Added Clixon example full system docker container, see [docker/system].
This commit is contained in:
Olof Hagsand
parent
ae8d28fae8
commit
2b596591f1
24 changed files with 439 additions and 124 deletions
|
|
@ -127,6 +127,7 @@
|
|||
* Syntactically Correct handling of '<?' (processing instructions) and '<?xml' (XML declaration)
|
||||
* XML prolog syntax for 'well-formed' XML
|
||||
* `<!DOCTYPE` (ie DTD) is not supported.
|
||||
* Added Clixon example full system docker container, see [docker/system].
|
||||
* Added `make test` from top-level Makefile
|
||||
* Added `xml_rootchild_node()` lib function as variant of `xml_rootchild()`
|
||||
* Added -o "<option>=<value>" command-line option to all programs: backend, cli, netconf, restconf.
|
||||
|
|
|
|||
4
configure
vendored
4
configure
vendored
|
|
@ -4433,7 +4433,7 @@ _ACEOF
|
|||
|
||||
|
||||
|
||||
ac_config_files="$ac_config_files Makefile lib/Makefile lib/src/Makefile lib/clixon/Makefile apps/Makefile apps/cli/Makefile apps/backend/Makefile apps/netconf/Makefile apps/restconf/Makefile include/Makefile etc/Makefile etc/clixonrc example/Makefile extras/rpm/Makefile docker/Makefile datastore/Makefile datastore/text/Makefile util/Makefile yang/Makefile yang/clixon/Makefile yang/standard/Makefile doc/Makefile test/Makefile"
|
||||
ac_config_files="$ac_config_files Makefile lib/Makefile lib/src/Makefile lib/clixon/Makefile apps/Makefile apps/cli/Makefile apps/backend/Makefile apps/netconf/Makefile apps/restconf/Makefile include/Makefile etc/Makefile etc/clixonrc example/Makefile extras/rpm/Makefile docker/Makefile docker/system/Makefile docker/cluster/Makefile datastore/Makefile datastore/text/Makefile util/Makefile yang/Makefile yang/clixon/Makefile yang/standard/Makefile doc/Makefile test/Makefile"
|
||||
|
||||
cat >confcache <<\_ACEOF
|
||||
# This file is a shell script that caches the results of configure
|
||||
|
|
@ -5142,6 +5142,8 @@ do
|
|||
"example/Makefile") CONFIG_FILES="$CONFIG_FILES example/Makefile" ;;
|
||||
"extras/rpm/Makefile") CONFIG_FILES="$CONFIG_FILES extras/rpm/Makefile" ;;
|
||||
"docker/Makefile") CONFIG_FILES="$CONFIG_FILES docker/Makefile" ;;
|
||||
"docker/system/Makefile") CONFIG_FILES="$CONFIG_FILES docker/system/Makefile" ;;
|
||||
"docker/cluster/Makefile") CONFIG_FILES="$CONFIG_FILES docker/cluster/Makefile" ;;
|
||||
"datastore/Makefile") CONFIG_FILES="$CONFIG_FILES datastore/Makefile" ;;
|
||||
"datastore/text/Makefile") CONFIG_FILES="$CONFIG_FILES datastore/text/Makefile" ;;
|
||||
"util/Makefile") CONFIG_FILES="$CONFIG_FILES util/Makefile" ;;
|
||||
|
|
|
|||
|
|
@ -241,7 +241,8 @@ AC_OUTPUT(Makefile
|
|||
etc/clixonrc
|
||||
example/Makefile
|
||||
extras/rpm/Makefile
|
||||
docker/Makefile
|
||||
docker/Makefile
|
||||
docker/system/Makefile
|
||||
datastore/Makefile
|
||||
datastore/text/Makefile
|
||||
util/Makefile
|
||||
|
|
|
|||
|
|
@ -38,15 +38,17 @@ CFLAGS = @CFLAGS@
|
|||
LDFLAGS = @LDFLAGS@
|
||||
LIBS = @LIBS@
|
||||
|
||||
# Change this
|
||||
IMAGE = olofhagsand/clixon
|
||||
# Example docker image. PLEASE CHANGE THIS IF YOU PUSH
|
||||
IMG_BASE = olofhagsand/clixon # base image
|
||||
|
||||
SHELL = /bin/sh
|
||||
|
||||
SUBDIRS = system
|
||||
#SUBDIRS += cluster
|
||||
|
||||
.PHONY: all clean depend install docker push
|
||||
|
||||
all:
|
||||
all: $(SUBDIRS)
|
||||
echo "Run make docker to build docker image"
|
||||
|
||||
clean:
|
||||
|
|
@ -54,12 +56,11 @@ clean:
|
|||
distclean: clean
|
||||
rm -f Makefile *~ .depend
|
||||
|
||||
docker:
|
||||
sudo docker build -t $(IMAGE) . # --no-cache
|
||||
echo "cd ../example; make docker to build example application"
|
||||
docker: Dockerfile
|
||||
sudo docker build -t $(IMG_BASE) . # --no-cache
|
||||
|
||||
push:
|
||||
sudo docker push $(IMAGE)
|
||||
sudo docker push $(IMG_BASE)
|
||||
|
||||
depend:
|
||||
|
||||
|
|
|
|||
|
|
@ -1,19 +1,24 @@
|
|||
# Clixon base docker image
|
||||
|
||||
This directory contains code for building and pushing a Clixon docker
|
||||
This directory contains code for building and pushing the clixon base docker
|
||||
container. By default it is pushed to olofhagsand/clixon, but you can change
|
||||
the IMAGE in Makefile.in and push it to another name.
|
||||
|
||||
There are also sub-directories with examples og other clixon example systems.
|
||||
|
||||
The clixon docker image is a base image that can be used to build
|
||||
clixon applications. It has all the whole code for a clixon release
|
||||
which it downloads from git - it does not use local code (note it may even use develop branch).
|
||||
|
||||
See example/docker for how to build a docker application using the base image.
|
||||
See [system/README.md] for how to build the clixon example application using the base image.
|
||||
|
||||
## Build and push
|
||||
|
||||
Build and push
|
||||
==============
|
||||
Perform the build by 'make docker'.
|
||||
You may also do 'make push' if you want to push the image, but you may then consider changing the image name (in the makefile:s).
|
||||
|
||||
You may run the container directly by going directly to example and
|
||||
the docker runtime scripts there
|
||||
|
||||
(You may have to login for push with sudo docker login -u <username>)
