Add tests for CSAR security validation.
Signed-off-by: Bartosz Gardziejewski <bartosz.gardziejewski@nokia.com>
Change-Id: I25784be4d87ac8c4b0e82f42851ee96ac75e6b71
Issue-ID: VNFSDK-714
diff --git a/tests/vnfsdk-refrepo/csar/invalid_with_security.csar b/tests/vnfsdk-refrepo/csar/invalid_with_security.csar
new file mode 100644
index 0000000..c2560bd
--- /dev/null
+++ b/tests/vnfsdk-refrepo/csar/invalid_with_security.csar
Binary files differ
diff --git a/tests/vnfsdk-refrepo/csar_validation_tests.robot b/tests/vnfsdk-refrepo/csar_validation_tests.robot
index 9994d56..a7c2c40 100644
--- a/tests/vnfsdk-refrepo/csar_validation_tests.robot
+++ b/tests/vnfsdk-refrepo/csar_validation_tests.robot
@@ -10,6 +10,7 @@
${response}= Get Request refrepo /PackageResource/healthcheck
Should Be Equal As Strings ${response.status_code} 200
+
Validate correct, no security CSAR
[Documentation] Valid CSAR with no security should PASS validation and should return no error
@@ -18,13 +19,60 @@
# those strings are dependent on validation response and may need to be changed if vnf refrepo response changes
${response}= Remove String ${response} \\\\ \\u003c \\u003e \\"
${json_response}= evaluate json.loads('''${response}''') json
- Should Be Equal As Strings ${json_response[0]["results"]["criteria"]} PASS
+ Should Be Equal As Strings ${json_response[0]["results"]["criteria"]} ${OPERATION_STATUS_PASS}
FOR ${resault} IN @{json_response[0]["results"]["results"]}
Should Be Equal As Strings ${resault["errors"]} []
Should Be Equal As Strings ${resault["passed"]} True
+ run keyword if "${resault["vnfreqName"]}" == "${CERTIFICATION_RULE}"
+ ... Should Be Equal As Strings ${resault["warnings"]} ${expected_valid_no_security_warnings}
END
+Validate secure CSAR with invalid certificate
+ [Documentation] Valid CSAR with cms signature in manifest file and certificate in TOSCA, containing individual signatures for multiple artifacts, using common certificate and individual certificate
+
+ ${response}= Validate CSAR usign Post request ${csar_invalid_with_security} ${execute_security_csar_validation}
+ # Removing strings that are causing errors during evaluation,
+ # those strings are dependent on validation response and may need to be changed if vnf refrepo response changes
+ ${response}= Remove String ${response} \\\\ \\u003c \\u003e \\"
+ ${json_response}= evaluate json.loads('''${response}''') json
+ Should Be Equal As Strings ${json_response[0]["results"]["criteria"]} ${OPERATION_STATUS_FAILED}
+ ${validated_rules}= Get Length ${json_response[0]["results"]["results"]}
+ Should Be Equal As Strings ${validated_rules} 14
+ FOR ${resault} IN @{json_response[0]["results"]["results"]}
+ ${validation_errors}= Get Length ${resault["errors"]}
+ run keyword if "${resault["vnfreqName"]}" == "${CERTIFICATION_RULE}"
+ ... Should Be Equal As Strings ${validation_errors} 7
+ run keyword if "${resault["vnfreqName"]}" == "${PM_DICTIONARY_YAML_RULE}"
+ ... Should Be Equal As Strings ${validation_errors} 1
+ run keyword if "${resault["vnfreqName"]}" == "${MANIFEST_FILE_RULE}"
+ ... Should Be Equal As Strings ${validation_errors} 1
+ run keyword if "${resault["vnfreqName"]}" == "${NON_MANO_FILES_RULE}"
+ ... Should Be Equal As Strings ${validation_errors} 4
+ END
+
+
