experiments/clixon
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

* Added -U <user> command line to clixon_cli and clixon_netconf for NACM pseudo-user tests

Browse source
This commit is contained in:
Olof hagsand 2018-06-07 21:34:52 +02:00
parent de69b253dc
commit 5cabc11bfb
15 changed files with 132 additions and 48 deletions
Download patch file Download diff file Expand all files Collapse all files

48
test/test_auth_ext.sh
View file

@ -1,7 +1,7 @@
#!/bin/bash
# Authentication and authorization and IETF NACM
# External NACM file
# See RFC 8321 A.2
# See RFC 8341 A.2
# But replaced ietf-netconf-monitoring with *
APPNAME=example
@ -16,9 +16,11 @@ nacmfile=$dir/nacmfile
cat <<EOF > $cfg
<config>
<CLICON_CONFIGFILE>$cfg</CLICON_CONFIGFILE>
<CLICON_YANG_DIR>/usr/local/share/$APPNAME/yang</CLICON_YANG_DIR>
<CLICON_YANG_DIR>/usr/local/share/clixon</CLICON_YANG_DIR>
<CLICON_YANG_MODULE_MAIN>$fyang</CLICON_YANG_MODULE_MAIN>
<CLICON_CLISPEC_DIR>/usr/local/lib/$APPNAME/clispec</CLICON_CLISPEC_DIR>
<CLICON_BACKEND_DIR>/usr/local/lib/$APPNAME/backend</CLICON_BACKEND_DIR>
<CLICON_BACKEND_REGEXP>example_backend.so$</CLICON_BACKEND_REGEXP>
<CLICON_RESTCONF_DIR>/usr/local/lib/$APPNAME/restconf</CLICON_RESTCONF_DIR>
<CLICON_CLI_DIR>/usr/local/lib/$APPNAME/cli</CLICON_CLI_DIR>
<CLICON_CLI_MODE>$APPNAME</CLICON_CLI_MODE>
@ -36,6 +38,12 @@ EOF
cat <<EOF > $fyang
module $APPNAME{
prefix ex;
import ietf-interfaces {
prefix if;
}
import iana-if-type {
prefix ianaift;
}
container authentication {
description "Example code for enabling www basic auth and some example
users";
@ -61,6 +69,21 @@ module $APPNAME{
type int32;
description "something to edit";
}
container interfaces-state {
config false;
list interface{
key "name";
leaf name{
type string;
}
leaf type{
type string;
}
leaf if-index {
type int32;
}
}
}
}
EOF
@ -75,7 +98,6 @@ cat <<EOF > $nacmfile
<name>admin</name>
<user-name>admin</user-name>
<user-name>adm1</user-name>
<user-name>olof</user-name>
</group>
<group>
<name>limited</name>
@ -167,7 +189,7 @@ new "restconf DELETE whole datastore"
expecteq "$(curl -u adm1:bar -sS -X DELETE http://localhost/restconf/data)" ""
new2 "auth get"
expecteq "$(curl -u adm1:bar -sS -X GET http://localhost/restconf/data)" '{"data": null}
expecteq "$(curl -u adm1:bar -sS -X GET http://localhost/restconf/data)" '{"data": {"interfaces-state": {"interface": [{"name": "eth0","type": "ex:eth","if-index": 42}]}}}
'
new "Set x to 0"
@ -203,6 +225,24 @@ expecteq "$(curl -u wilma:bar -sS -X PUT -d '{"x": 2}' http://localhost/restconf
new2 "guest edit nacm"
expecteq "$(curl -u guest:bar -sS -X PUT -d '{"x": 3}' http://localhost/restconf/data/x)" '{"ietf-restconf:errors" : {"error": {"error-tag": "access-denied","error-type": "protocol","error-severity": "error","error-message": "The requested URL was unauthorized"}}} '
new "cli show conf as admin"
expectfn "$clixon_cli -1 -U adm1 -f $cfg -y $fyang show conf" 0 "^x 1;$"
new "cli show conf as limited"
expectfn "$clixon_cli -1 -U wilma -f $cfg -y $fyang show conf" 0 "^x 1;$"
new "cli show conf as guest"
expectfn "$clixon_cli -1 -U guest -f $cfg -y $fyang show conf" 255 "CLI command error"
new "cli rpc as admin"
expectfn "$clixon_cli -1 -U adm1 -f $cfg -y $fyang rpc ipv4" 0 "<next-hop-list>2.3.4.5</next-hop-list>"
new "cli rpc as limited"
expectfn "$clixon_cli -1 -U wilma -f $cfg -y $fyang rpc ipv4" 0 "<error-tag>access-denied</error-tag>"
new "cli rpc as guest"
expectfn "$clixon_cli -1 -U guest -f $cfg -y $fyang rpc ipv4" 0 "<error-tag>access-denied</error-tag>"
new "Kill restconf daemon"
sudo pkill -u www-data clixon_restconf