Upgrade testcases for nacm
This commit is contained in:
Olof hagsand
parent
d55787d8ec
commit
04bb05c83f
7 changed files with 121 additions and 90 deletions
|
|
@ -1676,7 +1676,7 @@ api_operations_post(clicon_handle h,
|
|||
if (xml_parse_string(cbuf_get(cbret), NULL, &xret) < 0)
|
||||
goto done;
|
||||
/* Local error: return it and quit */
|
||||
if ((xe = xpath_first(xret, "//rpc-error")) != NULL){
|
||||
if ((xe = xpath_first(xret, "rpc-reply/rpc-error")) != NULL){
|
||||
if (api_return_err(h, r, xe, pretty, use_xml) < 0)
|
||||
goto done;
|
||||
goto ok;
|
||||
|
|
@ -1685,7 +1685,7 @@ api_operations_post(clicon_handle h,
|
|||
else { /* Send to backend */
|
||||
if (clicon_rpc_netconf_xml(h, xtop, &xret, NULL) < 0)
|
||||
goto done;
|
||||
if ((xe = xpath_first(xret, "rpc-error")) != NULL){
|
||||
if ((xe = xpath_first(xret, "rpc-reply/rpc-error")) != NULL){
|
||||
if (api_return_err(h, r, xe, pretty, use_xml) < 0)
|
||||
goto done;
|
||||
goto ok;
|
||||
|
|
|
|||
|
|
@ -75,7 +75,7 @@ nacm_statedata(clicon_handle h,
|
|||
cxobj **xvec = NULL;
|
||||
|
||||
/* Example of (static) statedata, real code would poll state */
|
||||
if (xml_parse_string("<nacm>"
|
||||
if (xml_parse_string("<nacm xmlns=\"urn:ietf:params:xml:ns:yang:ietf-netconf-acm\">"
|
||||
"<denied-data-writes>0</denied-data-writes>"
|
||||
"<denied-operations>0</denied-operations>"
|
||||
"<denied-notifications>0</denied-notifications>"
|
||||
|
|
|
|||
|
|
@ -9,8 +9,7 @@ APPNAME=example
|
|||
. ./nacm.sh
|
||||
|
||||
cfg=$dir/conf_yang.xml
|
||||
fyang=$dir/test.yang
|
||||
fyangerr=$dir/err.yang
|
||||
fyang=$dir/nacm-example.yang
|
||||
|
||||
cat <<EOF > $cfg
|
||||
<config>
|
||||
|
|
@ -23,6 +22,7 @@ cat <<EOF > $cfg
|
|||
<CLICON_CLI_DIR>/usr/local/lib/$APPNAME/cli</CLICON_CLI_DIR>
|
||||
<CLICON_CLI_MODE>$APPNAME</CLICON_CLI_MODE>
|
||||
<CLICON_SOCK>/usr/local/var/$APPNAME/$APPNAME.sock</CLICON_SOCK>
|
||||
<CLICON_BACKEND_DIR>/usr/local/lib/$APPNAME/backend</CLICON_BACKEND_DIR>
|
||||
<CLICON_BACKEND_PIDFILE>/usr/local/var/$APPNAME/$APPNAME.pidfile</CLICON_BACKEND_PIDFILE>
|
||||
<CLICON_CLI_GENMODEL_COMPLETION>1</CLICON_CLI_GENMODEL_COMPLETION>
|
||||
<CLICON_XMLDB_DIR>/usr/local/var/$APPNAME</CLICON_XMLDB_DIR>
|
||||
|
|
@ -33,10 +33,13 @@ cat <<EOF > $cfg
|
|||
EOF
|
||||
|
||||
cat <<EOF > $fyang
|
||||
module $APPNAME{
|
||||
module nacm-example{
|
||||
yang-version 1.1;
|
||||
namespace "urn:example:clixon";
|
||||
namespace "urn:example:nacm";
|
||||
prefix nacm;
|
||||
import clixon-example {
|
||||
prefix ex;
|
||||
}
|
||||
import ietf-netconf-acm {
|
||||
prefix nacm;
|
||||
}
|
||||
|
|
@ -100,7 +103,7 @@ RULES=$(cat <<EOF
|
|||
$NADMIN
|
||||
|
||||
</nacm>
|
||||
<x xmlns="urn:example:clixon">0</x>
|
||||
<x xmlns="urn:example:nacm">0</x>
