6 files changed, 41 insertions, 9 deletions

diff --git a/smoketest/scripts/cli/base_accel_ppp_test.py b/smoketest/scripts/cli/base_accel_ppp_test.py
index 212dc58ab..c6f6cb804 100644
--- a/smoketest/scripts/cli/base_accel_ppp_test.py
+++ b/smoketest/scripts/cli/base_accel_ppp_test.py
@@ -19,7 +19,7 @@ from configparser import ConfigParser
 
 from vyos.configsession import ConfigSessionError
 from vyos.template import is_ipv4
-from vyos.cpu import get_core_count
+from vyos.utils.cpu import get_core_count
 from vyos.utils.process import process_named_running
 from vyos.utils.process import cmd
 
diff --git a/smoketest/scripts/cli/base_vyostest_shim.py b/smoketest/scripts/cli/base_vyostest_shim.py
index efaa74fe0..4bcc50453 100644
--- a/smoketest/scripts/cli/base_vyostest_shim.py
+++ b/smoketest/scripts/cli/base_vyostest_shim.py
@@ -74,6 +74,11 @@ class VyOSUnitTestSHIM:
                 print('del ' + ' '.join(config))
             self._session.delete(config)
 
+        def cli_discard(self):
+            if self.debug:
+                print('DISCARD')
+            self._session.discard()
+
         def cli_commit(self):
             self._session.commit()
             # during a commit there is a process opening commit_lock, and run() returns 0
diff --git a/smoketest/scripts/cli/test_container.py b/smoketest/scripts/cli/test_container.py
index 90f821c60..3dd97a175 100755
--- a/smoketest/scripts/cli/test_container.py
+++ b/smoketest/scripts/cli/test_container.py
@@ -80,6 +80,7 @@ class TestContainer(VyOSUnitTestSHIM.TestCase):
 
         self.cli_set(base_path + ['name', cont_name, 'image', cont_image])
         self.cli_set(base_path + ['name', cont_name, 'allow-host-networks'])
+        self.cli_set(base_path + ['name', cont_name, 'sysctl', 'parameter', 'kernel.msgmax', 'value', '4096'])
 
         # commit changes
         self.cli_commit()
@@ -91,6 +92,10 @@ class TestContainer(VyOSUnitTestSHIM.TestCase):
         # Check for running process
         self.assertEqual(process_named_running(PROCESS_NAME), pid)
 
+        # verify
+        tmp = cmd(f'sudo podman exec -it {cont_name} sysctl kernel.msgmax')
+        self.assertEqual(tmp, 'kernel.msgmax = 4096')
+
     def test_cpu_limit(self):
         cont_name = 'c2'
 
diff --git a/smoketest/scripts/cli/test_interfaces_macsec.py b/smoketest/scripts/cli/test_interfaces_macsec.py
index a4e6840ca..d73895b7f 100755
--- a/smoketest/scripts/cli/test_interfaces_macsec.py
+++ b/smoketest/scripts/cli/test_interfaces_macsec.py
@@ -225,11 +225,11 @@ class MACsecInterfaceTest(BasicInterfaceTest.TestCase):
             self.cli_commit()
         self.cli_delete(self._base_path + [interface, 'security', 'mka'])
 
-        # check validate() - tx-key required
+        # check validate() - key required
         with self.assertRaises(ConfigSessionError):
             self.cli_commit()
 
-        # check validate() - tx-key length must match cipher
+        # check validate() - key length must match cipher
         self.cli_set(self._base_path + [interface, 'security', 'static', 'key', tx_key_2])
         with self.assertRaises(ConfigSessionError):
             self.cli_commit()
@@ -239,7 +239,7 @@ class MACsecInterfaceTest(BasicInterfaceTest.TestCase):
         with self.assertRaises(ConfigSessionError):
             self.cli_commit()
 
-        # check validate() - enabled peer must have both rx-key and MAC defined
+        # check validate() - enabled peer must have both key and MAC defined
         self.cli_set(self._base_path + [interface, 'security', 'static', 'peer', 'TESTPEER'])
         with self.assertRaises(ConfigSessionError):
             self.cli_commit()
@@ -252,7 +252,7 @@ class MACsecInterfaceTest(BasicInterfaceTest.TestCase):
             self.cli_commit()
         self.cli_set(self._base_path + [interface, 'security', 'static', 'peer', 'TESTPEER', 'mac', peer_mac])
 
-        # check validate() - peer rx-key length must match cipher
+        # check validate() - peer key length must match cipher
         self.cli_set(self._base_path + [interface, 'security', 'cipher', cipher2])
         self.cli_set(self._base_path + [interface, 'security', 'static', 'key', tx_key_2])
         with self.assertRaises(ConfigSessionError):
diff --git a/smoketest/scripts/cli/test_interfaces_openvpn.py b/smoketest/scripts/cli/test_interfaces_openvpn.py
index e1e9a4ec7..9ca661e87 100755
--- a/smoketest/scripts/cli/test_interfaces_openvpn.py
+++ b/smoketest/scripts/cli/test_interfaces_openvpn.py
@@ -164,6 +164,12 @@ class TestInterfacesOpenVPN(VyOSUnitTestSHIM.TestCase):
             self.cli_commit()
         self.cli_delete(path + ['shared-secret-key', 'ovpn_test'])
 
