bootconfig - openconfig/featureprofiles GitHub Wiki
- Validate SetBootConfig and GetBootConfig rpcs for setting and getting persistent system configuration
-
gNOI-7.1.1 : Validate ability to update the system boot configuration.
- Call gnoi.bootconfig.BootConfig.GetBootConfig.
- Validate that the returned information matches expected initial configuration
- Store bootconfig to be able to reset it to initial state at end of test
- Update the hostname of the device to
test-device
- Call gnoi.bootconfig.BootConfig.SetBootConfig with a new bootconfig
- Call gnmi.Subscribe to
system/state/hostname
- Call gnoi.bootconfig.BootConfig.GetBootConfig
- Validate that hostname matches the gnmi subscribe as well as the GetBootConfig
- Reset bootconfig to orignal state
-
gNOI-7.1.2 : Validate gNSI artifacts - Credentialz
- Call gnoi.bootconfig.BootConfig.GetBootConfig.
- Validate that the returned information matches expected initial configuration
- Store bootconfig to be able to reset it to initial state at end of test
- Create new user
bootconfig-test-user
and add to oc configuration - Create proto message for adding password credential for user
bootconfig-test-user
passwords {
accounts {
account: "bootconfig-test-user"
password {
plaintext: "test-password"
}
}
}
- Call gnoi.bootconfig.BootConfig.SetBootConfig with a new bootconfig
- Call gnoi.bootconfig.BootConfig.GetBootConfig
- Validate the user has a password credential set
- Validate that user can ssh into device.
- Reset bootconfig to orginal configuration
-
gNOI-7.1.3 : Validate gNSI artifacts - Certz
- Call gnoi.bootconfig.BootConfig.GetBootConfig.
- Validate that the returned information matches expected initial configuration
- Store bootconfig to be able to reset it to initial state at end of test
- Create a new certificate for the tls profile in the GetBootConfig that is setup for base services.
- Create proto message for the certificate
certz {
profiles {
ssl_profile_id: <profile>
certz: {
entities {
certificate_chain: {
certificate: {
type: CERTIFICATE_TYPE_X509
encoding: CERTIFICATE_ENCODING_PEM
raw_certificate: <bytes>
raw_private_key: <bytes>
}
}
}
}
}
}
- Call gnoi.bootconfig.BootConfig.SetBootConfig with a new bootconfig
- Call gnoi.bootconfig.BootConfig.GetBootConfig
- Validate that new cert is loaded by making grpc call to device using the new cert.
- Reset bootconfig to orginal configuration
-
gNOI-7.1.4: Validate that password set in VC is properly namespaced and cannot be set via gnsi.Credentialz.Rotate.
- Call gnoi.bootconfig.BootConfig.GetBootConfig.
- Validate that the returned information matches expected initial configuration
- Store bootconfig to be able to reset it to initial state at end of test
- Create a new user in the VC portion of the bootconfig.
- Update vc portion of bootconfig with new user
bootconfig-test-user
and test passwordtest-password
- Call gnoi.bootconfig.BootConfig.SetBootConfig with a new bootconfig
- Call gnoi.bootconfig.BootConfig.GetBootConfig
- Build gnsi.Credentialz.Rotate for the new user with a password
temp-password
#proto: RotateAccountCredentialsRequest
password {
accounts {
account: "bootconfig-test-user"
password {
plaintext: "temp-password"
}
}
}
- Make call to gnsi.Credentialz.Rotate - this should fail since the vc namespace should take precedence.
{
"system": {
"config": {
"hostname": "hostname"
}
}
}
The below yaml defines the OC paths intended to be covered by this test. OC paths used for test setup are not listed here.
paths:
## State Paths ##
/system/state/hostname:
/system/config/hostname:
rpcs:
gnmi:
gNMI.Subscribe:
gnoi:
bootconfig.BootConfig.SetBootConfig:
bootconfig.BootConfig.GetBootConfig:
system.System.Reboot: