diff options
Diffstat (limited to 'smoketest/scripts')
24 files changed, 270 insertions, 41 deletions
| diff --git a/smoketest/scripts/cli/base_interfaces_test.py b/smoketest/scripts/cli/base_interfaces_test.py index 593b4b415..c19bfcfe2 100644 --- a/smoketest/scripts/cli/base_interfaces_test.py +++ b/smoketest/scripts/cli/base_interfaces_test.py @@ -19,6 +19,7 @@ from netifaces import AF_INET6  from netifaces import ifaddresses  from base_vyostest_shim import VyOSUnitTestSHIM +from base_vyostest_shim import CSTORE_GUARD_TIME  from vyos.configsession import ConfigSessionError  from vyos.defaults import directories @@ -181,6 +182,9 @@ class BasicInterfaceTest:                  section = Section.section(span)                  cls.cli_set(cls, ['interfaces', section, span]) +            # Enable CSTORE guard time required by FRR related tests +            cls._commit_guard_time = CSTORE_GUARD_TIME +          @classmethod          def tearDownClass(cls):              # Tear down mirror interfaces for SPAN (Switch Port Analyzer) diff --git a/smoketest/scripts/cli/base_vyostest_shim.py b/smoketest/scripts/cli/base_vyostest_shim.py index 2be25ff22..a54622700 100644 --- a/smoketest/scripts/cli/base_vyostest_shim.py +++ b/smoketest/scripts/cli/base_vyostest_shim.py @@ -51,6 +51,9 @@ class VyOSUnitTestSHIM:          # trigger the certain failure condition.          # Use "self.debug = True" in derived classes setUp() method          debug = False +        # Time to wait after a commit to ensure the CStore is up to date +        # only required for testcases using FRR +        _commit_guard_time = 0          @classmethod          def setUpClass(cls):              cls._session = ConfigSession(os.getpid()) @@ -96,7 +99,7 @@ class VyOSUnitTestSHIM:              while run(f'sudo lsof -nP {commit_lock}') == 0:                  sleep(0.250)              # Wait for CStore completion for fast non-interactive commits -            sleep(CSTORE_GUARD_TIME) +            sleep(self._commit_guard_time)          def op_mode(self, path : list) -> None:              """ diff --git a/smoketest/scripts/cli/test_container.py b/smoketest/scripts/cli/test_container.py index 51559a7c6..36622cad1 100755 --- a/smoketest/scripts/cli/test_container.py +++ b/smoketest/scripts/cli/test_container.py @@ -1,6 +1,6 @@  #!/usr/bin/env python3  # -# Copyright (C) 2021-2024 VyOS maintainers and contributors +# Copyright (C) 2021-2025 VyOS maintainers and contributors  #  # This program is free software; you can redistribute it and/or modify  # it under the terms of the GNU General Public License version 2 or later as @@ -14,6 +14,7 @@  # You should have received a copy of the GNU General Public License  # along with this program.  If not, see <http://www.gnu.org/licenses/>. +import os  import unittest  import glob  import json @@ -26,10 +27,10 @@ from vyos.utils.process import cmd  from vyos.utils.process import process_named_running  base_path = ['container'] -cont_image = 'busybox:stable' # busybox is included in vyos-build  PROCESS_NAME = 'conmon'  PROCESS_PIDFILE = '/run/vyos-container-{0}.service.pid' +busybox_image = 'busybox:stable'  busybox_image_path = '/usr/share/vyos/busybox-stable.tar'  def cmd_to_json(command): @@ -42,11 +43,10 @@ class TestContainer(VyOSUnitTestSHIM.TestCase):      def setUpClass(cls):          super(TestContainer, cls).setUpClass() -        # Load image for smoketest provided in vyos-build -        try: -            cmd(f'cat {busybox_image_path} | sudo podman load') -        except: -            cls.skipTest(cls, reason='busybox image not available') +        # Load image for smoketest provided in vyos-1x-smoketest +        if not os.path.exists(busybox_image_path): +            cls.fail(cls, f'{busybox_image} image not available') +        cmd(f'sudo podman load -i {busybox_image_path}')          # ensure we can also run this test on a live system - so lets clean          # out the current configuration :) @@ -55,9 +55,8 @@ class TestContainer(VyOSUnitTestSHIM.TestCase):      @classmethod      def tearDownClass(cls):          super(TestContainer, cls).tearDownClass() -          # Cleanup podman image -        cmd(f'sudo podman image rm -f {cont_image}') +        cmd(f'sudo podman image rm -f {busybox_image}')      def tearDown(self):          self.cli_delete(base_path) @@ -78,7 +77,7 @@ class TestContainer(VyOSUnitTestSHIM.TestCase):          self.cli_set(['system', 'name-server', '1.1.1.1'])          self.cli_set(['system', 'name-server', '8.8.8.8']) -        self.cli_set(base_path + ['name', cont_name, 'image', cont_image]) +        self.cli_set(base_path + ['name', cont_name, 'image', busybox_image])          self.cli_set(base_path + ['name', cont_name, 'allow-host-networks'])          self.cli_set(base_path + ['name', cont_name, 'sysctl', 'parameter', 'kernel.msgmax', 'value', '4096']) @@ -104,7 +103,7 @@ class TestContainer(VyOSUnitTestSHIM.TestCase):          self.cli_set(base_path + ['network', net_name, 'prefix', prefix]) -        