Change AAF Certservice CSITs to send requests via HTTPS
Signed-off-by: Aleksandra Maciaga <aleksandra.maciaga@nokia.com>
Signed-off-by: Michal Banka <michal.banka@nokia.com>
Change-Id: Ia7b5d8d548f4ae3727302772fc56e6b0142b0da0
Issue-ID: AAF-1084
diff --git a/tests/aaf/certservice/assets/invalid_client_docker.env b/tests/aaf/certservice/assets/invalid_client_docker.env
index 3e7d879..e96237c 100644
--- a/tests/aaf/certservice/assets/invalid_client_docker.env
+++ b/tests/aaf/certservice/assets/invalid_client_docker.env
@@ -2,6 +2,10 @@
REQUEST_TIMEOUT=5000
OUTPUT_PATH=/var/certs
CA_NAME=Invalid
+KEYSTORE_PATH=/etc/onap/aaf/certservice/certs/certServiceClient-keystore.jks
+KEYSTORE_PASSWORD=secret
+TRUSTSTORE_PATH=/etc/onap/aaf/certservice/certs/truststore.jks
+TRUSTSTORE_PASSWORD=secret
#Csr config envs
COMMON_NAME=onap.org
ORGANIZATION=Linux-Foundation
diff --git a/tests/aaf/certservice/assets/valid_client_docker.env b/tests/aaf/certservice/assets/valid_client_docker.env
index 0181896..55fefa3 100644
--- a/tests/aaf/certservice/assets/valid_client_docker.env
+++ b/tests/aaf/certservice/assets/valid_client_docker.env
@@ -2,6 +2,10 @@
REQUEST_TIMEOUT=30000
OUTPUT_PATH=/var/certs
CA_NAME=RA
+KEYSTORE_PATH=/etc/onap/aaf/certservice/certs/certServiceClient-keystore.jks
+KEYSTORE_PASSWORD=secret
+TRUSTSTORE_PATH=/etc/onap/aaf/certservice/certs/truststore.jks
+TRUSTSTORE_PASSWORD=secret
#Csr config envs
COMMON_NAME=onap.org
ORGANIZATION=Linux-Foundation
diff --git a/tests/aaf/certservice/libraries/CertClientManager.py b/tests/aaf/certservice/libraries/CertClientManager.py
index a959c9e..a4a0df2 100644
--- a/tests/aaf/certservice/libraries/CertClientManager.py
+++ b/tests/aaf/certservice/libraries/CertClientManager.py
@@ -10,10 +10,12 @@
ERROR_API_REGEX = 'Error on API response.*[0-9]{3}'
RESPONSE_CODE_REGEX = '[0-9]{3}'
+
class CertClientManager:
- def __init__(self, mount_path):
+ def __init__(self, mount_path, truststore_path):
self.mount_path = mount_path
+ self.truststore_path = truststore_path
def run_client_container(self, client_image, container_name, path_to_env, request_url, network):
self.create_mount_dir()
@@ -25,8 +27,9 @@
name=container_name,
environment=environment,
network=network,
- user='root', #Run container as root to avoid permission issues with volume mount access
- mounts=[Mount(target='/var/certs', source=self.mount_path, type='bind')],
+ user='root', # Run container as root to avoid permission issues with volume mount access
+ mounts=[Mount(target='/var/certs', source=self.mount_path, type='bind'),
+ Mount(target='/etc/onap/aaf/certservice/certs/', source=self.truststore_path, type='bind')],
detach=True
)
exitcode = container.wait()
diff --git a/tests/aaf/certservice/resources/cert-service-keywords.robot b/tests/aaf/certservice/resources/cert-service-keywords.robot
index a128178..d4d4fd9 100644
--- a/tests/aaf/certservice/resources/cert-service-keywords.robot
+++ b/tests/aaf/certservice/resources/cert-service-keywords.robot
@@ -5,19 +5,20 @@
Library RequestsLibrary
Library HttpLibrary.HTTP
Library Collections
-Library ../libraries/CertClientManager.py ${MOUNT_PATH}
+Library ../libraries/CertClientManager.py ${MOUNT_PATH} ${TRUSTSTORE_PATH}
Library ../libraries/JksFilesValidator.py ${MOUNT_PATH}
*** Keywords ***
Create sessions
[Documentation] Create all required sessions
- Create Session aaf_cert_service_url ${AAFCERT_URL}
- Set Suite Variable ${http_session} aaf_cert_service_url
+ ${certs}= Create List ${CERTSERVICE_SERVER_CRT} ${CERTSERVICE_SERVER_KEY}
