summaryrefslogtreecommitdiff
path: root/smoketest
diff options
context:
space:
mode:
Diffstat (limited to 'smoketest')
-rw-r--r--smoketest/config-tests/basic-api-service8
-rw-r--r--smoketest/configs/basic-api-service24
-rw-r--r--smoketest/scripts/cli/base_interfaces_test.py3
-rwxr-xr-xsmoketest/scripts/cli/test_firewall.py7
-rwxr-xr-xsmoketest/scripts/cli/test_interfaces_pppoe.py67
-rwxr-xr-xsmoketest/scripts/cli/test_interfaces_vxlan.py103
-rwxr-xr-xsmoketest/scripts/cli/test_service_https.py5
7 files changed, 189 insertions, 28 deletions
diff --git a/smoketest/config-tests/basic-api-service b/smoketest/config-tests/basic-api-service
index d78062402..1d2dc3472 100644
--- a/smoketest/config-tests/basic-api-service
+++ b/smoketest/config-tests/basic-api-service
@@ -5,6 +5,14 @@ set service ntp server time1.vyos.net
set service ntp server time2.vyos.net
set service ntp server time3.vyos.net
set service https api keys id 1 key 'S3cur3'
+set service https virtual-host bar allow-client address '172.16.0.0/12'
+set service https virtual-host bar port '5555'
+set service https virtual-host foo allow-client address '10.0.0.0/8'
+set service https virtual-host foo allow-client address '2001:db8::/32'
+set service https virtual-host foo port '7777'
+set service https virtual-host baz allow-client address '192.168.0.0/16'
+set service https virtual-host baz port '6666'
+set service https virtual-host baz server-name 'baz'
set system config-management commit-revisions '100'
set system host-name 'vyos'
set system login user vyos authentication encrypted-password '$6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/'
diff --git a/smoketest/configs/basic-api-service b/smoketest/configs/basic-api-service
index 98b2ebcf8..f5b56ac98 100644
--- a/smoketest/configs/basic-api-service
+++ b/smoketest/configs/basic-api-service
@@ -18,8 +18,28 @@ service {
}
socket
}
- }
- ssh {
+ virtual-host bar {
+ allow-client {
+ address 172.16.0.0/12
+ }
+ listen-port 5555
+ server-name bar
+ }
+ virtual-host baz {
+ allow-client {
+ address 192.168.0.0/16
+ }
+ listen-port 6666
+ server-name baz
+ }
+ virtual-host foo {
+ allow-client {
+ address 10.0.0.0/8
+ address 2001:db8::/32
+ }
+ listen-port 7777
+ server-name foo
+ }
}
}
system {
diff --git a/smoketest/scripts/cli/base_interfaces_test.py b/smoketest/scripts/cli/base_interfaces_test.py
index da196133a..3f42196f7 100644
--- a/smoketest/scripts/cli/base_interfaces_test.py
+++ b/smoketest/scripts/cli/base_interfaces_test.py
@@ -412,10 +412,9 @@ class BasicInterfaceTest:
for intf in self._interfaces:
base = self._base_path + [intf]
- self.cli_set(base + ['mtu', self._mtu])
-
for option in self._options.get(intf, []):
self.cli_set(base + option.split())
+ self.cli_set(base + ['mtu', self._mtu])
# check validate() - can not set low MTU if 'no-default-link-local'
# is not set on CLI
diff --git a/smoketest/scripts/cli/test_firewall.py b/smoketest/scripts/cli/test_firewall.py
index 8c3e00a2a..cffa1c0be 100755
--- a/smoketest/scripts/cli/test_firewall.py
+++ b/smoketest/scripts/cli/test_firewall.py
@@ -586,6 +586,7 @@ class TestFirewall(VyOSUnitTestSHIM.TestCase):
self.cli_set(['firewall', 'bridge', 'name', name, 'rule', '1', 'log-options', 'level', 'crit'])
self.cli_set(['firewall', 'bridge', 'forward', 'filter', 'default-action', 'drop'])
+ self.cli_set(['firewall', 'bridge', 'forward', 'filter', 'enable-default-log'])
self.cli_set(['firewall', 'bridge', 'forward', 'filter', 'rule', '1', 'action', 'accept'])
self.cli_set(['firewall', 'bridge', 'forward', 'filter', 'rule', '1', 'vlan', 'id', vlan_id])
self.cli_set(['firewall', 'bridge', 'forward', 'filter', 'rule', '2', 'action', 'jump'])