self.cli_set(base_path + ['name', cont_name, 'image', cont_image]) +        self.cli_set(base_path + ['name', cont_name, 'image', busybox_image])          self.cli_set(base_path + ['name', cont_name, 'name-server', name_server])          self.cli_set(base_path + ['name', cont_name, 'network', net_name, 'address', str(ip_interface(prefix).ip + 2)]) @@ -125,7 +124,7 @@ class TestContainer(VyOSUnitTestSHIM.TestCase):          cont_name = 'c2'          self.cli_set(base_path + ['name', cont_name, 'allow-host-networks']) -        self.cli_set(base_path + ['name', cont_name, 'image', cont_image]) +        self.cli_set(base_path + ['name', cont_name, 'image', busybox_image])          self.cli_set(base_path + ['name', cont_name, 'cpu-quota', '1.25'])          self.cli_commit() @@ -146,7 +145,7 @@ class TestContainer(VyOSUnitTestSHIM.TestCase):          for ii in range(1, 6):              name = f'{base_name}-{ii}' -            self.cli_set(base_path + ['name', name, 'image', cont_image]) +            self.cli_set(base_path + ['name', name, 'image', busybox_image])              self.cli_set(base_path + ['name', name, 'network', net_name, 'address', str(ip_interface(prefix).ip + ii)])          # verify() - first IP address of a prefix can not be used by a container @@ -176,7 +175,7 @@ class TestContainer(VyOSUnitTestSHIM.TestCase):          for ii in range(1, 6):              name = f'{base_name}-{ii}' -            self.cli_set(base_path + ['name', name, 'image', cont_image]) +            self.cli_set(base_path + ['name', name, 'image', busybox_image])              self.cli_set(base_path + ['name', name, 'network', net_name, 'address', str(ip_interface(prefix).ip + ii)])          # verify() - first IP address of a prefix can not be used by a container @@ -208,7 +207,7 @@ class TestContainer(VyOSUnitTestSHIM.TestCase):          for ii in range(1, 6):              name = f'{base_name}-{ii}' -            self.cli_set(base_path + ['name', name, 'image', cont_image]) +            self.cli_set(base_path + ['name', name, 'image', busybox_image])              self.cli_set(base_path + ['name', name, 'network', net_name, 'address', str(ip_interface(prefix4).ip + ii)])              self.cli_set(base_path + ['name', name, 'network', net_name, 'address', str(ip_interface(prefix6).ip + ii)]) @@ -242,7 +241,7 @@ class TestContainer(VyOSUnitTestSHIM.TestCase):          self.cli_set(base_path + ['network', net_name, 'no-name-server'])          name = f'{base_name}-2' -        self.cli_set(base_path + ['name', name, 'image', cont_image]) +        self.cli_set(base_path + ['name', name, 'image', busybox_image])          self.cli_set(base_path + ['name', name, 'network', net_name, 'address', str(ip_interface(prefix).ip + 2)])          self.cli_commit() @@ -258,7 +257,7 @@ class TestContainer(VyOSUnitTestSHIM.TestCase):          self.cli_set(base_path + ['network', net_name, 'mtu', '1280'])          name = f'{base_name}-2' -        self.cli_set(base_path + ['name', name, 'image', cont_image]) +        self.cli_set(base_path + ['name', name, 'image', busybox_image])          self.cli_set(base_path + ['name', name, 'network', net_name, 'address', str(ip_interface(prefix).ip + 2)])          self.cli_commit() @@ -271,7 +270,7 @@ class TestContainer(VyOSUnitTestSHIM.TestCase):          uid = '1001'          self.cli_set(base_path + ['name', cont_name, 'allow-host-networks']) -        self.cli_set(base_path + ['name', cont_name, 'image', cont_image]) +        self.cli_set(base_path + ['name', cont_name, 'image', busybox_image])          self.cli_set(base_path + ['name', cont_name, 'gid', gid])          # verify() - GID can only be set if UID is set @@ -293,7 +292,7 @@ class TestContainer(VyOSUnitTestSHIM.TestCase):          for ii in container_list:              name = f'{base_name}-{ii}' -            self.cli_set(base_path + ['name', name, 'image', cont_image]) +            self.cli_set(base_path + ['name', name, 'image', busybox_image])              self.cli_set(base_path + ['name', name, 'allow-host-networks'])          self.cli_commit() diff --git a/smoketest/scripts/cli/test_nat.py b/smoketest/scripts/cli/test_nat.py index 0beafcc6c..b33ef2617 100755 --- a/smoketest/scripts/cli/test_nat.py +++ b/smoketest/scripts/cli/test_nat.py @@ -84,7 +84,7 @@ class TestNAT(VyOSUnitTestSHIM.TestCase):          address_group = 'smoketest_addr'          address_group_member = '192.0.2.1'          interface_group = 'smoketest_ifaces' -        interface_group_member = 'bond.99' +        interface_group_member = 'eth0'          self.cli_set(['firewall', 'group', 'address-group', address_group, 'address', address_group_member])          self.cli_set(['firewall', 'group', 'interface-group', interface_group, 'interface', interface_group_member]) diff --git a/smoketest/scripts/cli/test_policy.py b/smoketest/scripts/cli/test_policy.py index 7ea1b610e..9d4fc0845 100755 --- a/smoketest/scripts/cli/test_policy.py +++ b/smoketest/scripts/cli/test_policy.py @@ -1,6 +1,6 @@  #!/usr/bin/env python3  # -# Copyright (C) 2021-2023 VyOS maintainers and contributors +# Copyright (C) 2021-2025 VyOS maintainers and contributors  #  # This program is free software; you can redistribute it and/or modify  # it under the terms of the GNU General Public License version 2 or later as @@ -17,6 +17,7 @@  import unittest  from base_vyostest_shim import VyOSUnitTestSHIM +from base_vyostest_shim import CSTORE_GUARD_TIME  from vyos.configsession import ConfigSessionError  from vyos.utils.process import cmd @@ -24,6 +25,17 @@ from vyos.utils.process import cmd  base_path = ['policy']  class TestPolicy(VyOSUnitTestSHIM.TestCase): +    @classmethod +    def setUpClass(cls): +        super(TestPolicy, cls).setUpClass() + +        # ensure we can also run this test on a live system - so lets clean +        # out the current configuration :) +        cls.cli_delete(cls, base_path) +        cls.cli_delete(cls, ['vrf']) +        # Enable CSTORE guard time required by FRR related tests +        cls._commit_guard_time = CSTORE_GUARD_TIME +      def tearDown(self):          self.cli_delete(base_path)          self.cli_commit() diff --git a/smoketest/scripts/cli/test_policy_local-route.py b/smoketest/scripts/cli/test_policy_local-route.py index 8d6ba40dc..a4239b8a1 100644 --- a/smoketest/scripts/cli/test_policy_local-route.py +++ b/smoketest/scripts/cli/test_policy_local-route.py @@ -1,6 +1,6 @@  #!/usr/bin/env python3  # -# Copyright (C) 2024 VyOS maintainers and contributors +# Copyright (C) 2024-2025 VyOS maintainers and contributors  #  # This program is free software; you can redistribute it and/or modify  # it under the terms of the GNU General Public License version 2 or later as @@ -17,6 +17,7 @@  import unittest  from base_vyostest_shim import VyOSUnitTestSHIM +from base_vyostest_shim import CSTORE_GUARD_TIME  interface = 'eth0'  mark = '100' @@ -32,6 +33,8 @@ class TestPolicyLocalRoute(VyOSUnitTestSHIM.TestCase):          # Clear out current configuration to allow running this test on a live system          cls.cli_delete(cls, ['policy', 'local-route'])          cls.cli_delete(cls, ['policy', 'local-route6']) +        # Enable CSTORE guard time required by FRR related tests +        cls._commit_guard_time = CSTORE_GUARD_TIME          cls.cli_set(cls, ['vrf', 'name', vrf_name, 'table', vrf_rt_id]) diff --git a/smoketest/scripts/cli/test_policy_route.py b/smoketest/scripts/cli/test_policy_route.py index 672865eb0..53761b7d6 100755 --- a/smoketest/scripts/cli/test_policy_route.py +++ b/smoketest/scripts/cli/test_policy_route.py @@ -1,6 +1,6 @@  #!/usr/bin/env python3  # -# Copyright (C) 2021-2023 VyOS maintainers and contributors +# Copyright (C) 2021-2025 VyOS maintainers and contributors  #  # This program is free software; you can redistribute it and/or modify  # it under the terms of the GNU General Public License version 2 or later as @@ -17,6 +17,7 @@  import unittest  from base_vyostest_shim import VyOSUnitTestSHIM +from base_vyostest_shim import CSTORE_GUARD_TIME  mark = '100'  conn_mark = '555' @@ -36,6 +37,8 @@ class TestPolicyRoute(VyOSUnitTestSHIM.TestCase):          # Clear out current configuration to allow running this test on a live system          cls.cli_delete(cls, ['policy', 'route'])          cls.cli_delete(cls, ['policy', 'route6']) +        # Enable CSTORE guard time required by FRR related tests +        cls._commit_guard_time = CSTORE_GUARD_TIME          cls.cli_set(cls, ['interfaces', 'ethernet', interface, 'address', interface_ip])          cls.cli_set(cls, ['protocols', 'static', 'table', table_id, 'route', '0.0.0.0/0', 'interface', interface]) diff --git a/smoketest/scripts/cli/test_protocols_babel.py b/smoketest/scripts/cli/test_protocols_babel.py index fa31722e5..7ecf54600 100755 --- a/smoketest/scripts/cli/test_protocols_babel.py +++ b/smoketest/scripts/cli/test_protocols_babel.py @@ -17,6 +17,7 @@  import unittest  from base_vyostest_shim import VyOSUnitTestSHIM +from base_vyostest_shim import CSTORE_GUARD_TIME  from vyos.ifconfig import Section  from vyos.frrender import babel_daemon @@ -38,6 +39,8 @@ class TestProtocolsBABEL(VyOSUnitTestSHIM.TestCase):          cls.cli_delete(cls, base_path)          cls.cli_delete(cls, ['policy', 'prefix-list'])          cls.cli_delete(cls, ['policy', 'prefix-list6']) +        # Enable CSTORE guard time required by FRR related tests +        cls._commit_guard_time = CSTORE_GUARD_TIME      def tearDown(self):          # always destroy the entire babel configuration to make the processes diff --git a/smoketest/scripts/cli/test_protocols_bfd.py b/smoketest/scripts/cli/test_protocols_bfd.py index f7ef3849f..2205cd9de 100755 --- a/smoketest/scripts/cli/test_protocols_bfd.py +++ b/smoketest/scripts/cli/test_protocols_bfd.py @@ -1,6 +1,6 @@  #!/usr/bin/env python3  # -# Copyright (C) 2021-2023 VyOS maintainers and contributors +# Copyright (C) 2021-2024 VyOS maintainers and contributors  #  # This program is free software; you can redistribute it and/or modify  # it under the terms of the GNU General Public License version 2 or later as @@ -17,6 +17,8 @@  import unittest  from base_vyostest_shim import VyOSUnitTestSHIM +from base_vyostest_shim import CSTORE_GUARD_TIME +  from vyos.configsession import ConfigSessionError  from vyos.frrender import bfd_daemon  from vyos.utils.process import process_named_running @@ -86,6 +88,9 @@ class TestProtocolsBFD(VyOSUnitTestSHIM.TestCase):          # Retrieve FRR daemon PID - it is not allowed to crash, thus PID must remain the same          cls.daemon_pid = process_named_running(bfd_daemon) +        # Enable CSTORE guard time required by FRR related tests +        cls._commit_guard_time = CSTORE_GUARD_TIME +          # ensure we can also run this test on a live system - so lets clean          # out the current configuration :)          cls.cli_delete(cls, base_path) diff --git a/smoketest/scripts/cli/test_protocols_bgp.py b/smoketest/scripts/cli/test_protocols_bgp.py index e5c8486f8..761eb8bfe 100755 --- a/smoketest/scripts/cli/test_protocols_bgp.py +++ b/smoketest/scripts/cli/test_protocols_bgp.py @@ -19,6 +19,7 @@ import unittest  from time import sleep  from base_vyostest_shim import VyOSUnitTestSHIM +from base_vyostest_shim import CSTORE_GUARD_TIME  from vyos.ifconfig import Section  from vyos.configsession import ConfigSessionError @@ -200,6 +201,9 @@ class TestProtocolsBGP(VyOSUnitTestSHIM.TestCase):          cls.cli_set(cls, ['policy', 'prefix-list6', prefix_list_out6, 'rule', '10', 'action', 'deny'])          cls.cli_set(cls, ['policy', 'prefix-list6', prefix_list_out6, 'rule', '10', 'prefix', '2001:db8:2000::/64']) +        # Enable CSTORE guard time required by FRR related tests +        cls._commit_guard_time = CSTORE_GUARD_TIME +      @classmethod      def tearDownClass(cls):          cls.cli_delete(cls, ['policy', 'route-map']) diff --git a/smoketest/scripts/cli/test_protocols_isis.py b/smoketest/scripts/cli/test_protocols_isis.py index 92d6ef2a7..598250d28 100755 --- a/smoketest/scripts/cli/test_protocols_isis.py +++ b/smoketest/scripts/cli/test_protocols_isis.py @@ -1,6 +1,6 @@  #!/usr/bin/env python3  # -# Copyright (C) 2021-2024 VyOS maintainers and contributors +# Copyright (C) 2021-2025 VyOS maintainers and contributors  #  # This program is free software; you can redistribute it and/or modify  # it under the terms of the GNU General Public License version 2 or later as @@ -17,6 +17,8 @@  import unittest  from base_vyostest_shim import VyOSUnitTestSHIM +from base_vyostest_shim import CSTORE_GUARD_TIME +  from vyos.configsession import ConfigSessionError  from vyos.ifconfig import Section  from vyos.utils.process import process_named_running @@ -38,6 +40,8 @@ class TestProtocolsISIS(VyOSUnitTestSHIM.TestCase):          # out the current configuration :)          cls.cli_delete(cls, base_path)          cls.cli_delete(cls, ['vrf']) +        # Enable CSTORE guard time required by FRR related tests +        cls._commit_guard_time = CSTORE_GUARD_TIME      def tearDown(self):          # cleanup any possible VRF mess diff --git a/smoketest/scripts/cli/test_protocols_mpls.py b/smoketest/scripts/cli/test_protocols_mpls.py index 9d8417851..654f2f099 100755 --- a/smoketest/scripts/cli/test_protocols_mpls.py +++ b/smoketest/scripts/cli/test_protocols_mpls.py @@ -17,6 +17,8 @@  import unittest  from base_vyostest_shim import VyOSUnitTestSHIM +from base_vyostest_shim import CSTORE_GUARD_TIME +  from vyos.configsession import ConfigSessionError  from vyos.ifconfig import Section  from vyos.frrender import ldpd_daemon @@ -72,10 +74,11 @@ class TestProtocolsMPLS(VyOSUnitTestSHIM.TestCase):          # Retrieve FRR daemon PID - it is not allowed to crash, thus PID must remain the same          cls.daemon_pid = process_named_running(ldpd_daemon) -          # ensure we can also run this test on a live system - so lets clean          # out the current configuration :)          cls.cli_delete(cls, base_path) +        # Enable CSTORE guard time required by FRR related tests +        cls._commit_guard_time = CSTORE_GUARD_TIME      def tearDown(self):          self.cli_delete(base_path) diff --git a/smoketest/scripts/cli/test_protocols_openfabric.py b/smoketest/scripts/cli/test_protocols_openfabric.py index db0d5e222..323b6cd74 100644 --- a/smoketest/scripts/cli/test_protocols_openfabric.py +++ b/smoketest/scripts/cli/test_protocols_openfabric.py @@ -17,6 +17,8 @@  import unittest  from base_vyostest_shim import VyOSUnitTestSHIM +from base_vyostest_shim import CSTORE_GUARD_TIME +  from vyos.configsession import ConfigSessionError  from vyos.utils.process import process_named_running  from vyos.frrender import openfabric_daemon @@ -40,6 +42,8 @@ class TestProtocolsOpenFabric(VyOSUnitTestSHIM.TestCase):          # ensure we can also run this test on a live system - so lets clean          # out the current configuration :)          cls.cli_delete(cls, base_path) +        # Enable CSTORE guard time required by FRR related tests +        cls._commit_guard_time = CSTORE_GUARD_TIME      def tearDown(self):          self.cli_delete(base_path) diff --git a/smoketest/scripts/cli/test_protocols_ospf.py b/smoketest/scripts/cli/test_protocols_ospf.py index f862f5889..77882737f 100755 --- a/smoketest/scripts/cli/test_protocols_ospf.py +++ b/smoketest/scripts/cli/test_protocols_ospf.py @@ -18,6 +18,7 @@ import unittest  from time import sleep  from base_vyostest_shim import VyOSUnitTestSHIM +from base_vyostest_shim import CSTORE_GUARD_TIME  from vyos.configsession import ConfigSessionError  from vyos.ifconfig import Section @@ -45,6 +46,8 @@ class TestProtocolsOSPF(VyOSUnitTestSHIM.TestCase):          # ensure we can also run this test on a live system - so lets clean          # out the current configuration :)          cls.cli_delete(cls, base_path) +        # Enable CSTORE guard time required by FRR related tests +        cls._commit_guard_time = CSTORE_GUARD_TIME      @classmethod      def tearDownClass(cls): diff --git a/smoketest/scripts/cli/test_protocols_ospfv3.py b/smoketest/scripts/cli/test_protocols_ospfv3.py index fd4d4cf08..5da4c7c98 100755 --- a/smoketest/scripts/cli/test_protocols_ospfv3.py +++ b/smoketest/scripts/cli/test_protocols_ospfv3.py @@ -17,6 +17,7 @@  import unittest  from base_vyostest_shim import VyOSUnitTestSHIM +from base_vyostest_shim import CSTORE_GUARD_TIME  from vyos.configsession import ConfigSessionError  from vyos.ifconfig import Section @@ -44,6 +45,8 @@ class TestProtocolsOSPFv3(VyOSUnitTestSHIM.TestCase):          # ensure we can also run this test on a live system - so lets clean          # out the current configuration :)          cls.cli_delete(cls, base_path) +        # Enable CSTORE guard time required by FRR related tests +        cls._commit_guard_time = CSTORE_GUARD_TIME      @classmethod      def tearDownClass(cls): diff --git a/smoketest/scripts/cli/test_protocols_pim.py b/smoketest/scripts/cli/test_protocols_pim.py index 1ba24c196..cc62769b3 100755 --- a/smoketest/scripts/cli/test_protocols_pim.py +++ b/smoketest/scripts/cli/test_protocols_pim.py @@ -17,6 +17,7 @@  import unittest  from base_vyostest_shim import VyOSUnitTestSHIM +from base_vyostest_shim import CSTORE_GUARD_TIME  from vyos.configsession import ConfigSessionError  from vyos.frrender import pim_daemon @@ -26,6 +27,16 @@ from vyos.utils.process import process_named_running  base_path = ['protocols', 'pim']  class TestProtocolsPIM(VyOSUnitTestSHIM.TestCase): +    @classmethod +    def setUpClass(cls): +        # call base-classes classmethod +        super(TestProtocolsPIM, cls).setUpClass() +        # ensure we can also run this test on a live system - so lets clean +        # out the current configuration :) +        cls.cli_delete(cls, base_path) +        # Enable CSTORE guard time required by FRR related tests +        cls._commit_guard_time = CSTORE_GUARD_TIME +      def tearDown(self):          # pimd process must be running          self.assertTrue(process_named_running(pim_daemon)) diff --git a/smoketest/scripts/cli/test_protocols_pim6.py b/smoketest/scripts/cli/test_protocols_pim6.py index 98be54f4c..4ed8fcf7a 100755 --- a/smoketest/scripts/cli/test_protocols_pim6.py +++ b/smoketest/scripts/cli/test_protocols_pim6.py @@ -17,6 +17,8 @@  import unittest  from base_vyostest_shim import VyOSUnitTestSHIM +from base_vyostest_shim import CSTORE_GUARD_TIME +  from vyos.configsession import ConfigSessionError  from vyos.ifconfig import Section  from vyos.frrender import pim6_daemon @@ -34,6 +36,8 @@ class TestProtocolsPIMv6(VyOSUnitTestSHIM.TestCase):          # ensure we can also run this test on a live system - so lets clean          # out the current configuration :)          cls.cli_delete(cls, base_path) +        # Enable CSTORE guard time required by FRR related tests +        cls._commit_guard_time = CSTORE_GUARD_TIME      def tearDown(self):          self.cli_delete(base_path) diff --git a/smoketest/scripts/cli/test_protocols_rip.py b/smoketest/scripts/cli/test_protocols_rip.py index 78567d12c..671ef8cd5 100755 --- a/smoketest/scripts/cli/test_protocols_rip.py +++ b/smoketest/scripts/cli/test_protocols_rip.py @@ -17,6 +17,7 @@  import unittest  from base_vyostest_shim import VyOSUnitTestSHIM +from base_vyostest_shim import CSTORE_GUARD_TIME  from vyos.ifconfig import Section  from vyos.frrender import rip_daemon @@ -39,6 +40,8 @@ class TestProtocolsRIP(VyOSUnitTestSHIM.TestCase):          # ensure we can also run this test on a live system - so lets clean          # out the current configuration :)          cls.cli_delete(cls, base_path) +        # Enable CSTORE guard time required by FRR related tests +        cls._commit_guard_time = CSTORE_GUARD_TIME          cls.cli_set(cls, ['policy', 'access-list', acl_in, 'rule', '10', 'action', 'permit'])          cls.cli_set(cls, ['policy', 'access-list', acl_in, 'rule', '10', 'source', 'any']) diff --git a/smoketest/scripts/cli/test_protocols_ripng.py b/smoketest/scripts/cli/test_protocols_ripng.py index 26da2b62b..d2066b825 100755 --- a/smoketest/scripts/cli/test_protocols_ripng.py +++ b/smoketest/scripts/cli/test_protocols_ripng.py @@ -1,6 +1,6 @@  #!