|
||||
EOF
|
||||
)
|
||||
|
||||
|
|
@ -132,7 +135,7 @@ new "restconf DELETE whole datastore"
|
|||
expecteq "$(curl -u andy:bar -sS -X DELETE http://localhost/restconf/data)" ""
|
||||
|
||||
new2 "auth get"
|
||||
expecteq "$(curl -u andy:bar -sS -X GET http://localhost/restconf/data/example:x)" 'null
|
||||
expecteq "$(curl -u andy:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" 'null
|
||||
'
|
||||
|
||||
new "auth set authentication config"
|
||||
|
|
@ -148,7 +151,7 @@ new2 "auth get (wrong passwd: access denied)"
|
|||
expecteq "$(curl -u andy:foo -sS -X GET http://localhost/restconf/data)" '{"ietf-restconf:errors" : {"error": {"error-type": "protocol","error-tag": "access-denied","error-severity": "error","error-message": "The requested URL was unauthorized"}}}
'
|
||||
|
||||
new2 "auth get (access)"
|
||||
expecteq "$(curl -u andy:bar -sS -X GET http://localhost/restconf/data/example:x)" '{"example:x": 0}
|
||||
expecteq "$(curl -u andy:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" '{"nacm-example:x": 0}
|
||||
'
|
||||
|
||||
#----------------Enable NACM
|
||||
|
|
@ -157,24 +160,24 @@ new "enable nacm"
|
|||
expecteq "$(curl -u andy:bar -sS -X PUT -d '{"ietf-netconf-acm:enable-nacm": true}' http://localhost/restconf/data/ietf-netconf-acm:nacm/enable-nacm)" ""
|
||||
|
||||
new2 "admin get nacm"
|
||||
expecteq "$(curl -u andy:bar -sS -X GET http://localhost/restconf/data/example:x)" '{"example:x": 0}
|
||||
expecteq "$(curl -u andy:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" '{"nacm-example:x": 0}
|
||||
'
|
||||
|
||||
new2 "limited get nacm"
|
||||
expecteq "$(curl -u wilma:bar -sS -X GET http://localhost/restconf/data/example:x)" '{"example:x": 0}
|
||||
expecteq "$(curl -u wilma:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" '{"nacm-example:x": 0}
|
||||
'
|
||||
|
||||
new2 "guest get nacm"
|
||||
expecteq "$(curl -u guest:bar -sS -X GET http://localhost/restconf/data/example:x)" '{"ietf-restconf:errors" : {"error": {"error-type": "protocol","error-tag": "access-denied","error-severity": "error","error-message": "access denied"}}}
'
|
||||
expecteq "$(curl -u guest:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" '{"ietf-restconf:errors" : {"error": {"error-type": "protocol","error-tag": "access-denied","error-severity": "error","error-message": "access denied"}}}
'
|
||||
|
||||
new "admin edit nacm"
|
||||
expecteq "$(curl -u andy:bar -sS -X PUT -d '{"example:x": 1}' http://localhost/restconf/data/example:x)" ""
|
||||
expecteq "$(curl -u andy:bar -sS -X PUT -d '{"nacm-example:x": 1}' http://localhost/restconf/data/nacm-example:x)" ""
|
||||
|
||||
new2 "limited edit nacm"
|
||||