|
||||
|
||||
|
|
|
|||
|
|
@ -34,10 +34,12 @@
|
|||
FROM olofhagsand/clixon
|
||||
MAINTAINER Olof Hagsand <olof@hagsand.se>
|
||||
|
||||
#RUN apt-get update && apt-get install -y procps # ps for debugging
|
||||
RUN apt-get update && apt-get install -y nginx
|
||||
RUN apt-get update && apt-get install -y procps curl # ps for debugging
|
||||
|
||||
# The example uses "clicon" group
|
||||
RUN groupadd clicon
|
||||
RUN usermod -a -G clicon www-data
|
||||
|
||||
# Create a directory to hold source-code, dependencies etc
|
||||
RUN mkdir /example
|
||||
|
|
@ -49,15 +51,22 @@ RUN git clone https://github.com/clicon/clixon.git
|
|||
|
||||
# Build clixon
|
||||
WORKDIR /example/clixon
|
||||
RUN git checkout -b develop origin/develop
|
||||
RUN ./configure
|
||||
WORKDIR /example/clixon/example
|
||||
RUN make
|
||||
RUN make install
|
||||
RUN install example.xml /usr/local/etc/clixon.xml
|
||||
|
||||
# Log to stderr. Add -D 1 for debug
|
||||
CMD /usr/local/sbin/clixon_backend -F -a IPv4 -u 0.0.0.0 -s init -l e
|
||||
# Copy startscript
|
||||
WORKDIR /
|
||||
COPY startsystem.sh startsystem.sh
|
||||
RUN install startsystem.sh /usr/local/bin/
|
||||
|
||||
# Expose nginx port for restconf
|
||||
EXPOSE 80
|
||||
|
||||
# Log to stderr.
|
||||
CMD /usr/local/bin/startsystem.sh
|
||||
|
||||
|
||||
|
||||
68
docker/system/Makefile.in
Normal file
68
docker/system/Makefile.in
Normal file
|
|
@ -0,0 +1,68 @@
|
|||
#
|
||||
# ***** BEGIN LICENSE BLOCK *****
|
||||
#
|
||||
# Copyright (C) 2009-2019 Olof Hagsand and Benny Holmgren
|
||||
#
|
||||
# This file is part of CLIXON
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
# Alternatively, the contents of this file may be used under the terms of
|
||||
# the GNU General Public License Version 3 or later (the "GPL"),
|
||||
# in which case the provisions of the GPL are applicable instead
|
||||
# of those above. If you wish to allow use of your version of this file only
|
||||
# under the terms of the GPL, and not to allow others to
|
||||
# use your version of this file under the terms of Apache License version 2,
|
||||
# indicate your decision by deleting the provisions above and replace them with
|
||||
# the notice and other provisions required by the GPL. If you do not delete
|
||||
# the provisions above, a recipient may use your version of this file under
|
||||
# the terms of any one of the Apache License version 2 or the GPL.
|
||||
#
|
||||
# ***** END LICENSE BLOCK *****
|
||||
#
|
||||
VPATH = @srcdir@
|
||||
srcdir = @srcdir@
|
||||
top_srcdir = @top_srcdir@
|
||||
CC = @CC@
|
||||
CFLAGS = @CFLAGS@
|
||||
LDFLAGS = @LDFLAGS@
|
||||
LIBS = @LIBS@
|
||||
|
||||
# Example docker image. PLEASE CHANGE THIS IF YOU PUSH
|
||||
IMG_SYSTEM = clixon/clixon-system
|
||||
|
||||
SHELL = /bin/sh
|
||||
|
||||
.PHONY: all clean depend install docker push clixon-system
|
||||
|
||||
all:
|
||||
echo "Run make docker to build docker image"
|
||||
|
||||
clean:
|
||||
|
||||
distclean: clean
|
||||
rm -f Makefile *~ .depend
|
||||
|
||||
docker: Dockerfile
|
||||
sudo docker build -t $(IMG_SYSTEM) . # --no-cache
|
||||
|
||||
push:
|
||||
|
||||
depend:
|
||||
|
||||
install-include:
|
||||
|
||||
install:
|
||||
|
||||
uninstall:
|
||||
|
||||
31
docker/system/README.md
Normal file
31
docker/system/README.md
Normal file
|
|
@ -0,0 +1,31 @@
|
|||
# Clixon example container
|
||||
|
||||
This directory show how to build a "monolithic" clixon docker
|
||||
container containing the example application with both restconf,
|
||||
netconf, cli and backend.
|
||||
The directory contains the following files:
|
||||
cleanup.sh kill containers
|
||||
Dockerfile Docker build instructions
|
||||
lib.sh script library functions
|
||||
Makefile.in "make docker" builds the container
|
||||
README.md This file
|
||||
start.sh Start containers
|
||||
startsystem.sh Internal start script copied to inside the container
|
||||
stat.sh Shows container status
|
||||
|
||||
How to build and start the container:
|
||||
```
|
||||
$ make docker
|
||||
$ ./start.sh
|
||||
```
|
||||
|
||||
Once running you can access it as follows:
|
||||
* CLI: `sudo docker exec -it ef62ccfe1782 clixon_cli`
|
||||
* Netconf: `sudo docker exec -it ef62ccfe1782 clixon_netconf`
|
||||
* Restconf: `curl -G http://localhost/restconf`
|
||||
|
||||
To check status and then kill it:
|
||||
```
|
||||
$ ./stat.sh
|
||||
$ ./cleanup.sh
|
||||
```
|
||||
13
docker/system/cleanup.sh
Executable file
13
docker/system/cleanup.sh
Executable file
|
|
@ -0,0 +1,13 @@
|
|||
#!/bin/sh
|
||||
|
||||
# include err(), stat() and other functions
|
||||
. ./lib.sh
|
||||
|
||||
# Kill all controller containers (optionally do `make clean`)
|
||||
echo "You may want run make clean as well"
|
||||
|
||||
kill1 clixon/clixon-system
|
||||
|
||||
|
||||
|
||||
|
||||
38
docker/system/lib.sh
Executable file
38
docker/system/lib.sh
Executable file
|
|
@ -0,0 +1,38 @@
|
|||
#!/bin/sh
|
||||
# Lib functions like err(), stat() and others
|
||||
|
||||
# Error function
|
||||
# usage: err $msg
|
||||
err(){
|
||||
echo "\e[31m\n[Error $1]"
|
||||
echo "\e[0m"
|
||||
exit 1
|
||||
}
|
||||
|
||||
#json field XXX notused?
|
||||
jf(){
|
||||
sed -e 's/[{}]/''/g' | awk -v k="text" '{n=split($0,a,","); for (i=1; i<=n; i++) print a[i]}' | grep key | awk -F : '{gsub(/"/,"",$3); print $3}'
|
||||
}
|
||||
|
||||
# Status function
|
||||
# usage: stat $name
|
||||
stat(){
|
||||
name=$1
|
||||
ps=$(sudo docker ps -f ancestor=$name|tail -n +2|grep $name|awk '{print $1}')
|
||||
if [ -n "$ps" ]; then
|
||||
ip=$(sudo docker inspect -f '{{.NetworkSettings.IPAddress }}' $ps)
|
||||
echo "$name \t$ps $ip"
|
||||
else
|
||||
err "$name failed"
|
||||
fi
|
||||
}
|
||||
|
||||
# Kill function
|
||||
kill1(){
|
||||
name=$1
|
||||
ps=$(sudo docker ps -f ancestor=$name|tail -n +2|grep $name|awk '{print $1}')
|
||||
if [ -n "$ps" ]; then
|
||||
echo -n "$name\t" && sudo docker kill $ps
|
||||
fi
|
||||
}
|
||||
|
||||
55
docker/system/start.sh
Executable file
55
docker/system/start.sh
Executable file
|
|
@ -0,0 +1,55 @@
|
|||
#!/bin/bash
|
||||
# Build grideye containers, start all containers, setup networking
|
||||
# Usage: ./startup.sh
|
||||
# Debug: DBG=1 ./startup.sh
|
||||
# See also cleanup.sh
|
||||
|
||||
>&2 echo "Running script: $0"
|
||||
|
||||
# include err(), stat() and other functions
|
||||
. ./lib.sh
|
||||
|
||||
# Turn on debug in containers (restconf, backend)
|
||||
DBG=${DBG:-1}
|
||||
|
||||
CONFIG0=$(cat <<EOF
|
||||
<config>
|
||||
<CLICON_CONFIGFILE>/usr/local/etc/example.xml</CLICON_CONFIGFILE>
|
||||
<CLICON_FEATURE>*:*</CLICON_FEATURE>
|
||||
<CLICON_YANG_DIR>/usr/local/share/clixon</CLICON_YANG_DIR>
|
||||
<CLICON_YANG_MODULE_MAIN>clixon-example</CLICON_YANG_MODULE_MAIN>
|
||||
<CLICON_CLI_MODE>example</CLICON_CLI_MODE>
|
||||
<CLICON_BACKEND_DIR>/usr/local/lib/example/backend</CLICON_BACKEND_DIR>
|
||||
<CLICON_NETCONF_DIR>/usr/local/lib/example/netconf</CLICON_NETCONF_DIR>
|
||||
<CLICON_RESTCONF_DIR>/usr/local/lib/example/restconf</CLICON_RESTCONF_DIR>
|
||||
<CLICON_CLI_DIR>/usr/local/lib/example/cli</CLICON_CLI_DIR>
|
||||
<CLICON_CLISPEC_DIR>/usr/local/lib/example/clispec</CLICON_CLISPEC_DIR>
|
||||
<CLICON_SOCK>/usr/local/var/example/example.sock</CLICON_SOCK>
|
||||
<CLICON_BACKEND_PIDFILE>/usr/local/var/example/example.pidfile</CLICON_BACKEND_PIDFILE>
|
||||
<CLICON_CLI_GENMODEL_COMPLETION>1</CLICON_CLI_GENMODEL_COMPLETION>
|
||||
<CLICON_CLI_GENMODEL_TYPE>VARS</CLICON_CLI_GENMODEL_TYPE>
|
||||
<CLICON_XMLDB_DIR>/usr/local/var/example</CLICON_XMLDB_DIR>
|
||||
<CLICON_XMLDB_PLUGIN>/usr/local/lib/xmldb/text.so</CLICON_XMLDB_PLUGIN>
|
||||
<CLICON_CLI_LINESCROLLING>0</CLICON_CLI_LINESCROLLING>
|
||||
<CLICON_STARTUP_MODE>init</CLICON_STARTUP_MODE>
|
||||
<CLICON_NACM_MODE>disabled</CLICON_NACM_MODE>
|
||||
</config>
|
||||
EOF
|
||||
)
|
||||
|
||||
CONFIG=${CONFIG:-$CONFIG0}
|
||||
STORE=${STORE:-}
|
||||
|
||||
# Start clixon-example backend
|
||||
# -p 4535 to access via cli from host
|
||||
>&2 echo -n "Starting Backend..."
