tests: add test for keychain send-accept times

Also uses oper state `active` node to test. Signed-off-by: Christian Hopps <chopps@labn.net>
2025-05-25 02:50:36 +00:00 · 2024-03-04 19:53:39 -05:00 · 2024-03-04 19:53:39 -05:00 · f47abbe1cb
commit f47abbe1cb
parent 4caffbda8e
3 changed files with 201 additions and 0 deletions
--- a/tests/topotests/key_sendaccept/r1/frr.conf
+++ b/tests/topotests/key_sendaccept/r1/frr.conf
@ -0,0 +1,31 @@
+log timestamp precision 6
+log file frr.log debug
+
+! debug northbound libyang
+
+debug northbound notifications
+debug northbound events
+debug northbound callbacks
+
+debug mgmt backend datastore frontend transaction
+debug mgmt client frontend
+debug mgmt client backend
+
+interface r1-eth0
+ ip address 1.1.1.1/24
+
+ ip ospf hello-interval 2
+ ip ospf dead-interval 10
+exit
+
+router ospf
+ ospf router-id 1.1.1.1
+ network 1.1.1.0/24 area 0
+exit
+
+router rip
+ network 1.1.1.0/24
+ network r1-eth0
+exit
+
+!ip route 250.0.0.1/32 Null0
--- a/tests/topotests/key_sendaccept/r2/frr.conf
+++ b/tests/topotests/key_sendaccept/r2/frr.conf
@ -0,0 +1,20 @@
+log timestamp precision 6
+log file frr.log debug
+
+interface r2-eth0
+ ip address 1.1.1.2/24
+
+ ip ospf hello-interval 2
+ ip ospf dead-interval 10
+exit
+
+router ospf
+ ospf router-id 2.2.2.2
+ network 1.1.1.0/24 area 0
+exit
+
+router rip
+ network 1.1.1.0/24
+exit
+
+ip route 250.0.0.2/32 Null0
--- a/tests/topotests/key_sendaccept/test_keychain.py
+++ b/tests/topotests/key_sendaccept/test_keychain.py
@ -0,0 +1,150 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 eval: (blacken-mode 1) -*-
+# SPDX-License-Identifier: ISC
+#
+# March 4 2024, Christian Hopps <chopps@labn.net>
+#
+# Copyright (c) 2024, LabN Consulting, L.L.C.
+#
+"""
+Test static route functionality
+"""
+import json
+
+import pytest
+from lib.topogen import Topogen
+
+pytestmark = [pytest.mark.ripd, pytest.mark.mgmtd]
+
+
+@pytest.fixture(scope="module")
+def tgen(request):
+    "Setup/Teardown the environment and provide tgen argument to tests"
+
+    topodef = {"s1": ("r1", "r2")}
+
+    tgen = Topogen(topodef, request.module.__name__)
+    tgen.start_topology()
+
+    router_list = tgen.routers()
+    for rname, router in router_list.items():
+        router.load_frr_config("frr.conf")
+
+    tgen.start_router()
+    yield tgen
+    tgen.stop_topology()
+
+
+DIR_SEND = 0
+DIR_ACCEPT = 1
+
+
+def is_key_active(router, keychain, keyid, direction):
+    dstr = "send" if direction == DIR_SEND else "accept"
+    node = f"{dstr}-lifetime-active"
+    output = router.net.cmd_raises(
+        "vtysh -c 'show mgmt get-data "
+        f'/ietf-key-chain:key-chains/key-chain[name="{keychain}"]'
+        f'/key[key-id="{keyid}"]/{node} json'
+        "'"
+    )
+    jd = json.loads(output)
+    return jd["ietf-key-chain:key-chains"]["key-chain"][0]["key"][0][node]
+
+
+def test_send_accept(tgen):
+    if tgen.routers_have_failure():
+        pytest.skip(tgen.errors)
+
+    r1 = tgen.gears["r1"]
+
+    conf = """conf t
+key chain kc
+ key 1
+  key-string theSecret
+  crypto-algorithm md5
+ exit
+exit
+"""
+    r1.vtysh_multicmd(conf.split("\n"), pretty_output=True)
+    assert is_key_active(r1, "kc", 1, DIR_SEND)
+    assert is_key_active(r1, "kc", 1, DIR_ACCEPT)
+
+    conf = """conf t
+key chain kc
+ key 1
+  key-string theSecret
+  crypto-algorithm md5
+  send-lifetime 00:00:00 Jan 1 2024 infinite
+  accept-lifetime 00:00:00 Jan 1 2024 infinite
+ exit
+exit
+"""
+    r1.vtysh_multicmd(conf.split("\n"), pretty_output=True)
+    assert is_key_active(r1, "kc", 1, DIR_SEND)
+    assert is_key_active(r1, "kc", 1, DIR_ACCEPT)
+
+    conf = """conf t
+key chain kc
+ key 1
+  send-lifetime 00:00:00 Jan 1 2035 infinite
+  accept-lifetime 00:00:00 Jan 1 2035 infinite
+ exit
+exit
+"""
+    r1.vtysh_multicmd(conf.split("\n"), pretty_output=True)
+    assert not is_key_active(r1, "kc", 1, DIR_SEND)
+    assert not is_key_active(r1, "kc", 1, DIR_ACCEPT)
+
+    secs_in_10_years = 60 * 60 * 24 * 365 * 10
+    conf = f"""conf t
+key chain kc
+ key 2
+  key-string theSecret
+  crypto-algorithm md5
+  send-lifetime 00:00:00 Jan 1 2024 duration {secs_in_10_years}
+  accept-lifetime 00:00:00 Jan 1 2024 duration {secs_in_10_years}
+ exit
+exit
+"""
+    r1.vtysh_multicmd(conf.split("\n"), pretty_output=True)
+    assert is_key_active(r1, "kc", 2, DIR_SEND)
+    assert is_key_active(r1, "kc", 2, DIR_ACCEPT)
+
+    conf = f"""conf t
+key chain kc
+ key 2
+  send-lifetime 00:00:00 Jan 1 2000 duration 10
+  accept-lifetime 00:00:00 Jan 1 2000 duration 10
+ exit
+exit
+"""
+    r1.vtysh_multicmd(conf.split("\n"), pretty_output=True)
+    assert not is_key_active(r1, "kc", 2, DIR_SEND)
+    assert not is_key_active(r1, "kc", 2, DIR_ACCEPT)
+
+    conf = """conf t
+key chain kc
+ key 3
+  key-string theSecret
+  crypto-algorithm md5
+  send-lifetime   00:00:00 Jan 1 2024  23:59:59 Dec 31 2034
+  accept-lifetime 00:00:00 Jan 1 2024  23:59:59 Dec 31 2034
+ exit
+exit
+"""
+    r1.vtysh_multicmd(conf.split("\n"), pretty_output=True)
+    assert is_key_active(r1, "kc", 3, DIR_SEND)
+    assert is_key_active(r1, "kc", 3, DIR_ACCEPT)
+
+    conf = """conf t
+key chain kc
+ key 3
+  send-lifetime   00:00:00 Dec 1 2035  23:59:59 Dec 31 2034
+  accept-lifetime 00:00:00 Dec 1 2035  23:59:59 Dec 31 2034
+ exit
+exit
+"""
+    r1.vtysh_multicmd(conf.split("\n"), pretty_output=True)
+    assert not is_key_active(r1, "kc", 3, DIR_SEND)
+    assert not is_key_active(r1, "kc", 3, DIR_ACCEPT)