12acb37022fb5b0aa63d50b (diff)
download	vyos-1x-923728b19a790728685027ef8fadabffee20e5bc.tar.gz vyos-1x-923728b19a790728685027ef8fadabffee20e5bc.zip