expecteq "$(curl -u wilma:bar -sS -X PUT -d '{"example:x": 2}' http://localhost/restconf/data/example:x)" '{"ietf-restconf:errors" : {"error": {"error-type": "protocol","error-tag": "access-denied","error-severity": "error","error-message": "default deny"}}}
'
|
||||
expecteq "$(curl -u wilma:bar -sS -X PUT -d '{"nacm-example:x": 2}' http://localhost/restconf/data/nacm-example:x)" '{"ietf-restconf:errors" : {"error": {"error-type": "protocol","error-tag": "access-denied","error-severity": "error","error-message": "default deny"}}}
'
|
||||
|
||||
new2 "guest edit nacm"
|
||||
expecteq "$(curl -u guest:bar -sS -X PUT -d '{"example:x": 3}' http://localhost/restconf/data/example:x)" '{"ietf-restconf:errors" : {"error": {"error-type": "protocol","error-tag": "access-denied","error-severity": "error","error-message": "access denied"}}}
'
|
||||
expecteq "$(curl -u guest:bar -sS -X PUT -d '{"nacm-example:x": 3}' http://localhost/restconf/data/nacm-example:x)" '{"ietf-restconf:errors" : {"error": {"error-type": "protocol","error-tag": "access-denied","error-severity": "error","error-message": "access denied"}}}
'
|
||||
|
||||
new "Kill restconf daemon"
|
||||
sudo pkill -u www-data -f "/www-data/clixon_restconf"
|
||||
|
|
|
|||
|
|
@ -21,7 +21,6 @@ APPNAME=example
|
|||
|
||||
cfg=$dir/conf_yang.xml
|
||||
fyang=$dir/test.yang
|
||||
fyangerr=$dir/err.yang
|
||||
|
||||
cat <<EOF > $cfg
|
||||
<config>
|
||||
|
|
@ -34,6 +33,7 @@ cat <<EOF > $cfg
|
|||
<CLICON_CLI_DIR>/usr/local/lib/$APPNAME/cli</CLICON_CLI_DIR>
|
||||
<CLICON_CLI_MODE>$APPNAME</CLICON_CLI_MODE>
|
||||
<CLICON_SOCK>/usr/local/var/$APPNAME/$APPNAME.sock</CLICON_SOCK>
|
||||
<CLICON_BACKEND_DIR>/usr/local/lib/$APPNAME/backend</CLICON_BACKEND_DIR>
|
||||
<CLICON_BACKEND_PIDFILE>/usr/local/var/$APPNAME/$APPNAME.pidfile</CLICON_BACKEND_PIDFILE>
|
||||
<CLICON_CLI_GENMODEL_COMPLETION>1</CLICON_CLI_GENMODEL_COMPLETION>
|
||||
<CLICON_XMLDB_DIR>/usr/local/var/$APPNAME</CLICON_XMLDB_DIR>
|
||||
|
|
@ -44,10 +44,13 @@ cat <<EOF > $cfg
|
|||
EOF
|
||||
|
||||
cat <<EOF > $fyang
|
||||
module $APPNAME{
|
||||
module nacm-example{
|
||||
yang-version 1.1;
|
||||
namespace "urn:example:clixon";
|
||||
namespace "urn:example:nacm";
|
||||
prefix nacm;
|
||||
import clixon-example {
|
||||
prefix ex;
|
||||
}
|
||||
import ietf-netconf-acm {
|
||||
prefix nacm;
|
||||
}
|
||||
|
|
@ -146,21 +149,20 @@ RULES=$(cat <<EOF
|
|||
<x xmlns="urn:example:clixon">0</x>
|
||||
EOF
|
||||
)
|
||||
|
||||
exit # XXX
|
||||
new "test params: -f $cfg"
|
||||
|
||||
# kill old backend (if any)
|
||||
new "kill old backend"
|
||||
sudo clixon_backend -zf $cfg
|
||||
if [ $? -ne 0 ]; then
|
||||
if [ $BE -ne 0 ]; then
|
||||
new "kill old backend"
|
||||
sudo clixon_backend -zf $cfg
|
||||
if [ $? -ne 0 ]; then
|
||||
err
|
||||
fi
|
||||
|
||||
new "start backend -s init -f $cfg"
|
||||
