Fixing Test related to SRL 23.10 (#1709)

* remove srl ssh key filter fix tests * bring back filtering function for older srl releases * polishing test case * Revert "bring back filtering function for older srl releases" This reverts commit 603c32d. --------- Co-authored-by: Roman Dodin <dodin.roman@gmail.com>
srl-labs · Nov 12, 2023 · 1784608 · 1784608
1 parent 64bb66a
commit 1784608
Show file tree

Hide file tree

Showing 5 changed files with 38 additions and 73 deletions.
diff --git a/nodes/srl/srl.go b/nodes/srl/srl.go
@@ -598,8 +598,6 @@ func (n *srl) addDefaultConfig(ctx context.Context) error {
 		DNSServers: n.Config().DNS.Servers,
 	}
 
-	n.filterSSHPubKeys()
-
 	// in srlinux >= v23.10+ linuxadmin and admin user ssh keys can only be configured via the cli
 	// so we add the keys to the template data for rendering.
 	if len(n.sshPubKeys) > 0 && (semver.Compare(n.swVersion.String(), "v23.10") >= 0 || n.swVersion.major == "0") {

diff --git a/nodes/srl/sshkey.go b/nodes/srl/sshkey.go
@@ -30,20 +30,3 @@ func catenateKeys(in []ssh.PublicKey) string {
 	// return the string builders content as string
 	return keys.String()
 }
-
-// filterSSHPubKeys removes non-rsa keys from n.sshPubKeys until srl adds support for them.
-func (n *srl) filterSSHPubKeys() {
-	if len(n.sshPubKeys) == 0 {
-		return
-	}
-
-	var filteredKeys []ssh.PublicKey
-
-	for _, k := range n.sshPubKeys {
-		if k.Type() == ssh.KeyAlgoRSA {
-			filteredKeys = append(filteredKeys, k)
-		}
-	}
-
-	n.sshPubKeys = filteredKeys
-}
diff --git a/nodes/srl/sshkey_test.go b/nodes/srl/sshkey_test.go
@@ -43,47 +43,3 @@ func Test_srl_catenateKeys(t *testing.T) {
 		})
 	}
 }
-
-func Test_srl_filterSSHPubKeys(t *testing.T) {
-	type fields struct {
-		keyFiles []string
-	}
-	tests := []struct {
-		name   string
-		fields fields
-		want   string
-	}{
-		{
-			name: "test1",
-			fields: fields{
-				keyFiles: []string{"test_data/keys"},
-			},
-			want: "\"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCs4Qv1yrBk6ygt+o7J4sUcYv+WfDjdAyABDoinOt3PgSmCcVqqAP2qS8UtTnMNuy93Orp6+/R/7/R3O5xdY6I4YViK3WVlKTAUVm7vdeTKp9uq1tNeWgo7+J3baSbQ3INp85ScTfFvRzRCFkr/W97Wh6pTa7ysgkcPvc2/tXG2z36Mx7/TFBk3Q1LY3ByKLtGrC5JnVpMTrqrsCwcLEVHHEZ4z5R4FZED/lpz+wTNFnR/l9HA6yDkKYensHynx+guqYpYD6y4yEGY/LcUnwBg0zIlUhmOsvdmxWBz12Lp7EBiNjSwhnPfe+o3efLGGnjWUAa4TgO8Sa8PQP0pK/ZNd\" \"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILKdXYzPIq8kHRJtDrh21wMVI76AnuPk7HDLeDteKN74\"",
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			allKeys, err := utils.LoadSSHPubKeysFromFiles(tt.fields.keyFiles)
-			if err != nil {
-				t.Errorf("failed to load keys: %v", err)
-			}
-
-			rsaKeys, err := utils.LoadSSHPubKeysFromFiles([]string{"test_data/rsa_key"})
-			if err != nil {
-				t.Errorf("failed to load keys: %v", err)
-			}
-
-			n := &srl{
-				sshPubKeys: allKeys,
-			}
-
-			n.filterSSHPubKeys()
-
-			got := catenateKeys(n.sshPubKeys)
-			want := catenateKeys(rsaKeys)
-			if d := cmp.Diff(got, want); d != "" {
-				t.Errorf("srl.filterSSHPubKeys() = %s", d)
-			}
-		})
-	}
-}
diff --git a/tests/02-basic-srl/01-two-srls.robot b/tests/02-basic-srl/01-two-srls.robot
@@ -10,17 +10,25 @@ Suite Teardown      Run Keyword    Cleanup
 ${lab-name}         02-01-two-srls
 ${lab-file-name}    02-srl02.clab.yml
 ${runtime}          docker
-${key-name}         test
+${key-name}         clab-test-key
 
 
 *** Test Cases ***
-Create SSH keypair
+Set key-path Variable
     ${key-path} =    OperatingSystem.Normalize Path    ~/.ssh/${key-name}
-    Log    ${key-path}
     Set Suite Variable    ${key-path}
-    # Using ed25519 algo because of paramiko https://github.com/paramiko/paramiko/issues/1915
+
+Create SSH keypair - RSA
+    ${rc}    ${output} =    Run And Return Rc And Output
+    ...    ssh-keygen -t rsa -N "" -f ${key-path}-rsa
+
+Create SSH keypair - ED25519
+    ${rc}    ${output} =    Run And Return Rc And Output
+    ...    ssh-keygen -t ed25519 -N "" -f ${key-path}-ed25519
+
+Create SSH keypair - ecdsa512
     ${rc}    ${output} =    Run And Return Rc And Output
-    ...    ssh-keygen -t ed25519 -N "" -f ${key-path}
+    ...    ssh-keygen -t ecdsa -b 521 -N "" -f ${key-path}-ecdsa512
 
 Deploy ${lab-name} lab
     Log    ${CURDIR}
@@ -74,17 +82,37 @@ Ensure srl1 is reachable over ssh
     ...    password=NokiaSrl1!
     ...    try_for=10
 
-Ensure srl1 is reachable over ssh with public key auth
+Ensure srl1 is reachable over ssh with public key RSA auth
+    Login via SSH with public key
+    ...    address=clab-${lab-name}-srl1
+    ...    username=admin
+    ...    keyfile=${key-path}-rsa
+    ...    try_for=10
+
+# This test is expected to fail on SR Linux < 23.10.1 since only RSA keys are supported
+# on older systems
+
+Ensure srl1 is reachable over ssh with public key ED25519 auth
+    Login via SSH with public key
+    ...    address=clab-${lab-name}-srl1
+    ...    username=admin
+    ...    keyfile=${key-path}-ed25519
+    ...    try_for=10
+
+# This test is expected to fail on SR Linux < 23.10.1 since only RSA keys are supported
+# on older systems
+
+Ensure srl1 is reachable over ssh with public key ECDSA512 auth
     Login via SSH with public key
     ...    address=clab-${lab-name}-srl1
     ...    username=admin
-    ...    keyfile=${key-path}
+    ...    keyfile=${key-path}-ecdsa512
     ...    try_for=10
 
 Ensure srl1 can ping srl2 over ethernet-1/1 interface
     Sleep    5s    give some time for networking stack to settle
     ${rc}    ${output} =    Run And Return Rc And Output
-    ...    sudo -E ${CLAB_BIN} --runtime ${runtime} exec -t ${CURDIR}/${lab-file-name} --label clab-node-name\=srl1 --cmd "ip netns exec srbase-default ping 192.168.0.1 -c2 -w 3s"
+    ...    sudo -E ${CLAB_BIN} --runtime ${runtime} exec -t ${CURDIR}/${lab-file-name} --label clab-node-name\=srl1 --cmd "ip netns exec srbase-default ping 192.168.0.1 -c2 -w 3"
     Log    ${output}
     Should Be Equal As Integers    ${rc}    0
     Should Contain    ${output}    0% packet loss
@@ -114,4 +142,4 @@ Verify TLS works with JSON-RPC, certificate check and IP address as SAN
 *** Keywords ***
 Cleanup
     Run    sudo -E ${CLAB_BIN} --runtime ${runtime} destroy -t ${CURDIR}/${lab-file-name} --cleanup
-    Run    rm -f ${key-path}
+    Run    rm -f ${key-path}*
diff --git a/tests/02-basic-srl/03-srl-bgp.robot b/tests/02-basic-srl/03-srl-bgp.robot
@@ -34,7 +34,7 @@ Verify e1-1 interface have been admin enabled on srl1
 Ensure srl1 can ping srl2 over ethernet-1/1 interface
     Sleep    5s    give some time for networking stack to settle
     ${rc}    ${output} =    Run And Return Rc And Output
-    ...    sudo -E ${CLAB_BIN} --runtime ${runtime} exec -t ${CURDIR}/${lab-file-name} --label clab-node-name\=srl1 --cmd "ip netns exec srbase-default ping 192.168.0.1 -c2 -w 3s"
+    ...    sudo -E ${CLAB_BIN} --runtime ${runtime} exec -t ${CURDIR}/${lab-file-name} --label clab-node-name\=srl1 --cmd "ip netns exec srbase-default ping 192.168.0.1 -c2 -w 3"
     Log    ${output}
     Should Be Equal As Integers    ${rc}    0
     Should Contain    ${output}    0% packet loss