+        # check validate() - cannot specify "encryption cipher" in  client mode
+        self.cli_set(path + ['encryption', 'cipher', 'aes192gcm'])
+        with self.assertRaises(ConfigSessionError):
+            self.cli_commit()
+        self.cli_delete(path + ['encryption', 'cipher'])
+
         self.cli_set(path + ['tls', 'ca-certificate', 'ovpn_test'])
         self.cli_set(path + ['tls', 'certificate', 'ovpn_test'])
 
@@ -191,7 +197,7 @@ class TestInterfacesOpenVPN(VyOSUnitTestSHIM.TestCase):
             auth_hash = 'sha1'
 
             self.cli_set(path + ['device-type', 'tun'])
-            self.cli_set(path + ['encryption', 'cipher', 'aes256'])
+            self.cli_set(path + ['encryption', 'ncp-ciphers', 'aes256'])
             self.cli_set(path + ['hash', auth_hash])
             self.cli_set(path + ['mode', 'client'])
             self.cli_set(path + ['persistent-tunnel'])
@@ -221,7 +227,7 @@ class TestInterfacesOpenVPN(VyOSUnitTestSHIM.TestCase):
             self.assertIn(f'remote {remote_host}', config)
             self.assertIn(f'persist-tun', config)
             self.assertIn(f'auth {auth_hash}', config)
-            self.assertIn(f'cipher AES-256-CBC', config)
+            self.assertIn(f'data-ciphers AES-256-CBC', config)
 
             # TLS options
             self.assertIn(f'ca /run/openvpn/{interface}_ca.pem', config)
@@ -328,6 +334,12 @@ class TestInterfacesOpenVPN(VyOSUnitTestSHIM.TestCase):
             self.cli_commit()
         self.cli_delete(path + ['tls', 'dh-params'])
 
+        # check validate() - cannot specify "encryption cipher" in server mode
+        self.cli_set(path + ['encryption', 'cipher', 'aes256'])
+        with self.assertRaises(ConfigSessionError):
+            self.cli_commit()
+        self.cli_delete(path + ['encryption', 'cipher'])
+
         # Now test the other path with tls role passive
         self.cli_set(path + ['tls', 'role', 'passive'])
         # check validate() - cannot specify "tcp-active" when "tls role" is "passive"
@@ -359,7 +371,7 @@ class TestInterfacesOpenVPN(VyOSUnitTestSHIM.TestCase):
             port = str(2000 + ii)
 
             self.cli_set(path + ['device-type', 'tun'])
-            self.cli_set(path + ['encryption', 'cipher', 'aes192'])
+            self.cli_set(path + ['encryption', 'ncp-ciphers', 'aes192'])
             self.cli_set(path + ['hash', auth_hash])
             self.cli_set(path + ['mode', 'server'])
             self.cli_set(path + ['local-port', port])
@@ -404,7 +416,7 @@ class TestInterfacesOpenVPN(VyOSUnitTestSHIM.TestCase):
             self.assertIn(f'persist-key', config)
             self.assertIn(f'proto udp', config) # default protocol
             self.assertIn(f'auth {auth_hash}', config)
-            self.assertIn(f'cipher AES-192-CBC', config)
+            self.assertIn(f'data-ciphers AES-192-CBC', config)
             self.assertIn(f'topology subnet', config)
             self.assertIn(f'lport {port}', config)
             self.assertIn(f'push "redirect-gateway def1"', config)
diff --git a/smoketest/scripts/cli/test_system_login.py b/smoketest/scripts/cli/test_system_login.py
index 3f249660d..28abba012 100755
--- a/smoketest/scripts/cli/test_system_login.py
+++ b/smoketest/scripts/cli/test_system_login.py
@@ -24,6 +24,7 @@ from subprocess import Popen, PIPE
 from pwd import getpwall
 
 from vyos.configsession import ConfigSessionError
+from vyos.utils.auth import get_current_user
 from vyos.utils.process import cmd
 from vyos.utils.file import read_file
 from vyos.template import inc_ip
@@ -334,5 +335,14 @@ class TestSystemLogin(VyOSUnitTestSHIM.TestCase):
             self.assertIn(f'secret={tacacs_secret}', nss_tacacs_conf)
             self.assertIn(f'server={server}', nss_tacacs_conf)
 
+    def test_delete_current_user(self):
+        current_user = get_current_user()
+
+        # We are not allowed to delete the current user
+        self.cli_delete(base_path + ['user', current_user])
+        with self.assertRaises(ConfigSessionError):
+            self.cli_commit()
+        self.cli_discard()
+
 if __name__ == '__main__':
     unittest.main(verbosity=2)