experiments/clixon
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

* Reworked evhtp restconf config to only use clixon-restconf.yang and marked local restconf options as obsolete

Browse source 
* Extended clicon-config with clixon-restconf for local config
* Removed obsolete CLICON_TRANSACTION_MOD
This commit is contained in:
Olof hagsand 2020-11-21 13:16:29 +01:00
parent 3d10c3bfcb
commit 0b948248e4
42 changed files with 308 additions and 887 deletions
Download patch file Download diff file Expand all files Collapse all files

17
apps/backend/backend_commit.c
View file

@ -594,15 +594,6 @@ candidate_commit(clicon_handle h,
if (xmldb_get0_clear(h, td->td_src) < 0) if (xmldb_get0_clear(h, td->td_src) < 0)
goto done; goto done;
/* Optionally write (potentially modified) tree back to candidate
*/
if (clicon_option_bool(h, "CLICON_TRANSACTION_MOD")){
if ((ret = xmldb_put(h, candidate, OP_REPLACE, td->td_target,
clicon_username_get(h), cbret)) < 0)
goto done;
if (ret == 0)
goto fail;
}
/* 8. Success: Copy candidate to running /* 8. Success: Copy candidate to running
*/ */
if (xmldb_copy(h, candidate, "running") < 0) if (xmldb_copy(h, candidate, "running") < 0)
@ -829,14 +820,6 @@ from_client_validate(clicon_handle h,
goto done; goto done;
} }
/* Optionally write (potentially modified) tree back to candidate */
if (clicon_option_bool(h, "CLICON_TRANSACTION_MOD")){
plugin_transaction_abort_all(h, td);
if ((ret = xmldb_put(h, "candidate", OP_REPLACE, td->td_target,
clicon_username_get(h), cbret)) < 0)
goto done;
goto ok;
}
cprintf(cbret, "<rpc-reply xmlns=\"%s\"><ok/></rpc-reply>", NETCONF_BASE_NAMESPACE); cprintf(cbret, "<rpc-reply xmlns=\"%s\"><ok/></rpc-reply>", NETCONF_BASE_NAMESPACE);
/* Call plugin transaction end callbacks */ /* Call plugin transaction end callbacks */
plugin_transaction_end_all(h, td); plugin_transaction_end_all(h, td);

558
apps/restconf/restconf_main_evhtp.c
View file

@ -85,7 +85,7 @@
/* Command line options to be passed to getopt(3) */ /* Command line options to be passed to getopt(3) */
#define RESTCONF_OPTS "hD:f:E:l:p:d:y:a:u:ro:bscP:" #define RESTCONF_OPTS "hD:f:E:l:p:d:y:a:u:ro:"
/* See see listen(5) */ /* See see listen(5) */
#define SOCKET_LISTEN_BACKLOG 16 #define SOCKET_LISTEN_BACKLOG 16
@ -587,67 +587,6 @@ cx_get_ssl_client_ca_certs(clicon_handle h,
return retval; return retval;
} }
/*! Get Server cert info
* @param[in] h Clicon handle
* @param[in] ssl_verify_clients If true, verify client certs
* @param[out] ssl_config evhtp ssl config struct
*/
static int
cx_get_certs(clicon_handle h,
int ssl_verify_clients,
evhtp_ssl_cfg_t *ssl_config)
{
int retval = -1;
struct stat f_stat;
char *filename;
if (ssl_config == NULL){
clicon_err(OE_CFG, EINVAL, "Input parameter is NULL");
goto done;
}
if ((filename = clicon_option_str(h, "CLICON_SSL_SERVER_CERT")) == NULL){
clicon_err(OE_CFG, EFAULT, "CLICON_SSL_SERVER_CERT option missing");
goto done;
}
if ((ssl_config->pemfile = strdup(filename)) == NULL){
clicon_err(OE_CFG, errno, "strdup");
goto done;
}
if (stat(ssl_config->pemfile, &f_stat) != 0) {
clicon_err(OE_FATAL, errno, "Cannot load SSL cert '%s'", ssl_config->pemfile);
goto done;
}
if ((filename = clicon_option_str(h, "CLICON_SSL_SERVER_KEY")) == NULL){
clicon_err(OE_CFG, EFAULT, "CLICON_SSL_SERVER_KEY option missing");
goto done;
}
if ((ssl_config->privfile = strdup(filename)) == NULL){
clicon_err(OE_CFG, errno, "strdup");
goto done;
}
if (stat(ssl_config->privfile, &f_stat) != 0) {
clicon_err(OE_FATAL, errno, "Cannot load SSL key '%s'", ssl_config->privfile);
goto done;
}
if (ssl_verify_clients){
if ((filename = clicon_option_str(h, "CLICON_SSL_CA_CERT")) == NULL){
clicon_err(OE_CFG, EFAULT, "CLICON_SSL_CA_CERT option missing");
goto done;
}
if ((ssl_config->cafile = strdup(filename)) == NULL){
clicon_err(OE_CFG, errno, "strdup");
goto done;
}
if (stat(ssl_config->cafile, &f_stat) != 0) {
clicon_err(OE_FATAL, errno, "Cannot load SSL key '%s'", ssl_config->privfile);
goto done;
}
}
retval = 0;
done:
return retval;
}
static int static int
cx_verify_certs(int pre_verify, cx_verify_certs(int pre_verify,
evhtp_x509_store_ctx_t *store) evhtp_x509_store_ctx_t *store)
@ -722,9 +661,8 @@ restconf_socket_init(clicon_handle h,
clicon_err(OE_UNIX, errno, "socket"); clicon_err(OE_UNIX, errno, "socket");
goto done; goto done;
} }
// evutil_make_socket_closeonexec(s); // XXX evutil_make_socket_closeonexec(s);
// evutil_make_socket_nonblocking(s); // XXX evutil_make_socket_nonblocking(s);
if (setsockopt(s, SOL_SOCKET, SO_KEEPALIVE, (void *)&on, sizeof(on)) == -1) { if (setsockopt(s, SOL_SOCKET, SO_KEEPALIVE, (void *)&on, sizeof(on)) == -1) {
clicon_err(OE_UNIX, errno, "setsockopt SO_KEEPALIVE"); clicon_err(OE_UNIX, errno, "setsockopt SO_KEEPALIVE");
goto done; goto done;
@ -780,11 +718,7 @@ usage(clicon_handle h,
"\t-a UNIX|IPv4|IPv6 Internal backend socket family\n" "\t-a UNIX|IPv4|IPv6 Internal backend socket family\n"
"\t-u <path|addr>\t Internal socket domain path or IP addr (see -a)\n" "\t-u <path|addr>\t Internal socket domain path or IP addr (see -a)\n"
"\t-r \t\t Do not drop privileges if run as root\n" "\t-r \t\t Do not drop privileges if run as root\n"
"\t-b \t\t Read config from backend - not local (same as CLICON_RESTCONF_CONF=true) \n"
"\t-o <option>=<value> Set configuration option overriding config file (see clixon-config.yang)\n" "\t-o <option>=<value> Set configuration option overriding config file (see clixon-config.yang)\n"
"\t-s\t\t SSL server, https (local config)\n"
"\t-c\t\t SSL verify client certs (local config)\n"
"\t-P <port>\t HTTP port (default 80, or 443 if -s is given) (local config)\n"
, ,
argv0, argv0,
clicon_restconf_dir(h) clicon_restconf_dir(h)
@ -979,8 +913,8 @@ cx_evhtp_socket(clicon_handle h,
/* ss is a server socket that the clients connect to. The callback /* ss is a server socket that the clients connect to. The callback
therefore accepts clients on ss */ therefore accepts clients on ss */
/* XXX address in evhtp should be prefixed with eg "ipv4:" */ /* XXX address in evhtp should be prefixed with eg "ipv4:" */
evutil_make_socket_closeonexec(ss); // XXX // evutil_make_socket_closeonexec(ss);
evutil_make_socket_nonblocking(ss); // XXX // evutil_make_socket_nonblocking(ss);
if (evhtp_accept_socket(htp, ss, SOCKET_LISTEN_BACKLOG) < 0) { if (evhtp_accept_socket(htp, ss, SOCKET_LISTEN_BACKLOG) < 0) {
/* accept_socket() does not close the descriptor /* accept_socket() does not close the descriptor
* on error, but this function does. * on error, but this function does.
@ -1000,17 +934,14 @@ cx_evhtp_socket(clicon_handle h,
* @param[in] xconfig XML config * @param[in] xconfig XML config
* @param[in] nsc Namespace context * @param[in] nsc Namespace context
* @param[in] eh Evhtp handle * @param[in] eh Evhtp handle
* @note only if CLICON_RESTCONF_CONFIG is true (-b)
* @note only one socket allowed in this implementation
*/ */
static int static int
cx_evhtp_init(clicon_handle h, cx_evhtp_init(clicon_handle h,
cxobj *xconfig, cxobj *xrestconf,
cvec *nsc, cvec *nsc,
cx_evhtp_handle *eh) cx_evhtp_handle *eh)
{ {
int retval = -1; int retval = -1;
cxobj *xrestconf;
cxobj **vec = NULL; cxobj **vec = NULL;
size_t veclen; size_t veclen;
char *server_cert_path = NULL; char *server_cert_path = NULL;
@ -1023,11 +954,6 @@ cx_evhtp_init(clicon_handle h,
int i; int i;
int ssl_enable = 0; int ssl_enable = 0;
/* Extract socket fields from xconfig */
if ((xrestconf = xpath_first(xconfig, nsc, "restconf")) == NULL){
clicon_err(OE_CFG, ENOENT, "restconf top symbol not found");
goto done;
}
/* If at least one socket has ssl then enable global ssl_enable */ /* If at least one socket has ssl then enable global ssl_enable */
ssl_enable = xpath_first(xrestconf, nsc, "socket[ssl='true']") != NULL; ssl_enable = xpath_first(xrestconf, nsc, "socket[ssl='true']") != NULL;
/* get common fields */ /* get common fields */
@ -1083,16 +1009,24 @@ cx_evhtp_init(clicon_handle h,
return retval; return retval;
} }
/*! Read config from backend */ /*! Read restconf from config
* After SEVERAL iterations the code now does as follows:
* - init clixon
* - init evhtp
* - look for local config (in clixon-config file)
* - if local config found, open sockets accordingly and exit function
* - If no local config found, query backend for config and open sockets.
* That is, EITHER local config OR read config from backend once
* @param[in] h Clicon handle
* @param[in] eh Clixon's evhtp handle
* @retval 0 OK
* @retval -1 Error
*/
int int
restconf_config_backend(clicon_handle h, restconf_config(clicon_handle h,
cx_evhtp_handle *eh, cx_evhtp_handle *eh)
int argc,
char **argv,
int drop_privileges)
{ {
int retval = -1; int retval = -1;
char *argv0 = argv[0];
char *dir; char *dir;
yang_stmt *yspec = NULL; yang_stmt *yspec = NULL;
char *str; char *str;
@ -1101,18 +1035,18 @@ restconf_config_backend(clicon_handle h,
size_t cligen_buflen; size_t cligen_buflen;
size_t cligen_bufthreshold; size_t cligen_bufthreshold;
cvec *nsc = NULL; cvec *nsc = NULL;
cxobj *xconfig = NULL;
cxobj *xerr = NULL; cxobj *xerr = NULL;
uint32_t id = 0; /* Session id, to poll backend up */ uint32_t id = 0; /* Session id, to poll backend up */
struct passwd *pw; struct passwd *pw;
cxobj *xconfig1 = NULL;
cxobj *xrestconf1 = NULL;
cxobj *xconfig2 = NULL;
cxobj *xrestconf2 = NULL;
/* Set default namespace according to CLICON_NAMESPACE_NETCONF_DEFAULT */ /* Set default namespace according to CLICON_NAMESPACE_NETCONF_DEFAULT */
xml_nsctx_namespace_netconf_default(h); xml_nsctx_namespace_netconf_default(h);
assert(SSL_VERIFY_NONE == 0); assert(SSL_VERIFY_NONE == 0);
/* Access the remaining argv/argc options (after --) w clicon-argv_get() */
clicon_argv_set(h, argv0, argc, argv);
/* Init cligen buffers */ /* Init cligen buffers */
cligen_buflen = clicon_option_int(h, "CLICON_CLI_BUF_START"); cligen_buflen = clicon_option_int(h, "CLICON_CLI_BUF_START");
@ -1163,7 +1097,7 @@ restconf_config_backend(clicon_handle h,
/* Load clixon lib yang module */ /* Load clixon lib yang module */
if (yang_spec_parse_module(h, "clixon-lib", NULL, yspec) < 0) if (yang_spec_parse_module(h, "clixon-lib", NULL, yspec) < 0)
goto done; goto done;
/* Load yang module library, RFC7895 */ /* Load yang module library, RFC7895 */
if (yang_modules_init(h) < 0) if (yang_modules_init(h) < 0)
goto done; goto done;
@ -1176,362 +1110,75 @@ restconf_config_backend(clicon_handle h,
goto done; goto done;
/* Add system modules */ /* Add system modules */
if (clicon_option_bool(h, "CLICON_STREAM_DISCOVERY_RFC8040") && if (clicon_option_bool(h, "CLICON_STREAM_DISCOVERY_RFC8040") &&
yang_spec_parse_module(h, "ietf-restconf-monitoring", NULL, yspec)< 0) yang_spec_parse_module(h, "ietf-restconf-monitoring", NULL, yspec)< 0)
goto done;
if (clicon_option_bool(h, "CLICON_STREAM_DISCOVERY_RFC5277") &&
yang_spec_parse_module(h, "clixon-rfc5277", NULL, yspec)< 0)
goto done;
/* Here all modules are loaded
* Compute and set canonical namespace context
*/
if (xml_nsctx_yangspec(yspec, &nsctx_global) < 0)
goto done;
if (clicon_nsctx_global_set(h, nsctx_global) < 0)
goto done;
/* Query backend of config.
* Before evhtp, try again if not done */
while (1){
if (clicon_hello_req(h, &id) < 0){
if (errno == ENOENT){
fprintf(stderr, "waiting");
sleep(1);
continue;
}
// clicon_err(OE_UNIX, errno, "clicon_session_id_get");
goto done;
}
clicon_session_id_set(h, id);
break;
}
if ((nsc = xml_nsctx_init(NULL, "https://clicon.org/restconf")) == NULL)
goto done;
if ((pw = getpwuid(getuid())) == NULL){
clicon_err(OE_UNIX, errno, "getpwuid");
goto done; goto done;
} if (clicon_option_bool(h, "CLICON_STREAM_DISCOVERY_RFC5277") &&
if (clicon_rpc_get_config(h, pw->pw_name, "running", "/restconf", nsc, &xconfig) < 0) yang_spec_parse_module(h, "clixon-rfc5277", NULL, yspec)< 0)
goto done; goto done;
if ((xerr = xpath_first(xconfig, NULL, "/rpc-error")) != NULL){
clixon_netconf_error(xerr, "Get backend restconf config", NULL); /* Here all modules are loaded
goto done; * Compute and set canonical namespace context
} */
if (xml_nsctx_yangspec(yspec, &nsctx_global) < 0)
goto done;
if (clicon_nsctx_global_set(h, nsctx_global) < 0)
goto done;
/* Init evhtp, common stuff */ /* Init evhtp, common stuff */
if ((eh->eh_evbase = event_base_new()) == NULL){ if ((eh->eh_evbase = event_base_new()) == NULL){
clicon_err(OE_UNIX, errno, "event_base_new"); clicon_err(OE_UNIX, errno, "event_base_new");
goto done; goto done;
} }
if (cx_evhtp_init(h, xconfig, nsc, eh) < 0) /* First get local config */
goto done; xconfig1 = clicon_conf_xml(h);
/* Drop privileges after evhtp and server key/cert read */ if ((xrestconf1 = xpath_first(xconfig1, NULL, "restconf")) != NULL){
if (drop_privileges){ /* Initialize evhtp with local config */
/* Drop privileges to WWWUSER if started as root */ if (cx_evhtp_init(h, xrestconf1, NULL, eh) < 0)
if (restconf_drop_privileges(h, WWWUSER) < 0)
goto done;
}
/* Exit can go via signal handler without returning here */
if (xconfig){
xml_free(xconfig);
xconfig = NULL;
}
if (nsc){
cvec_free(nsc);
nsc = NULL;
}
/* libevent main loop */
event_base_loop(eh->eh_evbase, 0); /* XXX: replace with clixon_event_loop() */
retval = 0;
done:
if (xconfig)
xml_free(xconfig);
if (nsc)
cvec_free(nsc);
clicon_debug(1, "restconf_main_evhtp done");
return retval;
}
/*! Read config locally */
int
restconf_config_local(clicon_handle h,
cx_evhtp_handle *eh,
int argc,
char **argv,
uint16_t port,
int ssl_verify_clients,
int use_ssl,
int drop_privileges)
{
int retval = -1;
char *argv0 = argv[0];
char *dir;
yang_stmt *yspec = NULL;
char *str;
clixon_plugin *cp = NULL;
cvec *nsctx_global = NULL; /* Global namespace context */
size_t cligen_buflen;
size_t cligen_bufthreshold;
char *restconf_ipv4_addr = NULL;
char *restconf_ipv6_addr = NULL;
evhtp_t *htp;
/* port = defaultport unless explicitly set -P */
if (port == 0){
clicon_err(OE_DAEMON, EINVAL, "Restconf bind port is 0");
goto done;
}
/* Set default namespace according to CLICON_NAMESPACE_NETCONF_DEFAULT */
xml_nsctx_namespace_netconf_default(h);
/* Check server ssl certs */
if (use_ssl){
/* Init evhtp ssl config struct */
if ((eh->eh_ssl_config = malloc(sizeof(evhtp_ssl_cfg_t))) == NULL){
clicon_err(OE_UNIX, errno, "malloc");
goto done; goto done;
}
memset(eh->eh_ssl_config, 0, sizeof(evhtp_ssl_cfg_t));
eh->eh_ssl_config->ssl_opts = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1;
if (cx_get_certs(h, ssl_verify_clients, eh->eh_ssl_config) < 0)
goto done;
eh->eh_ssl_config->x509_verify_cb = cx_verify_certs; /* Is extra verification necessary? */
if (ssl_verify_clients){
eh->eh_ssl_config->verify_peer = SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
eh->eh_ssl_config->x509_verify_cb = cx_verify_certs;
eh->eh_ssl_config->verify_depth = 2;
}
} }
else {
// ssl_verify_mode = htp_sslutil_verify2opts(optarg); /* Query backend of config.
assert(SSL_VERIFY_NONE == 0); * Before evhtp, try again if not done */
/* Access the remaining argv/argc options (after --) w clicon-argv_get() */ while (1){
clicon_argv_set(h, argv0, argc, argv); if (clicon_hello_req(h, &id) < 0){
if (errno == ENOENT){
/* Init evhtp */ fprintf(stderr, "waiting");
if ((eh->eh_evbase = event_base_new()) == NULL){ sleep(1);
clicon_err(OE_UNIX, errno, "event_base_new"); continue;
goto done; }
} // clicon_err(OE_UNIX, errno, "clicon_session_id_get");
/* bind to a socket, optionally with specific protocol support formatting
*/
restconf_ipv4_addr = clicon_option_str(h, "CLICON_RESTCONF_IPV4_ADDR");
restconf_ipv6_addr = clicon_option_str(h, "CLICON_RESTCONF_IPV6_ADDR");
if ((restconf_ipv4_addr == NULL || strlen(restconf_ipv4_addr)==0) &&
(restconf_ipv6_addr == NULL || strlen(restconf_ipv6_addr)==0)){
clicon_err(OE_DAEMON, EINVAL, "There are no restconf IPv4 or IPv6 bind addresses");
goto done;
}
if (restconf_ipv4_addr != NULL && strlen(restconf_ipv4_addr)){
cbuf *cb;
/* create a new evhtp_t instance */
if ((htp = evhtp_new(eh->eh_evbase, NULL)) == NULL){
clicon_err(OE_UNIX, errno, "evhtp_new");
goto done;
}
/* Here the daemon either uses SSL or not, ie you cant seem to mix http and https :-( */
if (use_ssl){
if (evhtp_ssl_init(htp, eh->eh_ssl_config) < 0){
clicon_err(OE_UNIX, errno, "evhtp_new");
goto done; goto done;
} }
clicon_session_id_set(h, id);
break;
} }
#ifndef EVHTP_DISABLE_EVTHR if ((nsc = xml_nsctx_init(NULL, "https://clicon.org/restconf")) == NULL)
evhtp_use_threads_wexit(htp, NULL, NULL, 4, NULL); goto done;
#endif if ((pw = getpwuid(getuid())) == NULL){
/* Callback before the connection is accepted. */ clicon_err(OE_UNIX, errno, "getpwuid");
evhtp_set_pre_accept_cb(htp, cx_pre_accept, h);
/* Callback right after a connection is accepted. */
evhtp_set_post_accept_cb(htp, cx_post_accept, h);
/* Callback to be executed for all /restconf api calls */
if (evhtp_set_cb(htp, "/" RESTCONF_API, cx_path_restconf, h) == NULL){
clicon_err(OE_EVENTS, errno, "evhtp_set_cb");
goto done; goto done;
} }
/* Callback to be executed for all /restconf api calls */ if (clicon_rpc_get_config(h, pw->pw_name, "running", "/restconf", nsc, &xconfig2) < 0)
if (evhtp_set_cb(htp, RESTCONF_WELL_KNOWN, cx_path_wellknown, h) == NULL){ goto done;
clicon_err(OE_EVENTS, errno, "evhtp_set_cb"); if ((xerr = xpath_first(xconfig2, NULL, "/rpc-error")) != NULL){
clixon_netconf_error(xerr, "Get backend restconf config", NULL);
goto done; goto done;
} }
/* Generic callback called if no other callbacks are matched */ /* Extract socket fields from xconfig */
evhtp_set_gencb(htp, cx_gencb, h); if ((xrestconf2 = xpath_first(xconfig2, nsc, "restconf")) != NULL){
/* Initialize evhtp with config from backend */
if ((cb = cbuf_new()) == NULL){ if (cx_evhtp_init(h, xrestconf2, nsc, eh) < 0)
clicon_err(OE_UNIX, errno, "cbuf_new");
goto done;
}
cprintf(cb, "ipv4:%s", restconf_ipv4_addr);
if (evhtp_bind_socket(htp, /* evhtp handle */
cbuf_get(cb), /* string address, eg ipv4:<ipv4addr> */
port, /* port */
SOCKET_LISTEN_BACKLOG /* backlog flag, see listen(5) */
) < 0){
clicon_err(OE_UNIX, errno, "evhtp_bind_socket");
goto done;
}
if (cb)
cbuf_free(cb);
if (cx_htp_add(eh, htp) < 0)
goto done;
}
/* Eeh can only bind one */
if (restconf_ipv6_addr != NULL && strlen(restconf_ipv6_addr)){
cbuf *cb;
/* create a new evhtp_t instance */
if ((htp = evhtp_new(eh->eh_evbase, NULL)) == NULL){
clicon_err(OE_UNIX, errno, "evhtp_new");
goto done;
}
/* Here the daemon either uses SSL or not, ie you cant seem to mix http and https :-( */
if (use_ssl){
if (evhtp_ssl_init(htp, eh->eh_ssl_config) < 0){
clicon_err(OE_UNIX, errno, "evhtp_new");
goto done; goto done;
}
} }
#ifndef EVHTP_DISABLE_EVTHR
evhtp_use_threads_wexit(htp, NULL, NULL, 4, NULL);
#endif
/* Callback before the connection is accepted. */
evhtp_set_pre_accept_cb(htp, cx_pre_accept, h);
/* Callback right after a connection is accepted. */
evhtp_set_post_accept_cb(htp, cx_post_accept, h);
/* Callback to be executed for all /restconf api calls */
if (evhtp_set_cb(htp, "/" RESTCONF_API, cx_path_restconf, h) == NULL){
clicon_err(OE_EVENTS, errno, "evhtp_set_cb");
goto done;
}
/* Callback to be executed for all /restconf api calls */
if (evhtp_set_cb(htp, RESTCONF_WELL_KNOWN, cx_path_wellknown, h) == NULL){
clicon_err(OE_EVENTS, errno, "evhtp_set_cb");
goto done;
}
/* Generic callback called if no other callbacks are matched */
evhtp_set_gencb(htp, cx_gencb, h);
if ((cb = cbuf_new()) == NULL){
clicon_err(OE_UNIX, errno, "cbuf_new");
goto done;
}
cprintf(cb, "ipv6:%s", restconf_ipv6_addr);
if (evhtp_bind_socket(htp, /* evhtp handle */
cbuf_get(cb), /* string address, eg ipv6:<ipv6addr> */
port, /* port */
SOCKET_LISTEN_BACKLOG /* backlog flag, see listen(5) */
) < 0){
clicon_err(OE_UNIX, errno, "evhtp_bind_socket");
goto done;
}
if (cb)
cbuf_free(cb);
if (cx_htp_add(eh, htp) < 0)
goto done;
} }
if (drop_privileges){
/* Drop privileges to WWWUSER if started as root */
if (restconf_drop_privileges(h, WWWUSER) < 0)
goto done;
}
/* Init cligen buffers */
cligen_buflen = clicon_option_int(h, "CLICON_CLI_BUF_START");
cligen_bufthreshold = clicon_option_int(h, "CLICON_CLI_BUF_THRESHOLD");
cbuf_alloc_set(cligen_buflen, cligen_bufthreshold);
/* Add (hardcoded) netconf features in case ietf-netconf loaded here
* Otherwise it is loaded in netconf_module_load below
*/
if (netconf_module_features(h) < 0)
goto done;
/* Create top-level yang spec and store as option */
if ((yspec = yspec_new()) == NULL)
goto done;
clicon_dbspec_yang_set(h, yspec);
/* Treat unknown XML as anydata */
if (clicon_option_bool(h, "CLICON_YANG_UNKNOWN_ANYDATA") == 1)
xml_bind_yang_unknown_anydata(1);
/* Load restconf plugins before yangs are loaded (eg extension callbacks) */
if ((dir = clicon_restconf_dir(h)) != NULL)
if (clixon_plugins_load(h, CLIXON_PLUGIN_INIT, dir, NULL) < 0)
return -1;
/* Create a pseudo-plugin to create extension callback to set the ietf-routing
* yang-data extension for api-root top-level restconf function.
*/
if (clixon_pseudo_plugin(h, "pseudo restconf", &cp) < 0)
goto done;
cp->cp_api.ca_extension = restconf_main_extension_cb;
/* Load Yang modules
* 1. Load a yang module as a specific absolute filename */
if ((str = clicon_yang_main_file(h)) != NULL){
if (yang_spec_parse_file(h, str, yspec) < 0)
goto done;
}
/* 2. Load a (single) main module */
if ((str = clicon_yang_module_main(h)) != NULL){
if (yang_spec_parse_module(h, str, clicon_yang_module_revision(h),
yspec) < 0)
goto done;
}
/* 3. Load all modules in a directory */
if ((str = clicon_yang_main_dir(h)) != NULL){
if (yang_spec_load_dir(h, str, yspec) < 0)
goto done;
}
/* Load clixon lib yang module */
if (yang_spec_parse_module(h, "clixon-lib", NULL, yspec) < 0)
goto done;
/* Load yang module library, RFC7895 */
if (yang_modules_init(h) < 0)
goto done;
/* Load yang restconf module */
if (yang_spec_parse_module(h, "ietf-restconf", NULL, yspec)< 0)
goto done;
/* Add netconf yang spec, used as internal protocol */
if (netconf_module_load(h) < 0)
goto done;
/* Add system modules */
if (clicon_option_bool(h, "CLICON_STREAM_DISCOVERY_RFC8040") &&
yang_spec_parse_module(h, "ietf-restconf-monitoring", NULL, yspec)< 0)
goto done;
if (clicon_option_bool(h, "CLICON_STREAM_DISCOVERY_RFC5277") &&
yang_spec_parse_module(h, "clixon-rfc5277", NULL, yspec)< 0)
goto done;
/* Here all modules are loaded
* Compute and set canonical namespace context
*/
if (xml_nsctx_yangspec(yspec, &nsctx_global) < 0)
goto done;
if (clicon_nsctx_global_set(h, nsctx_global) < 0)
goto done;
/* Call start function in all plugins before we go interactive
*/
if (clixon_plugin_start_all(h) < 0)
goto done;
/* Call start function in all plugins before we go interactive
*/
if (clixon_plugin_start_all(h) < 0)
goto done;
event_base_loop(eh->eh_evbase, 0);
retval = 0; retval = 0;
done: done:
if (xconfig2)
xml_free(xconfig2);
if (nsc)
cvec_free(nsc);
clicon_debug(1, "restconf_main_evhtp done"); clicon_debug(1, "restconf_main_evhtp done");
return retval; return retval;
} }
@ -1546,13 +1193,8 @@ main(int argc,
clicon_handle h; clicon_handle h;
int logdst = CLICON_LOG_SYSLOG; int logdst = CLICON_LOG_SYSLOG;
int dbg = 0; int dbg = 0;
int i;
cx_evhtp_handle *eh = NULL; cx_evhtp_handle *eh = NULL;
int drop_privileges = 1; int drop_privileges = 1;
uint16_t defaultport = 0;
int use_ssl = 0;
int ssl_verify_clients = 0;
uint16_t port = 0;
/* In the startup, logs to stderr & debug flag set later */ /* In the startup, logs to stderr & debug flag set later */
clicon_log_init(__PROGRAM__, LOG_INFO, logdst); clicon_log_init(__PROGRAM__, LOG_INFO, logdst);
@ -1616,8 +1258,6 @@ main(int argc,
if (clicon_options_main(h) < 0) if (clicon_options_main(h) < 0)
goto done; goto done;
// stream_path = clicon_option_str(h, "CLICON_STREAM_PATH"); // stream_path = clicon_option_str(h, "CLICON_STREAM_PATH");
/* XXX only local conf */
defaultport = (uint16_t)clicon_option_int(h, "CLICON_RESTCONF_HTTP_PORT");
/* Now rest of options, some overwrite option file */ /* Now rest of options, some overwrite option file */
optind = 1; optind = 1;
@ -1663,26 +1303,6 @@ main(int argc,
goto done; goto done;
break; break;
} }
case 'b': /* Read config from backend - not local */
clicon_option_bool_set(h, "CLICON_RESTCONF_CONFIG", 1);
break;
case 's': /* ssl: use https */
use_ssl = 1;
/* Set to port - note can be overrifden by -P */
if ((i = clicon_option_int(h, "CLICON_RESTCONF_HTTPS_PORT")) < 0){
clicon_err(OE_CFG, EINVAL, "CLICON_RESTCONF_HTTPS_PORT not found");
goto done;
}
defaultport = (uint16_t)i;
break;
case 'c': /* ssl: verify clients */
ssl_verify_clients = 1;
break;
case 'P': /* http port */
if (!strlen(optarg))
usage(h, argv0);
port=atoi(optarg);
break;
default: default:
usage(h, argv0); usage(h, argv0);
break; break;
@ -1690,13 +1310,13 @@ main(int argc,
argc -= optind; argc -= optind;
argv += optind; argv += optind;
/* Access the remaining argv/argc options (after --) w clicon-argv_get() */
clicon_argv_set(h, argv0, argc, argv);
/* Dump configuration options on debug */ /* Dump configuration options on debug */
if (dbg) if (dbg)
clicon_option_dump(h, dbg); clicon_option_dump(h, dbg);
/* port = defaultport unless explicitly set -P */
if (port == 0)
port = defaultport;
if ((eh = malloc(sizeof *eh)) == NULL){ if ((eh = malloc(sizeof *eh)) == NULL){
clicon_err(OE_UNIX, errno, "malloc"); clicon_err(OE_UNIX, errno, "malloc");
goto done; goto done;
@ -1704,21 +1324,17 @@ main(int argc,
memset(eh, 0, sizeof *eh); memset(eh, 0, sizeof *eh);
_EVHTP_HANDLE = eh; /* global */ _EVHTP_HANDLE = eh; /* global */
if (clicon_option_bool(h, "CLICON_RESTCONF_CONFIG") == 0){ /* Read config */
/* Read config locally */ if (restconf_config(h, eh) < 0)
if (restconf_config_local(h, eh, argc, argv, goto done;
port, /* Drop privileges after evhtp and server key/cert read */
ssl_verify_clients, if (drop_privileges){
use_ssl, /* Drop privileges to WWWUSER if started as root */
drop_privileges if (restconf_drop_privileges(h, WWWUSER) < 0)
) < 0)
goto done;
}
else {
/* Read config from backend */
if (restconf_config_backend(h, eh, argc, argv, drop_privileges) < 0)
goto done; goto done;
} }
/* libevent main loop */
event_base_loop(eh->eh_evbase, 0); /* Replace with clixon_event_loop() if libevent is replaced */
retval = 0; retval = 0;
done: done:

6
apps/restconf/restconf_main_fcgi.c
View file

@ -88,7 +88,7 @@
#include "restconf_stream.h" #include "restconf_stream.h"
/* Command line options to be passed to getopt(3) */ /* Command line options to be passed to getopt(3) */
#define RESTCONF_OPTS "hD:f:E:l:p:d:y:a:u:ro:b" #define RESTCONF_OPTS "hD:f:E:l:p:d:y:a:u:ro:"
/*! Convert FCGI parameters to clixon runtime data /*! Convert FCGI parameters to clixon runtime data
* @param[in] h Clixon handle * @param[in] h Clixon handle
@ -180,7 +180,6 @@ usage(clicon_handle h,
"\t-a UNIX|IPv4|IPv6 Internal backend socket family\n" "\t-a UNIX|IPv4|IPv6 Internal backend socket family\n"
"\t-u <path|addr>\t Internal socket domain path or IP addr (see -a)\n" "\t-u <path|addr>\t Internal socket domain path or IP addr (see -a)\n"
"\t-r \t\t Do not drop privileges if run as root\n" "\t-r \t\t Do not drop privileges if run as root\n"
"\t-b \t\t Read config from backend - no-op only applies to evhtp \n"
"\t-o \"<option>=<value>\" Give configuration option overriding config file (see clixon-config.yang)\n", "\t-o \"<option>=<value>\" Give configuration option overriding config file (see clixon-config.yang)\n",
argv0, argv0,
clicon_restconf_dir(h) clicon_restconf_dir(h)
@ -290,8 +289,7 @@ main(int argc,
case 'f': /* config file */ case 'f': /* config file */
case 'E': /* extra config dir */ case 'E': /* extra config dir */
case 'l': /* log */ case 'l': /* log */
case 'b': /* backend config no-op for fcgi */ break; /* taken care of in earlier getopt above */
break; /* see above */
case 'p' : /* yang dir path */ case 'p' : /* yang dir path */
if (clicon_option_add(h, "CLICON_YANG_DIR", optarg) < 0) if (clicon_option_add(h, "CLICON_YANG_DIR", optarg) < 0)
goto done; goto done;

2
example/main/example.xml
View file

@ -19,6 +19,4 @@
<CLICON_NACM_MODE>disabled</CLICON_NACM_MODE> <CLICON_NACM_MODE>disabled</CLICON_NACM_MODE>
<CLICON_STREAM_DISCOVERY_RFC5277>true</CLICON_STREAM_DISCOVERY_RFC5277> <CLICON_STREAM_DISCOVERY_RFC5277>true</CLICON_STREAM_DISCOVERY_RFC5277>
<CLICON_MODULE_LIBRARY_RFC7895>false</CLICON_MODULE_LIBRARY_RFC7895> <CLICON_MODULE_LIBRARY_RFC7895>false</CLICON_MODULE_LIBRARY_RFC7895>
<CLICON_RESTCONF_IPV4_ADDR>127.0.0.1</CLICON_RESTCONF_IPV4_ADDR>
<CLICON_RESTCONF_IPV6_ADDR>::1</CLICON_RESTCONF_IPV6_ADDR>
</clixon-config> </clixon-config>

6
lib/src/clixon_options.c
View file

@ -375,11 +375,9 @@ parse_configfile(clicon_handle h,
while ((x = xml_child_each(xt, x, CX_ELMNT)) != NULL) { while ((x = xml_child_each(xt, x, CX_ELMNT)) != NULL) {
name = xml_name(x); name = xml_name(x);
body = xml_body(x); body = xml_body(x);
if (name == NULL || body == NULL){ /* Ignored non-leafs */
clicon_log(LOG_WARNING, "%s option NULL: name:%s body:%s", if (name == NULL || body == NULL)
__FUNCTION__, name, body);
continue; continue;
}
/* Ignored from file due to bootstrapping */ /* Ignored from file due to bootstrapping */
if (strcmp(name,"CLICON_CONFIGFILE")==0) if (strcmp(name,"CLICON_CONFIGFILE")==0)
continue; continue;

6
lib/src/clixon_xml_nsctx.c
View file

@ -294,7 +294,7 @@ xml_nsctx_node(cxobj *xn,
return retval; return retval;
} }
/*! Create and initialize XML namespace context from Yang node /*! Create and initialize XML namespace context from Yang node (non-spec)
* Primary use is Yang path statements, eg leafrefs and others * Primary use is Yang path statements, eg leafrefs and others
* Fully explore all prefix:namespace pairs from context of one node * Fully explore all prefix:namespace pairs from context of one node
* @param[in] yn Yang statement in module tree (or module itself) * @param[in] yn Yang statement in module tree (or module itself)
@ -330,6 +330,10 @@ xml_nsctx_yang(yang_stmt *yn,
char *mynamespace; char *mynamespace;
char *myprefix; char *myprefix;
if (yang_keyword_get(yn) == Y_SPEC){
clicon_err(OE_YANG, EINVAL, "yang spec node is invalid argument");
goto done;
}
if ((nc = cvec_new(0)) == NULL){ if ((nc = cvec_new(0)) == NULL){
clicon_err(OE_XML, errno, "cvec_new"); clicon_err(OE_XML, errno, "cvec_new");
goto done; goto done;

16
lib/src/clixon_yang.c
View file

@ -2621,10 +2621,8 @@ schema_nodeid_iterate(yang_stmt *yn,
} }
/*! Given an absolute schema-nodeid (eg /a/b/c) find matching yang spec /*! Given an absolute schema-nodeid (eg /a/b/c) find matching yang spec
* @param[in] yspec Yang specification. * @param[in] yn Original yang stmt (where call is made)
* @param[in] yn Original yang stmt (where call is made) if any
* @param[in] schema_nodeid Absolute schema-node-id, ie /a/b * @param[in] schema_nodeid Absolute schema-node-id, ie /a/b
* @param[in] keyword A schemode of this type, or -1 if any
* @param[out] yres Result yang statement node, or NULL if not found * @param[out] yres Result yang statement node, or NULL if not found
* @retval -1 Error, with clicon_err called * @retval -1 Error, with clicon_err called
* @retval 0 OK , with result in yres * @retval 0 OK , with result in yres
@ -2676,15 +2674,19 @@ yang_abs_schema_nodeid(yang_stmt *yn,
} }
} }
/* Make a namespace context from yang for the prefixes (names) of nodeid_cvv */ /* Make a namespace context from yang for the prefixes (names) of nodeid_cvv */
if (xml_nsctx_yang(yn, &nsc) < 0) if (yang_keyword_get(yn) == Y_SPEC){
goto done; if (xml_nsctx_yangspec(yn, &nsc) < 0)
goto done;
}
else if (xml_nsctx_yang(yn, &nsc) < 0)
goto done;
/* Since this is an _absolute_ schema nodeid start from top /* Since this is an _absolute_ schema nodeid start from top
* Get namespace */ * Get namespace */
cv = cvec_i(nodeid_cvv, 0); cv = cvec_i(nodeid_cvv, 0);
prefix = cv_name_get(cv); prefix = cv_name_get(cv);
if ((ns = xml_nsctx_get(nsc, prefix)) == NULL){ if ((ns = xml_nsctx_get(nsc, prefix)) == NULL){
clicon_err(OE_YANG, EFAULT, "No namespace for prefix: %s in schema node identifier: %s in module %s", clicon_err(OE_YANG, EFAULT, "No namespace for prefix: %s in schema node identifier: %s",
prefix, schema_nodeid, yang_argument_get(ys_module(yn))); prefix, schema_nodeid);
goto done; goto done;
} }
/* Get yang module */ /* Get yang module */

11
test/README.md
View file

@ -99,15 +99,22 @@ For example, in FreeBSD, add:
## https ## https
For fcgi/nginx you need to setup https in the nginx config file, independently of clixon.
If you use evhtp with `configure --with-restconf=evhtp`, you can prepend the tests with RCPROTO=https which will run all restconf tests with SSL https and server certs. If you use evhtp with `configure --with-restconf=evhtp`, you can prepend the tests with RCPROTO=https which will run all restconf tests with SSL https and server certs.
Ensure the server keys are in order, as follows. Ensure the server keys are in order, as follows.
If you already have server certs, ensure CLICON_SSL_SERVER_CERT and CLICON_SSL_SERVER_KEY points to them. If you already have server certs, ensure the RESTCONF variable in lib.sh points to them, by default the config is
```
<server-cert-path>/etc/ssl/certs/clixon-server-crt.pem</server-cert-path>
<server-key-path>/etc/ssl/private/clixon-server-key.pem</server-key-path>
<server-ca-cert-path>/etc/ssl/certs/clixon-ca-crt.pem</server-ca-cert-path>
```
If you do not have them, generate self-signed certs, eg as follows: If you do not have them, generate self-signed certs, eg as follows:
``` ```
openssl req -x509 -nodes -newkey rsa:4096 -keyout /etc/ssl/private/clixon-server-key.pem -out /etc/ssl/certs/clixon-server-crt.pem -days 365 openssl req -x509 -nodes -newkey rsa:4096 -keyout /etc/ssl/private/clixon-server-key.pem -out /etc/ssl/certs/clixon-server-crt.pem -days 365
``` ```
There are also client-cert tests, eg test_ssl*.sh There are also client-cert tests, eg `test_ssl_certs.sh`

18
test/lib.sh
View file

@ -176,6 +176,15 @@ if [ ! -d $dir ]; then
mkdir $dir mkdir $dir
fi fi
# Default restconf configuration: http IPv4
# Can be placed in clixon-config
# Note that https clause assumes there exists certs and keys in /etc/ssl,...
if [ $RCPROTO = http ]; then
RESTCONFIG="<restconf><auth-type>password</auth-type><socket><namespace>default</namespace><address>0.0.0.0</address><port>80</port><ssl>false</ssl></socket></restconf>"
else
RESTCONFIG="<restconf><auth-type>password</auth-type><server-cert-path>/etc/ssl/certs/clixon-server-crt.pem</server-cert-path><server-key-path>/etc/ssl/private/clixon-server-key.pem</server-key-path><server-ca-cert-path>/etc/ssl/certs/clixon-ca-crt.pem</server-ca-cert-path><socket><namespace>default</namespace><address>0.0.0.0</address><port>443</port><ssl>true</ssl></socket></restconf>"
fi
# Some tests may set owner of testdir to something strange and quit, need # Some tests may set owner of testdir to something strange and quit, need
# to reset to me # to reset to me
if [ ! -G $dir ]; then if [ ! -G $dir ]; then
@ -278,13 +287,8 @@ wait_backend(){
# @see wait_restconf # @see wait_restconf
start_restconf(){ start_restconf(){
# Start in background # Start in background
if [ $RCPROTO = https -a "${WITH_RESTCONF}" = "evhtp" ]; then echo "sudo -u $wwwstartuser -s $clixon_restconf $RCLOG -D $DBG $*"
EXTRA="-s" # server certs ONLY evhtp sudo -u $wwwstartuser -s $clixon_restconf $RCLOG -D $DBG $* &
else
EXTRA=
fi
echo "sudo -u $wwwstartuser -s $clixon_restconf $RCLOG -D $DBG $EXTRA $*"
sudo -u $wwwstartuser -s $clixon_restconf $RCLOG -D $DBG $EXTRA $* &
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
err err
fi fi

25
test/restconfig.sh
View file

@ -1,25 +0,0 @@
#!/usr/bin/env bash
# Create restconf backend config with a single socket
# ipv4 no-ssl
# The script defines a VARIABLE containing XML config
# This is either inserted into the startup db, or installed in the backend using the
# restconfigrun() function.
# The config relies on clixon-restconf.yang being loaded.
RESTCONFIG=$(cat <<EOF
<restconf xmlns="https://clicon.org/restconf">
<auth-type>password</auth-type>
<socket><namespace>default</namespace><address>0.0.0.0</address><port>80</port><ssl>false</ssl></socket>
</restconf>
EOF
)
# Install the config above on a backend
restconfigrun()
{
new "netconf edit config"
expecteof "$clixon_netconf -qf $cfg" 0 "<rpc $DEFAULTNS><edit-config><target><candidate/></target><config>$RESTCONFIG</config></edit-config></rpc>]]>]]>" "^<rpc-reply $DEFAULTNS><ok/></rpc-reply>]]>]]>$"
new "netconf commit"
expecteof "$clixon_netconf -qf $cfg" 0 "<rpc $DEFAULTNS><commit/></rpc>]]>]]>" "^<rpc-reply $DEFAULTNS><ok/></rpc-reply>]]>]]>$"
}

7
test/test_api.sh
View file

@ -39,6 +39,7 @@ cat <<EOF > $cfg
<CLICON_BACKEND_PIDFILE>/usr/local/var/$APPNAME/$APPNAME.pidfile</CLICON_BACKEND_PIDFILE> <CLICON_BACKEND_PIDFILE>/usr/local/var/$APPNAME/$APPNAME.pidfile</CLICON_BACKEND_PIDFILE>
<CLICON_XMLDB_DIR>$dir</CLICON_XMLDB_DIR> <CLICON_XMLDB_DIR>$dir</CLICON_XMLDB_DIR>
<CLICON_XMLDB_FORMAT>$format</CLICON_XMLDB_FORMAT> <CLICON_XMLDB_FORMAT>$format</CLICON_XMLDB_FORMAT>
$RESTCONFIG
</clixon-config> </clixon-config>
EOF EOF
@ -228,12 +229,6 @@ if [ $BE -ne 0 ]; then
new "waiting" new "waiting"
wait_backend wait_backend
# Load restconf config for evhtp backend config
if [ "${WITH_RESTCONF}" = "evhtp" ]; then
. ./restconfig.sh
restconfigrun
fi
if [ $RC -ne 0 ]; then if [ $RC -ne 0 ]; then
new "kill old restconf daemon" new "kill old restconf daemon"
stop_restconf_pre stop_restconf_pre

7
test/test_augment.sh
View file

@ -38,6 +38,7 @@ cat <<EOF > $cfg
<CLICON_RESTCONF_PRETTY>false</CLICON_RESTCONF_PRETTY> <CLICON_RESTCONF_PRETTY>false</CLICON_RESTCONF_PRETTY>
<CLICON_XMLDB_DIR>/usr/local/var/$APPNAME</CLICON_XMLDB_DIR> <CLICON_XMLDB_DIR>/usr/local/var/$APPNAME</CLICON_XMLDB_DIR>
<CLICON_MODULE_LIBRARY_RFC7895>true</CLICON_MODULE_LIBRARY_RFC7895> <CLICON_MODULE_LIBRARY_RFC7895>true</CLICON_MODULE_LIBRARY_RFC7895>
$RESTCONFIG
</clixon-config> </clixon-config>
EOF EOF
@ -167,12 +168,6 @@ fi
new "waiting" new "waiting"
wait_backend wait_backend
# Load restconf config for evhtp backend config
if [ "${WITH_RESTCONF}" = "evhtp" ]; then
. ./restconfig.sh
restconfigrun
fi
if [ $RC -ne 0 ]; then if [ $RC -ne 0 ]; then
new "kill old restconf daemon" new "kill old restconf daemon"

7
test/test_choice.sh
View file

@ -28,6 +28,7 @@ cat <<EOF > $cfg
<CLICON_RESTCONF_PRETTY>false</CLICON_RESTCONF_PRETTY> <CLICON_RESTCONF_PRETTY>false</CLICON_RESTCONF_PRETTY>
<CLICON_BACKEND_PIDFILE>/usr/local/var/$APPNAME/$APPNAME.pidfile</CLICON_BACKEND_PIDFILE> <CLICON_BACKEND_PIDFILE>/usr/local/var/$APPNAME/$APPNAME.pidfile</CLICON_BACKEND_PIDFILE>
<CLICON_XMLDB_DIR>/usr/local/var/$APPNAME</CLICON_XMLDB_DIR> <CLICON_XMLDB_DIR>/usr/local/var/$APPNAME</CLICON_XMLDB_DIR>
$RESTCONFIG
</clixon-config> </clixon-config>
EOF EOF
@ -119,12 +120,6 @@ fi
new "waiting" new "waiting"
wait_backend wait_backend
# Load restconf config for evhtp backend config
if [ "${WITH_RESTCONF}" = "evhtp" ]; then
. ./restconfig.sh
restconfigrun
fi
if [ $RC -ne 0 ]; then if [ $RC -ne 0 ]; then
new "kill old restconf daemon" new "kill old restconf daemon"
stop_restconf_pre stop_restconf_pre

7
test/test_identity.sh
View file

@ -28,6 +28,7 @@ cat <<EOF > $cfg
<CLICON_SOCK>/usr/local/var/$APPNAME/$APPNAME.sock</CLICON_SOCK> <CLICON_SOCK>/usr/local/var/$APPNAME/$APPNAME.sock</CLICON_SOCK>
<CLICON_BACKEND_PIDFILE>/usr/local/var/$APPNAME/$APPNAME.pidfile</CLICON_BACKEND_PIDFILE> <CLICON_BACKEND_PIDFILE>/usr/local/var/$APPNAME/$APPNAME.pidfile</CLICON_BACKEND_PIDFILE>
<CLICON_XMLDB_DIR>/usr/local/var/$APPNAME</CLICON_XMLDB_DIR> <CLICON_XMLDB_DIR>/usr/local/var/$APPNAME</CLICON_XMLDB_DIR>
$RESTCONFIG
</clixon-config> </clixon-config>
EOF EOF
@ -154,12 +155,6 @@ fi
new "waiting" new "waiting"
wait_backend wait_backend
# Load restconf config for evhtp backend config
if [ "${WITH_RESTCONF}" = "evhtp" ]; then
. ./restconfig.sh
restconfigrun
fi
if [ $RC -ne 0 ]; then if [ $RC -ne 0 ]; then
new "kill old restconf daemon" new "kill old restconf daemon"
stop_restconf_pre stop_restconf_pre

3
test/test_nacm.sh
View file

@ -34,6 +34,7 @@ cat <<EOF > $cfg
<CLICON_RESTCONF_PRETTY>false</CLICON_RESTCONF_PRETTY> <CLICON_RESTCONF_PRETTY>false</CLICON_RESTCONF_PRETTY>
<CLICON_NACM_MODE>internal</CLICON_NACM_MODE> <CLICON_NACM_MODE>internal</CLICON_NACM_MODE>
<CLICON_NACM_DISABLED_ON_EMPTY>true</CLICON_NACM_DISABLED_ON_EMPTY> <CLICON_NACM_DISABLED_ON_EMPTY>true</CLICON_NACM_DISABLED_ON_EMPTY>
$RESTCONFIG
</clixon-config> </clixon-config>
EOF EOF
@ -132,7 +133,7 @@ if [ $RC -ne 0 ]; then
stop_restconf_pre stop_restconf_pre
new "start restconf daemon (-a is enable basic authentication)" new "start restconf daemon (-a is enable basic authentication)"
start_restconf -f $cfg -o CLICON_RESTCONF_CONFIG=false -- -a start_restconf -f $cfg -- -a
new "waiting" new "waiting"
wait_restconf wait_restconf

27
test/test_nacm_datanode.sh
View file

@ -63,6 +63,7 @@ cat <<EOF > $cfg
<CLICON_RESTCONF_PRETTY>false</CLICON_RESTCONF_PRETTY> <CLICON_RESTCONF_PRETTY>false</CLICON_RESTCONF_PRETTY>
<CLICON_NACM_MODE>internal</CLICON_NACM_MODE> <CLICON_NACM_MODE>internal</CLICON_NACM_MODE>
<CLICON_NACM_DISABLED_ON_EMPTY>true</CLICON_NACM_DISABLED_ON_EMPTY> <CLICON_NACM_DISABLED_ON_EMPTY>true</CLICON_NACM_DISABLED_ON_EMPTY>
$RESTCONFIG
</clixon-config> </clixon-config>
EOF EOF
@ -227,22 +228,6 @@ fi
new "waiting" new "waiting"
wait_backend wait_backend
new "auth set authentication config"
expecteof "$clixon_netconf -qf $cfg" 0 "<rpc $DEFAULTNS><edit-config><target><candidate/></target><config>$RULES</config></edit-config></rpc>]]>]]>" "^<rpc-reply $DEFAULTNS><ok/></rpc-reply>]]>]]>$"
new "set app config"
expecteof "$clixon_netconf -qf $cfg" 0 "<rpc $DEFAULTNS><edit-config><target><candidate/></target><config>$CONFIG</config></edit-config></rpc>]]>]]>" "^<rpc-reply $DEFAULTNS><ok/></rpc-reply>]]>]]>$"
new "commit it"
expecteof "$clixon_netconf -qf $cfg" 0 "<rpc $DEFAULTNS><commit/></rpc>]]>]]>" "^<rpc-reply $DEFAULTNS><ok/></rpc-reply>]]>]]>$"
# Load restconf config for evhtp backend config
# NACM is disabled by RULES
if [ "${WITH_RESTCONF}" = "evhtp" ]; then
. ./restconfig.sh
restconfigrun
fi
if [ $RC -ne 0 ]; then if [ $RC -ne 0 ]; then
new "kill old restconf daemon" new "kill old restconf daemon"
stop_restconf_pre stop_restconf_pre
@ -254,6 +239,16 @@ if [ $RC -ne 0 ]; then
wait_restconf wait_restconf
fi fi
new "auth set authentication config"
expecteof "$clixon_netconf -qf $cfg" 0 "<rpc $DEFAULTNS><edit-config><target><candidate/></target><config>$RULES</config></edit-config></rpc>]]>]]>" "^<rpc-reply $DEFAULTNS><ok/></rpc-reply>]]>]]>$"
new "set app config"
expecteof "$clixon_netconf -qf $cfg" 0 "<rpc $DEFAULTNS><edit-config><target><candidate/></target><config>$CONFIG</config></edit-config></rpc>]]>]]>" "^<rpc-reply $DEFAULTNS><ok/></rpc-reply>]]>]]>$"
new "commit it"
expecteof "$clixon_netconf -qf $cfg" 0 "<rpc $DEFAULTNS><commit/></rpc>]]>]]>" "^<rpc-reply $DEFAULTNS><ok/></rpc-reply>]]>]]>$"
new "enable nacm" new "enable nacm"
expectpart "$(curl -u andy:bar $CURLOPTS -X PUT -H "Content-Type: application/yang-data+json" -d '{"ietf-netconf-acm:enable-nacm": true}' $RCPROTO://localhost/restconf/data/ietf-netconf-acm:nacm/enable-nacm)" 0 "HTTP/1.1 204 No Content" expectpart "$(curl -u andy:bar $CURLOPTS -X PUT -H "Content-Type: application/yang-data+json" -d '{"ietf-netconf-acm:enable-nacm": true}' $RCPROTO://localhost/restconf/data/ietf-netconf-acm:nacm/enable-nacm)" 0 "HTTP/1.1 204 No Content"

3
test/test_nacm_datanode_paths.sh
View file

@ -36,6 +36,7 @@ cat <<EOF > $cfg
<CLICON_RESTCONF_PRETTY>false</CLICON_RESTCONF_PRETTY> <CLICON_RESTCONF_PRETTY>false</CLICON_RESTCONF_PRETTY>
<CLICON_NACM_MODE>internal</CLICON_NACM_MODE> <CLICON_NACM_MODE>internal</CLICON_NACM_MODE>
<CLICON_NACM_CREDENTIALS>none</CLICON_NACM_CREDENTIALS> <CLICON_NACM_CREDENTIALS>none</CLICON_NACM_CREDENTIALS>
$RESTCONFIG
</clixon-config> </clixon-config>
EOF EOF
@ -106,7 +107,7 @@ if [ $RC -ne 0 ]; then
stop_restconf_pre stop_restconf_pre
new "start restconf daemon (-a is enable basic authentication)" new "start restconf daemon (-a is enable basic authentication)"
start_restconf -f $cfg -o CLICON_RESTCONF_CONFIG=false -- -a start_restconf -f $cfg -- -a
new "waiting" new "waiting"
wait_restconf wait_restconf

28
test/test_nacm_datanode_read.sh
View file

@ -43,6 +43,7 @@ cat <<EOF > $cfg
<CLICON_RESTCONF_PRETTY>false</CLICON_RESTCONF_PRETTY> <CLICON_RESTCONF_PRETTY>false</CLICON_RESTCONF_PRETTY>
<CLICON_NACM_MODE>internal</CLICON_NACM_MODE> <CLICON_NACM_MODE>internal</CLICON_NACM_MODE>
<CLICON_NACM_DISABLED_ON_EMPTY>true</CLICON_NACM_DISABLED_ON_EMPTY> <CLICON_NACM_DISABLED_ON_EMPTY>true</CLICON_NACM_DISABLED_ON_EMPTY>
$RESTCONFIG
</clixon-config> </clixon-config>
EOF EOF
@ -232,23 +233,6 @@ fi
new "waiting" new "waiting"
wait_backend wait_backend
new "auth set authentication config"
expecteof "$clixon_netconf -qf $cfg" 0 "<rpc $DEFAULTNS><edit-config><target><candidate/></target><config>$RULES</config></edit-config></rpc>]]>]]>" "^<rpc-reply $DEFAULTNS><ok/></rpc-reply>]]>]]>$"
new "set app config"
expecteof "$clixon_netconf -qf $cfg" 0 "<rpc $DEFAULTNS><edit-config><target><candidate/></target><config>$CONFIG</config></edit-config></rpc>]]>]]>" "^<rpc-reply $DEFAULTNS><ok/></rpc-reply>]]>]]>$"
new "commit it"
expecteof "$clixon_netconf -qf $cfg" 0 "<rpc $DEFAULTNS><commit/></rpc>]]>]]>" "^<rpc-reply $DEFAULTNS><ok/></rpc-reply>]]>]]>$"
# Load restconf config for evhtp backend config
# Must be done before restconf started NACM is disabled
if [ "${WITH_RESTCONF}" = "evhtp" ]; then
. ./restconfig.sh
restconfigrun
fi
if [ $RC -ne 0 ]; then if [ $RC -ne 0 ]; then
new "kill old restconf daemon" new "kill old restconf daemon"
stop_restconf_pre stop_restconf_pre
@ -260,6 +244,16 @@ if [ $RC -ne 0 ]; then
wait_restconf wait_restconf
fi fi
new "auth set authentication config"
expecteof "$clixon_netconf -qf $cfg" 0 "<rpc $DEFAULTNS><edit-config><target><candidate/></target><config>$RULES</config></edit-config></rpc>]]>]]>" "^<rpc-reply $DEFAULTNS><ok/></rpc-reply>]]>]]>$"
new "set app config"
expecteof "$clixon_netconf -qf $cfg" 0 "<rpc $DEFAULTNS><edit-config><target><candidate/></target><config>$CONFIG</config></edit-config></rpc>]]>]]>" "^<rpc-reply $DEFAULTNS><ok/></rpc-reply>]]>]]>$"
new "commit it"
expecteof "$clixon_netconf -qf $cfg" 0 "<rpc $DEFAULTNS><commit/></rpc>]]>]]>" "^<rpc-reply $DEFAULTNS><ok/></rpc-reply>]]>]]>$"
new "enable nacm" new "enable nacm"
expectpart "$(curl -u andy:bar $CURLOPTS -X PUT -H "Content-Type: application/yang-data+json" -d '{"ietf-netconf-acm:enable-nacm": true}' $RCPROTO://localhost/restconf/data/ietf-netconf-acm:nacm/enable-nacm)" 0 "HTTP/1.1 204 No Content" expectpart "$(curl -u andy:bar $CURLOPTS -X PUT -H "Content-Type: application/yang-data+json" -d '{"ietf-netconf-acm:enable-nacm": true}' $RCPROTO://localhost/restconf/data/ietf-netconf-acm:nacm/enable-nacm)" 0 "HTTP/1.1 204 No Content"

27
test/test_nacm_datanode_write.sh
View file

@ -35,6 +35,7 @@ cat <<EOF > $cfg
<CLICON_RESTCONF_PRETTY>false</CLICON_RESTCONF_PRETTY> <CLICON_RESTCONF_PRETTY>false</CLICON_RESTCONF_PRETTY>
<CLICON_NACM_MODE>internal</CLICON_NACM_MODE> <CLICON_NACM_MODE>internal</CLICON_NACM_MODE>
<CLICON_NACM_DISABLED_ON_EMPTY>true</CLICON_NACM_DISABLED_ON_EMPTY> <CLICON_NACM_DISABLED_ON_EMPTY>true</CLICON_NACM_DISABLED_ON_EMPTY>
$RESTCONFIG
</clixon-config> </clixon-config>
EOF EOF
@ -228,22 +229,6 @@ fi
new "waiting" new "waiting"
wait_backend wait_backend
new "auth set authentication config"
expecteof "$clixon_netconf -qf $cfg" 0 "<rpc $DEFAULTNS><edit-config><target><candidate/></target><config>$RULES</config></edit-config></rpc>]]>]]>" "^<rpc-reply $DEFAULTNS><ok/></rpc-reply>]]>]]>$"
new "set app config"
expecteof "$clixon_netconf -qf $cfg" 0 "<rpc $DEFAULTNS><edit-config><target><candidate/></target><config>$CONFIG</config></edit-config></rpc>]]>]]>" "^<rpc-reply $DEFAULTNS><ok/></rpc-reply>]]>]]>$"
new "commit it"
expecteof "$clixon_netconf -qf $cfg" 0 "<rpc $DEFAULTNS><commit/></rpc>]]>]]>" "^<rpc-reply $DEFAULTNS><ok/></rpc-reply>]]>]]>$"
# Load restconf config for evhtp backend config
# Must be done before restconf but after first config
if [ "${WITH_RESTCONF}" = "evhtp" ]; then
. ./restconfig.sh
restconfigrun
fi
if [ $RC -ne 0 ]; then if [ $RC -ne 0 ]; then
new "kill old restconf daemon" new "kill old restconf daemon"
stop_restconf_pre stop_restconf_pre
@ -255,6 +240,16 @@ if [ $RC -ne 0 ]; then
wait_restconf wait_restconf
fi fi
new "auth set authentication config"
expecteof "$clixon_netconf -qf $cfg" 0 "<rpc $DEFAULTNS><edit-config><target><candidate/></target><config>$RULES</config></edit-config></rpc>]]>]]>" "^<rpc-reply $DEFAULTNS><ok/></rpc-reply>]]>]]>$"
new "set app config"
expecteof "$clixon_netconf -qf $cfg" 0 "<rpc $DEFAULTNS><edit-config><target><candidate/></target><config>$CONFIG</config></edit-config></rpc>]]>]]>" "^<rpc-reply $DEFAULTNS><ok/></rpc-reply>]]>]]>$"
new "commit it"
expecteof "$clixon_netconf -qf $cfg" 0 "<rpc $DEFAULTNS><commit/></rpc>]]>]]>" "^<rpc-reply $DEFAULTNS><ok/></rpc-reply>]]>]]>$"
new "enable nacm" new "enable nacm"
expectpart "$(curl -u andy:bar $CURLOPTS -X PUT -H "Content-Type: application/yang-data+json" -d '{"ietf-netconf-acm:enable-nacm": true}' $RCPROTO://localhost/restconf/data/ietf-netconf-acm:nacm/enable-nacm)" 0 "HTTP/1.1 204 No Content" expectpart "$(curl -u andy:bar $CURLOPTS -X PUT -H "Content-Type: application/yang-data+json" -d '{"ietf-netconf-acm:enable-nacm": true}' $RCPROTO://localhost/restconf/data/ietf-netconf-acm:nacm/enable-nacm)" 0 "HTTP/1.1 204 No Content"

4
test/test_nacm_default.sh
View file

@ -32,6 +32,7 @@ cat <<EOF > $cfg
<CLICON_NACM_MODE>internal</CLICON_NACM_MODE> <CLICON_NACM_MODE>internal</CLICON_NACM_MODE>
<CLICON_NACM_DISABLED_ON_EMPTY>true</CLICON_NACM_DISABLED_ON_EMPTY> <CLICON_NACM_DISABLED_ON_EMPTY>true</CLICON_NACM_DISABLED_ON_EMPTY>
<CLICON_XMLDB_FORMAT>$format</CLICON_XMLDB_FORMAT> <CLICON_XMLDB_FORMAT>$format</CLICON_XMLDB_FORMAT>
$RESTCONFIG
</clixon-config> </clixon-config>
EOF EOF
@ -110,9 +111,8 @@ EOF
new "kill old restconf daemon" new "kill old restconf daemon"
stop_restconf_pre stop_restconf_pre
# Cannot use CLICON_RESTCONF_CONFIG=true because of bootstrap problem
new "start restconf daemon (-a is enable basic authentication)" new "start restconf daemon (-a is enable basic authentication)"
start_restconf -f $cfg -o CLICON_RESTCONF_CONFIG=false -- -a start_restconf -f $cfg -- -a
new "waiting" new "waiting"
wait_restconf wait_restconf

7
test/test_nacm_ext.sh
View file

@ -36,6 +36,7 @@ cat <<EOF > $cfg
<CLICON_NACM_MODE>external</CLICON_NACM_MODE> <CLICON_NACM_MODE>external</CLICON_NACM_MODE>
<CLICON_NACM_FILE>$nacmfile</CLICON_NACM_FILE> <CLICON_NACM_FILE>$nacmfile</CLICON_NACM_FILE>
<CLICON_NACM_CREDENTIALS>none</CLICON_NACM_CREDENTIALS> <CLICON_NACM_CREDENTIALS>none</CLICON_NACM_CREDENTIALS>
$RESTCONFIG
</clixon-config> </clixon-config>
EOF EOF
@ -146,12 +147,6 @@ fi
new "waiting" new "waiting"
wait_backend wait_backend
# Load restconf config for evhtp backend config
if [ "${WITH_RESTCONF}" = "evhtp" ]; then
. ./restconfig.sh
restconfigrun
fi
if [ $RC -ne 0 ]; then if [ $RC -ne 0 ]; then
new "kill old restconf daemon" new "kill old restconf daemon"
stop_restconf_pre stop_restconf_pre

20
test/test_nacm_module_read.sh
View file

@ -36,6 +36,7 @@ cat <<EOF > $cfg
<CLICON_NACM_MODE>internal</CLICON_NACM_MODE> <CLICON_NACM_MODE>internal</CLICON_NACM_MODE>
<CLICON_NACM_CREDENTIALS>none</CLICON_NACM_CREDENTIALS> <CLICON_NACM_CREDENTIALS>none</CLICON_NACM_CREDENTIALS>
<CLICON_NACM_DISABLED_ON_EMPTY>true</CLICON_NACM_DISABLED_ON_EMPTY> <CLICON_NACM_DISABLED_ON_EMPTY>true</CLICON_NACM_DISABLED_ON_EMPTY>
$RESTCONFIG
</clixon-config> </clixon-config>
EOF EOF
@ -129,18 +130,6 @@ fi
new "waiting" new "waiting"
wait_backend wait_backend
new "auth set authentication config"
expecteof "$clixon_netconf -qf $cfg" 0 "<rpc $DEFAULTNS><edit-config><target><candidate/></target><config>$RULES</config></edit-config></rpc>]]>]]>" "^<rpc-reply $DEFAULTNS><ok/></rpc-reply>]]>]]>$"
new "commit it"
expecteof "$clixon_netconf -qf $cfg" 0 "<rpc $DEFAULTNS><commit/></rpc>]]>]]>" "^<rpc-reply $DEFAULTNS><ok/></rpc-reply>]]>]]>$"
# Load restconf config for evhtp backend config
if [ "${WITH_RESTCONF}" = "evhtp" ]; then
. ./restconfig.sh
restconfigrun
fi
if [ $RC -ne 0 ]; then if [ $RC -ne 0 ]; then
new "kill old restconf daemon" new "kill old restconf daemon"
stop_restconf_pre stop_restconf_pre
@ -152,6 +141,13 @@ if [ $RC -ne 0 ]; then
wait_restconf wait_restconf
fi fi
new "auth set authentication config"
expecteof "$clixon_netconf -qf $cfg" 0 "<rpc $DEFAULTNS><edit-config><target><candidate/></target><config>$RULES</config></edit-config></rpc>]]>]]>" "^<rpc-reply $DEFAULTNS><ok/></rpc-reply>]]>]]>$"
new "commit it"
expecteof "$clixon_netconf -qf $cfg" 0 "<rpc $DEFAULTNS><commit/></rpc>]]>]]>" "^<rpc-reply $DEFAULTNS><ok/></rpc-reply>]]>]]>$"
new "enable nacm" new "enable nacm"
expectpart "$(curl -u andy:bar $CURLOPTS -X PUT -H "Content-Type: application/yang-data+json" -d '{"ietf-netconf-acm:enable-nacm": true}' $RCPROTO://localhost/restconf/data/ietf-netconf-acm:nacm/enable-nacm)" 0 "HTTP/1.1 204 No Content" expectpart "$(curl -u andy:bar $CURLOPTS -X PUT -H "Content-Type: application/yang-data+json" -d '{"ietf-netconf-acm:enable-nacm": true}' $RCPROTO://localhost/restconf/data/ietf-netconf-acm:nacm/enable-nacm)" 0 "HTTP/1.1 204 No Content"

3
test/test_nacm_module_write.sh
View file

@ -49,6 +49,7 @@ cat <<EOF > $cfg
<CLICON_RESTCONF_PRETTY>false</CLICON_RESTCONF_PRETTY> <CLICON_RESTCONF_PRETTY>false</CLICON_RESTCONF_PRETTY>
<CLICON_NACM_MODE>internal</CLICON_NACM_MODE> <CLICON_NACM_MODE>internal</CLICON_NACM_MODE>
<CLICON_NACM_DISABLED_ON_EMPTY>true</CLICON_NACM_DISABLED_ON_EMPTY> <CLICON_NACM_DISABLED_ON_EMPTY>true</CLICON_NACM_DISABLED_ON_EMPTY>
$RESTCONFIG
</clixon-config> </clixon-config>
EOF EOF
@ -153,7 +154,7 @@ if [ $RC -ne 0 ]; then
stop_restconf_pre stop_restconf_pre
new "start restconf daemon (-a is enable basic authentication)" new "start restconf daemon (-a is enable basic authentication)"
start_restconf -f $cfg -o CLICON_RESTCONF_CONFIG=false -- -a start_restconf -f $cfg -- -a
new "waiting" new "waiting"
wait_restconf wait_restconf

21
test/test_nacm_protocol.sh
View file

@ -53,6 +53,7 @@ cat <<EOF > $cfg
<CLICON_NACM_MODE>internal</CLICON_NACM_MODE> <CLICON_NACM_MODE>internal</CLICON_NACM_MODE>
<CLICON_NACM_CREDENTIALS>none</CLICON_NACM_CREDENTIALS> <CLICON_NACM_CREDENTIALS>none</CLICON_NACM_CREDENTIALS>
<CLICON_NACM_DISABLED_ON_EMPTY>true</CLICON_NACM_DISABLED_ON_EMPTY> <CLICON_NACM_DISABLED_ON_EMPTY>true</CLICON_NACM_DISABLED_ON_EMPTY>
$RESTCONFIG
</clixon-config> </clixon-config>
EOF EOF
@ -149,19 +150,6 @@ fi
new "waiting" new "waiting"
wait_backend wait_backend
new "auth set authentication config"
expecteof "$clixon_netconf -qf $cfg" 0 "<rpc $DEFAULTNS><edit-config><target><candidate/></target><config>$RULES</config></edit-config></rpc>]]>]]>" "^<rpc-reply $DEFAULTNS><ok/></rpc-reply>]]>]]>$"
new "commit it"
expecteof "$clixon_netconf -qf $cfg" 0 "<rpc $DEFAULTNS><commit/></rpc>]]>]]>" "^<rpc-reply $DEFAULTNS><ok/></rpc-reply>]]>]]>$"
# Load restconf config for evhtp backend config
if [ "${WITH_RESTCONF}" = "evhtp" ]; then
. ./restconfig.sh
restconfigrun
fi
if [ $RC -ne 0 ]; then if [ $RC -ne 0 ]; then
new "kill old restconf daemon" new "kill old restconf daemon"
@ -174,6 +162,13 @@ if [ $RC -ne 0 ]; then
wait_restconf wait_restconf
fi fi
new "auth set authentication config"
expecteof "$clixon_netconf -qf $cfg" 0 "<rpc $DEFAULTNS><edit-config><target><candidate/></target><config>$RULES</config></edit-config></rpc>]]>]]>" "^<rpc-reply $DEFAULTNS><ok/></rpc-reply>]]>]]>$"
new "commit it"
expecteof "$clixon_netconf -qf $cfg" 0 "<rpc $DEFAULTNS><commit/></rpc>]]>]]>" "^<rpc-reply $DEFAULTNS><ok/></rpc-reply>]]>]]>$"
new "enable nacm" new "enable nacm"
expectpart "$(curl -u andy:bar $CURLOPTS -X PUT -H "Content-Type: application/yang-data+json" -d '{"ietf-netconf-acm:enable-nacm": true}' $RCPROTO://localhost/restconf/data/ietf-netconf-acm:nacm/enable-nacm)" 0 "HTTP/1.1 204 No Content" expectpart "$(curl -u andy:bar $CURLOPTS -X PUT -H "Content-Type: application/yang-data+json" -d '{"ietf-netconf-acm:enable-nacm": true}' $RCPROTO://localhost/restconf/data/ietf-netconf-acm:nacm/enable-nacm)" 0 "HTTP/1.1 204 No Content"

3
test/test_nacm_recovery.sh
View file

@ -85,6 +85,7 @@ cat <<EOF > $cfg
<CLICON_NACM_RECOVERY_USER>$recovery</CLICON_NACM_RECOVERY_USER> <CLICON_NACM_RECOVERY_USER>$recovery</CLICON_NACM_RECOVERY_USER>
<CLICON_NACM_MODE>internal</CLICON_NACM_MODE> <CLICON_NACM_MODE>internal</CLICON_NACM_MODE>
<CLICON_NACM_CREDENTIALS>$cred</CLICON_NACM_CREDENTIALS> <CLICON_NACM_CREDENTIALS>$cred</CLICON_NACM_CREDENTIALS>
$RESTCONFIG
</clixon-config> </clixon-config>
EOF EOF
if [ $BE -ne 0 ]; then if [ $BE -ne 0 ]; then
@ -103,7 +104,7 @@ EOF
stop_restconf_pre stop_restconf_pre
new "start restconf daemon (-a is enable basic authentication)" new "start restconf daemon (-a is enable basic authentication)"
start_restconf -f $cfg -o CLICON_RESTCONF_CONFIG=false -- -a start_restconf -f $cfg -- -a
new "waiting" new "waiting"
wait_restconf wait_restconf

7
test/test_perf_restconf.sh
View file

@ -69,6 +69,7 @@ cat <<EOF > $cfg
<CLICON_CLISPEC_DIR>/usr/local/lib/example/clispec</CLICON_CLISPEC_DIR> <CLICON_CLISPEC_DIR>/usr/local/lib/example/clispec</CLICON_CLISPEC_DIR>
<CLICON_CLI_LINESCROLLING>0</CLICON_CLI_LINESCROLLING> <CLICON_CLI_LINESCROLLING>0</CLICON_CLI_LINESCROLLING>
<CLICON_FEATURE>ietf-netconf:startup</CLICON_FEATURE> <CLICON_FEATURE>ietf-netconf:startup</CLICON_FEATURE>
$RESTCONFIG
</clixon-config> </clixon-config>
EOF EOF
@ -87,12 +88,6 @@ fi
new "waiting" new "waiting"
wait_backend wait_backend
# Load restconf config for evhtp backend config
if [ "${WITH_RESTCONF}" = "evhtp" ]; then
. ./restconfig.sh
restconfigrun
fi
if [ $RC -ne 0 ]; then if [ $RC -ne 0 ]; then
new "kill old restconf daemon" new "kill old restconf daemon"
stop_restconf_pre stop_restconf_pre

7
test/test_perf_state.sh
View file

@ -47,6 +47,7 @@ cat <<EOF > $cfg
<CLICON_CLISPEC_DIR>/usr/local/lib/example/clispec</CLICON_CLISPEC_DIR> <CLICON_CLISPEC_DIR>/usr/local/lib/example/clispec</CLICON_CLISPEC_DIR>
<CLICON_CLI_LINESCROLLING>0</CLICON_CLI_LINESCROLLING> <CLICON_CLI_LINESCROLLING>0</CLICON_CLI_LINESCROLLING>
<CLICON_FEATURE>ietf-netconf:startup</CLICON_FEATURE> <CLICON_FEATURE>ietf-netconf:startup</CLICON_FEATURE>
$RESTCONFIG
</clixon-config> </clixon-config>
EOF EOF
@ -108,12 +109,6 @@ fi
new "waiting" new "waiting"
wait_backend wait_backend
# Load restconf config for evhtp backend config
if [ "${WITH_RESTCONF}" = "evhtp" ]; then
. ./restconfig.sh
restconfigrun
fi
if [ $RC -ne 0 ]; then if [ $RC -ne 0 ]; then
new "kill old restconf daemon" new "kill old restconf daemon"
stop_restconf_pre stop_restconf_pre

7
test/test_perf_state_only.sh
View file

@ -46,6 +46,7 @@ cat <<EOF > $cfg
<CLICON_CLI_DIR>/usr/local/lib/example/cli</CLICON_CLI_DIR> <CLICON_CLI_DIR>/usr/local/lib/example/cli</CLICON_CLI_DIR>
<CLICON_CLISPEC_DIR>/usr/local/lib/example/clispec</CLICON_CLISPEC_DIR> <CLICON_CLISPEC_DIR>/usr/local/lib/example/clispec</CLICON_CLISPEC_DIR>
<CLICON_FEATURE>ietf-netconf:startup</CLICON_FEATURE> <CLICON_FEATURE>ietf-netconf:startup</CLICON_FEATURE>
$RESTCONFIG
</clixon-config> </clixon-config>
EOF EOF
@ -108,12 +109,6 @@ if [ $BE -ne 0 ]; then
wait_backend wait_backend
fi fi
# Load restconf config for evhtp backend config
if [ "${WITH_RESTCONF}" = "evhtp" ]; then
. ./restconfig.sh
restconfigrun
fi
if [ $RC -ne 0 ]; then if [ $RC -ne 0 ]; then
new "kill old restconf daemon" new "kill old restconf daemon"

54
test/test_restconf.sh
View file

@ -39,6 +39,7 @@ cat <<EOF > $cfg
<CLICON_BACKEND_PIDFILE>/usr/local/var/$APPNAME/$APPNAME.pidfile</CLICON_BACKEND_PIDFILE> <CLICON_BACKEND_PIDFILE>/usr/local/var/$APPNAME/$APPNAME.pidfile</CLICON_BACKEND_PIDFILE>
<CLICON_XMLDB_DIR>/usr/local/var/$APPNAME</CLICON_XMLDB_DIR> <CLICON_XMLDB_DIR>/usr/local/var/$APPNAME</CLICON_XMLDB_DIR>
<CLICON_MODULE_LIBRARY_RFC7895>true</CLICON_MODULE_LIBRARY_RFC7895> <CLICON_MODULE_LIBRARY_RFC7895>true</CLICON_MODULE_LIBRARY_RFC7895>
</clixon-config>
EOF EOF
if [ "${WITH_RESTCONF}" = "evhtp" ]; then if [ "${WITH_RESTCONF}" = "evhtp" ]; then
@ -50,23 +51,8 @@ if [ "${WITH_RESTCONF}" = "evhtp" ]; then
cacert=$certdir/ca_cert.pem cacert=$certdir/ca_cert.pem
test -d $certdir || mkdir $certdir test -d $certdir || mkdir $certdir
. ./certs.sh . ./certs.sh
cat <<EOF >> $cfg
<CLICON_SSL_SERVER_CERT>$srvcert</CLICON_SSL_SERVER_CERT>
<CLICON_SSL_SERVER_KEY>$srvkey</CLICON_SSL_SERVER_KEY>
<CLICON_SSL_CA_CERT>$srvcert</CLICON_SSL_CA_CERT>
EOF
fi fi
if $IPv6; then
cat <<EOF >> $cfg
<CLICON_RESTCONF_IPV6_ADDR>::</CLICON_RESTCONF_IPV6_ADDR>
EOF
fi
cat <<EOF >> $cfg
</clixon-config>
EOF
# This is a fixed 'state' implemented in routing_backend. It is assumed to be always there # This is a fixed 'state' implemented in routing_backend. It is assumed to be always there
state='{"clixon-example:state":{"op":\["41","42","43"\]}' state='{"clixon-example:state":{"op":\["41","42","43"\]}'
@ -93,7 +79,8 @@ else
<server-cert-path>$srvcert</server-cert-path> <server-cert-path>$srvcert</server-cert-path>
<server-key-path>$srvkey</server-key-path> <server-key-path>$srvkey</server-key-path>
<server-ca-cert-path>$cakey</server-ca-cert-path> <server-ca-cert-path>$cakey</server-ca-cert-path>
<socket><namespace>default</namespace><address>0.0.0.0</address><port>80</port><ssl>false</ssl></socket> <socket><namespace>default</namespace><address>0.0.0.0</address><port>80</port><ssl>false</ssl></sock
et>
<socket><namespace>default</namespace><address>0.0.0.0</address><port>443</port><ssl>true</ssl></socket> <socket><namespace>default</namespace><address>0.0.0.0</address><port>443</port><ssl>true</ssl></socket>
</restconf> </restconf>
EOF EOF
@ -108,12 +95,10 @@ testrun()
{ {
proto=$1 # http/https proto=$1 # http/https
addr=$2 # 127.0.0.1/::1 addr=$2 # 127.0.0.1/::1
config=$3 # local/backend
RCPROTO=$proto # for start/wait of restconf RCPROTO=$proto # for start/wait of restconf
echo "proto:$proto" echo "proto:$proto"
echo "addr:$addr" echo "addr:$addr"
echo "config:$config"
new "test params: -f $cfg -- -s" new "test params: -f $cfg -- -s"
if [ $BE -ne 0 ]; then if [ $BE -ne 0 ]; then
@ -131,26 +116,19 @@ testrun()
new "wait backend" new "wait backend"
wait_backend wait_backend
if [ $config = backend ] ; then # Create a backend config new "netconf edit config"
# restconf backend config expecteof "$clixon_netconf -qf $cfg" 0 "<rpc $DEFAULTNS><edit-config><target><candidate/></target><config>$RESTCONFIG</config></edit-config></rpc>]]>]]>" "^<rpc-reply $DEFAULTNS><ok/></rpc-reply>]]>]]>$"
new "netconf edit config"
expecteof "$clixon_netconf -qf $cfg" 0 "<rpc $DEFAULTNS><edit-config><target><candidate/></target><config>$RESTCONFIG</config></edit-config></rpc>]]>]]>" "^<rpc-reply $DEFAULTNS><ok/></rpc-reply>]]>]]>$"
new "netconf commit" new "netconf commit"
expecteof "$clixon_netconf -qf $cfg" 0 "<rpc $DEFAULTNS><commit/></rpc>]]>]]>" "^<rpc-reply $DEFAULTNS><ok/></rpc-reply>]]>]]>$" expecteof "$clixon_netconf -qf $cfg" 0 "<rpc $DEFAULTNS><commit/></rpc>]]>]]>" "^<rpc-reply $DEFAULTNS><ok/></rpc-reply>]]>]]>$"
fi
if [ $RC -ne 0 ]; then if [ $RC -ne 0 ]; then
new "kill old restconf daemon" new "kill old restconf daemon"
stop_restconf_pre stop_restconf_pre
if [ $config = backend ] ; then # Add -b option new "start restconf daemon ZZZ"
new "start restconf daemon -o CLICON_RESTCONF_CONFIG=true" echo "cfg:$cfg"
start_restconf -f $cfg -o CLICON_RESTCONF_CONFIG=true start_restconf -f $cfg
else
new "start restconf daemon -o CLICON_RESTCONF_CONFIG=false"
start_restconf -f $cfg -o CLICON_RESTCONF_CONFIG=false
fi
fi fi
new "wait restconf" new "wait restconf"
wait_restconf wait_restconf
@ -396,16 +374,8 @@ for proto in $protos; do
addrs="$addrs \[::1\]" addrs="$addrs \[::1\]"
fi fi
for addr in $addrs; do for addr in $addrs; do
configs="local" new "restconf test: proto:$proto addr:$addr config:$config"
if [ "${WITH_RESTCONF}" = "evhtp" ]; then testrun $proto $addr
# backend config retrieval only implemented for evhtp
configs="$configs backend"
fi
echo "configs:$configs"
for config in $configs; do
new "restconf test: proto:$proto addr:$addr config:$config"
testrun $proto $addr $config
done
done done
done done

7
test/test_restconf2.sh
View file

@ -23,6 +23,7 @@ cat <<EOF > $cfg
<CLICON_SOCK>/usr/local/var/$APPNAME/$APPNAME.sock</CLICON_SOCK> <CLICON_SOCK>/usr/local/var/$APPNAME/$APPNAME.sock</CLICON_SOCK>
<CLICON_BACKEND_PIDFILE>$dir/restconf.pidfile</CLICON_BACKEND_PIDFILE> <CLICON_BACKEND_PIDFILE>$dir/restconf.pidfile</CLICON_BACKEND_PIDFILE>
<CLICON_XMLDB_DIR>/usr/local/var/$APPNAME</CLICON_XMLDB_DIR> <CLICON_XMLDB_DIR>/usr/local/var/$APPNAME</CLICON_XMLDB_DIR>
$RESTCONFIG
</clixon-config> </clixon-config>
EOF EOF
@ -84,12 +85,6 @@ fi
new "waiting" new "waiting"
wait_backend wait_backend
# Load restconf config for evhtp backend config
if [ "${WITH_RESTCONF}" = "evhtp" ]; then
. ./restconfig.sh
restconfigrun
fi
if [ $RC -ne 0 ]; then if [ $RC -ne 0 ]; then
new "kill old restconf daemon" new "kill old restconf daemon"
stop_restconf_pre stop_restconf_pre

7
test/test_restconf_err.sh
View file

@ -46,6 +46,7 @@ cat <<EOF > $cfg
<CLICON_CLISPEC_DIR>/usr/local/lib/$APPNAME/clispec</CLICON_CLISPEC_DIR> <CLICON_CLISPEC_DIR>/usr/local/lib/$APPNAME/clispec</CLICON_CLISPEC_DIR>
<CLICON_CLI_DIR>/usr/local/lib/$APPNAME/cli</CLICON_CLI_DIR> <CLICON_CLI_DIR>/usr/local/lib/$APPNAME/cli</CLICON_CLI_DIR>
<CLICON_CLI_MODE>$APPNAME</CLICON_CLI_MODE> <CLICON_CLI_MODE>$APPNAME</CLICON_CLI_MODE>
$RESTCONFIG
</clixon-config> </clixon-config>
EOF EOF
@ -168,12 +169,6 @@ fi
new "waiting" new "waiting"
wait_backend wait_backend
# Load restconf config for evhtp backend config
if [ "${WITH_RESTCONF}" = "evhtp" ]; then
. ./restconfig.sh
restconfigrun
fi
if [ $RC -ne 0 ]; then if [ $RC -ne 0 ]; then
new "kill old restconf daemon" new "kill old restconf daemon"
stop_restconf_pre stop_restconf_pre

7
test/test_restconf_jukebox.sh
View file

@ -36,6 +36,7 @@ cat <<EOF > $cfg
<CLICON_BACKEND_PIDFILE>$dir/restconf.pidfile</CLICON_BACKEND_PIDFILE> <CLICON_BACKEND_PIDFILE>$dir/restconf.pidfile</CLICON_BACKEND_PIDFILE>
<CLICON_XMLDB_DIR>/usr/local/var/$APPNAME</CLICON_XMLDB_DIR> <CLICON_XMLDB_DIR>/usr/local/var/$APPNAME</CLICON_XMLDB_DIR>
<CLICON_STREAM_DISCOVERY_RFC8040>true</CLICON_STREAM_DISCOVERY_RFC8040> <CLICON_STREAM_DISCOVERY_RFC8040>true</CLICON_STREAM_DISCOVERY_RFC8040>
$RESTCONFIG
</clixon-config> </clixon-config>
EOF EOF
@ -77,12 +78,6 @@ fi
new "waiting" new "waiting"
wait_backend wait_backend
# Load restconf config for evhtp backend config
if [ "${WITH_RESTCONF}" = "evhtp" ]; then
. ./restconfig.sh
restconfigrun
fi
if [ $RC -ne 0 ]; then if [ $RC -ne 0 ]; then
new "kill old restconf daemon" new "kill old restconf daemon"
stop_restconf_pre stop_restconf_pre

7
test/test_restconf_listkey.sh
View file

@ -21,6 +21,7 @@ cat <<EOF > $cfg
<CLICON_SOCK>/usr/local/var/$APPNAME/$APPNAME.sock</CLICON_SOCK> <CLICON_SOCK>/usr/local/var/$APPNAME/$APPNAME.sock</CLICON_SOCK>
<CLICON_BACKEND_PIDFILE>$dir/restconf.pidfile</CLICON_BACKEND_PIDFILE> <CLICON_BACKEND_PIDFILE>$dir/restconf.pidfile</CLICON_BACKEND_PIDFILE>
<CLICON_XMLDB_DIR>/usr/local/var/$APPNAME</CLICON_XMLDB_DIR> <CLICON_XMLDB_DIR>/usr/local/var/$APPNAME</CLICON_XMLDB_DIR>
$RESTCONFIG
</clixon-config> </clixon-config>
EOF EOF
@ -80,12 +81,6 @@ fi
new "waiting" new "waiting"
wait_backend wait_backend
# Load restconf config for evhtp backend config
if [ "${WITH_RESTCONF}" = "evhtp" ]; then
. ./restconfig.sh
restconfigrun
fi
if [ $RC -ne 0 ]; then if [ $RC -ne 0 ]; then
new "kill old restconf daemon" new "kill old restconf daemon"
stop_restconf_pre stop_restconf_pre

5
test/test_restconf_patch.sh
View file

@ -26,6 +26,7 @@ cat <<EOF > $cfg
<CLICON_XMLDB_DIR>$dir</CLICON_XMLDB_DIR> <CLICON_XMLDB_DIR>$dir</CLICON_XMLDB_DIR>
<CLICON_NACM_MODE>internal</CLICON_NACM_MODE> <CLICON_NACM_MODE>internal</CLICON_NACM_MODE>
<CLICON_NACM_DISABLED_ON_EMPTY>true</CLICON_NACM_DISABLED_ON_EMPTY> <CLICON_NACM_DISABLED_ON_EMPTY>true</CLICON_NACM_DISABLED_ON_EMPTY>
$RESTCONFIG
</clixon-config> </clixon-config>
EOF EOF
@ -116,7 +117,7 @@ if [ $RC -ne 0 ]; then
stop_restconf_pre stop_restconf_pre
new "start restconf daemon (-a is enable basic authentication)" new "start restconf daemon (-a is enable basic authentication)"
start_restconf -f $cfg -o CLICON_RESTCONF_CONFIG=false -- -a start_restconf -f $cfg -- -a
new "waiting restconf" new "waiting restconf"
wait_restconf wait_restconf
@ -173,7 +174,7 @@ if [ $RC -ne 0 ]; then
stop_restconf_pre stop_restconf_pre
new "start restconf daemon (-a is enable basic authentication)" new "start restconf daemon (-a is enable basic authentication)"
start_restconf -f $cfg -o CLICON_RESTCONF_CONFIG=false -- -a start_restconf -f $cfg -- -a
new "waiting" new "waiting"
wait_restconf wait_restconf

7
test/test_restconf_startup.sh
View file

@ -44,6 +44,7 @@ cat <<EOF > $cfg
<CLICON_SOCK>/usr/local/var/$APPNAME/$APPNAME.sock</CLICON_SOCK> <CLICON_SOCK>/usr/local/var/$APPNAME/$APPNAME.sock</CLICON_SOCK>
<CLICON_BACKEND_PIDFILE>/usr/local/var/$APPNAME/$APPNAME.pidfile</CLICON_BACKEND_PIDFILE> <CLICON_BACKEND_PIDFILE>/usr/local/var/$APPNAME/$APPNAME.pidfile</CLICON_BACKEND_PIDFILE>
<CLICON_XMLDB_DIR>$dir</CLICON_XMLDB_DIR> <CLICON_XMLDB_DIR>$dir</CLICON_XMLDB_DIR>
$RESTCONFIG
</clixon-config> </clixon-config>
EOF EOF
@ -64,12 +65,6 @@ testrun(){
new "waiting" new "waiting"
wait_backend wait_backend
# Load restconf config for evhtp backend config
if [ "${WITH_RESTCONF}" = "evhtp" ]; then
. ./restconfig.sh
restconfigrun
fi
new "kill old restconf daemon" new "kill old restconf daemon"
stop_restconf_pre stop_restconf_pre

7
test/test_rpc.sh
View file

@ -28,6 +28,7 @@ cat <<EOF > $cfg
<CLICON_SOCK>/usr/local/var/$APPNAME/$APPNAME.sock</CLICON_SOCK> <CLICON_SOCK>/usr/local/var/$APPNAME/$APPNAME.sock</CLICON_SOCK>
<CLICON_BACKEND_PIDFILE>/usr/local/var/$APPNAME/$APPNAME.pidfile</CLICON_BACKEND_PIDFILE> <CLICON_BACKEND_PIDFILE>/usr/local/var/$APPNAME/$APPNAME.pidfile</CLICON_BACKEND_PIDFILE>
<CLICON_XMLDB_DIR>/usr/local/var/$APPNAME</CLICON_XMLDB_DIR> <CLICON_XMLDB_DIR>/usr/local/var/$APPNAME</CLICON_XMLDB_DIR>
$RESTCONFIG
</clixon-config> </clixon-config>
EOF EOF
@ -45,12 +46,6 @@ fi
new "waiting" new "waiting"
wait_backend wait_backend
# Load restconf config for evhtp backend config
if [ "${WITH_RESTCONF}" = "evhtp" ]; then
. ./restconfig.sh
restconfigrun
fi
if [ $RC -ne 0 ]; then if [ $RC -ne 0 ]; then
new "kill old restconf daemon" new "kill old restconf daemon"
stop_restconf_pre stop_restconf_pre

119
test/test_ssl_certs.sh
View file

@ -43,42 +43,6 @@ fi
test -d $certdir || mkdir $certdir test -d $certdir || mkdir $certdir
# Use yang in example # Use yang in example
# Get config from backend?
cat <<EOF > $cfg
<clixon-config xmlns="http://clicon.org/config">
<CLICON_CONFIGFILE>$cfg</CLICON_CONFIGFILE>
<CLICON_FEATURE>ietf-netconf:startup</CLICON_FEATURE>
<CLICON_YANG_DIR>/usr/local/share/clixon</CLICON_YANG_DIR>
<CLICON_YANG_DIR>$IETFRFC</CLICON_YANG_DIR>
<CLICON_YANG_MAIN_FILE>$fyang</CLICON_YANG_MAIN_FILE>
<CLICON_CLISPEC_DIR>/usr/local/lib/$APPNAME/clispec</CLICON_CLISPEC_DIR>
<CLICON_BACKEND_DIR>/usr/local/lib/$APPNAME/backend</CLICON_BACKEND_DIR>
<CLICON_BACKEND_REGEXP>example_backend.so$</CLICON_BACKEND_REGEXP>
<CLICON_RESTCONF_DIR>/usr/local/lib/$APPNAME/restconf</CLICON_RESTCONF_DIR>
<CLICON_RESTCONF_PRETTY>false</CLICON_RESTCONF_PRETTY>
<CLICON_CLI_DIR>/usr/local/lib/$APPNAME/cli</CLICON_CLI_DIR>
<CLICON_CLI_MODE>$APPNAME</CLICON_CLI_MODE>
<CLICON_SOCK>/usr/local/var/$APPNAME/$APPNAME.sock</CLICON_SOCK>
<CLICON_BACKEND_PIDFILE>/usr/local/var/$APPNAME/$APPNAME.pidfile</CLICON_BACKEND_PIDFILE>
<CLICON_XMLDB_DIR>$dir</CLICON_XMLDB_DIR>
<CLICON_MODULE_LIBRARY_RFC7895>true</CLICON_MODULE_LIBRARY_RFC7895>
<CLICON_NACM_MODE>internal</CLICON_NACM_MODE>
<CLICON_SSL_SERVER_CERT>$srvcert</CLICON_SSL_SERVER_CERT>
<CLICON_SSL_SERVER_KEY>$srvkey</CLICON_SSL_SERVER_KEY>
<CLICON_SSL_CA_CERT>$cacert</CLICON_SSL_CA_CERT>
EOF
if $IPv6; then
cat <<EOF >> $cfg
<CLICON_RESTCONF_IPV6_ADDR>::</CLICON_RESTCONF_IPV6_ADDR>
EOF
fi
cat <<EOF >> $cfg
</clixon-config>
EOF
cat <<EOF > $fyang cat <<EOF > $fyang
module example{ module example{
yang-version 1.1; yang-version 1.1;
@ -155,44 +119,49 @@ EOF
fi # genkeys fi # genkeys
# Set a clixon-restconf config # Write local config
ssl=true cat <<EOF > $cfg
port=443 <clixon-config xmlns="http://clicon.org/config">
authtype=client-certificate <CLICON_CONFIGFILE>$cfg</CLICON_CONFIGFILE>
<CLICON_FEATURE>ietf-netconf:startup</CLICON_FEATURE>
<CLICON_YANG_DIR>/usr/local/share/clixon</CLICON_YANG_DIR>
<CLICON_YANG_DIR>$IETFRFC</CLICON_YANG_DIR>
<CLICON_YANG_MAIN_FILE>$fyang</CLICON_YANG_MAIN_FILE>
<CLICON_CLISPEC_DIR>/usr/local/lib/$APPNAME/clispec</CLICON_CLISPEC_DIR>
<CLICON_BACKEND_DIR>/usr/local/lib/$APPNAME/backend</CLICON_BACKEND_DIR>
<CLICON_BACKEND_REGEXP>example_backend.so$</CLICON_BACKEND_REGEXP>
<CLICON_RESTCONF_DIR>/usr/local/lib/$APPNAME/restconf</CLICON_RESTCONF_DIR>
<CLICON_RESTCONF_PRETTY>false</CLICON_RESTCONF_PRETTY>
<CLICON_CLI_DIR>/usr/local/lib/$APPNAME/cli</CLICON_CLI_DIR>
<CLICON_CLI_MODE>$APPNAME</CLICON_CLI_MODE>
<CLICON_SOCK>/usr/local/var/$APPNAME/$APPNAME.sock</CLICON_SOCK>
<CLICON_BACKEND_PIDFILE>/usr/local/var/$APPNAME/$APPNAME.pidfile</CLICON_BACKEND_PIDFILE>
<CLICON_XMLDB_DIR>$dir</CLICON_XMLDB_DIR>
<CLICON_MODULE_LIBRARY_RFC7895>true</CLICON_MODULE_LIBRARY_RFC7895>
<CLICON_NACM_MODE>internal</CLICON_NACM_MODE>
<restconf>
<auth-type>client-certificate</auth-type>
<server-cert-path>$srvcert</server-cert-path>
<server-key-path>$srvkey</server-key-path>
<server-ca-cert-path>$cacert</server-ca-cert-path>
<socket>
<namespace>default</namespace>
<address>0.0.0.0</address>
<port>443</port>
<ssl>true</ssl>
</socket>
</restconf>
</clixon-config>
EOF
# Run with and without getting config from backend # Run The test, ssl config is in local config
# arg 1: false: local config; true: use config backend
testrun() testrun()
{ {
USEBACKEND=$1 cat <<EOF > $dir/startup_db
# Startup DB with proper NACM config
if $USEBACKEND; then
cat <<EOF > $dir/startup_db
<config>
<restconf xmlns="https://clicon.org/restconf">
<auth-type>$authtype</auth-type>
<server-cert-path>$srvcert</server-cert-path>
<server-key-path>$srvkey</server-key-path>
<server-ca-cert-path>$cacert</server-ca-cert-path>
<socket>
<namespace>default</namespace>
<address>0.0.0.0</address>
<port>$port</port>
<ssl>$ssl</ssl>
</socket>
</restconf>
$RULES
</config>
EOF
else
cat <<EOF > $dir/startup_db
<config> <config>
$RULES $RULES
</config> </config>
EOF EOF
fi
if [ $BE -ne 0 ]; then if [ $BE -ne 0 ]; then
new "kill old backend" new "kill old backend"
sudo clixon_backend -zf $cfg sudo clixon_backend -zf $cfg
@ -211,13 +180,8 @@ EOF
if [ $RC -ne 0 ]; then if [ $RC -ne 0 ]; then
new "kill old restconf daemon" new "kill old restconf daemon"
stop_restconf_pre stop_restconf_pre
if $USEBACKEND; then new "start restconf daemon -s -c -- -s"
new "start restconf daemon -b -- -s" start_restconf -f $cfg -- -s
start_restconf -f $cfg -o CLICON_RESTCONF_CONFIG=true -- -s
else
new "start restconf daemon -s -c -- -s"
start_restconf -f $cfg -s -c -o CLICON_RESTCONF_CONFIG=false -- -s
fi
fi fi
new "wait for restconf" new "wait for restconf"
@ -254,11 +218,8 @@ EOF
fi fi
} }
new "Use local restconf config" new "Run test"
testrun false testrun
new "Get restconf config from backend"
testrun true
rm -rf $dir rm -rf $dir

7
test/test_submodule.sh
View file

@ -43,6 +43,7 @@ cat <<EOF > $cfg
<CLICON_RESTCONF_PRETTY>false</CLICON_RESTCONF_PRETTY> <CLICON_RESTCONF_PRETTY>false</CLICON_RESTCONF_PRETTY>
<CLICON_XMLDB_DIR>/usr/local/var/$APPNAME</CLICON_XMLDB_DIR> <CLICON_XMLDB_DIR>/usr/local/var/$APPNAME</CLICON_XMLDB_DIR>
<CLICON_MODULE_LIBRARY_RFC7895>false</CLICON_MODULE_LIBRARY_RFC7895> <CLICON_MODULE_LIBRARY_RFC7895>false</CLICON_MODULE_LIBRARY_RFC7895>
$RESTCONFIG
</clixon-config> </clixon-config>
EOF EOF
@ -161,12 +162,6 @@ fi
new "wait backend" new "wait backend"
wait_backend wait_backend
# Load restconf config for evhtp backend config
if [ "${WITH_RESTCONF}" = "evhtp" ]; then
. ./restconfig.sh
restconfigrun
fi
if [ $RC -ne 0 ]; then if [ $RC -ne 0 ]; then
new "kill old restconf daemon" new "kill old restconf daemon"
stop_restconf_pre stop_restconf_pre

3
test/test_yang_anydata.sh
View file

@ -145,6 +145,7 @@ testrun()
<CLICON_RESTCONF_PRETTY>false</CLICON_RESTCONF_PRETTY> <CLICON_RESTCONF_PRETTY>false</CLICON_RESTCONF_PRETTY>
<CLICON_YANG_UNKNOWN_ANYDATA>$unknown</CLICON_YANG_UNKNOWN_ANYDATA> <CLICON_YANG_UNKNOWN_ANYDATA>$unknown</CLICON_YANG_UNKNOWN_ANYDATA>
$F $F
$RESTCONFIG
</clixon-config> </clixon-config>
EOF EOF
@ -181,7 +182,7 @@ EOF
stop_restconf_pre stop_restconf_pre
new "start restconf daemon" new "start restconf daemon"
start_restconf -f $cfg -o CLICON_RESTCONF_CONFIG=false start_restconf -f $cfg
fi fi
new "wait restconf" new "wait restconf"

36
test/test_yang_namespace.sh
View file

@ -27,6 +27,7 @@ cat <<EOF > $cfg
<CLICON_BACKEND_PIDFILE>/usr/local/var/$APPNAME/$APPNAME.pidfile</CLICON_BACKEND_PIDFILE> <CLICON_BACKEND_PIDFILE>/usr/local/var/$APPNAME/$APPNAME.pidfile</CLICON_BACKEND_PIDFILE>
<CLICON_XMLDB_DIR>/usr/local/var/$APPNAME</CLICON_XMLDB_DIR> <CLICON_XMLDB_DIR>/usr/local/var/$APPNAME</CLICON_XMLDB_DIR>
<CLICON_MODULE_LIBRARY_RFC7895>true</CLICON_MODULE_LIBRARY_RFC7895> <CLICON_MODULE_LIBRARY_RFC7895>true</CLICON_MODULE_LIBRARY_RFC7895>
$RESTCONFIG
</clixon-config> </clixon-config>
EOF EOF
@ -82,7 +83,7 @@ if [ $RC -ne 0 ]; then
stop_restconf_pre stop_restconf_pre
new "start restconf daemon" new "start restconf daemon"
start_restconf -f $cfg -o CLICON_RESTCONF_CONFIG=false start_restconf -f $cfg
new "waiting" new "waiting"
wait_restconf wait_restconf
@ -116,7 +117,6 @@ expectpart "$(curl $CURLOPTS -X POST -H "Content-Type: application/yang-data+jso
#new "restconf get config example1" #new "restconf get config example1"
#expectpart "$(curl $CURLOPTS -X GET $RCPROTO://localhost/restconf/data/example1:x)" 0 "HTTP/1.1 200 OK" '{"example1:x":42}' #expectpart "$(curl $CURLOPTS -X GET $RCPROTO://localhost/restconf/data/example1:x)" 0 "HTTP/1.1 200 OK" '{"example1:x":42}'
# XXX GET ../example2:x is translated to select=/x which gets both example1&2 # XXX GET ../example2:x is translated to select=/x which gets both example1&2
#new "restconf get config example2" #new "restconf get config example2"
#expectpart "$(curl $CURLOPTS -X GET $RCPROTO://localhost/restconf/data/example2:x)" 0 "HTTP/1.1 200 OK" '{"example2:x":{"y":42}}' #expectpart "$(curl $CURLOPTS -X GET $RCPROTO://localhost/restconf/data/example2:x)" 0 "HTTP/1.1 200 OK" '{"example2:x":{"y":42}}'
@ -134,20 +134,20 @@ if [ $RC -ne 0 ]; then
stop_restconf stop_restconf
fi fi
if [ $BE -eq 0 ]; then if [ $BE -ne 0 ]; then
exit # BE new "Kill backend"
fi # Check if premature kill
new "Kill backend" pid=$(pgrep -u root -f clixon_backend)
# Check if premature kill if [ -z "$pid" ]; then
pid=$(pgrep -u root -f clixon_backend) err "backend already dead"
if [ -z "$pid" ]; then fi
err "backend already dead" # kill backend
fi sudo clixon_backend -z -f $cfg
# kill backend
sudo clixon_backend -z -f $cfg
if [ $? -ne 0 ]; then
err "kill backend"
fi
sudo pkill -u root -f clixon_backend
rm -rf $dir if [ $? -ne 0 ]; then
err "kill backend"
fi
sudo pkill -u root -f clixon_backend
fi
#rm -rf $dir

56
yang/clixon/clixon-config@2020-11-03.yang
View file

@ -3,6 +3,9 @@ module clixon-config {
namespace "http://clicon.org/config"; namespace "http://clicon.org/config";
prefix cc; prefix cc;
import clixon-restconf {
prefix clrc;
}
organization organization
"Clicon / Clixon"; "Clicon / Clixon";
@ -42,7 +45,15 @@ module clixon-config {
revision 2020-11-03 { revision 2020-11-03 {
description description
"Added: CLICON_RESTCONF_CONFIG"; "Moved to clixon-restconf.yang and marked as obsolete:
CLICON_RESTCONF_IPV4_ADDR
CLICON_RESTCONF_IPV6_ADDR
CLICON_RESTCONF_HTTP_PORT
CLICON_RESTCONF_HTTPS_PORT
CLICON_SSL_SERVER_CERT
CLICON_SSL_SERVER_KEY
CLICON_SSL_CA_CERT
Removed obsolete option CLICON_TRANSACTION_MOD";
} }
revision 2020-10-01 { revision 2020-10-01 {
description description
@ -270,6 +281,9 @@ module clixon-config {
} }
container clixon-config { container clixon-config {
container restconf {
uses clrc:clixon-restconf;
}
leaf-list CLICON_FEATURE { leaf-list CLICON_FEATURE {
description description
"Supported features as used by YANG feature/if-feature "Supported features as used by YANG feature/if-feature
@ -412,81 +426,69 @@ module clixon-config {
Setting this value to false makes restconf return not pretty-printed Setting this value to false makes restconf return not pretty-printed
which may be desirable for performance or tests"; which may be desirable for performance or tests";
} }
leaf CLICON_RESTCONF_CONFIG {
type boolean;
default false;
description
"If set, get restconf-specific configuration from the backend running datastore,
using clixon-restconf.yang.
If not set, load all config from local clixon XML config file.
This only applies to with-restconf=evhtp, NOT with restconf=fcgi (nginx)
A consequence is that if set, the following option in this YANG are obsolete:
CLICON_RESTCONF_IPV4_ADDR
CLICON_RESTCONF_IPV6_ADDR
CLICON_RESTCONF_HTTP_PORT
CLICON_RESTCONF_HTTPS_PORT
CLICON_SSL_SERVER_CERT
CLICON_SSL_SERVER_KEY
CLICON_SSL_CA_CERT
";
}
leaf CLICON_RESTCONF_IPV4_ADDR { leaf CLICON_RESTCONF_IPV4_ADDR {
type string; type string;
default "0.0.0.0"; default "0.0.0.0";
status obsolete;
description description
"RESTCONF IPv4 socket binding address. "RESTCONF IPv4 socket binding address.
Applies to native http by config option --with-restconf=evhtp. Applies to native http by config option --with-restconf=evhtp.
Obsolete if CLICON_RESTCONF_CONFIG is true"; This config is moved to clixon-restconf.yang.";
} }
leaf CLICON_RESTCONF_IPV6_ADDR { leaf CLICON_RESTCONF_IPV6_ADDR {
type string; type string;
status obsolete;
description description
"RESTCONF IPv6 socket binding address. "RESTCONF IPv6 socket binding address.
Applies to native http by config option --with-restconf=evhtp. Applies to native http by config option --with-restconf=evhtp.
Obsolete if CLICON_RESTCONF_CONFIG is true"; This config is moved to clixon-restconf.yang.";
} }
leaf CLICON_RESTCONF_HTTP_PORT { leaf CLICON_RESTCONF_HTTP_PORT {
type uint16; type uint16;
default 80; default 80;
status obsolete;
description description
"RESTCONF socket binding port, non-ssl "RESTCONF socket binding port, non-ssl
In the restconf daemon, it can be overriden by -P <port> In the restconf daemon, it can be overriden by -P <port>
Applies to native http only by config option --with-restconf=evhtp. Applies to native http only by config option --with-restconf=evhtp.
Obsolete if CLICON_RESTCONF_CONFIG is true"; This config is moved to clixon-restconf.yang.";
} }
leaf CLICON_RESTCONF_HTTPS_PORT { leaf CLICON_RESTCONF_HTTPS_PORT {
type uint16; type uint16;
default 443; default 443;
status obsolete;
description description
"RESTCONF socket binding port, ssl "RESTCONF socket binding port, ssl
In the restconf daemon, this is the port chosen if -s is given. In the restconf daemon, this is the port chosen if -s is given.
Note it can be overriden by -P <port> Note it can be overriden by -P <port>
Applies to native http by config option --with-restconf=evhtp. Applies to native http by config option --with-restconf=evhtp.
Obsolete if CLICON_RESTCONF_CONFIG is true"; This config is moved to clixon-restconf.yang.";
} }
leaf CLICON_SSL_SERVER_CERT { leaf CLICON_SSL_SERVER_CERT {
type string; type string;
default "/etc/ssl/certs/clixon-server-crt.pem"; default "/etc/ssl/certs/clixon-server-crt.pem";
status obsolete;
description description
"SSL server cert for restconf https. "SSL server cert for restconf https.
Applies to native http only by config option --with-restconf=evhtp. Applies to native http only by config option --with-restconf=evhtp.
Obsolete if CLICON_RESTCONF_CONFIG is true"; This config is moved to clixon-restconf.yang.";
} }
leaf CLICON_SSL_SERVER_KEY { leaf CLICON_SSL_SERVER_KEY {
type string; type string;
default "/etc/ssl/private/clixon-server-key.pem"; default "/etc/ssl/private/clixon-server-key.pem";
status obsolete;
description description
"SSL server private key for restconf https. "SSL server private key for restconf https.
Applies to native http only by config option --with-restconf=evhtp. Applies to native http only by config option --with-restconf=evhtp.
Obsolete if CLICON_RESTCONF_CONFIG is true"; This config is moved to clixon-restconf.yang.";
} }
leaf CLICON_SSL_CA_CERT { leaf CLICON_SSL_CA_CERT {
type string; type string;
default "/etc/ssl/certs/clixon-ca_crt.pem"; default "/etc/ssl/certs/clixon-ca_crt.pem";
status obsolete;
description description
"SSL CA cert for client authentication. "SSL CA cert for client authentication.
Applies to native http only by config option --with-restconf=evhtp. This config is moved to clixon-restconf.yang.";
Obsolete if CLICON_RESTCONF_CONFIG is true";
} }
leaf CLICON_CLI_DIR { leaf CLICON_CLI_DIR {
type string; type string;

13
yang/clixon/clixon-restconf@2020-10-30.yang
View file

@ -83,8 +83,7 @@ module clixon-restconf {
description description
"Common operations that can be performed on a service"; "Common operations that can be performed on a service";
} }
container restconf { grouping clixon-restconf{
presence "Enables RESTCONF";
description description
"HTTP daemon configuration."; "HTTP daemon configuration.";
leaf-list auth-type { leaf-list auth-type {
@ -98,24 +97,18 @@ module clixon-restconf {
description description
"Path to server certificate file. "Path to server certificate file.
Note only applies if socket has ssl enabled"; Note only applies if socket has ssl enabled";
default "/etc/ssl/private/clixon-server-crt.pem";
/* See CLICON_SSL_SERVER_CERT */
} }
leaf server-key-path { leaf server-key-path {
type string; type string;
description description
"Path to server key file "Path to server key file
Note only applies if socket has ssl enabled"; Note only applies if socket has ssl enabled";
default "/etc/ssl/private/clixon-server-key.pem";
/* See CLICON_SSL_SERVER_KEY */
} }
leaf server-ca-cert-path { leaf server-ca-cert-path {
type string; type string;
description description
"Path to server CA cert file "Path to server CA cert file
Note only applies if socket has ssl enabled"; Note only applies if socket has ssl enabled";
default "/etc/ssl/certs/clixon-ca_crt.pem";
/* CLICON_SSL_CA_CERT */
} }
list socket { list socket {
key "namespace address port"; key "namespace address port";
@ -138,6 +131,10 @@ module clixon-restconf {
} }
} }
} }
container restconf {
presence "Enables RESTCONF";
uses clixon-restconf;
}
rpc restconf-control { rpc restconf-control {
input { input {
leaf operation { leaf operation {