From be3c9bdf9274866d9e6548792a7f668fa04fa24f Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sat, 3 Oct 2020 19:58:45 +0200 Subject: smoketest: sstp: add basic tests --- data/templates/accel-ppp/chap-secrets.tmpl | 2 +- smoketest/scripts/cli/base_accel_ppp_test.py | 65 ++++++++++++++++++++-- smoketest/scripts/cli/test_service_pppoe-server.py | 51 ++++++----------- smoketest/scripts/cli/test_vpn_sstp.py | 34 ++++++++++- 4 files changed, 113 insertions(+), 39 deletions(-) diff --git a/data/templates/accel-ppp/chap-secrets.tmpl b/data/templates/accel-ppp/chap-secrets.tmpl index dd00d7bd0..6cace5401 100644 --- a/data/templates/accel-ppp/chap-secrets.tmpl +++ b/data/templates/accel-ppp/chap-secrets.tmpl @@ -2,7 +2,7 @@ {% for user in local_users %} {% if user.state == 'enabled' %} {% if user.upload and user.download %} -{{ "%-12s" | format(user.name) }} * {{ "%-16s" | format(user.password) }} {{ "%-16s" | format(user.ip) }} {{ user.download }} / {{ user.upload }} +{{ "%-12s" | format(user.name) }} * {{ "%-16s" | format(user.password) }} {{ "%-16s" | format(user.ip) }} {{ user.download }}/{{ user.upload }} {% else %} {{ "%-12s" | format(user.name) }} * {{ "%-16s" | format(user.password) }} {{ "%-16s" | format(user.ip) }} {% endif %} diff --git a/smoketest/scripts/cli/base_accel_ppp_test.py b/smoketest/scripts/cli/base_accel_ppp_test.py index eb809603e..5cf72b2dc 100644 --- a/smoketest/scripts/cli/base_accel_ppp_test.py +++ b/smoketest/scripts/cli/base_accel_ppp_test.py @@ -13,14 +13,18 @@ # along with this program. If not, see . import os +import re import unittest +from configparser import ConfigParser + from vyos.configsession import ConfigSession +from vyos.configsession import ConfigSessionError +from vyos.util import cmd from vyos.util import get_half_cpus +from vyos.util import process_named_running from vyos.validate import is_ipv4 -nameserver = ['192.0.2.1', '192.0.2.2', '2001:db8::1'] - class BasicAccelPPPTest: class BaseTest(unittest.TestCase): @@ -42,11 +46,26 @@ class BasicAccelPPPTest: # PPPoE local auth mode requires local users to be configured! self.set(['authentication', 'local-users', 'username', 'vyos', 'password', 'vyos']) self.set(['authentication', 'mode', 'local']) - for ns in nameserver: - self.set(['name-server', ns]) + def verify(self, conf): self.assertEqual(conf['core']['thread-count'], str(get_half_cpus())) + + def test_name_servers(self): + """ Verify proper Name-Server configuration for IPv4 and IPv6 """ + self.basic_config() + + nameserver = ['192.0.2.1', '192.0.2.2', '2001:db8::1'] + for ns in nameserver: + self.set(['name-server', ns]) + + # commit changes + self.session.commit() + + # Validate configuration values + conf = ConfigParser(allow_no_value=True, delimiters='=') + conf.read(self._config_file) + # IPv4 and IPv6 nameservers must be checked individually for ns in nameserver: if is_ipv4(ns): @@ -54,3 +73,41 @@ class BasicAccelPPPTest: else: self.assertEqual(conf['ipv6-dns'][ns], None) + def test_authentication_local(self): + """ Test configuration of local authentication """ + self.basic_config() + + # upload / download limit + user = 'test' + password = 'test2' + static_ip = '100.100.100.101' + upload = '5000' + download = '10000' + + self.set(['authentication', 'local-users', 'username', user, 'password', password]) + self.set(['authentication', 'local-users', 'username', user, 'static-ip', static_ip]) + self.set(['authentication', 'local-users', 'username', user, 'rate-limit', 'upload', upload]) + + # upload rate-limit requires also download rate-limit + with self.assertRaises(ConfigSessionError): + self.session.commit() + self.set(['authentication', 'local-users', 'username', user, 'rate-limit', 'download', download]) + + # commit changes + self.session.commit() + + # Validate configuration values + conf = ConfigParser(allow_no_value=True, delimiters='=') + conf.read(self._config_file) + + # basic verification + self.verify(conf) + + # check local users + tmp = cmd(f'sudo cat {self._chap_secrets}') + regex = f'{user}\s+\*\s+{password}\s+{static_ip}\s+{download}/{upload}' + tmp = re.findall(regex, tmp) + self.assertTrue(tmp) + + # Check for running process + self.assertTrue(process_named_running(self._process_name)) diff --git a/smoketest/scripts/cli/test_service_pppoe-server.py b/smoketest/scripts/cli/test_service_pppoe-server.py index a0ff9b629..32439da5b 100755 --- a/smoketest/scripts/cli/test_service_pppoe-server.py +++ b/smoketest/scripts/cli/test_service_pppoe-server.py @@ -15,7 +15,6 @@ # along with this program. If not, see . import os -import re import unittest from base_accel_ppp_test import BasicAccelPPPTest @@ -25,9 +24,7 @@ from vyos.configsession import ConfigSessionError from vyos.util import process_named_running from vyos.util import cmd -process_name = 'accel-pppd' local_if = ['interfaces', 'dummy', 'dum667'] -pppoe_conf = '/run/accel-pppd/pppoe.conf' ac_name = 'ACN' gateway = '192.0.2.1' @@ -37,6 +34,10 @@ interface = 'eth0' class TestServicePPPoEServer(BasicAccelPPPTest.BaseTest): def setUp(self): self._base_path = ['service', 'pppoe-server'] + self._process_name = 'accel-pppd' + self._config_file = '/run/accel-pppd/pppoe.conf' + self._chap_secrets = '/run/accel-pppd/pppoe.chap-secrets' + super().setUp() def tearDown(self): @@ -77,7 +78,7 @@ class TestServicePPPoEServer(BasicAccelPPPTest.BaseTest): super().basic_config() - def test_authentication_local(self): + def test_foo(self): """ Test configuration of local authentication for PPPoE server """ self.basic_config() @@ -86,19 +87,6 @@ class TestServicePPPoEServer(BasicAccelPPPTest.BaseTest): self.set(['ppp-options', 'mppe', 'require']) self.set(['limits', 'connection-limit', '20/min']) - # upload / download limit - user = 'test' - password = 'test2' - static_ip = '100.100.100.101' - self.set(['authentication', 'local-users', 'username', user, 'password', password]) - self.set(['authentication', 'local-users', 'username', user, 'static-ip', static_ip]) - self.set(['authentication', 'local-users', 'username', user, 'rate-limit', 'upload', '5000']) - - # upload rate-limit requires also download rate-limit - with self.assertRaises(ConfigSessionError): - self.session.commit() - self.set(['authentication', 'local-users', 'username', user, 'rate-limit', 'download', '10000']) - # min-mtu min_mtu = '1400' self.set(['ppp-options', 'min-mtu', min_mtu]) @@ -112,13 +100,13 @@ class TestServicePPPoEServer(BasicAccelPPPTest.BaseTest): # Validate configuration values conf = ConfigParser(allow_no_value=True, delimiters='=') - conf.read(pppoe_conf) + conf.read(self._config_file) # basic verification self.verify(conf) # check auth - self.assertEqual(conf['chap-secrets']['chap-secrets'], '/run/accel-pppd/pppoe.chap-secrets') + self.assertEqual(conf['chap-secrets']['chap-secrets'], self._chap_secrets) self.assertEqual(conf['chap-secrets']['gw-ip-address'], gateway) # check ppp @@ -131,14 +119,8 @@ class TestServicePPPoEServer(BasicAccelPPPTest.BaseTest): # check other settings self.assertEqual(conf['connlimit']['limit'], '20/min') - # check local users - tmp = cmd('sudo cat /run/accel-pppd/pppoe.chap-secrets') - regex = f'{user}\s+\*\s+{password}\s+{static_ip}\s+10000/5000' - tmp = re.findall(regex, tmp) - self.assertTrue(tmp) - # Check for running process - self.assertTrue(process_named_running(process_name)) + self.assertTrue(process_named_running(self._process_name)) def test_authentication_radius(self): """ Test configuration of RADIUS authentication for PPPoE server """ @@ -176,7 +158,7 @@ class TestServicePPPoEServer(BasicAccelPPPTest.BaseTest): # Validate configuration values conf = ConfigParser(allow_no_value=True, delimiters='=') - conf.read(pppoe_conf) + conf.read(self._config_file) # basic verification self.verify(conf) @@ -207,7 +189,7 @@ class TestServicePPPoEServer(BasicAccelPPPTest.BaseTest): self.assertFalse(conf['ppp'].getboolean('ccp')) # Check for running process - self.assertTrue(process_named_running(process_name)) + self.assertTrue(process_named_running(self._process_name)) def test_authentication_protocols(self): """ Test configuration of local authentication for PPPoE server """ @@ -221,12 +203,12 @@ class TestServicePPPoEServer(BasicAccelPPPTest.BaseTest): # Validate configuration values conf = ConfigParser(allow_no_value=True) - conf.read(pppoe_conf) + conf.read(self._config_file) self.assertEqual(conf['modules']['auth_mschap_v2'], None) # Check for running process - self.assertTrue(process_named_running(process_name)) + self.assertTrue(process_named_running(self._process_name)) def test_client_ip_pool(self): @@ -247,13 +229,16 @@ class TestServicePPPoEServer(BasicAccelPPPTest.BaseTest): # Validate configuration values conf = ConfigParser(allow_no_value=True) - conf.read(pppoe_conf) + conf.read(self._config_file) # check configured subnet self.assertEqual(conf['ip-pool'][subnet], None) self.assertEqual(conf['ip-pool'][start_stop], None) self.assertEqual(conf['ip-pool']['gw-ip-address'], gateway) + # Check for running process + self.assertTrue(process_named_running(self._process_name)) + def test_client_ipv6_pool(self): """ Test configuration of IPv6 client pools """ @@ -281,7 +266,7 @@ class TestServicePPPoEServer(BasicAccelPPPTest.BaseTest): # Validate configuration values conf = ConfigParser(allow_no_value=True, delimiters='=') - conf.read(pppoe_conf) + conf.read(self._config_file) for tmp in ['ipv6pool', 'ipv6_nd', 'ipv6_dhcp']: self.assertEqual(conf['modules'][tmp], None) @@ -295,7 +280,7 @@ class TestServicePPPoEServer(BasicAccelPPPTest.BaseTest): self.assertEqual(conf['ipv6-pool']['delegate'], f'{delegate_prefix},{delegate_mask}') # Check for running process - self.assertTrue(process_named_running(process_name)) + self.assertTrue(process_named_running(self._process_name)) if __name__ == '__main__': unittest.main() diff --git a/smoketest/scripts/cli/test_vpn_sstp.py b/smoketest/scripts/cli/test_vpn_sstp.py index fbf958c4d..d129867cc 100755 --- a/smoketest/scripts/cli/test_vpn_sstp.py +++ b/smoketest/scripts/cli/test_vpn_sstp.py @@ -17,17 +17,49 @@ import unittest from base_accel_ppp_test import BasicAccelPPPTest +from vyos.util import cmd process_name = 'accel-pppd' +ca_cert = '/tmp/ca.crt' +ssl_cert = '/tmp/server.crt' +ssl_key = '/tmp/server.key' class TestVPNSSTPServer(BasicAccelPPPTest.BaseTest): def setUp(self): self._base_path = ['vpn', 'sstp'] + self._process_name = 'accel-pppd' + self._config_file = '/run/accel-pppd/sstp.conf' + self._chap_secrets = '/run/accel-pppd/sstp.chap-secrets' + super().setUp() def tearDown(self): - self.session.delete(local_if) super().tearDown() + def basic_config(self): + # SSL is mandatory + self.set(['ssl', 'ca-cert-file', ca_cert]) + self.set(['ssl', 'cert-file', ssl_cert]) + self.set(['ssl', 'key-file', ssl_key]) + + self.set(['network-settings', 'client-ip-settings', 'subnet', '192.0.2.0/24']) + self.set(['network-settings', 'client-ip-settings', 'gateway-address', '1.1.1.1']) + + super().basic_config() + if __name__ == '__main__': + # Our SSL certificates need a subject ... + subject = '/C=DE/ST=BY/O=VyOS/localityName=Cloud/commonName=vyos/' \ + 'organizationalUnitName=VyOS/emailAddress=maintainers@vyos.io/' + + # Generate mandatory SSL certificate + tmp = f'openssl req -newkey rsa:4096 -new -nodes -x509 -days 3650 '\ + f'-keyout {ssl_key} -out {ssl_cert} -subj {subject}' + cmd(tmp) + + # Generate "CA" + tmp = f'openssl req -new -x509 -key {ssl_key} -out {ca_cert} '\ + f'-subj {subject}' + cmd(tmp) + unittest.main() -- cgit v1.2.3