# start new backend
|
||||
sudo $clixon_backend -s init -f $cfg
|
||||
if [ $? -ne 0 ]; then
|
||||
fi
|
||||
new "start backend -s init -f $cfg"
|
||||
sudo $clixon_backend -s init -f $cfg -D $DBG
|
||||
if [ $? -ne 0 ]; then
|
||||
err
|
||||
fi
|
||||
fi
|
||||
|
||||
new "kill old restconf daemon"
|
||||
|
|
@ -218,6 +220,10 @@ expecteq "$(curl -u guest:bar -sS -X PUT -d '{"x": 3}' http://localhost/restconf
|
|||
new "Kill restconf daemon"
|
||||
sudo pkill -u www-data -f "/www-data/clixon_restconf"
|
||||
|
||||
if [ $BE -eq 0 ]; then
|
||||
exit # BE
|
||||
fi
|
||||
|
||||
new "Kill backend"
|
||||
# Check if premature kill
|
||||
pid=`pgrep -u root -f clixon_backend`
|
||||
|
|
|
|||
|
|
@ -10,8 +10,7 @@ APPNAME=example
|
|||
. ./nacm.sh
|
||||
|
||||
cfg=$dir/conf_yang.xml
|
||||
fyang=$dir/test.yang
|
||||
fyangerr=$dir/err.yang
|
||||
fyang=$dir/nacm-example.yang
|
||||
nacmfile=$dir/nacmfile
|
||||
|
||||
# Note filter out example_backend_nacm.so in CLICON_BACKEND_REGEXP below
|
||||
|
|
@ -39,13 +38,13 @@ cat <<EOF > $cfg
|
|||
EOF
|
||||
|
||||
cat <<EOF > $fyang
|
||||
module $APPNAME{
|
||||
module nacm-example{
|
||||
yang-version 1.1;
|
||||
namespace "urn:example:my";
|
||||
namespace "urn:example:nacm";
|
||||
import clixon-example {
|
||||
prefix ex;
|
||||
}
|
||||
prefix my;
|
||||
prefix nacm;
|
||||
container authentication {
|
||||
description "Example code for enabling www basic auth and some example
|
||||
users";
|
||||
|
|
@ -124,6 +123,7 @@ cat <<EOF > $nacmfile
|
|||
$NADMIN
|
||||
|
||||
</nacm>
|
||||
<x xmlns="urn:example:nacm">0</x>
|
||||
EOF
|
||||
|
||||
new "test params: -f $cfg"
|
||||
|
|
@ -159,7 +159,7 @@ expecteq "$(curl -u andy:bar -sS -X GET http://localhost/restconf/data/clixon-ex
|
|||
'
|
||||
|
||||
new "Set x to 0"
|
||||
expecteq "$(curl -u andy:bar -sS -X PUT -d '{"example:x": 0}' http://localhost/restconf/data/example:x)" ""
|
||||
expecteq "$(curl -u andy:bar -sS -X PUT -d '{"nacm-example:x": 0}' http://localhost/restconf/data/nacm-example:x)" ""
|
||||
|
||||
new2 "auth get (no user: access denied)"
|
||||
expecteq "$(curl -sS -X GET -H \"Accept:\ application/yang-data+json\" http://localhost/restconf/data)" '{"ietf-restconf:errors" : {"error": {"error-type": "protocol","error-tag": "access-denied","error-severity": "error","error-message": "The requested URL was unauthorized"}}}
'
|
||||
|
|
@ -168,28 +168,28 @@ new2 "auth get (wrong passwd: access denied)"
|
|||
expecteq "$(curl -u andy:foo -sS -X GET http://localhost/restconf/data)" '{"ietf-restconf:errors" : {"error": {"error-type": "protocol","error-tag": "access-denied","error-severity": "error","error-message": "The requested URL was unauthorized"}}}
'
|
||||
|
||||
new2 "auth get (access)"
|
||||