|
||||
sudo docker run -p 80:80 --rm -e DBG=$DBG -e CONFIG="$CONFIG" -e STORE="$STORE" -td clixon/clixon-system || err "Error starting clixon-system"
|
||||
|
||||
>&2 echo "clixon-system started"
|
||||
|
||||
name=clixon/clixon-system
|
||||
ps=$(sudo docker ps -f ancestor=$name|tail -n +2|grep $name|awk '{print $1}')
|
||||
echo "sudo docker exec -it $ps clixon_cli # example command"
|
||||
|
||||
|
||||
|
||||
65
docker/system/startsystem.sh
Executable file
65
docker/system/startsystem.sh
Executable file
|
|
@ -0,0 +1,65 @@
|
|||
#!/bin/sh
|
||||
# This script is copied into the container on build time and runs
|
||||
# _inside_ the container at start in runtime. It gets environment variables
|
||||
# from the start.sh script.
|
||||
# It starts a backend, a restconf daemon and a nginx daemon and exposes ports
|
||||
# for restconf.
|
||||
# See also Dockerfile of the example
|
||||
# Log msg, see with docker logs
|
||||
|
||||
>&2 echo "$0"
|
||||
|
||||
DBG=${DBG:-0}
|
||||
|
||||
# Initiate clixon configuration (env variable)
|
||||
echo "$CONFIG" > /usr/local/etc/clixon.xml
|
||||
|
||||
# Initiate running db (env variable)
|
||||
echo "$STORE" > /usr/local/var/example/running_db
|
||||
|
||||
>&2 echo "Write nginx config files"
|
||||
# nginx site config file
|
||||
cat <<EOF > /etc/nginx/sites-enabled/default
|
||||
#
|
||||
server {
|
||||
listen 80 default_server;
|
||||
listen localhost:80 default_server;
|
||||
listen [::]:80 default_server;
|
||||
server_name localhost;
|
||||
server_name _;
|
||||
location / {
|
||||
root /usr/share/nginx/html/restconf;
|
||||
fastcgi_pass unix:/www-data/fastcgi_restconf.sock;
|
||||
include fastcgi_params;
|
||||
}
|
||||
location /restconf {
|
||||
fastcgi_pass unix:/www-data/fastcgi_restconf.sock;
|
||||
include fastcgi_params;
|
||||
}
|
||||
location /streams {
|
||||
fastcgi_pass unix:/www-data/fastcgi_restconf.sock;
|
||||
include fastcgi_params;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Connection "";
|
||||
}
|
||||
}
|
||||
EOF
|
||||
|
||||
# Start nginx
|
||||
#/usr/sbin/nginx -g 'daemon off;' -c /etc/nginx/nginx.conf
|
||||
/usr/sbin/nginx -c /etc/nginx/nginx.conf
|
||||
>&2 echo "nginx started"
|
||||
|
||||
# Start clixon_restconf
|
||||
su -c "/www-data/clixon_restconf -l f/www-data/restconf.log -D $DBG" -s /bin/sh www-data &
|
||||
>&2 echo "clixon_restconf started"
|
||||
|
||||
# Start clixon backend
|
||||
>&2 echo "start clixon_backend:"
|
||||
/usr/local/sbin/clixon_backend -FD $DBG -s running -l e # logs on docker logs
|
||||
|
||||
|
||||
# Start clixon cli in foreground
|
||||
#/usr/local/bin/clixon_cli -D $DBG
|
||||
|
||||
#/bin/sleep 100000000
|
||||
10
docker/system/stat.sh
Executable file
10
docker/system/stat.sh
Executable file
|
|
@ -0,0 +1,10 @@
|
|||
#!/bin/sh
|
||||
# Show stats (IP address etc) about the clixon containers
|
||||
# include err(), stat() and other functions
|
||||
. ./lib.sh
|
||||
|
||||
stat clixon/clixon-system
|
||||
|
||||
name=clixon/clixon-system
|
||||
ps=$(sudo docker ps -f ancestor=$name|tail -n +2|grep $name|awk '{print $1}')
|
||||
echo "sudo docker exec -it $ps clixon_cli # example command"
|
||||
|
|
@ -262,23 +262,8 @@ Example systemd files for backend and restconf daemons are found under the syste
|
|||
|
||||
## Docker
|
||||
|
||||
Run the example as a docker container and access it from a host CLI as follows:
|
||||
```
|
||||
ID=$(sudo docker run -td olofhagsand/clixon_example)
|
||||
IP=$(sudo docker inspect -f '{{.NetworkSettings.IPAddress }}' $ID)
|
||||
clixon_cli -a IPv4 -u $IP -f ./example.xml
|
||||
```
|
||||
|
||||
Build the container and push yourself: First change the IMAGE variable in Makefile (eg to "you/clixon_example). Then build and push:
|
||||
```
|
||||
make docker
|
||||
make push
|
||||
sudo docker run -ti --rm you/clixon_example
|
||||
```
|
||||
|
||||
Note that the configuration database is internal in the container, so
|
||||
it is deleted if the container is restarted. To make the configuration
|
||||
database persistent, you need to mount running_db using `-v`
|
||||
See [../docker/system] for instructions on how to build this example
|
||||
as a docker container.
|
||||
|
||||
## Plugins
|
||||
|
||||
|
|
|
|||
|
|
@ -424,7 +424,8 @@ xml_search1(cxobj *x0,
|
|||
if (mid >= xml_child_nr(x0)) /* beyond range */
|
||||
return NULL;
|
||||
xc = xml_child_i(x0, mid);
|
||||
assert(y = xml_spec(xc));
|
||||
if ((y = xml_spec(xc)) == NULL)
|
||||
return NULL;
|
||||
cmp = yangi-yang_order(y);
|
||||
if (cmp == 0){
|
||||
cmp = xml_cmp1(xc, y, name, keyword, keynr, keyvec, keyval, &userorder);
|
||||
|
|
|
|||
|
|
@ -175,7 +175,6 @@
|
|||
#include <stdint.h>
|
||||
#include <stdlib.h>
|
||||
#include <errno.h>
|
||||
#include <assert.h>
|
||||
#include <ctype.h>
|
||||
#include <sys/types.h>
|
||||
#include <sys/socket.h>
|
||||
|
|
@ -236,7 +235,10 @@ ystack_pop(struct clicon_yang_yacc_arg *yy)
|
|||
{
|
||||
struct ys_stack *ystack;
|
||||
|
||||
assert(ystack = yy->yy_stack);
|
||||
if ((ystack = yy->yy_stack) == NULL){
|
||||
clicon_err(OE_YANG, 0, "ystack is NULL");
|
||||
return -1;
|
||||
}
|
||||
yy->yy_stack = ystack->ys_next;
|
||||
free(ystack);
|
||||
return 0;
|
||||
|
|
@ -283,7 +285,10 @@ ysp_add(struct clicon_yang_yacc_arg *yy,
|
|||
clicon_err(OE_YANG, errno, "No stack");
|
||||
goto err;
|
||||
}
|
||||
assert(yn = ystack->ys_node);
|
||||
if ((yn = ystack->ys_node) == NULL){
|
||||
clicon_err(OE_YANG, errno, "No ys_node");
|
||||
goto err;
|
||||
}
|
||||
if ((ys = ys_new(keyword)) == NULL)
|
||||
goto err;
|
||||
/* NOTE: does not make a copy of string, ie argument is 'consumed' here */
|
||||
|
|
|
|||
|
|
@ -2,11 +2,12 @@
|
|||
|
||||
This directory contains testing code for clixon and the example
|
||||
application. Assumes setup of http daemon as describe under apps/restonf
|
||||
- Jenkinsfile Makefile for Jenkins tests. Build clixon and run tests.
|
||||
- jenkins Directory w Jenkins specific stuff
|
||||
- travis Directory w Travis specific stuff
|
||||
- all.sh Run through all tests with detailed output, and stop on first error.