@@ -596,11 +597,13 @@ class TestFirewall(VyOSUnitTestSHIM.TestCase):
nftables_search = [
['chain VYOS_FORWARD_filter'],
- ['type filter hook forward priority filter; policy drop;'],
+ ['type filter hook forward priority filter; policy accept;'],
[f'vlan id {vlan_id}', 'accept'],
[f'vlan pcp {vlan_prior}', f'jump NAME_{name}'],
+ ['log prefix "[bri-FWD-filter-default-D]"', 'drop', 'FWD-filter default-action drop'],
[f'chain NAME_{name}'],
- [f'ether saddr {mac_address}', f'iifname "{interface_in}"', f'log prefix "[bri-NAM-{name}-1-A]" log level crit', 'accept']
+ [f'ether saddr {mac_address}', f'iifname "{interface_in}"', f'log prefix "[bri-NAM-{name}-1-A]" log level crit', 'accept'],
+ ['accept', f'{name} default-action accept']
]
self.verify_nftables(nftables_search, 'bridge vyos_filter')
diff --git a/smoketest/scripts/cli/test_interfaces_pppoe.py b/smoketest/scripts/cli/test_interfaces_pppoe.py
index 7b702759f..e99d8b3d1 100755
--- a/smoketest/scripts/cli/test_interfaces_pppoe.py
+++ b/smoketest/scripts/cli/test_interfaces_pppoe.py
@@ -36,6 +36,9 @@ class PPPoEInterfaceTest(VyOSUnitTestSHIM.TestCase):
@classmethod
def setUpClass(cls):
super(PPPoEInterfaceTest, cls).setUpClass()
+ # ensure we can also run this test on a live system - so lets clean
+ # out the current configuration :)
+ cls.cli_delete(cls, base_path)
cls._interfaces = ['pppoe10', 'pppoe20', 'pppoe30']
cls._source_interface = 'eth0'
@@ -53,18 +56,16 @@ class PPPoEInterfaceTest(VyOSUnitTestSHIM.TestCase):
self.cli_delete(base_path)
self.cli_commit()
- def test_01_pppoe_client(self):
+ def test_pppoe_client(self):
# Check if PPPoE dialer can be configured and runs
for interface in self._interfaces:
user = f'VyOS-user-{interface}'
passwd = f'VyOS-passwd-{interface}'
mtu = '1400'
- mru = '1300'
self.cli_set(base_path + [interface, 'authentication', 'username', user])
self.cli_set(base_path + [interface, 'authentication', 'password', passwd])
self.cli_set(base_path + [interface, 'mtu', mtu])
- self.cli_set(base_path + [interface, 'mru', '9000'])
self.cli_set(base_path + [interface, 'no-peer-dns'])
# check validate() - a source-interface is required
@@ -72,11 +73,6 @@ class PPPoEInterfaceTest(VyOSUnitTestSHIM.TestCase):
self.cli_commit()
self.cli_set(base_path + [interface, 'source-interface', self._source_interface])
- # check validate() - MRU needs to be less or equal then MTU
- with self.assertRaises(ConfigSessionError):
- self.cli_commit()
- self.cli_set(base_path + [interface, 'mru', mru])
-
# commit changes
self.cli_commit()
@@ -87,8 +83,9 @@ class PPPoEInterfaceTest(VyOSUnitTestSHIM.TestCase):
tmp = get_config_value(interface, 'mtu')[1]
self.assertEqual(tmp, mtu)
+ # MRU must default to MTU if not specified on CLI
tmp = get_config_value(interface, 'mru')[1]
- self.assertEqual(tmp, mru)
+ self.assertEqual(tmp, mtu)
tmp = get_config_value(interface, 'user')[1].replace('"', '')
self.assertEqual(tmp, user)
tmp = get_config_value(interface, 'password')[1].replace('"', '')
@@ -96,7 +93,7 @@ class PPPoEInterfaceTest(VyOSUnitTestSHIM.TestCase):
tmp = get_config_value(interface, 'ifname')[1]
self.assertEqual(tmp, interface)
- def test_02_pppoe_client_disabled_interface(self):
+ def test_pppoe_client_disabled_interface(self):
# Check if PPPoE Client can be disabled
for interface in self._interfaces:
user = f'VyOS-user-{interface}'
@@ -125,16 +122,16 @@ class PPPoEInterfaceTest(VyOSUnitTestSHIM.TestCase):
self.cli_commit()
- def test_03_pppoe_authentication(self):
+ def test_pppoe_authentication(self):
# When username or password is set - so must be the other
for interface in self._interfaces:
user = f'VyOS-user-{interface}'
passwd = f'VyOS-passwd-{interface}'
- self.cli_set(base_path + [interface, 'authentication', 'username', user])
self.cli_set(base_path + [interface, 'source-interface', self._source_interface])
self.cli_set(base_path + [interface, 'ipv6', 'address', 'autoconf'])
+ self.cli_set(base_path + [interface, 'authentication', 'username', user])
# check validate() - if user is set, so must be the password
with self.assertRaises(ConfigSessionError):
self.cli_commit()
@@ -143,7 +140,7 @@ class PPPoEInterfaceTest(VyOSUnitTestSHIM.TestCase):
self.cli_commit()
- def test_04_pppoe_dhcpv6pd(self):
+ def test_pppoe_dhcpv6pd(self):
# Check if PPPoE dialer can be configured with DHCPv6-PD
address = '1'
sla_id = '0'
@@ -183,7 +180,7 @@ class PPPoEInterfaceTest(VyOSUnitTestSHIM.TestCase):
tmp = get_config_value(interface, '+ipv6 ipv6cp-use-ipaddr')
self.assertListEqual(tmp, ['+ipv6', 'ipv6cp-use-ipaddr'])
- def test_05_pppoe_options(self):
+ def test_pppoe_options(self):
# Check if PPPoE dialer can be configured with DHCPv6-PD
for interface in self._interfaces:
user = f'VyOS-user-{interface}'
@@ -215,5 +212,47 @@ class PPPoEInterfaceTest(VyOSUnitTestSHIM.TestCase):
tmp = get_config_value(interface, 'pppoe-host-uniq')[1]
self.assertEqual(tmp, f'"{host_uniq}"')
+ def test_pppoe_mtu_mru(self):
+ # Check if PPPoE dialer can be configured and runs
+ for interface in self._interfaces:
+ user = f'VyOS-user-{interface}'
+ passwd = f'VyOS-passwd-{interface}'
+ mtu = '1400'
+ mru = '1300'
+
+ self.cli_set(base_path + [interface, 'authentication', 'username', user])
+ self.cli_set(base_path + [interface, 'authentication', 'password', passwd])
+ self.cli_set(base_path + [interface, 'mtu', mtu])
+ self.cli_set(base_path + [interface, 'mru', '9000'])
+
+ # check validate() - a source-interface is required
+ with self.assertRaises(ConfigSessionError):
+ self.cli_commit()
+ self.cli_set(base_path + [interface, 'source-interface', self._source_interface])
+
+ # check validate() - MRU needs to be less or equal then MTU
+ with self.assertRaises(ConfigSessionError):
+ self.cli_commit()
+ self.cli_set(base_path + [interface, 'mru', mru])
+
+ # commit changes
+ self.cli_commit()
+
+ # verify configuration file(s)
+ for interface in self._interfaces:
+ user = f'VyOS-user-{interface}'
+ passwd = f'VyOS-passwd-{interface}'
+
+ tmp = get_config_value(interface, 'mtu')[1]
+ self.assertEqual(tmp, mtu)
+ tmp = get_config_value(interface, 'mru')[1]
+ self.assertEqual(tmp, mru)
+ tmp = get_config_value(interface, 'user')[1].replace('"', '')
+ self.assertEqual(tmp, user)
+ tmp = get_config_value(interface, 'password')[1].replace('"', '')
+ self.assertEqual(tmp, passwd)
+ tmp = get_config_value(interface, 'ifname')[1]
+ self.assertEqual(tmp, interface)
+
if __name__ == '__main__':
unittest.main(verbosity=2)
diff --git a/smoketest/scripts/cli/test_interfaces_vxlan.py b/smoketest/scripts/cli/test_interfaces_vxlan.py
index 17e4fc36f..18676491b 100755
--- a/smoketest/scripts/cli/test_interfaces_vxlan.py
+++ b/smoketest/scripts/cli/test_interfaces_vxlan.py
@@ -18,10 +18,12 @@ import unittest
from vyos.configsession import ConfigSessionError
from vyos.ifconfig import Interface
+from vyos.ifconfig import Section
from vyos.utils.network import get_bridge_fdb
from vyos.utils.network import get_interface_config
from vyos.utils.network import interface_exists
from vyos.utils.network import get_vxlan_vlan_tunnels
+from vyos.utils.network import get_vxlan_vni_filter
from vyos.template import is_ipv6
from base_interfaces_test import BasicInterfaceTest
@@ -31,12 +33,13 @@ class VXLANInterfaceTest(BasicInterfaceTest.TestCase):
cls._base_path = ['interfaces', 'vxlan']
cls._options = {
'vxlan10': ['vni 10', 'remote 127.0.0.2'],
- 'vxlan20': ['vni 20', 'group 239.1.1.1', 'source-interface eth0'],