expecteq "$(curl -u andy:bar -sS -X GET http://localhost/restconf/data/example:x)" '{"example:x": 0}
|
||||
expecteq "$(curl -u andy:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" '{"nacm-example:x": 0}
|
||||
'
|
||||
|
||||
new2 "admin get nacm"
|
||||
expecteq "$(curl -u andy:bar -sS -X GET http://localhost/restconf/data/example:x)" '{"example:x": 0}
|
||||
expecteq "$(curl -u andy:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" '{"nacm-example:x": 0}
|
||||
'
|
||||
|
||||
new2 "limited get nacm"
|
||||
expecteq "$(curl -u wilma:bar -sS -X GET http://localhost/restconf/data/example:x)" '{"example:x": 0}
|
||||
expecteq "$(curl -u wilma:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" '{"nacm-example:x": 0}
|
||||
'
|
||||
|
||||
new2 "guest get nacm"
|
||||
expecteq "$(curl -u guest:bar -sS -X GET http://localhost/restconf/data/example:x)" '{"ietf-restconf:errors" : {"error": {"error-type": "protocol","error-tag": "access-denied","error-severity": "error","error-message": "access denied"}}}
'
|
||||
expecteq "$(curl -u guest:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" '{"ietf-restconf:errors" : {"error": {"error-type": "protocol","error-tag": "access-denied","error-severity": "error","error-message": "access denied"}}}
'
|
||||
|
||||
new "admin edit nacm"
|
||||
expecteq "$(curl -u andy:bar -sS -X PUT -d '{"example:x": 1}' http://localhost/restconf/data/example:x)" ""
|
||||
expecteq "$(curl -u andy:bar -sS -X PUT -d '{"nacm-example:x": 1}' http://localhost/restconf/data/nacm-example:x)" ""
|
||||
|
||||
new2 "limited edit nacm"
|
||||
expecteq "$(curl -u wilma:bar -sS -X PUT -d '{"x": 2}' http://localhost/restconf/data/example:x)" '{"ietf-restconf:errors" : {"error": {"error-type": "protocol","error-tag": "access-denied","error-severity": "error","error-message": "default deny"}}}
'
|
||||
expecteq "$(curl -u wilma:bar -sS -X PUT -d '{"x": 2}' http://localhost/restconf/data/nacm-example:x)" '{"ietf-restconf:errors" : {"error": {"error-type": "protocol","error-tag": "access-denied","error-severity": "error","error-message": "default deny"}}}
'
|
||||
|
||||
new2 "guest edit nacm"
|
||||
expecteq "$(curl -u guest:bar -sS -X PUT -d '{"x": 3}' http://localhost/restconf/data/example:x)" '{"ietf-restconf:errors" : {"error": {"error-type": "protocol","error-tag": "access-denied","error-severity": "error","error-message": "access denied"}}}
'
|
||||
expecteq "$(curl -u guest:bar -sS -X PUT -d '{"x": 3}' http://localhost/restconf/data/nacm-example:x)" '{"ietf-restconf:errors" : {"error": {"error-type": "protocol","error-tag": "access-denied","error-severity": "error","error-message": "access denied"}}}
'
|
||||
|
||||
new "cli show conf as admin"
|
||||
expectfn "$clixon_cli -1 -U andy -l o -f $cfg show conf" 0 "^x 1;$"