/usr/bin/env python3  # -# Copyright (C) 2021-2023 VyOS maintainers and contributors +# Copyright (C) 2021-2025 VyOS maintainers and contributors  #  # This program is free software; you can redistribute it and/or modify  # it under the terms of the GNU General Public License version 2 or later as @@ -17,6 +17,7 @@  import unittest  from base_vyostest_shim import VyOSUnitTestSHIM +from base_vyostest_shim import CSTORE_GUARD_TIME  from vyos.ifconfig import Section  from vyos.frrender import ripng_daemon @@ -40,6 +41,8 @@ class TestProtocolsRIPng(VyOSUnitTestSHIM.TestCase):          # ensure we can also run this test on a live system - so lets clean          # out the current configuration :)          cls.cli_delete(cls, base_path) +        # Enable CSTORE guard time required by FRR related tests +        cls._commit_guard_time = CSTORE_GUARD_TIME          cls.cli_set(cls, ['policy', 'access-list6', acl_in, 'rule', '10', 'action', 'permit'])          cls.cli_set(cls, ['policy', 'access-list6', acl_in, 'rule', '10', 'source', 'any']) diff --git a/smoketest/scripts/cli/test_protocols_rpki.py b/smoketest/scripts/cli/test_protocols_rpki.py index 36edbd5c2..ef2f30d3e 100755 --- a/smoketest/scripts/cli/test_protocols_rpki.py +++ b/smoketest/scripts/cli/test_protocols_rpki.py @@ -17,6 +17,7 @@  import unittest  from base_vyostest_shim import VyOSUnitTestSHIM +from base_vyostest_shim import CSTORE_GUARD_TIME  from vyos.configsession import ConfigSessionError  from vyos.frrender import bgp_daemon @@ -111,6 +112,8 @@ class TestProtocolsRPKI(VyOSUnitTestSHIM.TestCase):          # ensure we can also run this test on a live system - so lets clean          # out the current configuration :)          cls.cli_delete(cls, base_path) +        # Enable CSTORE guard time required by FRR related tests +        cls._commit_guard_time = CSTORE_GUARD_TIME      def tearDown(self):          self.cli_delete(base_path) diff --git a/smoketest/scripts/cli/test_protocols_segment-routing.py b/smoketest/scripts/cli/test_protocols_segment-routing.py index af4ef2adf..94c808733 100755 --- a/smoketest/scripts/cli/test_protocols_segment-routing.py +++ b/smoketest/scripts/cli/test_protocols_segment-routing.py @@ -17,6 +17,7 @@  import unittest  from base_vyostest_shim import VyOSUnitTestSHIM +from base_vyostest_shim import CSTORE_GUARD_TIME  from vyos.configsession import ConfigSessionError  from vyos.ifconfig import Section @@ -37,6 +38,8 @@ class TestProtocolsSegmentRouting(VyOSUnitTestSHIM.TestCase):          # ensure we can also run this test on a live system - so lets clean          # out the current configuration :)          cls.cli_delete(cls, base_path) +        # Enable CSTORE guard time required by FRR related tests +        cls._commit_guard_time = CSTORE_GUARD_TIME      def tearDown(self):          self.cli_delete(base_path) diff --git a/smoketest/scripts/cli/test_protocols_static.py b/smoketest/scripts/cli/test_protocols_static.py index 7cfc02e30..79d6b3af4 100755 --- a/smoketest/scripts/cli/test_protocols_static.py +++ b/smoketest/scripts/cli/test_protocols_static.py @@ -1,6 +1,6 @@  #!/usr/bin/env python3  # -# Copyright (C) 2021-2024 VyOS maintainers and contributors +# Copyright (C) 2021-2025 VyOS maintainers and contributors  #  # This program is free software; you can redistribute it and/or modify  # it under the terms of the GNU General Public License version 2 or later as @@ -19,6 +19,7 @@ import unittest  from time import sleep  from base_vyostest_shim import VyOSUnitTestSHIM +from base_vyostest_shim import CSTORE_GUARD_TIME  from vyos.configsession import ConfigSessionError  from vyos.template import is_ipv6 @@ -170,6 +171,8 @@ class TestProtocolsStatic(VyOSUnitTestSHIM.TestCase):          super(TestProtocolsStatic, cls).setUpClass()          cls.cli_delete(cls, base_path)          cls.cli_delete(cls, ['vrf']) +        # Enable CSTORE guard time required by FRR related tests +        cls._commit_guard_time = CSTORE_GUARD_TIME      @classmethod      def tearDownClass(cls): diff --git a/smoketest/scripts/cli/test_system_login.py b/smoketest/scripts/cli/test_system_login.py index 28abba012..f6a2c3cb3 100755 --- a/smoketest/scripts/cli/test_system_login.py +++ b/smoketest/scripts/cli/test_system_login.py @@ -1,6 +1,6 @@  #!/usr/bin/env python3  # -# Copyright (C) 2019-2024 VyOS maintainers and contributors +# Copyright (C) 2019-2025 VyOS maintainers and contributors  #  # This program is free software; you can redistribute it and/or modify  # it under the terms of the GNU General Public License version 2 or later as @@ -14,24 +14,35 @@  # You should have received a copy of the GNU General Public License  # along with this program.  