+Validate CSAR using selected rules
+ [Documentation] Valid CSAR using only selected rules provided in request parameters
+
+ ${response}= Validate CSAR usign Post request ${csar_invalid_with_security} ${execute_security_csar_validation_selected_rules}
+ # Removing strings that are causing errors during evaluation,
+ # those strings are dependent on validation response and may need to be changed if vnf refrepo response changes
+ ${response}= Remove String ${response} \\\\ \\u003c \\u003e \\"
+ ${json_response}= evaluate json.loads('''${response}''') json
+ Should Be Equal As Strings ${json_response[0]["results"]["criteria"]} ${OPERATION_STATUS_FAILED}
+ ${validated_rules}= Get Length ${json_response[0]["results"]["results"]}
+ Should Be Equal As Strings ${validated_rules} 3
+ FOR ${resault} IN @{json_response[0]["results"]["results"]}
+ ${validation_errors}= Get Length ${resault["errors"]}
+ run keyword if "${resault["vnfreqName"]}" == "${CERTIFICATION_RULE}"
+ ... Should Be Equal As Strings ${validation_errors} 7
+ run keyword if "${resault["vnfreqName"]}" == "${PM_DICTIONARY_YAML_RULE}"
+ ... Should Be Equal As Strings ${validation_errors} 1
+ END
+
+
+
Validate CSAR using rule r130206 and use get method to receive outcome
[Documentation] Validate CSAR with invalid PM_Dictionary (r130206) using rule r130206 , then use get method with validation id to receive valdiation outcome
diff --git a/tests/vnfsdk-refrepo/resources/vnfsdk_properties.robot b/tests/vnfsdk-refrepo/resources/vnfsdk_properties.robot
index e46eba6..bc9684d 100644
--- a/tests/vnfsdk-refrepo/resources/vnfsdk_properties.robot
+++ b/tests/vnfsdk-refrepo/resources/vnfsdk_properties.robot
@@ -3,8 +3,20 @@
${csarpath}= ${SCRIPTS}/../tests/vnfsdk-refrepo/csar
+${CERTIFICATION_RULE}= r130206
+${PM_DICTIONARY_YAML_RULE}= r816745
+${MANIFEST_FILE_RULE}= r01123
+${NON_MANO_FILES_RULE}= r146092
+${OPERATION_STATUS_FAILED}= FAILED
+${OPERATION_STATUS_PASS}= PASS
+
${csar_valid_no_security}= valid_no_security.csar
${execute_no_security_csar_validation}= [{"scenario": "onap-dublin","testSuiteName": "validation","testCaseName": "csar-validate","parameters": {"csar": "file://${csar_valid_no_security}","pnf":"true"}}]
+${expected_valid_no_security_warnings}= [{u'lineNumber': -1, u'message': u'Warning. Consider adding package integrity and authenticity assurance according to ETSI NFV-SOL 004 Security Option 1', u'code': u'0x1006', u'file': u'', u'vnfreqNo': u'R130206'}]
+
+${csar_invalid_with_security}= invalid_with_security.csar
+${execute_security_csar_validation}= [{"scenario": "onap-dublin","testSuiteName": "validation","testCaseName": "csar-validate","parameters": {"csar": "file://${csar_invalid_with_security}","pnf":"true"}}]
+${execute_security_csar_validation_selected_rules}= [{"scenario": "onap-dublin","testSuiteName": "validation","testCaseName": "csar-validate","parameters": {"csar": "file://${csar_invalid_with_security}","pnf":"true","rules":"${CERTIFICATION_RULE},${PM_DICTIONARY_YAML_RULE}"}}]
${csar_invalid_pm_dictionary}= invalid_pm_dictionary.csar
${execute_invalid_pm_dictionary_r130206_validation}= [{"scenario": "onap-dublin","testSuiteName": "validation","testCaseName": "csar-validate-r130206","parameters": {"csar": "file://${csar_invalid_pm_dictionary}","pnf":"true"}}]