|
||||
- sum.sh Run though all tests and print summary
|
||||
- mem.sh Make valgrind
|
||||
- site.sh Add your site-specific modifications here
|
||||
- site.sh Add your site-specific modifications here (see example below)
|
||||
- test_nacm.sh Auth tests using internal NACM
|
||||
- test_nacm_ext.sh Auth tests using external NACM (separate file)
|
||||
- test_nacm_protocol.sh Auth tests for incoming RPC:s
|
||||
|
|
@ -36,4 +37,14 @@ Run all tests but continue after errors and only print a summary test output ide
|
|||
all.sh summary
|
||||
```
|
||||
|
||||
You need to start nginx. There are instructions in [the example](../example/README.md)
|
||||
|
||||
Example site.sh file:
|
||||
|
||||
#!/bin/bash
|
||||
# Add your local site specific env variables (or tests) here.
|
||||
# get from: https://github.com/openconfig/public
|
||||
OPENCONFIG=/home/olof/src/clixon/test/public
|
||||
# get from: https://github.com/YangModels/yang
|
||||
YANGMODELS=/usr/local/share/yangmodels
|
||||
IETFRFC=$YANGMODELS/standard/ietf/RFC
|
||||
|
|
|
|||
20
test/lib.sh
20
test/lib.sh
|
|
@ -12,6 +12,7 @@
|
|||
|
||||
#set -e
|
||||
|
||||
# Site file, an example of this file in README.md
|
||||
if [ -x ./site.sh ]; then
|
||||
. ./site.sh
|
||||
fi
|
||||
|
|
@ -143,12 +144,25 @@ expectfn(){
|
|||
fi
|
||||
}
|
||||
|
||||
#
|
||||
# Evaluate and return
|
||||
# Example: expecteq $(fn arg) 0 "my return"
|
||||
# - evaluated expression
|
||||
# - expected command return value (0 if OK)
|
||||
# - expected stdout outcome
|
||||
expecteq(){
|
||||
r=$?
|
||||
ret=$1
|
||||
expect=$2
|
||||
# echo "ret:$ret"
|
||||
retval=$2
|
||||
expect=$3
|
||||
# echo "r:$r"
|
||||
# echo "ret:\"$ret\""
|
||||
# echo "retval:$retval"
|
||||
# echo "expect:$expect"
|
||||
if [ $r != $retval ]; then
|
||||
echo -e "\e[31m\nError ($r != $retval) in Test$testnr [$testname]:"
|
||||
echo -e "\e[0m:"
|
||||
exit -1
|
||||
fi
|
||||
if [ -z "$ret" -a -z "$expect" ]; then
|
||||
return
|
||||
fi
|
||||
|
|
|
|||
|
|
@ -137,10 +137,10 @@ new "netconf commit protocol udp"
|
|||
expecteof "$clixon_netconf -qf $cfg -y $fyang" 0 "<rpc><commit/></rpc>]]>]]>" "^<rpc-reply><ok/></rpc-reply>]]>]]>$"
|
||||
|
||||
new "restconf set protocol tcp"
|
||||
expecteq "$(curl -s -X PUT http://localhost/restconf/data/system:system/protocol -d {\"system:protocol\":{\"tcp\":null}})" ""
|
||||
expecteq "$(curl -s -X PUT http://localhost/restconf/data/system:system/protocol -d {\"system:protocol\":{\"tcp\":null}})" 0 ""
|
||||
|
||||
new "restconf get protocol tcp"
|
||||
expecteq "$(curl -s -X GET http://localhost/restconf/data/system:system)" '{"system:system": {"protocol": {"tcp": null}}}
|
||||
expecteq "$(curl -s -X GET http://localhost/restconf/data/system:system)" 0 '{"system:system": {"protocol": {"tcp": null}}}
|
||||
'
|
||||
|
||||
new "cli set protocol udp"
|
||||
|
|
|
|||
|
|
@ -132,7 +132,7 @@ sudo su -c "$clixon_restconf -f $cfg -D $DBG -- -a" -s /bin/sh www-data &
|
|||
sleep $RCWAIT
|
||||
|
||||
new "auth get"
|
||||
expecteq "$(curl -u andy:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" 'null
|
||||
expecteq "$(curl -u andy:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" 0 'null
|
||||
'
|
||||
|
||||
new "auth set authentication config"
|
||||
|
|
@ -142,39 +142,39 @@ new "commit it"
|
|||
expecteof "$clixon_netconf -qf $cfg" 0 "<rpc><commit/></rpc>]]>]]>" "^<rpc-reply><ok/></rpc-reply>]]>]]>$"
|
||||
|
||||
new "auth get (no user: access denied)"
|
||||
expecteq "$(curl -sS -X GET -H \"Accept:\ application/yang-data+json\" http://localhost/restconf/data)" '{"ietf-restconf:errors" : {"error": {"error-type": "protocol","error-tag": "access-denied","error-severity": "error","error-message": "The requested URL was unauthorized"}}}
'
|
||||
expecteq "$(curl -sS -X GET -H \"Accept:\ application/yang-data+json\" http://localhost/restconf/data)" 0 '{"ietf-restconf:errors" : {"error": {"error-type": "protocol","error-tag": "access-denied","error-severity": "error","error-message": "The requested URL was unauthorized"}}}
'
|
||||
|
||||
new "auth get (wrong passwd: access denied)"
|
||||
expecteq "$(curl -u andy:foo -sS -X GET http://localhost/restconf/data)" '{"ietf-restconf:errors" : {"error": {"error-type": "protocol","error-tag": "access-denied","error-severity": "error","error-message": "The requested URL was unauthorized"}}}
'
|
||||
expecteq "$(curl -u andy:foo -sS -X GET http://localhost/restconf/data)" 0 '{"ietf-restconf:errors" : {"error": {"error-type": "protocol","error-tag": "access-denied","error-severity": "error","error-message": "The requested URL was unauthorized"}}}
'
|
||||
|
||||
new "auth get (access)"
|
||||
expecteq "$(curl -u andy:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" '{"nacm-example:x": 0}
|
||||
expecteq "$(curl -u andy:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" 0 '{"nacm-example:x": 0}
|
||||
'
|
||||
|
||||
#----------------Enable NACM
|
||||
|
||||
new "enable nacm"
|
||||
expecteq "$(curl -u andy:bar -sS -X PUT -d '{"ietf-netconf-acm:enable-nacm": true}' http://localhost/restconf/data/ietf-netconf-acm:nacm/enable-nacm)" ""
|
||||
expecteq "$(curl -u andy:bar -sS -X PUT -d '{"ietf-netconf-acm:enable-nacm": true}' http://localhost/restconf/data/ietf-netconf-acm:nacm/enable-nacm)" 0 ""
|
||||
|
||||
new "admin get nacm"
|
||||
expecteq "$(curl -u andy:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" '{"nacm-example:x": 0}
|
||||
expecteq "$(curl -u andy:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" 0 '{"nacm-example:x": 0}
|
||||
'
|
||||
|
||||
new "limited get nacm"
|
||||
expecteq "$(curl -u wilma:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" '{"nacm-example:x": 0}
|
||||
expecteq "$(curl -u wilma:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" 0 '{"nacm-example:x": 0}
|
||||
'
|
||||
|
||||
new "guest get nacm"
|
||||
expecteq "$(curl -u guest:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "access denied"}}}
'
|
||||
expecteq "$(curl -u guest:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" 0 '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "access denied"}}}
'
|
||||
|
||||
new "admin edit nacm"
|
||||
expecteq "$(curl -u andy:bar -sS -X PUT -d '{"nacm-example:x": 1}' http://localhost/restconf/data/nacm-example:x)" ""
|
||||
expecteq "$(curl -u andy:bar -sS -X PUT -d '{"nacm-example:x": 1}' http://localhost/restconf/data/nacm-example:x)" 0 ""
|
||||
|
||||
new "limited edit nacm"
|
||||
expecteq "$(curl -u wilma:bar -sS -X PUT -d '{"nacm-example:x": 2}' http://localhost/restconf/data/nacm-example:x)" '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "default deny"}}}
'
|
||||
expecteq "$(curl -u wilma:bar -sS -X PUT -d '{"nacm-example:x": 2}' http://localhost/restconf/data/nacm-example:x)" 0 '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "default deny"}}}
'
|
||||
|
||||
new "guest edit nacm"
|
||||
expecteq "$(curl -u guest:bar -sS -X PUT -d '{"nacm-example:x": 3}' http://localhost/restconf/data/nacm-example:x)" '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "access denied"}}}
'
|
||||
expecteq "$(curl -u guest:bar -sS -X PUT -d '{"nacm-example:x": 3}' http://localhost/restconf/data/nacm-example:x)" 0 '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "access denied"}}}
'
|
||||
|
||||
new "Kill restconf daemon"
|
||||
sudo pkill -u www-data -f "/www-data/clixon_restconf"
|
||||
|
|
|
|||
|
|
@ -152,41 +152,41 @@ sudo su -c "$clixon_restconf -f $cfg -D $DBG -- -a" -s /bin/sh www-data &
|
|||
sleep $RCWAIT
|
||||
|
||||
new "auth get"
|
||||
expecteq "$(curl -u andy:bar -sS -X GET http://localhost/restconf/data/clixon-example:state)" '{"clixon-example:state": {"op": ["42","41","43"]}}
|
||||
