From f87b156423b459440fa69b57b6fa5dff9f6c5b0d Mon Sep 17 00:00:00 2001 From: tstoner <33665760+tstoner@users.noreply.github.com> Date: Mon, 13 Aug 2018 23:50:37 -0400 Subject: [PATCH] NXOS NXAPI TLS & Cipher (#43651) * Testing commands over various nxapi levels of cipher and ssl strengths. * Reworked nxos nxapi ssl/tlv transport testing * Added additional nxos nxapi httpapi local transport test suite * Added meta: end_play to nxos nxapi transports task to prevent execution unless nxos_ssl is defined. * Refactored nxos nxapi tls and cipher options testing * Removed blank line * Renamed variable ssl to the more appropriate ciphers * After each transport perumation test reset nxapi on the switch to ensure no previous configuration is still present on the next test. * 43651: Removed unnecessary changes to nxos_nxapi & removed hard-coded nxapi port numbers. --- .../nxos_nxapi_transports/defaults/main.yaml | 2 + .../nxos_nxapi_transports/meta/main.yml | 2 + .../nxos_nxapi_transports/tasks/main.yaml | 2 + .../nxos_nxapi_transports/tasks/nxapi.yaml | 24 ++++++++++++ .../tests/nxapi/assert_test.yaml | 38 +++++++++++++++++++ .../tests/nxapi/assert_transports.yaml | 26 +++++++++++++ 6 files changed, 94 insertions(+) create mode 100644 test/integration/targets/nxos_nxapi_transports/defaults/main.yaml create mode 100644 test/integration/targets/nxos_nxapi_transports/meta/main.yml create mode 100644 test/integration/targets/nxos_nxapi_transports/tasks/main.yaml create mode 100644 test/integration/targets/nxos_nxapi_transports/tasks/nxapi.yaml create mode 100644 test/integration/targets/nxos_nxapi_transports/tests/nxapi/assert_test.yaml create mode 100644 test/integration/targets/nxos_nxapi_transports/tests/nxapi/assert_transports.yaml diff --git a/test/integration/targets/nxos_nxapi_transports/defaults/main.yaml b/test/integration/targets/nxos_nxapi_transports/defaults/main.yaml new file mode 100644 index 00000000000..5f709c5aac1 --- /dev/null +++ b/test/integration/targets/nxos_nxapi_transports/defaults/main.yaml @@ -0,0 +1,2 @@ +--- +testcase: "*" diff --git a/test/integration/targets/nxos_nxapi_transports/meta/main.yml b/test/integration/targets/nxos_nxapi_transports/meta/main.yml new file mode 100644 index 00000000000..ae741cbdc71 --- /dev/null +++ b/test/integration/targets/nxos_nxapi_transports/meta/main.yml @@ -0,0 +1,2 @@ +dependencies: + - prepare_nxos_tests diff --git a/test/integration/targets/nxos_nxapi_transports/tasks/main.yaml b/test/integration/targets/nxos_nxapi_transports/tasks/main.yaml new file mode 100644 index 00000000000..7b3640c35ee --- /dev/null +++ b/test/integration/targets/nxos_nxapi_transports/tasks/main.yaml @@ -0,0 +1,2 @@ +--- +- { include: nxapi.yaml, tags: ['nxapi'] } diff --git a/test/integration/targets/nxos_nxapi_transports/tasks/nxapi.yaml b/test/integration/targets/nxos_nxapi_transports/tasks/nxapi.yaml new file mode 100644 index 00000000000..1d4dc157231 --- /dev/null +++ b/test/integration/targets/nxos_nxapi_transports/tasks/nxapi.yaml @@ -0,0 +1,24 @@ +--- + +- block: + + - set_fact: + tls: + - [ yes, no, no ] + - [ no, yes, no ] + - [ no, no, yes ] + - set_fact: + ciphers: + - yes + - no + + - name: NXAPI various transport tests with different TLS and ciphers + vars: + tlsv1_2: "{{ item[0][0] }}" + tlsv1_1: "{{ item[0][1] }}" + tlsv1_0: "{{ item[0][2] }}" + ssl_strong_ciphers: "{{ item[1] }}" + include: targets/nxos_nxapi_transports/tests/nxapi/assert_test.yaml + loop: "{{ tls | product(ciphers) | list }}" + + when: (platform is match("N9K") or platform is match("N3K") or platform is match("N9K-F") or platform is match("N35") or platform is match("N3L")) and major_version is version('9.2', '>=') diff --git a/test/integration/targets/nxos_nxapi_transports/tests/nxapi/assert_test.yaml b/test/integration/targets/nxos_nxapi_transports/tests/nxapi/assert_test.yaml new file mode 100644 index 00000000000..d1a09cb92d2 --- /dev/null +++ b/test/integration/targets/nxos_nxapi_transports/tests/nxapi/assert_test.yaml @@ -0,0 +1,38 @@ +- block: + + - debug: msg="START nxapi/setup_test.yaml" + + - name: "Configure NXAPI tlsv1_2={{ tlsv1_2 }}, tlsv1_1={{ tlsv1_1 }}, tlsv1_0={{ tlsv1_0 }}, ssl_strong_ciphers={{ ssl_strong_ciphers }}" + nxos_nxapi: + enable_http: no + enable_https: yes + https_port: 443 + tlsv1_2: "{{ tlsv1_2 }}" + tlsv1_1: "{{ tlsv1_1 }}" + tlsv1_0: "{{ tlsv1_0 }}" + ssl_strong_ciphers: "{{ ssl_strong_ciphers }}" + connection: network_cli + register: result + + - name: Assert NXAPI setup test was successful + assert: &assert_false + that: + - "result.failed == false" + + - name: Assert transports + include: targets/nxos_nxapi_transports/tests/nxapi/assert_transports.yaml + + - debug: msg="END nxapi/setup_test.yaml" + + always: + - name: Cleanup - Disable NXAPI + nxos_nxapi: + state: absent + connection: network_cli + register: result + + - name: Cleanup - Re-enable NXAPI + nxos_nxapi: + state: present + connection: network_cli + register: result diff --git a/test/integration/targets/nxos_nxapi_transports/tests/nxapi/assert_transports.yaml b/test/integration/targets/nxos_nxapi_transports/tests/nxapi/assert_transports.yaml new file mode 100644 index 00000000000..7789bb38328 --- /dev/null +++ b/test/integration/targets/nxos_nxapi_transports/tests/nxapi/assert_transports.yaml @@ -0,0 +1,26 @@ +--- + +- nxos_command: + commands: + - show hostname + connection: httpapi + vars: + ansible_httpapi_use_ssl: yes + ansible_httpapi_validate_certs: no + register: result + +- name: Assert command over connection httpapi was successful + assert: + that: + - "result.failed == false" + +- nxos_command: + commands: + - show hostname + provider: "{{ nxapi_ssl }}" + register: result + +- name: Assert command over nxapi_ssl provider was successful + assert: + that: + - "result.failed == false"