summaryrefslogtreecommitdiff
path: root/smoketest
diff options
context:
space:
mode:
Diffstat (limited to 'smoketest')
-rwxr-xr-xsmoketest/scripts/cli/test_nat.py6
-rwxr-xr-xsmoketest/scripts/cli/test_service_https.py54
-rwxr-xr-xsmoketest/scripts/cli/test_service_ssh.py37
3 files changed, 92 insertions, 5 deletions
diff --git a/smoketest/scripts/cli/test_nat.py b/smoketest/scripts/cli/test_nat.py
index f824838c0..2ae90fcaf 100755
--- a/smoketest/scripts/cli/test_nat.py
+++ b/smoketest/scripts/cli/test_nat.py
@@ -16,6 +16,7 @@
import jmespath
import json
+import os
import unittest
from base_vyostest_shim import VyOSUnitTestSHIM
@@ -28,6 +29,9 @@ src_path = base_path + ['source']
dst_path = base_path + ['destination']
static_path = base_path + ['static']
+nftables_nat_config = '/run/nftables_nat.conf'
+nftables_static_nat_conf = '/run/nftables_static-nat-rules.nft'
+
class TestNAT(VyOSUnitTestSHIM.TestCase):
@classmethod
def setUpClass(cls):
@@ -40,6 +44,8 @@ class TestNAT(VyOSUnitTestSHIM.TestCase):
def tearDown(self):
self.cli_delete(base_path)
self.cli_commit()
+ self.assertFalse(os.path.exists(nftables_nat_config))
+ self.assertFalse(os.path.exists(nftables_static_nat_conf))
def verify_nftables(self, nftables_search, table, inverse=False, args=''):
nftables_output = cmd(f'sudo nft {args} list table {table}')
diff --git a/smoketest/scripts/cli/test_service_https.py b/smoketest/scripts/cli/test_service_https.py
index 72c1d4e43..0f4b1393c 100755
--- a/smoketest/scripts/cli/test_service_https.py
+++ b/smoketest/scripts/cli/test_service_https.py
@@ -143,10 +143,10 @@ class TestHTTPSService(VyOSUnitTestSHIM.TestCase):
# caught by the resolver, and returns success 'False', so one must
# check the return value.
- self.cli_set(base_path + ['api', 'gql'])
+ self.cli_set(base_path + ['api', 'graphql'])
self.cli_commit()
- gql_url = f'https://{address}/graphql'
+ graphql_url = f'https://{address}/graphql'
query_valid_key = f"""
{{
@@ -160,7 +160,7 @@ class TestHTTPSService(VyOSUnitTestSHIM.TestCase):
}}
"""
- r = request('POST', gql_url, verify=False, headers=headers, json={'query': query_valid_key})
+ r = request('POST', graphql_url, verify=False, headers=headers, json={'query': query_valid_key})
success = r.json()['data']['SystemStatus']['success']
self.assertTrue(success)
@@ -176,7 +176,7 @@ class TestHTTPSService(VyOSUnitTestSHIM.TestCase):
}
"""
- r = request('POST', gql_url, verify=False, headers=headers, json={'query': query_invalid_key})
+ r = request('POST', graphql_url, verify=False, headers=headers, json={'query': query_invalid_key})
success = r.json()['data']['SystemStatus']['success']
self.assertFalse(success)
@@ -192,8 +192,52 @@ class TestHTTPSService(VyOSUnitTestSHIM.TestCase):
}
"""
- r = request('POST', gql_url, verify=False, headers=headers, json={'query': query_no_key})
+ r = request('POST', graphql_url, verify=False, headers=headers, json={'query': query_no_key})
self.assertEqual(r.status_code, 400)
+ # GraphQL token authentication test: request token; pass in header
+ # of query.
+
+ self.cli_set(base_path + ['api', 'graphql', 'authentication', 'type', 'token'])
+ self.cli_commit()
+
+ mutation = """
+ mutation {
+ AuthToken (data: {username: "vyos", password: "vyos"}) {
+ success
+ errors
+ data {
+ result
+ }
+ }
+ }
+ """
+ r = request('POST', graphql_url, verify=False, headers=headers, json={'query': mutation})
+
+ token = r.json()['data']['AuthToken']['data']['result']['token']
+
+ headers = {'Authorization': f'Bearer {token}'}
+
+ query = """
+ {
+ ShowVersion (data: {}) {
+ success
+ errors
+ op_mode_error {
+ name
+ message
+ vyos_code
+ }
+ data {
+ result
+ }
+ }
+ }
+ """
+
+ r = request('POST', graphql_url, verify=False, headers=headers, json={'query': query})
+ success = r.json()['data']['ShowVersion']['success']
+ self.assertTrue(success)
+
if __name__ == '__main__':
unittest.main(verbosity=2)
diff --git a/smoketest/scripts/cli/test_service_ssh.py b/smoketest/scripts/cli/test_service_ssh.py
index 0b029dd00..8de98f34f 100755
--- a/smoketest/scripts/cli/test_service_ssh.py
+++ b/smoketest/scripts/cli/test_service_ssh.py
@@ -262,5 +262,42 @@ class TestServiceSSH(VyOSUnitTestSHIM.TestCase):
self.assertFalse(process_named_running(SSHGUARD_PROCESS))
+
+ # Network Device Collaborative Protection Profile
+ def test_ssh_ndcpp(self):
+ ciphers = ['aes128-cbc', 'aes128-ctr', 'aes256-cbc', 'aes256-ctr']
+ host_key_algs = ['sk-ssh-ed25519@openssh.com', 'ssh-rsa', 'ssh-ed25519']
+ kexes = ['diffie-hellman-group14-sha1', 'ecdh-sha2-nistp256', 'ecdh-sha2-nistp384', 'ecdh-sha2-nistp521']
+ macs = ['hmac-sha1', 'hmac-sha2-256', 'hmac-sha2-512']
+ rekey_time = '60'
+ rekey_data = '1024'
+
+ for cipher in ciphers:
+ self.cli_set(base_path + ['ciphers', cipher])
+ for host_key in host_key_algs:
+ self.cli_set(base_path + ['hostkey-algorithm', host_key])
+ for kex in kexes:
+ self.cli_set(base_path + ['key-exchange', kex])
+ for mac in macs:
+ self.cli_set(base_path + ['mac', mac])
+ # Optional rekey parameters
+ self.cli_set(base_path + ['rekey', 'data', rekey_data])
+ self.cli_set(base_path + ['rekey', 'time', rekey_time])
+
+ # commit changes
+ self.cli_commit()
+
+ ssh_lines = ['Ciphers aes128-cbc,aes128-ctr,aes256-cbc,aes256-ctr',
+ 'HostKeyAlgorithms sk-ssh-ed25519@openssh.com,ssh-rsa,ssh-ed25519',
+ 'MACs hmac-sha1,hmac-sha2-256,hmac-sha2-512',
+ 'KexAlgorithms diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521',
+ 'RekeyLimit 1024M 60M'
+ ]
+ tmp_sshd_conf = read_file(SSHD_CONF)
+
+ for line in ssh_lines:
+ self.assertIn(line, tmp_sshd_conf)
+
+
if __name__ == '__main__':
unittest.main(verbosity=2)