From 73b9eba81999744ba0adf4c252ccdb2bd0bd2a19 Mon Sep 17 00:00:00 2001
From: khramshinr <khramshinr@gmail.com>
Date: Wed, 11 Dec 2024 11:51:10 +0800
Subject: T6934: Add preshared key for zabbix-agent monitoring service

- Allow configure preshared key for zabbix-agent
- Added op mode command for generatre random psk secret
- Removed duplicate xml definition for psk settings


Configure authentication mode:
```
# set service monitoring zabbix-agent authentication mode
Possible completions:
   pre-shared-secret    Use a pre-shared secret key
```

Configure PSK Settings:
```
# set service monitoring zabbix-agent authentication psk
Possible completions:
   id                   ID for authentication
   secret               pre-shared secret key

```

Generate Random PSK:
```
$ generate psk random
Possible completions:
  <Enter>               Execute the current command
  size                  Key size in bytes

```
---
 .../cli/test_service_monitoring_zabbix-agent.py     | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

(limited to 'smoketest/scripts/cli')

diff --git a/smoketest/scripts/cli/test_service_monitoring_zabbix-agent.py b/smoketest/scripts/cli/test_service_monitoring_zabbix-agent.py
index a60dae0a0..522f9df0f 100755
--- a/smoketest/scripts/cli/test_service_monitoring_zabbix-agent.py
+++ b/smoketest/scripts/cli/test_service_monitoring_zabbix-agent.py
@@ -23,6 +23,7 @@ from vyos.utils.file import read_file
 
 PROCESS_NAME = 'zabbix_agent2'
 ZABBIX_AGENT_CONF = '/run/zabbix/zabbix-agent2.conf'
+ZABBIX_PSK_FILE = f'/run/zabbix/zabbix-agent2.psk'
 base_path = ['service', 'monitoring', 'zabbix-agent']
 
 
@@ -82,6 +83,26 @@ class TestZabbixAgent(VyOSUnitTestSHIM.TestCase):
         self.assertIn(f'Timeout={timeout}', config)
         self.assertIn(f'Hostname={hostname}', config)
 
+    def test_02_zabbix_agent_psk_auth(self):
+        secret = '8703ce4cb3f51279acba895e1421d69d8a7e2a18546d013d564ad87ac3957f29'
+        self.cli_set(base_path + ['server', '127.0.0.1'])
+        self.cli_set(base_path + ['authentication', 'mode', 'pre-shared-secret'])
+        self.cli_set(base_path + ['authentication', 'psk', 'id', 'smoke_test'])
+        self.cli_set(base_path + ['authentication', 'psk', 'secret', secret])
+        self.cli_commit()
+
+        config = read_file(ZABBIX_AGENT_CONF)
+        self.assertIn('TLSConnect=psk', config)
+        self.assertIn('TLSAccept=psk', config)
+        self.assertIn('TLSPSKIdentity=smoke_test', config)
+        self.assertIn(f'TLSPSKFile={ZABBIX_PSK_FILE}', config)
+        self.assertEqual(secret, read_file(ZABBIX_PSK_FILE))
+
+        secret = '8703ce4cb3f51279acba895e1421d69d8a7e2a18546d013d564ad87ac3957f88'
+        self.cli_set(base_path + ['authentication', 'psk', 'secret', secret])
+        self.cli_commit()
+        self.assertEqual(secret, read_file(ZABBIX_PSK_FILE))
+
 
 if __name__ == '__main__':
     unittest.main(verbosity=2)
-- 
cgit v1.2.3