+ 'vxlan20': ['vni 20', 'group 239.1.1.1', 'source-interface eth0', 'mtu 1450'],
'vxlan30': ['vni 30', 'remote 2001:db8:2000::1', 'source-address 2001:db8:1000::1', 'parameters ipv6 flowlabel 0x1000'],
'vxlan40': ['vni 40', 'remote 127.0.0.2', 'remote 127.0.0.3'],
'vxlan50': ['vni 50', 'remote 2001:db8:2000::1', 'remote 2001:db8:2000::2', 'parameters ipv6 flowlabel 0x1000'],
}
cls._interfaces = list(cls._options)
+ cls._mtu = '1450'
# call base-classes classmethod
super(VXLANInterfaceTest, cls).setUpClass()
@@ -138,7 +141,7 @@ class VXLANInterfaceTest(BasicInterfaceTest.TestCase):
def test_vxlan_vlan_vni_mapping(self):
bridge = 'br0'
interface = 'vxlan0'
- source_interface = 'eth0'
+ source_address = '192.0.2.99'
vlan_to_vni = {
'10': '10010',
@@ -151,7 +154,7 @@ class VXLANInterfaceTest(BasicInterfaceTest.TestCase):
}
self.cli_set(self._base_path + [interface, 'parameters', 'external'])
- self.cli_set(self._base_path + [interface, 'source-interface', source_interface])
+ self.cli_set(self._base_path + [interface, 'source-address', source_address])
for vlan, vni in vlan_to_vni.items():
self.cli_set(self._base_path + [interface, 'vlan-to-vni', vlan, 'vni', vni])
@@ -187,11 +190,12 @@ class VXLANInterfaceTest(BasicInterfaceTest.TestCase):
def test_vxlan_neighbor_suppress(self):
bridge = 'br555'
interface = 'vxlan555'
- source_interface = 'eth0'
+ source_interface = 'dum0'
+
+ self.cli_set(['interfaces', Section.section(source_interface), source_interface, 'mtu', '9000'])
self.cli_set(self._base_path + [interface, 'parameters', 'external'])
self.cli_set(self._base_path + [interface, 'source-interface', source_interface])
-
self.cli_set(self._base_path + [interface, 'parameters', 'neighbor-suppress'])
# This must fail as this VXLAN interface is not associated with any bridge
@@ -221,6 +225,95 @@ class VXLANInterfaceTest(BasicInterfaceTest.TestCase):
self.assertTrue(tmp['linkinfo']['info_slave_data']['learning'])
self.cli_delete(['interfaces', 'bridge', bridge])
+ self.cli_delete(['interfaces', Section.section(source_interface), source_interface])
+
+ def test_vxlan_vni_filter(self):
+ interfaces = ['vxlan987', 'vxlan986', 'vxlan985']
+ source_address = '192.0.2.77'
+
+ for interface in interfaces:
+ self.cli_set(self._base_path + [interface, 'parameters', 'external'])
+ self.cli_set(self._base_path + [interface, 'source-address', source_address])
+
+ # This must fail as there can only be one "external" VXLAN device unless "vni-filter" is defined
+ with self.assertRaises(ConfigSessionError):
+ self.cli_commit()
+
+ # Enable "vni-filter" on the first VXLAN interface
+ self.cli_set(self._base_path + [interfaces[0], 'parameters', 'vni-filter'])
+
+ # This must fail as if it's enabled on one VXLAN interface, it must be enabled on all
+ # VXLAN interfaces
+ with self.assertRaises(ConfigSessionError):
+ self.cli_commit()
+ for interface in interfaces:
+ self.cli_set(self._base_path + [interface, 'parameters', 'vni-filter'])
+
+ # commit configuration
+ self.cli_commit()
+
+ for interface in interfaces:
+ self.assertTrue(interface_exists(interface))
+
+ tmp = get_interface_config(interface)
+ self.assertTrue(tmp['linkinfo']['info_data']['vnifilter'])
+
+ def test_vxlan_vni_filter_add_remove(self):
+ interface = 'vxlan987'
+ source_address = '192.0.2.66'
+ bridge = 'br0'
+
+ self.cli_set(self._base_path + [interface, 'parameters', 'external'])
+ self.cli_set(self._base_path + [interface, 'source-address', source_address])
+ self.cli_set(self._base_path + [interface, 'parameters', 'vni-filter'])
+
+ # commit configuration
+ self.cli_commit()
+
+ # Check if VXLAN interface got created
+ self.assertTrue(interface_exists(interface))
+
+ # VNI filter configured?
+ tmp = get_interface_config(interface)
+ self.assertTrue(tmp['linkinfo']['info_data']['vnifilter'])
+
+ # Now create some VLAN mappings and VNI filter
+ vlan_to_vni = {
+ '50': '10050',
+ '51': '10051',
+ '52': '10052',
+ '53': '10053',
+ '54': '10054',
+ '60': '10060',
+ '69': '10069',
+ }
+ for vlan, vni in vlan_to_vni.items():
+ self.cli_set(self._base_path + [interface, 'vlan-to-vni', vlan, 'vni', vni])
+ # we need a bridge ...
+ self.cli_set(['interfaces', 'bridge', bridge, 'member', 'interface', interface])
+ # commit configuration
+ self.cli_commit()
+
+ # All VNIs configured?
+ tmp = get_vxlan_vni_filter(interface)
+ self.assertListEqual(list(vlan_to_vni.values()), tmp)
+
+ #
+ # Delete a VLAN mappings and check if all VNIs are properly set up
+ #
+ vlan_to_vni.popitem()
+ self.cli_delete(self._base_path + [interface, 'vlan-to-vni'])
+ for vlan, vni in vlan_to_vni.items():
+ self.cli_set(self._base_path + [interface, 'vlan-to-vni', vlan, 'vni', vni])
+
+ # commit configuration
+ self.cli_commit()
+
+ # All VNIs configured?
+ tmp = get_vxlan_vni_filter(interface)
+ self.assertListEqual(list(vlan_to_vni.values()), tmp)
+
+ self.cli_delete(['interfaces', 'bridge', bridge])
if __name__ == '__main__':
unittest.main(verbosity=2)
diff --git a/smoketest/scripts/cli/test_service_https.py b/smoketest/scripts/cli/test_service_https.py
index 6484abc5d..24e1f1299 100755
--- a/smoketest/scripts/cli/test_service_https.py
+++ b/smoketest/scripts/cli/test_service_https.py
@@ -80,7 +80,7 @@ class TestHTTPSService(VyOSUnitTestSHIM.TestCase):
test_path = base_path + ['virtual-host', vhost_id]
self.cli_set(test_path + ['listen-address', address])
- self.cli_set(test_path + ['listen-port', port])
+ self.cli_set(test_path + ['port', port])
self.cli_set(test_path + ['server-name', name])
self.cli_commit()
@@ -111,7 +111,7 @@ class TestHTTPSService(VyOSUnitTestSHIM.TestCase):
def test_api_auth(self):
vhost_id = 'example'
address = '127.0.0.1'
- port = '443'
+ port = '443' # default value
name = 'localhost'
key = 'MySuperSecretVyOS'
@@ -119,7 +119,6 @@ class TestHTTPSService(VyOSUnitTestSHIM.TestCase):
test_path = base_path + ['virtual-host', vhost_id]
self.cli_set(test_path + ['listen-address', address])
- self.cli_set(test_path + ['listen-port', port])
self.cli_set(test_path + ['server-name', name])
self.cli_commit()
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-08 04:00:24 +0000