|
||||
|
|
|
|||
|
|
@ -3,7 +3,9 @@
|
|||
# NACM module rules
|
||||
# @see test_nacm.sh is slightly modified - this follows the RFC more closely
|
||||
# See RFC 8341 A.1 and A.2
|
||||
# Tests for:
|
||||
# Note: use clixon-example instead of ietf-netconf-monitoring since the latter is
|
||||
# not yet implemented
|
||||
# Tests for
|
||||
# deny-ncm: This rule prevents the "guest" group from reading any
|
||||
# monitoring information in the "ietf-netconf-monitoring" YANG
|
||||
# module.
|
||||
|
|
@ -21,10 +23,7 @@ APPNAME=example
|
|||
. ./nacm.sh
|
||||
|
||||
cfg=$dir/conf_yang.xml
|
||||
fyang=$dir/test.yang
|
||||
fyangerr=$dir/err.yang
|
||||
|
||||
exit # XXX
|
||||
fyang=$dir/nacm-example.yang
|
||||
|
||||
cat <<EOF > $cfg
|
||||
<config>
|
||||
|
|
@ -37,6 +36,7 @@ cat <<EOF > $cfg
|
|||
<CLICON_CLI_DIR>/usr/local/lib/$APPNAME/cli</CLICON_CLI_DIR>
|
||||
<CLICON_CLI_MODE>$APPNAME</CLICON_CLI_MODE>
|
||||
<CLICON_SOCK>/usr/local/var/$APPNAME/$APPNAME.sock</CLICON_SOCK>
|
||||
<CLICON_BACKEND_DIR>/usr/local/lib/$APPNAME/backend</CLICON_BACKEND_DIR>
|
||||
<CLICON_BACKEND_PIDFILE>/usr/local/var/$APPNAME/$APPNAME.pidfile</CLICON_BACKEND_PIDFILE>
|
||||
<CLICON_CLI_GENMODEL_COMPLETION>1</CLICON_CLI_GENMODEL_COMPLETION>
|
||||
<CLICON_XMLDB_DIR>/usr/local/var/$APPNAME</CLICON_XMLDB_DIR>
|
||||
|
|
@ -47,10 +47,13 @@ cat <<EOF > $cfg
|
|||
EOF
|
||||
|
||||
cat <<EOF > $fyang
|
||||
module $APPNAME{
|
||||
module nacm-example{
|
||||
yang-version 1.1;
|
||||
namespace "urn:example:clixon";
|
||||
namespace "urn:example:nacm";
|
||||
prefix nacm;
|
||||
import clixon-example {
|
||||
prefix ex;
|
||||
}
|
||||
import ietf-netconf-acm {
|
||||
prefix nacm;
|
||||
}
|
||||
|
|
@ -72,6 +75,7 @@ RULES=$(cat <<EOF
|
|||
|
||||
$NGROUPS
|
||||
|
||||
|
||||
<rule-list>
|
||||
<name>guest-acl</name>
|
||||
<group>guest</group>
|
||||
|
|
@ -113,22 +117,24 @@ RULES=$(cat <<EOF
|
|||
$NADMIN
|
||||
|
||||
</nacm>
|
||||
<x xmlns="urn:example:clixon">0</x>
|
||||
<x xmlns="urn:example:nacm">42</x>
|
||||
<translate xmlns="urn:example:clixon"><k>key42</k><value>val42</value></translate>
|
||||
EOF
|
||||
)
|
||||
|
||||
# kill old backend (if any)
|
||||
new "kill old backend"
|
||||
sudo clixon_backend -zf $cfg
|
||||
if [ $? -ne 0 ]; then
|
||||
err
|
||||
fi
|
||||
new "test params: -f $cfg"
|
||||
|
||||
new "start backend -s init -f $cfg"
|
||||
# start new backend
|
||||
sudo $clixon_backend -s init -f $cfg
|
||||
if [ $? -ne 0 ]; then
|
||||
if [ $BE -ne 0 ]; then
|
||||
new "kill old backend"
|
||||
sudo clixon_backend -zf $cfg
|
||||
if [ $? -ne 0 ]; then
|
||||
err
|
||||
fi
|
||||
new "start backend -s init -f $cfg"
|
||||
sudo $clixon_backend -s init -f $cfg -D $DBG
|
||||
if [ $? -ne 0 ]; then
|
||||
err
|
||||
fi
|
||||
fi
|
||||
|
||||
new "kill old restconf daemon"
|
||||
|
|
@ -151,30 +157,43 @@ expecteq "$(curl -u andy:bar -sS -X PUT -d '{"enable-nacm": true}' http://localh
|
|||
|
||||
#--------------- nacm enabled
|
||||
|
||||
# Read monitoring information from ietf-netconf-monitoring
|
||||
new2 "admin get nacm"
|
||||
expecteq "$(curl -u andy:bar -sS -X GET http://localhost/restconf/data/example:x)" '{"example:x": 0}
|
||||
# Read monitoring information from example - (ietf-netconf-monitoring)
|
||||
new2 "admin read ok"
|
||||
expecteq "$(curl -u andy:bar -sS -X GET http://localhost/restconf/data/clixon-example:translate)" '{"clixon-example:translate": [{"k": "key42","value": "val42"}]}
|
||||
'
|
||||
|
||||
new2 "limited get nacm"
|
||||
expecteq "$(curl -u wilma:bar -sS -X GET http://localhost/restconf/data/example:x)" '{"example:x": 0}
|
||||
new2 "limit read ok"
|
||||
expecteq "$(curl -u wilma:bar -sS -X GET http://localhost/restconf/data/clixon-example:translate)" '{"clixon-example:translate": [{"k": "key42","value": "val42"}]}
|
||||
'
|
||||
|
||||
new2 "guest get nacm"
|
||||
expecteq "$(curl -u guest:bar -sS -X GET http://localhost/restconf/data/example:x)" '{"ietf-restconf:errors" : {"error": {"error-type": "protocol","error-tag": "access-denied","error-severity": "error","error-message": "default deny"}}}
'
|
||||
new2 "guest read fail"
|
||||
expecteq "$(curl -u guest:bar -sS -X GET http://localhost/restconf/data/clixon-example:translate)" '{"ietf-restconf:errors" : {"error": {"error-type": "protocol","error-tag": "access-denied","error-severity": "error","error-message": "default deny"}}}
'
|
||||
|
||||
new "admin edit nacm"
|
||||
expecteq "$(curl -u andy:bar -sS -X PUT -d '{"example:x": 1}' http://localhost/restconf/data/example:x)" ""
|
||||
new2 "guest read other module"
|
||||
expecteq "$(curl -u guest:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" '{"ietf-restconf:errors" : {"error": {"error-type": "protocol","error-tag": "access-denied","error-severity": "error","error-message": "default deny"}}}
'
|
||||
|
||||
new2 "limited edit nacm"
|
||||
expecteq "$(curl -u wilma:bar -sS -X PUT -d '{"example:x": 2}' http://localhost/restconf/data/example:x)" '{"ietf-restconf:errors" : {"error": {"error-type": "protocol","error-tag": "access-denied","error-severity": "error","error-message": "default deny"}}}
'
|
||||
new2 "admin read other module OK"
|
||||
expecteq "$(curl -u andy:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" '{"nacm-example:x": 42}
|
||||
'
|
||||
|
||||
new2 "guest edit nacm"
|
||||
expecteq "$(curl -u guest:bar -sS -X PUT -d '{"example:x": 3}' http://localhost/restconf/data/example:x)" '{"ietf-restconf:errors" : {"error": {"error-type": "protocol","error-tag": "access-denied","error-severity": "error","error-message": "default deny"}}}
'
|
||||
new2 "admin rpc ok"
|
||||
expecteq "$(curl -u andy:bar -s -X POST -d '{"clixon-example:input":{"x":42}}' http://localhost/restconf/operations/clixon-example:example)" '{"clixon-example:output": {"x": "42","y": "42"}}
|
||||
'
|
||||
|
||||
new2 "limit rpc ok"
|
||||
expecteq "$(curl -u wilma:bar -s -X POST http://localhost/restconf/operations/clixon-example:example -d '{"clixon-example:input":{"x":42}}' )" '{"clixon-example:output": {"x": "42","y": "42"}}
|
||||
'
|
||||
|
||||
new2 "guest rpc fail"
|
||||
expecteq "$(curl -u guest:bar -s -X POST http://localhost/restconf/operations/clixon-example:example -d '{"clixon-example:input":{"x":42}}' )" '{"ietf-restconf:errors" : {"error": {"error-type": "protocol","error-tag": "access-denied","error-severity": "error","error-message": "default deny"}}}
'
|
||||
|
||||
new "Kill restconf daemon"
|
||||
sudo pkill -u www-data -f "/www-data/clixon_restconf"
|
||||
|
||||
if [ $BE -eq 0 ]; then
|
||||
exit # BE
|
||||
fi
|
||||
|
||||
new "Kill backend"
|
||||
# Check if premature kill
|
||||
pid=`pgrep -u root -f clixon_backend`
|
||||
|
|
|
|||
|
|
@ -29,8 +29,7 @@ APPNAME=example
|
|||
. ./nacm.sh
|
||||
|
||||
cfg=$dir/conf_yang.xml
|
||||