+ Create Client Cert Session alias ${AAFCERT_URL} client_certs=${certs} verify=${ROOTCA}
+ Set Suite Variable ${https_valid_cert_session} alias
Run Healthcheck
[Documentation] Run Healthcheck
- ${resp}= Get Request ${http_session} /actuator/health
+ ${resp}= Get Request ${https_valid_cert_session} /actuator/health
Should Be Equal As Strings ${resp.status_code} 200
Validate Recieved Response ${resp} status UP
@@ -31,7 +32,7 @@
Send Get Request And Validate Response
[Documentation] Send request to passed url and validate received response
[Arguments] ${path} ${resp_code}
- ${resp}= Get Request ${http_session} ${path}
+ ${resp}= Get Request ${https_valid_cert_session} ${path}
Should Be Equal As Strings ${resp.status_code} ${resp_code}
Send Get Request with Header
@@ -39,7 +40,7 @@
[Arguments] ${path} ${csr_file} ${pk_file}
[Return] ${resp}
${headers}= Create Header with CSR and PK ${csr_file} ${pk_file}
- ${resp}= Get Request ${http_session} ${path} headers=${headers}
+ ${resp}= Get Request ${https_valid_cert_session} ${path} headers=${headers}
Send Get Request with Header And Expect Success
[Documentation] Send request to passed url and validate received response
@@ -81,7 +82,7 @@
Send Post Request And Validate Response
[Documentation] Send request to passed url and validate received response
[Arguments] ${path} ${resp_code}
- ${resp}= Post Request ${http_session} ${path}
+ ${resp}= Post Request ${https_valid_cert_session} ${path}
Should Be Equal As Strings ${resp.status_code} ${resp_code}
Run Cert Service Client And Validate JKS File Creation And Client Exit Code
diff --git a/tests/aaf/certservice/resources/cert-service-properties.robot b/tests/aaf/certservice/resources/cert-service-properties.robot
index 0dd8b06..53d6b24 100644
--- a/tests/aaf/certservice/resources/cert-service-properties.robot
+++ b/tests/aaf/certservice/resources/cert-service-properties.robot
@@ -1,10 +1,14 @@
*** Variables ***
-${CERT_SERVICE_PORT} 8080
-${AAFCERT_URL} http://localhost:${cert_service_port}
+${CERT_SERVICE_CONTAINER_NAME} aaf-cert-service
+${CERT_SERVICE_PORT} 8443
+${AAFCERT_URL} https://localhost:${cert_service_port}
${CLIENT_CA_NAME} Client
${RA_CA_NAME} RA
${CERT_SERVICE_ENDPOINT} /v1/certificate/
+${ROOTCA} %{WORKSPACE}/tests/aaf/certservice/assets/certs/root.crt
+${CERTSERVICE_SERVER_CRT} %{WORKSPACE}/tests/aaf/certservice/assets/certs/certServiceServer.crt
+${CERTSERVICE_SERVER_KEY} %{WORKSPACE}/tests/aaf/certservice/assets/certs/certServiceServer.key
${VALID_CLIENT_CSR_FILE} %{WORKSPACE}/tests/aaf/certservice/assets/valid_client.csr
${VALID_CLIENT_PK_FILE} %{WORKSPACE}/tests/aaf/certservice/assets/valid_client.pk
${VALID_RA_CSR_FILE} %{WORKSPACE}/tests/aaf/certservice/assets/valid_ra.csr
@@ -13,10 +17,11 @@
${INVALID_PK_FILE} %{WORKSPACE}/tests/aaf/certservice/assets/invalid.key
-${CERT_SERVICE_ADDRESS} http://%{AAFCERT_IP}:${cert_service_port}
+${CERT_SERVICE_ADDRESS} https://${CERT_SERVICE_CONTAINER_NAME}:${CERT_SERVICE_PORT}
${VALID_ENV_FILE} %{WORKSPACE}/tests/aaf/certservice/assets/valid_client_docker.env
${INVALID_ENV_FILE} %{WORKSPACE}/tests/aaf/certservice/assets/invalid_client_docker.env
${DOCKER_CLIENT_IMAGE} nexus3.onap.org:10001/onap/org.onap.aaf.certservice.aaf-certservice-client:latest
${CLIENT_CONTAINER_NAME} %{ClientContainerName}
${CERT_SERVICE_NETWORK} certservice_certservice
${MOUNT_PATH} %{WORKSPACE}/tests/aaf/certservice/tmp
+${TRUSTSTORE_PATH} %{WORKSPACE}/plans/aaf/certservice/certs