If not, see <http://www.gnu.org/licenses/>. +import os  import re  import unittest +import jinja2 +import secrets +import string +import paramiko +import shutil  from base_vyostest_shim import VyOSUnitTestSHIM  from gzip import GzipFile -from subprocess import Popen, PIPE +from subprocess import Popen +from subprocess import PIPE  from pwd import getpwall  from vyos.configsession import ConfigSessionError  from vyos.utils.auth import get_current_user  from vyos.utils.process import cmd +from vyos.utils.process import process_named_running  from vyos.utils.file import read_file +from vyos.utils.file import write_file  from vyos.template import inc_ip  base_path = ['system', 'login']  users = ['vyos1', 'vyos-roxx123', 'VyOS-123_super.Nice'] +SSH_PROCESS_NAME = 'sshd' +  ssh_pubkey = """  AAAAB3NzaC1yc2EAAAADAQABAAABgQD0NuhUOEtMIKnUVFIHoFatqX/c4mjerXyF  TlXYfVt6Ls2NZZsUSwHbnhK4BKDrPvVZMW/LycjQPzWW6TGtk6UbZP1WqdviQ9hP @@ -44,6 +55,53 @@ pHJz8umqkxy3hfw0K7BRFtjWd63sbOP8Q/SDV7LPaIfIxenA9zv2rY7y+AIqTmSr  TTSb0X1zPGxPIRFy5GoGtO9Mm5h4OZk=  """ +tac_image = 'docker.io/lfkeitel/tacacs_plus:alpine' +tac_image_path = '/usr/share/vyos/tacplus-alpine.tar' + +TAC_PLUS_TMPL_SRC = """ +id = spawnd { +    debug redirect = /dev/stdout +    listen = { port = 49 } +    spawn = { +        instances min = 1 +        instances max = 10 +    } +    background = no +} + +id = tac_plus { +    debug = ALL +    log = stdout { +        destination = /dev/stdout +    } +    authorization log group = yes +    authentication log = stdout +    authorization log = stdout +    accounting log = stdout + +    host = smoketest { +        address = {{ source_address }}/32 +        enable = clear enable +        key = {{ tacacs_secret }} +    } + +    group = admin { +        default service = permit +        enable = permit +        service = shell { +            default command = permit +            default attribute = permit +            set priv-lvl = 15 +        } +    } + +    user = {{ username }} { +        password = clear {{ password }} +        member = admin +    } +} +""" +  class TestSystemLogin(VyOSUnitTestSHIM.TestCase):      @classmethod      def setUpClass(cls): @@ -54,6 +112,17 @@ class TestSystemLogin(VyOSUnitTestSHIM.TestCase):          cls.cli_delete(cls, base_path + ['radius'])          cls.cli_delete(cls, base_path + ['tacacs']) +        # Load image for smoketest provided in vyos-1x-smoketest +        if not os.path.exists(tac_image_path): +            cls.fail(cls, f'{tac_image} image not available') +        cmd(f'sudo podman load -i {tac_image_path}') + +    @classmethod +    def tearDownClass(cls): +        super(TestSystemLogin, cls).tearDownClass() +        # Cleanup podman image +        cmd(f'sudo podman image rm -f {tac_image}') +      def tearDown(self):          # Delete individual users from configuration          for user in users: @@ -87,11 +156,11 @@ class TestSystemLogin(VyOSUnitTestSHIM.TestCase):          self.cli_set(['service', 'ssh', 'port', '22'])          for user in users: -            name = "VyOS Roxx " + user -            home_dir = "/tmp/" + user +            name = f'VyOS Roxx {user}' +            home_dir = f'/tmp/smoketest/{user}'              self.cli_set(base_path + ['user', user, 'authentication', 'plaintext-password', user]) -            self.cli_set(base_path + ['user', user, 'full-name', 'VyOS Roxx']) +            self.cli_set(base_path + ['user', user, 'full-name', name])              self.cli_set(base_path + ['user', user, 'home-directory', home_dir])          self.cli_commit() @@ -99,13 +168,13 @@ class TestSystemLogin(VyOSUnitTestSHIM.TestCase):          for user in users:              tmp = ['su','-', user]              proc = Popen(tmp, stdin=PIPE, stdout=PIPE, stderr=PIPE) -            tmp = "{}\nuname -a".format(user) +            tmp = f'{user}\nuname -a'              proc.stdin.write(tmp.encode())              proc.stdin.flush()              (stdout, stderr) = proc.communicate()              # stdout is something like this: -            # b'Linux LR1.wue3 5.10.61-amd64-vyos #1 SMP Fri Aug 27 08:55:46 UTC 2021 x86_64 GNU/Linux\n' +            # b'Linux vyos 6.6.66-vyos 6.6.66-vyos #1 SMP Mon Dec 30 19:05:15 UTC 2024 x86_64 GNU/Linux\n'              self.assertTrue(len(stdout) > 40)          locked_user = users[0] @@ -123,7 +192,6 @@ class TestSystemLogin(VyOSUnitTestSHIM.TestCase):          tmp = cmd(f'sudo passwd -S {locked_user}')          self.assertIn(f'{locked_user} P ', tmp) -      def test_system_login_otp(self):          otp_user = 'otp-test_user'          otp_password = 'SuperTestPassword' @@ -300,11 +368,52 @@ class TestSystemLogin(VyOSUnitTestSHIM.TestCase):          self.cli_delete(base_path + ['max-login-session'])      def test_system_login_tacacs(self): -        tacacs_secret = 'tac_plus_key' +        tacacs_secret = ''.join(secrets.choice(string.ascii_letters + string.digits) for i in range(10))          tacacs_servers = ['100.64.0.11', '100.64.0.12'] +        source_address = '100.64.0.1' +        dummy_if = 'dum12759' + +        # Load container image for lac_plus daemon +        tac_plus_config = '/tmp/smoketest-tacacs-server' +        tac_container_path = ['container', 'name', 'tacacs-1'] + +        # Generate random string with 10 digits +        username = 'tactest' +        password = ''.join(secrets.choice(string.ascii_letters + string.digits) for i in range(10)) +        tac_test_user = { +            'username' : username, +            'password' : password, +            'tacacs_secret' : tacacs_secret, +            'source_address' : source_address, +        } + +        tmpl = jinja2.Template(TAC_PLUS_TMPL_SRC) +        write_file(f'{tac_plus_config}/tac_plus.cfg', tmpl.render(tac_test_user)) + +        # Check if SSH service is running +        ssh_running = process_named_running(SSH_PROCESS_NAME) +        if not ssh_running: +            # Start SSH service +            self.cli_set(['service', 'ssh']) + +        # Start tac_plus container +        self.cli_set(tac_container_path + ['allow-host-networks']) +        self.cli_set(tac_container_path + ['image', tac_image]) +        self.cli_set(tac_container_path + ['volume', 'config', 'destination', '/etc/tac_plus']) +        self.cli_set(tac_container_path + ['volume', 'config', 'mode', 'ro']) +        self.cli_set(tac_container_path + ['volume', 'config', 'source', tac_plus_config]) + +        # Start container +        self.cli_commit() + +        # Define TACACS traffic source address +        self.cli_set(['interfaces', 'dummy', dummy_if, 'address', f'{source_address}/32']) +        self.cli_set(base_path + ['tacacs', 'source-address', source_address]) -        # Enable TACACS +        # Define TACACS servers          for server in tacacs_servers: +            # Use this system as "remote" TACACS server +            self.cli_set(['interfaces', 'dummy', dummy_if, 'address', f'{server}/32'])              self.cli_set(base_path + ['tacacs', 'server', server, 'key', tacacs_secret])          self.cli_commit() @@ -328,6 +437,11 @@ class TestSystemLogin(VyOSUnitTestSHIM.TestCase):          self.assertIn('service=shell', pam_tacacs_conf)          self.assertIn('protocol=ssh', pam_tacacs_conf) +        # Verify configured TACACS source address +        self.assertIn(f'source_ip={source_address}', pam_tacacs_conf) +        self.assertIn(f'source_ip={source_address}', nss_tacacs_conf) + +        # Verify configured TACACS servers          for server in tacacs_servers:              self.assertIn(f'secret={tacacs_secret}', pam_tacacs_conf)              self.assertIn(f'server={server}', pam_tacacs_conf) @@ -335,6 +449,32 @@ class TestSystemLogin(VyOSUnitTestSHIM.TestCase):              self.assertIn(f'secret={tacacs_secret}', nss_tacacs_conf)              self.assertIn(f'server={server}', nss_tacacs_conf) +        # Login with proper credentials +        test_command = 'uname -a' +        out, err = self.ssh_send_cmd(test_command, username, password) +        # verify login +        self.assertFalse(err) +        self.assertEqual(out, cmd(test_command)) + +        # Login with invalid credentials +        with self.assertRaises(paramiko.ssh_exception.AuthenticationException): +            _, _ = self.ssh_send_cmd(test_command, username, f'{password}1') + +        # Remove TACACS configuration +        self.cli_delete(base_path + ['tacacs']) +        # Remove tac_plus container +        self.cli_delete(tac_container_path) +        # Remove dummy interface +        self.cli_delete(['interfaces', 'dummy', dummy_if]) +        self.cli_commit() + +        # Remove rendered tac_plus daemon configuration +        shutil.rmtree(tac_plus_config) + +        # Stop SSH service if it was not running before +        if not ssh_running: +            self.cli_delete(['service', 'ssh']) +      def test_delete_current_user(self):          current_user = get_current_user() diff --git a/smoketest/scripts/cli/test_vrf.py b/smoketest/scripts/cli/test_vrf.py index 1676f8f19..30980f9ec 100755 --- a/smoketest/scripts/cli/test_vrf.py +++ b/smoketest/scripts/cli/test_vrf.py @@ -1,6 +1,6 @@  #!/usr/bin/env python3  # -# Copyright (C) 2020-2024 VyOS maintainers and contributors +# Copyright (C) 2020-2025 VyOS maintainers and contributors  #  # This program is free software; you can redistribute it and/or modify  # it under the terms of the GNU General Public License version 2 or later as @@ -18,10 +18,12 @@ import re  import os  import unittest -from base_vyostest_shim import VyOSUnitTestSHIM  from json import loads  from jmespath import search +from base_vyostest_shim import VyOSUnitTestSHIM +from base_vyostest_shim import CSTORE_GUARD_TIME +  from vyos.configsession import ConfigSessionError  from vyos.ifconfig import Interface  from vyos.ifconfig import Section @@ -51,6 +53,10 @@ class VRFTest(VyOSUnitTestSHIM.TestCase):          else:              for tmp in Section.interfaces('ethernet', vlan=False):                  cls._interfaces.append(tmp) + +        # Enable CSTORE guard time required by FRR related tests +        cls._commit_guard_time = CSTORE_GUARD_TIME +          # call base-classes classmethod          super(VRFTest, cls).setUpClass() | 