fyang=$dir/test.yang
|
||||
fyangerr=$dir/err.yang
|
||||
fyang=$dir/nacm-example.yang
|
||||
|
||||
cat <<EOF > $cfg
|
||||
<config>
|
||||
|
|
@ -43,6 +42,7 @@ cat <<EOF > $cfg
|
|||
<CLICON_CLI_DIR>/usr/local/lib/$APPNAME/cli</CLICON_CLI_DIR>
|
||||
<CLICON_CLI_MODE>$APPNAME</CLICON_CLI_MODE>
|
||||
<CLICON_SOCK>/usr/local/var/$APPNAME/$APPNAME.sock</CLICON_SOCK>
|
||||
<CLICON_BACKEND_DIR>/usr/local/lib/$APPNAME/backend</CLICON_BACKEND_DIR>
|
||||
<CLICON_BACKEND_PIDFILE>/usr/local/var/$APPNAME/$APPNAME.pidfile</CLICON_BACKEND_PIDFILE>
|
||||
<CLICON_CLI_GENMODEL_COMPLETION>1</CLICON_CLI_GENMODEL_COMPLETION>
|
||||
<CLICON_XMLDB_DIR>/usr/local/var/$APPNAME</CLICON_XMLDB_DIR>
|
||||
|
|
@ -53,10 +53,13 @@ cat <<EOF > $cfg
|
|||
EOF
|
||||
|
||||
cat <<EOF > $fyang
|
||||
module $APPNAME{
|
||||
module nacm-example{
|
||||
yang-version 1.1;
|
||||
namespace "urn:example:clixon";
|
||||
namespace "urn:example:nacm";
|
||||
prefix nacm;
|
||||
import clixon-example {
|
||||
prefix ex;
|
||||
}
|
||||
import ietf-netconf-acm {
|
||||
prefix nacm;
|
||||
}
|
||||
|
|
@ -122,7 +125,7 @@ RULES=$(cat <<EOF
|
|||
$NADMIN
|
||||
|
||||
</nacm>
|
||||
<x xmlns="urn:example:clixon">0</x>
|
||||
<x xmlns="urn:example:nacm">0</x>
|
||||
EOF
|
||||
)
|
||||
|
||||
|
|
@ -163,7 +166,7 @@ expecteq "$(curl -u andy:bar -sS -X PUT -d '{"enable-nacm": true}' http://localh
|
|||
#--------------- nacm enabled
|
||||
|
||||
new2 "admin get nacm"
|
||||
expecteq "$(curl -u andy:bar -sS -X GET http://localhost/restconf/data/example:x)" '{"example:x": 0}
|
||||
expecteq "$(curl -u andy:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" '{"nacm-example:x": 0}
|
||||
'
|
||||
|
||||
# Rule 1: deny-kill-session
|
||||
|
|
@ -188,7 +191,7 @@ new "deny-delete-config: limited fail (restconf) ok"
|
|||
expecteq "$(curl -u wilma:bar -sS -X DELETE http://localhost/restconf/data)" ''
|
||||
|
||||
new2 "admin get nacm (should be null)"
|
||||
expecteq "$(curl -u andy:bar -sS -X GET http://localhost/restconf/data/example:x)" 'null
|
||||
expecteq "$(curl -u andy:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" 'null
|
||||
'
|
||||
|
||||
new "deny-delete-config: admin ok (restconf)"
|
||||
|
|
@ -206,10 +209,10 @@ expecteq "$(curl -u andy:bar -sS -X PUT -d '{"ietf-netconf-acm:enable-nacm": tru
|
|||
|
||||
# Rule 3: permit-edit-config
|
||||
new "permit-edit-config: limited ok restconf"
|
||||
expecteq "$(curl -u wilma:bar -sS -X PUT -d '{"example:x": 2}' http://localhost/restconf/data/example:x)" ''
|
||||
expecteq "$(curl -u wilma:bar -sS -X PUT -d '{"nacm-example:x": 2}' http://localhost/restconf/data/nacm-example:x)" ''
|
||||
|
||||
new2 "permit-edit-config: guest fail restconf"
|
||||
expecteq "$(curl -u guest:bar -sS -X PUT -d '{"example:x": 2}' http://localhost/restconf/data/example:x)" '{"ietf-restconf:errors" : {"error": {"error-type": "protocol","error-tag": "access-denied","error-severity": "error","error-message": "default deny"}}}
'
|
||||
expecteq "$(curl -u guest:bar -sS -X PUT -d '{"nacm-example:x": 2}' http://localhost/restconf/data/nacm-example:x)" '{"ietf-restconf:errors" : {"error": {"error-type": "protocol","error-tag": "access-denied","error-severity": "error","error-message": "default deny"}}}
'
|
||||
|
||||
new "Kill restconf daemon"
|
||||
sudo pkill -u www-data -f "/www-data/clixon_restconf"
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue