SEC-3.1 Authentication updating state instead of config

Hobbydos commented 1 year ago

Describe the bug tls_authentication_over_grpc_test seems to attempt to replace state instead of config.

OC Struct which is called by script:


// System_Aaa_Authentication_User represents the /openconfig-system/system/aaa/authentication/users/user YANG schema element.
type System_Aaa_Authentication_User struct {
    AuthorizedKeysListCreatedOn  *uint64                                   `path:"state/authorized-keys-list-created-on" module:"openconfig-system/gnsi-ssh"`
    AuthorizedKeysListVersion    *string                                   `path:"state/authorized-keys-list-version" module:"openconfig-system/gnsi-ssh"`
    AuthorizedUsersListCreatedOn *uint64                                   `path:"state/authorized-users-list-created-on" module:"openconfig-system/gnsi-ssh"`
    AuthorizedUsersListVersion   *string                                   `path:"state/authorized-users-list-version" module:"openconfig-system/gnsi-ssh"`
    Password                     *string                                   `path:"state/password" module:"openconfig-system/openconfig-system"`
    PasswordCreatedOn            *uint64                                   `path:"state/password-created-on" module:"openconfig-system/gnsi-console"`
    PasswordHashed               *string                                   `path:"state/password-hashed" module:"openconfig-system/openconfig-system"`
    PasswordVersion              *string                                   `path:"state/password-version" module:"openconfig-system/gnsi-console"`
    Role                         System_Aaa_Authentication_User_Role_Union `path:"state/role" module:"openconfig-system/openconfig-system" shadow-path:"config/role" shadow-module:"openconfig-system/openconfig-system"`
    Username                     *string                                   `path:"state/username|username" module:"openconfig-system/openconfig-system|openconfig-system" shadow-path:"config/username|username" shadow-module:"openconfig-system/openconfig-system|openconfig-system"`
}

But fpoc does have config in yang/fpoc/structs-4.go

// System_Aaa_Authentication_User represents the /openconfig-system/system/aaa/authentication/users/user YANG schema element.
type System_Aaa_Authentication_User struct {
    Password       *string                                   `path:"config/password" module:"openconfig-system/openconfig-system" shadow-path:"state/password" shadow-module:"openconfig-system/openconfig-system"`
    PasswordHashed *string                                   `path:"config/password-hashed" module:"openconfig-system/openconfig-system" shadow-path:"state/password-hashed" shadow-module:"openconfig-system/openconfig-system"`
    Role           System_Aaa_Authentication_User_Role_Union `path:"config/role" module:"openconfig-system/openconfig-system" shadow-path:"state/role" shadow-module:"openconfig-system/openconfig-system"`
    SshKey         *string                                   `path:"config/ssh-key" module:"openconfig-system/openconfig-system" shadow-path:"state/ssh-key" shadow-module:"openconfig-system/openconfig-system"`
    Username       *string                                   `path:"config/username|username" module:"openconfig-system/openconfig-system|openconfig-system" shadow-path:"state/username|username" shadow-module:"openconfig-system/openconfig-system|openconfig-system"`
}

To Reproduce Running the test results in this behavior on multiple vendors

Expected behavior should not update state, but config

Logs

go test -v feature/experimental/security/aaa/kne_tests/tls_authentication_over_grpc_test/tls_authentication_over_grpc_test.go --binding /home/hobbydos/topologies/arista.binding --testbed /home/hobbydos/topologies/arista.testbed --ssh_ip 172.20.20.1 

*** Reserving the testbed...

*** PROPERTY: time.end -> 1668812762
*** PROPERTY: build.main.path -> 
*** PROPERTY: build.main.sum -> 
*** PROPERTY: git.commit_timestamp -> 1668811017
*** PROPERTY: git.status -> 
*** PROPERTY: test.path -> feature/experimental/security/aaa/kne_tests/tls_authentication_over_grpc_test
*** PROPERTY: dut.vendor.full -> Arista
*** PROPERTY: dut.model.full -> cEOSLab
*** PROPERTY: dut.model -> cEOSLab
*** PROPERTY: topology -> dut:2
*** PROPERTY: dut.os_version -> 4.29.0.2F-29226602.42902F (engineering build)
*** PROPERTY: build.go_version -> go1.19.3
*** PROPERTY: build.main.version -> 
*** PROPERTY: git.commit -> 35b3a5a080c03726fe0b4f4fcd5722b2aeacdef6
*** PROPERTY: git.clean -> true
*** PROPERTY: time.begin -> 1668812762
*** PROPERTY: build.path -> 
*** PROPERTY: git.origin -> https://github.com/openconfig/featureprofiles
*** PROPERTY: dut.vendor -> ARISTA

********************************************************************************

  Testbed Reservation Complete
  ID: STATIC

    dut:              clab-ceos-ceos-ceos1
    port1:            Ethernet1
    port2:            Ethernet2

********************************************************************************

=== RUN   TestAuthentication
    tls_authentication_over_grpc_test.go:81: Replace(t, &{<nil> <nil> <nil> <nil> 0xc000ad1390 <nil> <nil> <nil> SYSTEM_ROLE_ADMIN 0xc000ad1370}) at path origin:"openconfig" elem:{name:"system"} elem:{name:"aaa"} elem:{name:"authentication"} elem:{name:"users"} elem:{name:"user" key:{key:"username" value:"alice"}} target:"clab-ceos-ceos-ceos1": SetRequest unsuccessful: rpc error: code = Aborted desc = error on request {
        prefix: {
          origin: "openconfig"
        }
        replace: {
          path: {
            elem: {
              name: "system"
            }
            elem: {
              name: "aaa"
            }
            elem: {
              name: "authentication"
            }
            elem: {
              name: "users"
            }
            elem: {
              name: "user"
              key: {
                key: "username"
                value: "alice"
              }
            }
          }
          val: {
            json_ietf_val: "{\n  \"openconfig-system:config\": {\n    \"role\": \"openconfig-aaa-types:SYSTEM_ROLE_ADMIN\",\n    \"username\": \"alice\"\n  },\n  \"openconfig-system:state\": {\n    \"password\": \"password\"\n  },\n  \"openconfig-system:username\": \"alice\"\n}"
          }
        }
        }: failed while setting /system/aaa/authentication/users/user[username=alice]: failed while unmarshaling Container user: {
          "openconfig-system:config": {
            "role": "openconfig-aaa-types:SYSTEM_ROLE_ADMIN",
            "username": "alice"
          },
          "openconfig-system:state": {
            "password": "password"
          },
          "openconfig-system:username": "alice"
        }: error decoding JSON value for node user[username='alice']/state: An unexpected element "password" is present
--- FAIL: TestAuthentication (0.03s)
FAIL

*** Releasing the testbed...

FAIL    command-line-arguments  0.889s
FAIL

Additional context Additionally, the test is hardcoded for gNMI port 6030

Hobbydos commented 1 year ago

cc @xw-g @robshakir

Hobbydos commented 1 year ago

No Longer an issue, passes with latest commit

  Testbed Reservation Complete
  ID: 1b160fe6-bf01-4d78-851b-82a8f396b4cc     dut:              dut
    port1:            Ethernet1
    port2:            Ethernet2
    ate:              ate
    port2:            eth2
    port1:            eth1 ******************************************************************************** === RUN   TestAuthentication
=== RUN   TestAuthentication/good_username_and_password
    tls_authentication_over_grpc_test.go:110: Trying SSH credentials
    tls_authentication_over_grpc_test.go:138: Trying credentials with GNMI Get
    tls_authentication_over_grpc_test.go:154: Trying credentials with GNMI Set
=== RUN   TestAuthentication/good_username_bad_password
    tls_authentication_over_grpc_test.go:110: Trying SSH credentials
    tls_authentication_over_grpc_test.go:138: Trying credentials with GNMI Get
    tls_authentication_over_grpc_test.go:154: Trying credentials with GNMI Set
=== RUN   TestAuthentication/bad_username
    tls_authentication_over_grpc_test.go:110: Trying SSH credentials
    tls_authentication_over_grpc_test.go:138: Trying credentials with GNMI Get
    tls_authentication_over_grpc_test.go:154: Trying credentials with GNMI Set
--- PASS: TestAuthentication (21.00s)
    --- PASS: TestAuthentication/good_username_and_password (0.71s)
    --- PASS: TestAuthentication/good_username_bad_password (0.38s)
    --- PASS: TestAuthentication/bad_username (2.38s)
PASS

openconfig / featureprofiles

SEC-3.1 Authentication updating state instead of config #803