expecteq "$(curl -u andy:bar -sS -X GET http://localhost/restconf/data/clixon-example:state)" 0 '{"clixon-example:state": {"op": ["42","41","43"]}}
|
||||
'
|
||||
|
||||
new "Set x to 0"
|
||||
expecteq "$(curl -u andy:bar -sS -X PUT -d '{"nacm-example:x": 0}' http://localhost/restconf/data/nacm-example:x)" ""
|
||||
expecteq "$(curl -u andy:bar -sS -X PUT -d '{"nacm-example:x": 0}' http://localhost/restconf/data/nacm-example:x)" 0 ""
|
||||
|
||||
new "auth get (no user: access denied)"
|
||||
expecteq "$(curl -sS -X GET -H \"Accept:\ application/yang-data+json\" http://localhost/restconf/data)" '{"ietf-restconf:errors" : {"error": {"error-type": "protocol","error-tag": "access-denied","error-severity": "error","error-message": "The requested URL was unauthorized"}}}
'
|
||||
expecteq "$(curl -sS -X GET -H \"Accept:\ application/yang-data+json\" http://localhost/restconf/data)" 0 '{"ietf-restconf:errors" : {"error": {"error-type": "protocol","error-tag": "access-denied","error-severity": "error","error-message": "The requested URL was unauthorized"}}}
'
|
||||
|
||||
new "auth get (wrong passwd: access denied)"
|
||||
expecteq "$(curl -u andy:foo -sS -X GET http://localhost/restconf/data)" '{"ietf-restconf:errors" : {"error": {"error-type": "protocol","error-tag": "access-denied","error-severity": "error","error-message": "The requested URL was unauthorized"}}}
'
|
||||
expecteq "$(curl -u andy:foo -sS -X GET http://localhost/restconf/data)" 0 '{"ietf-restconf:errors" : {"error": {"error-type": "protocol","error-tag": "access-denied","error-severity": "error","error-message": "The requested URL was unauthorized"}}}
'
|
||||
|
||||
new "auth get (access)"
|
||||
expecteq "$(curl -u andy:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" '{"nacm-example:x": 0}
|
||||
expecteq "$(curl -u andy:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" 0 '{"nacm-example:x": 0}
|
||||
'
|
||||
|
||||
new "admin get nacm"
|
||||
expecteq "$(curl -u andy:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" '{"nacm-example:x": 0}
|
||||
expecteq "$(curl -u andy:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" 0 '{"nacm-example:x": 0}
|
||||
'
|
||||
|
||||
new "limited get nacm"
|
||||
expecteq "$(curl -u wilma:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" '{"nacm-example:x": 0}
|
||||
expecteq "$(curl -u wilma:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" 0 '{"nacm-example:x": 0}
|
||||
'
|
||||
|
||||
new "guest get nacm"
|
||||
expecteq "$(curl -u guest:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "access denied"}}}
'
|
||||
expecteq "$(curl -u guest:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" 0 '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "access denied"}}}
'
|
||||
|
||||
new "admin edit nacm"
|
||||
expecteq "$(curl -u andy:bar -sS -X PUT -d '{"nacm-example:x": 1}' http://localhost/restconf/data/nacm-example:x)" ""
|
||||
expecteq "$(curl -u andy:bar -sS -X PUT -d '{"nacm-example:x": 1}' http://localhost/restconf/data/nacm-example:x)" 0 ""
|
||||
|
||||
new "limited edit nacm"
|
||||
expecteq "$(curl -u wilma:bar -sS -X PUT -d '{"x": 2}' http://localhost/restconf/data/nacm-example:x)" '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "default deny"}}}
'
|
||||
expecteq "$(curl -u wilma:bar -sS -X PUT -d '{"x": 2}' http://localhost/restconf/data/nacm-example:x)" 0 '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "default deny"}}}
'
|
||||
|
||||
new "guest edit nacm"
|
||||
expecteq "$(curl -u guest:bar -sS -X PUT -d '{"x": 3}' http://localhost/restconf/data/nacm-example:x)" '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "access denied"}}}
'
|
||||
expecteq "$(curl -u guest:bar -sS -X PUT -d '{"x": 3}' http://localhost/restconf/data/nacm-example:x)" 0 '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "access denied"}}}
'
|
||||
|
||||
new "cli show conf as admin"
|
||||
expectfn "$clixon_cli -1 -U andy -l o -f $cfg show conf" 0 "^x 1;$"
|
||||
|
|
|
|||
|
|
@ -153,29 +153,29 @@ new "commit it"
|
|||
expecteof "$clixon_netconf -qf $cfg" 0 "<rpc><commit/></rpc>]]>]]>" "^<rpc-reply><ok/></rpc-reply>]]>]]>$"
|
||||
|
||||
new "enable nacm"
|
||||
expecteq "$(curl -u andy:bar -sS -X PUT -d '{"enable-nacm": true}' http://localhost/restconf/data/ietf-netconf-acm:nacm/enable-nacm)" ""
|
||||
expecteq "$(curl -u andy:bar -sS -X PUT -d '{"enable-nacm": true}' http://localhost/restconf/data/ietf-netconf-acm:nacm/enable-nacm)" 0 ""
|
||||
|
||||
#--------------- nacm enabled
|
||||
|
||||
#----READ access
|
||||
#user:admin
|
||||
new "admin read ok"
|
||||
expecteq "$(curl -u andy:bar -sS -X GET http://localhost/restconf/data/clixon-example:translate)" '{"clixon-example:translate": [{"k": "key42","value": "val42"},{ "k": "key43","value": "val43"}]}
|
||||
expecteq "$(curl -u andy:bar -sS -X GET http://localhost/restconf/data/clixon-example:translate)" 0 '{"clixon-example:translate": [{"k": "key42","value": "val42"},{ "k": "key43","value": "val43"}]}
|
||||
'
|
||||
|
||||
new "admin read netconf ok"
|
||||
expecteof "$clixon_netconf -U andy -qf $cfg" 0 '<rpc><get-config><source><candidate/></source><filter type="xpath" select="/translate"/></get-config></rpc>]]>]]>' '^<rpc-reply><data><translate xmlns="urn:example:clixon"><k>key42</k><value>val42</value></translate><translate xmlns="urn:example:clixon"><k>key43</k><value>val43</value></translate></data></rpc-reply>]]>]]>$'
|
||||
|
||||
new "admin read element ok"
|
||||
expecteq "$(curl -u andy:bar -sS -X GET http://localhost/restconf/data/clixon-example:translate=key42/value)" '{"clixon-example:value": "val42"}
|
||||
expecteq "$(curl -u andy:bar -sS -X GET http://localhost/restconf/data/clixon-example:translate=key42/value)" 0 '{"clixon-example:value": "val42"}
|
||||
'
|
||||
|
||||
new "admin read other module OK"
|
||||
expecteq "$(curl -u andy:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" '{"nacm-example:x": 42}
|
||||
expecteq "$(curl -u andy:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" 0 '{"nacm-example:x": 42}
|
||||
'
|
||||
|
||||
new "admin read state OK"
|
||||
expecteq "$(curl -u andy:bar -sS -X GET http://localhost/restconf/data/clixon-example:state)" '{"clixon-example:state": {"op": ["42","41","43"]}}
|
||||
expecteq "$(curl -u andy:bar -sS -X GET http://localhost/restconf/data/clixon-example:state)" 0 '{"clixon-example:state": {"op": ["42","41","43"]}}
|
||||
'
|
||||
|
||||
new "admin read top ok (all)"
|
||||
|
|
@ -189,85 +189,85 @@ fi
|
|||
#user:limit
|
||||
|
||||
new "limit read ok"
|
||||
expecteq "$(curl -u wilma:bar -sS -X GET http://localhost/restconf/data/clixon-example:translate)" '{"clixon-example:translate": [{"k": "key42","value": "val42"},{ "k": "key43","value": "val43"}]}
|
||||
expecteq "$(curl -u wilma:bar -sS -X GET http://localhost/restconf/data/clixon-example:translate)" 0 '{"clixon-example:translate": [{"k": "key42","value": "val42"},{ "k": "key43","value": "val43"}]}
|
||||
'
|
||||
|
||||
new "limit read netconf ok"
|
||||
expecteof "$clixon_netconf -U wilma -qf $cfg" 0 '<rpc><get-config><source><candidate/></source><filter type="xpath" select="/translate"/></get-config></rpc>]]>]]>' '^<rpc-reply><data><translate xmlns="urn:example:clixon"><k>key42</k><value>val42</value></translate><translate xmlns="urn:example:clixon"><k>key43</k><value>val43</value></translate></data></rpc-reply>]]>]]>$'
|
||||
|
||||
new "limit read element ok"
|
||||
expecteq "$(curl -u wilma:bar -sS -X GET http://localhost/restconf/data/clixon-example:translate=key42/value)" '{"clixon-example:value": "val42"}
|
||||
expecteq "$(curl -u wilma:bar -sS -X GET http://localhost/restconf/data/clixon-example:translate=key42/value)" 0 '{"clixon-example:value": "val42"}
|
||||
'
|
||||
|
||||
