diff options
| author | aapostoliuk <a.apostoliuk@vyos.io> | 2023-07-31 16:24:54 +0300 |
|---|---|---|
| committer | aapostoliuk <a.apostoliuk@vyos.io> | 2023-08-02 12:46:50 +0300 |
| commit | fee5669514492e9543b34b3e77e08d1552dee386 (patch) | |
| tree | 30c111f60d3e98060fcc394867622dcd0d074643 /smoketest/scripts/cli/test_interfaces_wireguard.py | |
| parent | 1a44d8607f715934f2c03f28a9bf547321b26ed8 (diff) | |
| download | vyos-1x-fee5669514492e9543b34b3e77e08d1552dee386.tar.gz vyos-1x-fee5669514492e9543b34b3e77e08d1552dee386.zip | |
wireguard: T5413: Blocked adding the peer with the router's public key
Disabeled adding the peer with the same public key as the router has.
Added smoketest
Diffstat (limited to 'smoketest/scripts/cli/test_interfaces_wireguard.py')
| -rwxr-xr-x | smoketest/scripts/cli/test_interfaces_wireguard.py | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/smoketest/scripts/cli/test_interfaces_wireguard.py b/smoketest/scripts/cli/test_interfaces_wireguard.py index 14fc8d109..f84ce159d 100755 --- a/smoketest/scripts/cli/test_interfaces_wireguard.py +++ b/smoketest/scripts/cli/test_interfaces_wireguard.py @@ -100,5 +100,34 @@ class WireGuardInterfaceTest(VyOSUnitTestSHIM.TestCase): self.cli_delete(base_path + [interface, 'peer', 'PEER01']) self.cli_commit() + def test_wireguard_same_public_key(self): + # T2939: Create WireGuard interfaces with associated peers. + # Remove one of the configured peers. + # T4774: Test prevention of duplicate peer public keys + interface = 'wg0' + port = '12345' + privkey = 'OOjcXGfgQlAuM6q8Z9aAYduCua7pxf7UKYvIqoUPoGQ=' + pubkey_fail = 'eiVeYKq66mqKLbrZLzlckSP9voaw8jSFyVNiNTdZDjU=' + pubkey_ok = 'ebFx/1G0ti8tvuZd94sEIosAZZIznX+dBAKG/8DFm0I=' + + self.cli_set(base_path + [interface, 'address', '172.16.0.1/24']) + self.cli_set(base_path + [interface, 'private-key', privkey]) + + self.cli_set(base_path + [interface, 'peer', 'PEER01', 'public-key', pubkey_fail]) + self.cli_set(base_path + [interface, 'peer', 'PEER01', 'port', port]) + self.cli_set(base_path + [interface, 'peer', 'PEER01', 'allowed-ips', '10.205.212.10/32']) + self.cli_set(base_path + [interface, 'peer', 'PEER01', 'address', '192.0.2.1']) + + # The same pubkey as the interface wg0 + with self.assertRaises(ConfigSessionError): + self.cli_commit() + + self.cli_set(base_path + [interface, 'peer', 'PEER01', 'public-key', pubkey_ok]) + + # Commit peers + self.cli_commit() + + self.assertTrue(os.path.isdir(f'/sys/class/net/{interface}')) + if __name__ == '__main__': unittest.main(verbosity=2) |