new "limit read other module fail"
|
||||
expecteq "$(curl -u wilma:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" 'null
|
||||
expecteq "$(curl -u wilma:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" 0 'null
|
||||
'
|
||||
|
||||
new "limit read state OK"
|
||||
expecteq "$(curl -u wilma:bar -sS -X GET http://localhost/restconf/data/clixon-example:state)" '{"clixon-example:state": {"op": ["42","41","43"]}}
|
||||
expecteq "$(curl -u wilma:bar -sS -X GET http://localhost/restconf/data/clixon-example:state)" 0 '{"clixon-example:state": {"op": ["42","41","43"]}}
|
||||
'
|
||||
|
||||
new "limit read top ok (part)"
|
||||
expecteq "$(curl -u wilma:bar -sS -X GET http://localhost/restconf/data)" '{"data": {"clixon-example:translate": [{"k": "key42","value": "val42"},{ "k": "key43","value": "val43"}],"clixon-example:state": {"op": ["42","41","43"]}}}
|
||||
expecteq "$(curl -u wilma:bar -sS -X GET http://localhost/restconf/data)" 0 '{"data": {"clixon-example:translate": [{"k": "key42","value": "val42"},{ "k": "key43","value": "val43"}],"clixon-example:state": {"op": ["42","41","43"]}}}
|
||||
'
|
||||
|
||||
#user:guest
|
||||
|
||||
new "guest read fail"
|
||||
expecteq "$(curl -u guest:bar -sS -X GET http://localhost/restconf/data/clixon-example:translate)" '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "default deny"}}}
'
|
||||
expecteq "$(curl -u guest:bar -sS -X GET http://localhost/restconf/data/clixon-example:translate)" 0 '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "default deny"}}}
'
|
||||
|
||||
new "guest read netconf fail"
|
||||
expecteof "$clixon_netconf -U guest -qf $cfg" 0 '<rpc><get-config><source><candidate/></source><filter type="xpath" select="/translate"/></get-config></rpc>]]>]]>' '^<rpc-reply><rpc-error><error-type>application</error-type><error-tag>access-denied</error-tag><error-severity>error</error-severity><error-message>default deny</error-message></rpc-error></rpc-reply>]]>]]>$'
|
||||
|
||||
new "guest read element fail"
|
||||
expecteq "$(curl -u guest:bar -sS -X GET http://localhost/restconf/data/clixon-example:translate=key42/value)" '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "default deny"}}}
'
|
||||
expecteq "$(curl -u guest:bar -sS -X GET http://localhost/restconf/data/clixon-example:translate=key42/value)" 0 '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "default deny"}}}
'
|
||||
|
||||
new "guest read other module fail"
|
||||
expecteq "$(curl -u guest:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "default deny"}}}
'
|
||||
expecteq "$(curl -u guest:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" 0 '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "default deny"}}}
'
|
||||
|
||||
new "guest read state fail"
|
||||
expecteq "$(curl -u guest:bar -sS -X GET http://localhost/restconf/data/clixon-example:state)" '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "default deny"}}}
'
|
||||
expecteq "$(curl -u guest:bar -sS -X GET http://localhost/restconf/data/clixon-example:state)" 0 '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "default deny"}}}
'
|
||||
|
||||
new "guest read top ok (part)"
|
||||
expecteq "$(curl -u guest:bar -sS -X GET http://localhost/restconf/data)" '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "default deny"}}}
'
|
||||
expecteq "$(curl -u guest:bar -sS -X GET http://localhost/restconf/data)" 0 '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "default deny"}}}
'
|
||||
|
||||
#------- RPC operation
|
||||
|
||||
new "admin rpc ok"
|
||||
expecteq "$(curl -u andy:bar -s -X POST -d '{"clixon-example:input":{"x":42}}' http://localhost/restconf/operations/clixon-example:example)" '{"clixon-example:output": {"x": "42","y": "42"}}
|
||||
expecteq "$(curl -u andy:bar -s -X POST -d '{"clixon-example:input":{"x":42}}' http://localhost/restconf/operations/clixon-example:example)" 0 '{"clixon-example:output": {"x": "42","y": "42"}}
|
||||
'
|
||||
|
||||
new "admin rpc netconf ok"
|
||||
expecteof "$clixon_netconf -U andy -qf $cfg" 0 '<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"><example xmlns="urn:example:clixon"><x>0</x></example></rpc>]]>]]>' '^<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"><x xmlns="urn:example:clixon">0</x><y xmlns="urn:example:clixon">42</y></rpc-reply>]]>]]>$'
|
||||
expecteof "$clixon_netconf -U andy -qf $cfg" 0 '<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"><example xmlns="urn:example:clixon"><x>0</x></example></rpc>]]>]]>' 0 '^<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"><x xmlns="urn:example:clixon">0</x><y xmlns="urn:example:clixon">42</y></rpc-reply>]]>]]>$'
|
||||
|
||||
new "limit rpc ok"
|
||||
expecteq "$(curl -u wilma:bar -s -X POST http://localhost/restconf/operations/clixon-example:example -d '{"clixon-example:input":{"x":42}}' )" '{"clixon-example:output": {"x": "42","y": "42"}}
|
||||
expecteq "$(curl -u wilma:bar -s -X POST http://localhost/restconf/operations/clixon-example:example -d '{"clixon-example:input":{"x":42}}' )" 0 '{"clixon-example:output": {"x": "42","y": "42"}}
|
||||
'
|
||||
|
||||
new "limit rpc netconf ok"
|
||||
expecteof "$clixon_netconf -U wilma -qf $cfg" 0 '<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"><example xmlns="urn:example:clixon"><x>0</x></example></rpc>]]>]]>' '^<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"><x xmlns="urn:example:clixon">0</x><y xmlns="urn:example:clixon">42</y></rpc-reply>]]>]]>$'
|
||||
expecteof "$clixon_netconf -U wilma -qf $cfg" 0 '<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"><example xmlns="urn:example:clixon"><x>0</x></example></rpc>]]>]]>' 0 '^<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"><x xmlns="urn:example:clixon">0</x><y xmlns="urn:example:clixon">42</y></rpc-reply>]]>]]>$'
|
||||
|
||||
new "guest rpc fail"
|
||||
expecteq "$(curl -u guest:bar -s -X POST http://localhost/restconf/operations/clixon-example:example -d '{"clixon-example:input":{"x":42}}' )" '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "access denied"}}}
'
|
||||
expecteq "$(curl -u guest:bar -s -X POST http://localhost/restconf/operations/clixon-example:example -d '{"clixon-example:input":{"x":42}}' )" 0 '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "access denied"}}}
'
|
||||
|
||||
new "guest rpc netconf fail"
|
||||
expecteof "$clixon_netconf -U guest -qf $cfg" 0 '<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"><example xmlns="urn:example:clixon"><x>0</x></example></rpc>]]>]]>' '^<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"><rpc-error><error-type>application</error-type><error-tag>access-denied</error-tag><error-severity>error</error-severity><error-message>access denied</error-message></rpc-error></rpc-reply>]]>]]>$'
|
||||
expecteof "$clixon_netconf -U guest -qf $cfg" 0 '<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"><example xmlns="urn:example:clixon"><x>0</x></example></rpc>]]>]]>' 0 '^<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"><rpc-error><error-type>application</error-type><error-tag>access-denied</error-tag><error-severity>error</error-severity><error-message>access denied</error-message></rpc-error></rpc-reply>]]>]]>$'
|
||||
|
||||
#------------------ Set read-default permit
|
||||
|
||||
new "admin set read-default permit"
|
||||
expecteq "$(curl -u andy:bar -sS -X PUT -d '{"read-default": "permit"}' http://localhost/restconf/data/ietf-netconf-acm:nacm/read-default)" ""
|
||||
expecteq "$(curl -u andy:bar -sS -X PUT -d '{"read-default": "permit"}' http://localhost/restconf/data/ietf-netconf-acm:nacm/read-default)" 0 ""
|
||||
|
||||
new "limit read ok"
|
||||
expecteq "$(curl -u wilma:bar -sS -X GET http://localhost/restconf/data/clixon-example:translate)" '{"clixon-example:translate": [{"k": "key42","value": "val42"},{ "k": "key43","value": "val43"}]}
|
||||
expecteq "$(curl -u wilma:bar -sS -X GET http://localhost/restconf/data/clixon-example:translate)" 0 '{"clixon-example:translate": [{"k": "key42","value": "val42"},{ "k": "key43","value": "val43"}]}
|
||||
'
|
||||
|
||||
new "limit read other module ok"
|
||||
expecteq "$(curl -u wilma:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" '{"nacm-example:x": 42}
|
||||
expecteq "$(curl -u wilma:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" 0 '{"nacm-example:x": 42}
|
||||
'
|
||||
|
||||
new "guest read state fail"
|
||||
expecteq "$(curl -u guest:bar -sS -X GET http://localhost/restconf/data/clixon-example:state)" '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "default deny"}}}
'
|
||||
expecteq "$(curl -u guest:bar -sS -X GET http://localhost/restconf/data/clixon-example:state)" 0 '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "default deny"}}}
'
|
||||
|
||||
|
||||
new "Kill restconf daemon"
|
||||
|
|
|
|||
|
|
@ -163,7 +163,7 @@ nacm(){
|
|||
expecteof "$clixon_netconf -qf $cfg" 0 "<rpc><commit/></rpc>]]>]]>" "^<rpc-reply><ok/></rpc-reply>]]>]]>$"
|
||||
|
||||
new "enable nacm"
|
||||
expecteq "$(curl -u andy:bar -sS -X PUT -d '{"enable-nacm": true}' http://localhost/restconf/data/ietf-netconf-acm:nacm/enable-nacm)" ""
|
||||
expecteq "$(curl -u andy:bar -sS -X PUT -d '{"enable-nacm": true}' http://localhost/restconf/data/ietf-netconf-acm:nacm/enable-nacm)" 0 ""
|
||||
}
|
||||
|
||||
#--------------- enable nacm
|
||||
|
|
@ -177,80 +177,80 @@ nacm
|
|||
|
||||
#----------root
|
||||
new "update root list default deny"
|
||||
expecteq "$(curl -u wilma:bar -sS -H 'Content-Type: application/yang-data+xml' -X PUT http://localhost/restconf/data -d '<data><x xmlns="urn:example:nacm">42</x>$RULES</data>')" '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "default deny"}}}
'
|
||||
expecteq "$(curl -u wilma:bar -sS -H 'Content-Type: application/yang-data+xml' -X PUT http://localhost/restconf/data -d '<data><x xmlns="urn:example:nacm">42</x>$RULES</data>')" 0 '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "default deny"}}}
'
|
||||
|
||||
# replace all, then must include NACM rules as well
|
||||
MSG="<data>$RULES</data>"
|
||||
new "update root list permit"
|
||||
expecteq "$(curl -u andy:bar -sS -H 'Content-Type: application/yang-data+xml' -X PUT http://localhost/restconf/data -d "$MSG")" ''
|
||||
expecteq "$(curl -u andy:bar -sS -H 'Content-Type: application/yang-data+xml' -X PUT http://localhost/restconf/data -d "$MSG")" 0 ''
|
||||
|
||||
new "delete root list deny"
|
||||
expecteq "$(curl -u wilma:bar -sS -X DELETE http://localhost/restconf/data)" '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "default deny"}}}
'
|
||||
expecteq "$(curl -u wilma:bar -sS -X DELETE http://localhost/restconf/data)" 0 '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "default deny"}}}
'
|
||||
|
||||
new "delete root permit"
|
||||
expecteq "$(curl -u andy:bar -sS -X DELETE http://localhost/restconf/data)" ''
|
||||
expecteq "$(curl -u andy:bar -sS -X DELETE http://localhost/restconf/data)" 0 ''
|
||||
|
||||
#--------------- re-enable nacm
|
||||
nacm
|
||||
|
||||
#----------leaf
|
||||
new "create leaf deny"
|
||||
expecteq "$(curl -u guest:bar -sS -H 'Content-Type: application/yang-data+xml' -X PUT http://localhost/restconf/data/nacm-example:x -d '<x xmlns="urn:example:nacm">42</x>')" '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "access denied"}}}
'
|
||||
expecteq "$(curl -u guest:bar -sS -H 'Content-Type: application/yang-data+xml' -X PUT http://localhost/restconf/data/nacm-example:x -d '<x xmlns="urn:example:nacm">42</x>')" 0 '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "access denied"}}}
'
|
||||
|
||||
new "create leaf permit"
|
||||
expecteq "$(curl -u wilma:bar -sS -H 'Content-Type: application/yang-data+xml' -X PUT http://localhost/restconf/data/nacm-example:x -d '<x xmlns="urn:example:nacm">42</x>')" ''
|
||||
expecteq "$(curl -u wilma:bar -sS -H 'Content-Type: application/yang-data+xml' -X PUT http://localhost/restconf/data/nacm-example:x -d '<x xmlns="urn:example:nacm">42</x>')" 0 ''
|
||||
|
||||
new "update leaf deny"
|
||||
expecteq "$(curl -u wilma:bar -sS -H 'Content-Type: application/yang-data+xml' -X PUT http://localhost/restconf/data/nacm-example:x -d '<x xmlns="urn:example:nacm">99</x>')" '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "access denied"}}}
'
|
||||
expecteq "$(curl -u wilma:bar -sS -H 'Content-Type: application/yang-data+xml' -X PUT http://localhost/restconf/data/nacm-example:x -d '<x xmlns="urn:example:nacm">99</x>')" 0 '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "access denied"}}}
'
|
||||
|
||||
new "update leaf permit"
|
||||
expecteq "$(curl -u guest:bar -sS -H 'Content-Type: application/yang-data+xml' -X PUT http://localhost/restconf/data/nacm-example:x -d '<x xmlns="urn:example:nacm">99</x>')" ''
|
||||
expecteq "$(curl -u guest:bar -sS -H 'Content-Type: application/yang-data+xml' -X PUT http://localhost/restconf/data/nacm-example:x -d '<x xmlns="urn:example:nacm">99</x>')" 0 ''
|
||||
|
||||
new "read leaf check"
|
||||
expecteq "$(curl -u guest:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" '{"nacm-example:x": 99}
|
||||
expecteq "$(curl -u guest:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" 0 '{"nacm-example:x": 99}
|
||||
'
|
||||
|
||||
new "delete leaf deny"
|
||||
expecteq "$(curl -u guest:bar -sS -X DELETE http://localhost/restconf/data/nacm-example:x)" '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "access denied"}}}
'
|
||||
expecteq "$(curl -u guest:bar -sS -X DELETE http://localhost/restconf/data/nacm-example:x)" 0 '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "access denied"}}}
'
|
||||
|
||||
new "delete leaf permit"
|
||||
expecteq "$(curl -u wilma:bar -sS -X DELETE http://localhost/restconf/data/nacm-example:x)" ''
|
||||
expecteq "$(curl -u wilma:bar -sS -X DELETE http://localhost/restconf/data/nacm-example:x)" 0 ''
|
||||
|
||||
#----- list/container
|
||||
new "create list deny"
|
||||
expecteq "$(curl -u guest:bar -sS -H 'Content-Type: application/yang-data+xml' -X PUT http://localhost/restconf/data/nacm-example:a=key42 -d '<a xmlns="urn:example:nacm"><k>key42</k><b><c>str</c></b></a>')" '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "access denied"}}}
'
|
||||
expecteq "$(curl -u guest:bar -sS -H 'Content-Type: application/yang-data+xml' -X PUT http://localhost/restconf/data/nacm-example:a=key42 -d '<a xmlns="urn:example:nacm"><k>key42</k><b><c>str</c></b></a>')" 0 '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "access denied"}}}
'
|
||||
|
||||
new "create list permit"
|
||||
expecteq "$(curl -u wilma:bar -sS -H 'Content-Type: application/yang-data+xml' -X PUT http://localhost/restconf/data/nacm-example:a=key42 -d '<a xmlns="urn:example:nacm"><k>key42</k><b><c>str</c></b></a>')" ''
|
||||
expecteq "$(curl -u wilma:bar -sS -H 'Content-Type: application/yang-data+xml' -X PUT http://localhost/restconf/data/nacm-example:a=key42 -d '<a xmlns="urn:example:nacm"><k>key42</k><b><c>str</c></b></a>')" 0 ''
|
||||
|
||||
new "update list deny"
|
||||
expecteq "$(curl -u wilma:bar -sS -H 'Content-Type: application/yang-data+xml' -X PUT http://localhost/restconf/data/nacm-example:a=key42 -d '<a xmlns="urn:example:nacm"><k>key42</k><b><c>update</c></b></a>')" '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "access denied"}}}
'
|
||||
expecteq "$(curl -u wilma:bar -sS -H 'Content-Type: application/yang-data+xml' -X PUT http://localhost/restconf/data/nacm-example:a=key42 -d '<a xmlns="urn:example:nacm"><k>key42</k><b><c>update</c></b></a>')" 0 '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "access denied"}}}
'
|
||||
|
||||
new "update list permit"
|
||||
expecteq "$(curl -u guest:bar -sS -H 'Content-Type: application/yang-data+xml' -X PUT http://localhost/restconf/data/nacm-example:a=key42 -d '<a xmlns="urn:example:nacm"><k>key42</k><b><c>update</c></b></a>')" ''
|
||||
expecteq "$(curl -u guest:bar -sS -H 'Content-Type: application/yang-data+xml' -X PUT http://localhost/restconf/data/nacm-example:a=key42 -d '<a xmlns="urn:example:nacm"><k>key42</k><b><c>update</c></b></a>')" 0 ''
|
||||
|
||||
new "read list check"
|
||||
expecteq "$(curl -u guest:bar -sS -X GET http://localhost/restconf/data/nacm-example:a)" '{"nacm-example:a": [{"k": "key42","b": {"c": "update"}}]}
|
||||
expecteq "$(curl -u guest:bar -sS -X GET http://localhost/restconf/data/nacm-example:a)" 0 '{"nacm-example:a": [{"k": "key42","b": {"c": "update"}}]}
|
||||
'
|
||||
|
||||
new "delete list deny"
|
||||
expecteq "$(curl -u guest:bar -sS -X DELETE http://localhost/restconf/data/nacm-example:a=key42)" '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "access denied"}}}
'
|
||||
expecteq "$(curl -u guest:bar -sS -X DELETE http://localhost/restconf/data/nacm-example:a=key42)" 0 '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "access denied"}}}
'
|
||||
|
||||
new "delete list permit"
|
||||
expecteq "$(curl -u wilma:bar -sS -X DELETE http://localhost/restconf/data/nacm-example:a=key42)" ''
|
||||
expecteq "$(curl -u wilma:bar -sS -X DELETE http://localhost/restconf/data/nacm-example:a=key42)" 0 ''
|
||||
|
||||
#----- default deny (clixon-example limit and guest have default access)
|
||||
new "default create list deny"
|
||||
expecteq "$(curl -u wilma:bar -sS -X PUT http://localhost/restconf/data/clixon-example:translate=key42 -d '{"clixon-example:translate": [{"k": "key42","value": "val42"}]}')" '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "default deny"}}}
'
|
||||
expecteq "$(curl -u wilma:bar -sS -X PUT http://localhost/restconf/data/clixon-example:translate=key42 -d '{"clixon-example:translate": [{"k": "key42","value": "val42"}]}')" 0 '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "default deny"}}}
'
|
||||
|
||||
new "create list permit"
|
||||
expecteq "$(curl -u andy:bar -sS -X PUT http://localhost/restconf/data/clixon-example:translate=key42 -d '{"clixon-example:translate": [{"k": "key42","value": "val42"}]}')" ''
|
||||
expecteq "$(curl -u andy:bar -sS -X PUT http://localhost/restconf/data/clixon-example:translate=key42 -d '{"clixon-example:translate": [{"k": "key42","value": "val42"}]}')" 0 ''
|
||||
|
||||
new "default update list deny"
|
||||
expecteq "$(curl -u wilma:bar -sS -X PUT http://localhost/restconf/data/clixon-example:translate=key42 -d '{"clixon-example:translate": [{"k": "key42","value": "val99"}]}')" '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "default deny"}}}
'
|
||||
expecteq "$(curl -u wilma:bar -sS -X PUT http://localhost/restconf/data/clixon-example:translate=key42 -d '{"clixon-example:translate": [{"k": "key42","value": "val99"}]}')" 0 '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "default deny"}}}
'
|
||||
|
||||
new "default delete list deny"
|
||||
expecteq "$(curl -u wilma:bar -sS -X DELETE http://localhost/restconf/data/clixon-example:translate=key42)" '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "default deny"}}}
'
|
||||
expecteq "$(curl -u wilma:bar -sS -X DELETE http://localhost/restconf/data/clixon-example:translate=key42)" 0 '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "default deny"}}}
'
|
||||
|
||||
new "Kill restconf daemon"
|
||||
sudo pkill -u www-data -f "/www-data/clixon_restconf"
|
||||
|
|
|
|||
|
|
@ -161,12 +161,12 @@ new "commit it"
|
|||
expecteof "$clixon_netconf -qf $cfg" 0 "<rpc><commit/></rpc>]]>]]>" "^<rpc-reply><ok/></rpc-reply>]]>]]>$"
|
||||
|
||||
new "enable nacm"
|
||||
expecteq "$(curl -u andy:bar -sS -X PUT -d '{"enable-nacm": true}' http://localhost/restconf/data/ietf-netconf-acm:nacm/enable-nacm)" ""
|
||||
expecteq "$(curl -u andy:bar -sS -X PUT -d '{"enable-nacm": true}' http://localhost/restconf/data/ietf-netconf-acm:nacm/enable-nacm)" 0 ""
|
||||
|
||||
#--------------- nacm enabled
|
||||
|
||||
new "admin get nacm"
|
||||
expecteq "$(curl -u andy:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" '{"nacm-example:x": 0}
|
||||
expecteq "$(curl -u andy:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" 0 '{"nacm-example:x": 0}
|
||||
'
|
||||
|
||||
# Rule 1: deny-kill-session
|
||||
|
|
@ -184,18 +184,18 @@ new "deny-delete-config: limited fail (netconf)"
|
|||
expecteof "$clixon_netconf -qf $cfg -U wilma" 0 "<rpc><delete-config><target><startup/></target></delete-config></rpc>]]>]]>" "^<rpc-reply><rpc-error><error-type>application</error-type><error-tag>access-denied</error-tag><error-severity>error</error-severity><error-message>access denied</error-message></rpc-error></rpc-reply>]]>]]>$"
|
||||
|
||||
new "deny-delete-config: guest fail (restconf)"
|
||||
expecteq "$(curl -u guest:bar -sS -X DELETE http://localhost/restconf/data)" '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "default deny"}}}
'
|
||||
expecteq "$(curl -u guest:bar -sS -X DELETE http://localhost/restconf/data)" 0 '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "default deny"}}}
'
|
||||
|
||||
# In restconf delete-config is translated to edit-config which is permitted
|
||||
new "deny-delete-config: limited fail (restconf) ok"
|
||||
expecteq "$(curl -u wilma:bar -sS -X DELETE http://localhost/restconf/data)" ''
|
||||
expecteq "$(curl -u wilma:bar -sS -X DELETE http://localhost/restconf/data)" 0 ''
|
||||
|
||||
new "admin get nacm (should be null)"
|
||||
expecteq "$(curl -u andy:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" 'null
|
||||
expecteq "$(curl -u andy:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" 0 'null
|
||||
'
|
||||
|
||||
new "deny-delete-config: admin ok (restconf)"
|
||||
expecteq "$(curl -u andy:bar -sS -X DELETE http://localhost/restconf/data)" ''
|
||||
expecteq "$(curl -u andy:bar -sS -X DELETE http://localhost/restconf/data)" 0 ''
|
||||
|
||||
# Here the whole config is gone so we need to start again
|
||||
new "auth set authentication config (restart)"
|
||||
|
|
@ -205,14 +205,14 @@ new "commit it"
|
|||
expecteof "$clixon_netconf -qf $cfg" 0 "<rpc><commit/></rpc>]]>]]>" "^<rpc-reply><ok/></rpc-reply>]]>]]>$"
|
||||
|
||||
new "enable nacm"
|
||||
expecteq "$(curl -u andy:bar -sS -X PUT -d '{"ietf-netconf-acm:enable-nacm": true}' http://localhost/restconf/data/ietf-netconf-acm:nacm/enable-nacm)" ""
|
||||
expecteq "$(curl -u andy:bar -sS -X PUT -d '{"ietf-netconf-acm:enable-nacm": true}' http://localhost/restconf/data/ietf-netconf-acm:nacm/enable-nacm)" 0 ""
|
||||
|
||||
# Rule 3: permit-edit-config
|
||||
new "permit-edit-config: limited ok restconf"
|
||||
expecteq "$(curl -u wilma:bar -sS -X PUT -d '{"nacm-example:x": 2}' http://localhost/restconf/data/nacm-example:x)" ''
|
||||
expecteq "$(curl -u wilma:bar -sS -X PUT -d '{"nacm-example:x": 2}' http://localhost/restconf/data/nacm-example:x)" 0 ''
|
||||
|
||||
new "permit-edit-config: guest fail restconf"
|
||||
expecteq "$(curl -u guest:bar -sS -X PUT -d '{"nacm-example:x": 2}' http://localhost/restconf/data/nacm-example:x)" '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "default deny"}}}
'
|
||||
expecteq "$(curl -u guest:bar -sS -X PUT -d '{"nacm-example:x": 2}' http://localhost/restconf/data/nacm-example:x)" 0 '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "default deny"}}}
'
|
||||
|
||||
new "Kill restconf daemon"
|
||||
sudo pkill -u www-data -f "/www-data/clixon_restconf"
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue