Skip to content

Commit

Permalink
change authentication sources
Browse files Browse the repository at this point in the history
  • Loading branch information
@stgmsa
stgmsa committed Mar 7, 2025
1 parent ba78d1d commit 2a6b21e
Show file tree
Hide file tree
Showing 18 changed files with 95 additions and 54 deletions.
10 changes: 10 additions & 0 deletions t/venom/test_suites/nodes/dot1x_eap_teap/release_dhcp.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
name: Release DHCP
testcases:
- name: release_dhcp
steps:
- type: exec
script: "sudo dhclient -v -r ens7"
timeout: 10
assertions:
- result.systemout ShouldContainSubstring "DHCPRELEASE"
- result.systemout ShouldContainSubstring "ens7"
10 changes: 10 additions & 0 deletions t/venom/test_suites/nodes/dot1x_eap_teap/run_dhcp.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
name: Run DHCP
testcases:
- name: run_dhcp
steps:
- type: exec
script: "sudo dhclient -v ens7"
timeout: 10
assertions:
- result.systemout ShouldContainSubstring "DHCPACK"
- result.systemout ShouldContainSubstring "ens7"
9 changes: 9 additions & 0 deletions t/venom/test_suites/nodes/dot1x_eap_teap/run_wpasupplicant.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
name: Run wpasupplicant for EAP/TEAP
testcases:
- name: run_wpasupplicant_eap_teap
steps:
- type: exec
script: "sudo wpa_supplicant -c /etc/wpa_supplicant/eap_teap/eap_teap_mschapv2.conf -D wired -i ens7 -B"
timeout: 10
assertions:
- result.systemout ShouldContainSubstring "Successfully initialized wpa_supplicant"
9 changes: 9 additions & 0 deletions t/venom/test_suites/nodes/wireless_dot1x_eap_teap/run_wpasupplicant.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
name: Run wpasupplicant for Wireless Secure
testcases:
- name: run_wpasupplicant_wireless_secure_teap
steps:
- type: exec
script: "sudo wpa_supplicant -Dnl80211 -iwlan1 -c /etc/wpa_supplicant/wireless_secure/wireless_secure_teap.conf -B"
timeout: 10
assertions:
- result.systemout ShouldContainSubstring "Successfully initialized wpa_supplicant"
12 changes: 6 additions & 6 deletions t/venom/test_suites/wired_dot1x_eap_teap/15_create_and_test_ad_machine_source.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,11 +21,11 @@ testcases:
"actions": [
{
"type": "set_role",
"value": "{{.dot1x_eap_peap.roles.ad_machine.id}}"
"value": "{{.dot1x_eap_teap.roles.ad_machine.id}}"
},
{
"type": "set_access_duration",
"value": "{{.dot1x_eap_peap.sources.ad_machine.access_duration}}"
"value": "{{.dot1x_eap_teap.sources.ad_machine.access_duration}}"
}
],
"conditions": []
Expand All @@ -35,13 +35,13 @@ testcases:
"binddn": "{{.ad_domain_admin_user}}@{{.ad_dns_domain}}",
"cache_match": "0",
"connection_timeout": 1,
"description": "{{.dot1x_eap_peap.sources.ad_machine.description}}",
"description": "{{.dot1x_eap_teap.sources.ad_machine.description}}",
"email_attribute": "mail",
"encryption": "starttls",
"host": [
"{{.ad_mgmt_ip}}"
],
"id": "{{.dot1x_eap_peap.sources.ad_machine.name}}",
"id": "{{.dot1x_eap_teap.sources.ad_machine.name}}",
"monitor": "1",
"password": "{{.ad_domain_admin_password}}",
"port": "389",
Expand Down Expand Up @@ -76,12 +76,12 @@ testcases:
"basedn": "{{.ad_base_dn}}",
"binddn": "{{.ad_domain_admin_user}}@{{.ad_dns_domain}}",
"connection_timeout": 1,
"description": "{{.dot1x_eap_peap.sources.ad_machine.description}}",
"description": "{{.dot1x_eap_teap.sources.ad_machine.description}}",
"encryption": "starttls",
"host": [
"{{.ad_mgmt_ip}}"
],
"id": "{{.dot1x_eap_peap.sources.ad_machine.name}}",
"id": "{{.dot1x_eap_teap.sources.ad_machine.name}}",
"password": "{{.ad_domain_admin_password}}",
"port": "389",
"read_timeout": 10,
Expand Down
12 changes: 6 additions & 6 deletions t/venom/test_suites/wired_dot1x_eap_teap/20_create_and_test_ad_user_source.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,11 +21,11 @@ testcases:
"actions": [
{
"type": "set_role",
"value": "{{.dot1x_eap_peap.roles.ad_user.id}}"
"value": "{{.dot1x_eap_teap.roles.ad_user.id}}"
},
{
"type": "set_access_duration",
"value": "{{.dot1x_eap_peap.sources.ad_user.access_duration}}"
"value": "{{.dot1x_eap_teap.sources.ad_user.access_duration}}"
}
],
"conditions": []
Expand All @@ -35,13 +35,13 @@ testcases:
"binddn": "{{.ad_domain_admin_user}}@{{.ad_dns_domain}}",
"cache_match": "0",
"connection_timeout": 1,
"description": "{{.dot1x_eap_peap.sources.ad_user.description}}",
"description": "{{.dot1x_eap_teap.sources.ad_user.description}}",
"email_attribute": "mail",
"encryption": "starttls",
"host": [
"{{.ad_mgmt_ip}}"
],
"id": "{{.dot1x_eap_peap.sources.ad_user.name}}",
"id": "{{.dot1x_eap_teap.sources.ad_user.name}}",
"monitor": "1",
"password": "{{.ad_domain_admin_password}}",
"port": "389",
Expand Down Expand Up @@ -76,12 +76,12 @@ testcases:
"basedn": "{{.ad_base_dn}}",
"binddn": "{{.ad_domain_admin_user}}@{{.ad_dns_domain}}",
"connection_timeout": 1,
"description": "{{.dot1x_eap_peap.sources.ad_user.description}}",
"description": "{{.dot1x_eap_teap.sources.ad_user.description}}",
"encryption": "starttls",
"host": [
"{{.ad_mgmt_ip}}"
],
"id": "{{.dot1x_eap_peap.sources.ad_user.name}}",
"id": "{{.dot1x_eap_teap.sources.ad_user.name}}",
"password": "{{.ad_domain_admin_password}}",
"port": "389",
"read_timeout": 10,
Expand Down
16 changes: 8 additions & 8 deletions t/venom/test_suites/wired_dot1x_eap_teap/25_create_connection_profile.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ testcases:
steps:
- type: get_login_token

- name: create_dot1x_wired_eap_peap_mschapv2connection_profile
- name: create_dot1x_wired_eap_teap_mschapv2connection_profile
steps:
- type: http
method: POST
Expand All @@ -22,22 +22,22 @@ testcases:
"unit": "m"
},
"default_psk_key": null,
"description": "{{.dot1x_eap_peap.profiles.wired.description}}",
"description": "{{.dot1x_eap_teap.profiles.wired.description}}",
"dot1x_recompute_role_from_portal": "enabled",
"dot1x_unset_on_unmatch": "disabled",
"dpsk": "disabled",
"filter": [
{
"type": "connection_type",
"match": "{{.dot1x_eap_peap.profiles.wired.filters.connection_type}}"
"match": "{{.dot1x_eap_teap.profiles.wired.filters.connection_type}}"
},
{
"type": "connection_sub_type",
"match": "{{.dot1x_eap_peap.profiles.wired.filters.connection_sub_type}}"
"match": "{{.dot1x_eap_teap.profiles.wired.filters.connection_sub_type}}"
}
],
"filter_match_style": "all",
"id": "{{.dot1x_eap_peap.profiles.wired.id}}",
"id": "{{.dot1x_eap_teap.profiles.wired.id}}",
"locale": null,
"login_attempt_limit": 0,
"logo": null,
Expand All @@ -54,11 +54,11 @@ testcases:
"sms_pin_retry_limit": 0,
"sms_request_limit": 0,
"sources": [
"{{.dot1x_eap_peap.sources.ad_machine.name}}",
"{{.dot1x_eap_peap.sources.ad_user.name}}"
"{{.dot1x_eap_teap.sources.ad_machine.name}}",
"{{.dot1x_eap_teap.sources.ad_user.name}}"
],
"status": "enabled",
"unreg_on_acct_stop": "{{.dot1x_eap_peap.profiles.wired.unreg_on_acct_stop}}",
"unreg_on_acct_stop": "{{.dot1x_eap_teap.profiles.wired.unreg_on_acct_stop}}",
"vlan_pool_technique": "username_hash"
}
headers:
Expand Down
2 changes: 1 addition & 1 deletion t/venom/test_suites/wired_dot1x_eap_teap/45_run_wpasupplicant.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,4 +8,4 @@ testcases:
command: |
cd /usr/local/pf/t/venom ; \
sudo VENOM_COMMON_FLAGS='--output-dir={{.test_suite_results_dir}}/{{.venom.testcase}}' \
/usr/local/pf/t/venom/venom-wrapper.sh {{.nodes_test_suite_dir}}/dot1x_eap_peap/{{.venom.testcase}}.yml
/usr/local/pf/t/venom/venom-wrapper.sh {{.nodes_test_suite_dir}}/dot1x_eap_teap/{{.venom.testcase}}.yml
6 changes: 3 additions & 3 deletions t/venom/test_suites/wired_dot1x_eap_teap/55_check_radius_audit_log.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ testcases:
{
"field": "connection_type",
"op": "equals",
"value": "{{.dot1x_eap_peap.profiles.wired.filters.connection_type}}"
"value": "{{.dot1x_eap_teap.profiles.wired.filters.connection_type}}"
}
]
}
Expand Down Expand Up @@ -90,5 +90,5 @@ testcases:
"Content-Type": "application/json"
assertions:
- result.statuscode ShouldEqual 200
- result.bodyjson.item.radius_reply ShouldContainSubstring 'Tunnel-Private-Group-Id = "{{.dot1x_eap_peap.roles.ad_user.vlan_id}}"'
- result.bodyjson.item.profile ShouldEqual "{{.dot1x_eap_peap.profiles.wired.id}}"
- result.bodyjson.item.radius_reply ShouldContainSubstring 'Tunnel-Private-Group-Id = "{{.dot1x_eap_teap.roles.ad_user.vlan_id}}"'
- result.bodyjson.item.profile ShouldEqual "{{.dot1x_eap_teap.profiles.wired.id}}"
4 changes: 2 additions & 2 deletions t/venom/test_suites/wired_dot1x_eap_teap/60_check_autoregister_node.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ testcases:
assertions:
- result.statuscode ShouldEqual 200
- result.bodyjson.item.autoreg ShouldEqual yes
- result.bodyjson.item.category ShouldEqual "{{.dot1x_eap_peap.roles.ad_user.id}}"
- result.bodyjson.item.category ShouldEqual "{{.dot1x_eap_teap.roles.ad_user.id}}"
- result.bodyjson.item.pid ShouldEqual "{{.ad_domain_user}}"
- result.bodyjson.item.status ShouldEqual reg
vars:
Expand All @@ -33,7 +33,7 @@ testcases:
# - type: exec
# script: |
# perl -I/usr/local/pf/lib -I/usr/local/pf/lib_perl/lib/perl5 -Mpf::config::util \
# -e 'my @times = get_translatable_time("{{.dot1x_eap_peap.sources.ad_user.access_duration}}"); print("$times[2]$times[1]");'
# -e 'my @times = get_translatable_time("{{.dot1x_eap_teap.sources.ad_user.access_duration}}"); print("$times[2]$times[1]");'
# vars:
# translatable_time:
# from: result.systemout
Expand Down
4 changes: 2 additions & 2 deletions t/venom/test_suites/wired_dot1x_eap_teap/65_check_dot1x_int_status.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ testcases:
"Content-Type": "application/json"
assertions:
# we didn't check MAC address on port to make this testcase reusable
- result.body ShouldContainSubstring "{{.dot1x_eap_peap.roles.ad_user.vlan_id}}"
- result.body ShouldContainSubstring PEAP
- result.body ShouldContainSubstring "{{.dot1x_eap_teap.roles.ad_user.vlan_id}}"
- result.body ShouldContainSubstring TEAP
- result.body ShouldContainSubstring AUTHORIZED
- result.statuscode ShouldEqual 200
12 changes: 6 additions & 6 deletions t/venom/test_suites/wireless_dot1x_eap_teap/15_create_and_test_ad_machine_source.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,11 +21,11 @@ testcases:
"actions": [
{
"type": "set_role",
"value": "{{.wireless_dot1x_eap_peap.roles.ad_machine.id}}"
"value": "{{.wireless_dot1x_eap_teap.roles.ad_machine.id}}"
},
{
"type": "set_access_duration",
"value": "{{.wireless_dot1x_eap_peap.sources.ad_machine.access_duration}}"
"value": "{{.wireless_dot1x_eap_teap.sources.ad_machine.access_duration}}"
}
],
"conditions": []
Expand All @@ -35,13 +35,13 @@ testcases:
"binddn": "{{.ad_domain_admin_user}}@{{.ad_dns_domain}}",
"cache_match": "0",
"connection_timeout": 1,
"description": "{{.wireless_dot1x_eap_peap.sources.ad_machine.description}}",
"description": "{{.wireless_dot1x_eap_teap.sources.ad_machine.description}}",
"email_attribute": "mail",
"encryption": "starttls",
"host": [
"{{.ad_mgmt_ip}}"
],
"id": "{{.wireless_dot1x_eap_peap.sources.ad_machine.name}}",
"id": "{{.wireless_dot1x_eap_teap.sources.ad_machine.name}}",
"monitor": "1",
"password": "{{.ad_domain_admin_password}}",
"port": "389",
Expand Down Expand Up @@ -76,12 +76,12 @@ testcases:
"basedn": "{{.ad_base_dn}}",
"binddn": "{{.ad_domain_admin_user}}@{{.ad_dns_domain}}",
"connection_timeout": 1,
"description": "{{.wireless_dot1x_eap_peap.sources.ad_machine.description}}",
"description": "{{.wireless_dot1x_eap_teap.sources.ad_machine.description}}",
"encryption": "starttls",
"host": [
"{{.ad_mgmt_ip}}"
],
"id": "{{.wireless_dot1x_eap_peap.sources.ad_machine.name}}",
"id": "{{.wireless_dot1x_eap_teap.sources.ad_machine.name}}",
"password": "{{.ad_domain_admin_password}}",
"port": "389",
"read_timeout": 10,
Expand Down
12 changes: 6 additions & 6 deletions t/venom/test_suites/wireless_dot1x_eap_teap/20_create_and_test_ad_user_source.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,11 +21,11 @@ testcases:
"actions": [
{
"type": "set_role",
"value": "{{.wireless_dot1x_eap_peap.roles.ad_user.id}}"
"value": "{{.wireless_dot1x_eap_teap.roles.ad_user.id}}"
},
{
"type": "set_access_duration",
"value": "{{.wireless_dot1x_eap_peap.sources.ad_user.access_duration}}"
"value": "{{.wireless_dot1x_eap_teap.sources.ad_user.access_duration}}"
}
],
"conditions": []
Expand All @@ -35,13 +35,13 @@ testcases:
"binddn": "{{.ad_domain_admin_user}}@{{.ad_dns_domain}}",
"cache_match": "0",
"connection_timeout": 1,
"description": "{{.wireless_dot1x_eap_peap.sources.ad_user.description}}",
"description": "{{.wireless_dot1x_eap_teap.sources.ad_user.description}}",
"email_attribute": "mail",
"encryption": "starttls",
"host": [
"{{.ad_mgmt_ip}}"
],
"id": "{{.wireless_dot1x_eap_peap.sources.ad_user.name}}",
"id": "{{.wireless_dot1x_eap_teap.sources.ad_user.name}}",
"monitor": "1",
"password": "{{.ad_domain_admin_password}}",
"port": "389",
Expand Down Expand Up @@ -76,12 +76,12 @@ testcases:
"basedn": "{{.ad_base_dn}}",
"binddn": "{{.ad_domain_admin_user}}@{{.ad_dns_domain}}",
"connection_timeout": 1,
"description": "{{.wireless_dot1x_eap_peap.sources.ad_user.description}}",
"description": "{{.wireless_dot1x_eap_teap.sources.ad_user.description}}",
"encryption": "starttls",
"host": [
"{{.ad_mgmt_ip}}"
],
"id": "{{.wireless_dot1x_eap_peap.sources.ad_user.name}}",
"id": "{{.wireless_dot1x_eap_teap.sources.ad_user.name}}",
"password": "{{.ad_domain_admin_password}}",
"port": "389",
"read_timeout": 10,
Expand Down
16 changes: 8 additions & 8 deletions t/venom/test_suites/wireless_dot1x_eap_teap/25_create_connection_profile.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ testcases:
steps:
- type: get_login_token

- name: create_wireless_dot1x_wired_eap_peap_mschapv2connection_profile
- name: create_wireless_dot1x_wired_eap_teap_mschapv2connection_profile
steps:
- type: http
method: POST
Expand All @@ -22,22 +22,22 @@ testcases:
"unit": "m"
},
"default_psk_key": null,
"description": "{{.wireless_dot1x_eap_peap.profiles.wireless.description}}",
"description": "{{.wireless_dot1x_eap_teap.profiles.wireless.description}}",
"dot1x_recompute_role_from_portal": "enabled",
"dot1x_unset_on_unmatch": "disabled",
"dpsk": "disabled",
"filter": [
{
"type": "connection_type",
"match": "{{.wireless_dot1x_eap_peap.profiles.wireless.filters.connection_type}}"
"match": "{{.wireless_dot1x_eap_teap.profiles.wireless.filters.connection_type}}"
},
{
"type": "connection_sub_type",
"match": "{{.wireless_dot1x_eap_peap.profiles.wireless.filters.connection_sub_type}}"
"match": "{{.wireless_dot1x_eap_teap.profiles.wireless.filters.connection_sub_type}}"
}
],
"filter_match_style": "all",
"id": "{{.wireless_dot1x_eap_peap.profiles.wireless.id}}",
"id": "{{.wireless_dot1x_eap_teap.profiles.wireless.id}}",
"locale": null,
"login_attempt_limit": 0,
"logo": null,
Expand All @@ -54,11 +54,11 @@ testcases:
"sms_pin_retry_limit": 0,
"sms_request_limit": 0,
"sources": [
"{{.wireless_dot1x_eap_peap.sources.ad_machine.name}}",
"{{.wireless_dot1x_eap_peap.sources.ad_user.name}}"
"{{.wireless_dot1x_eap_teap.sources.ad_machine.name}}",
"{{.wireless_dot1x_eap_teap.sources.ad_user.name}}"
],
"status": "enabled",
"unreg_on_acct_stop": "{{.wireless_dot1x_eap_peap.profiles.wireless.unreg_on_acct_stop}}",
"unreg_on_acct_stop": "{{.wireless_dot1x_eap_teap.profiles.wireless.unreg_on_acct_stop}}",
"vlan_pool_technique": "username_hash"
}
headers:
Expand Down
2 changes: 1 addition & 1 deletion t/venom/test_suites/wireless_dot1x_eap_teap/40_run_wpasupplicant.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,4 +8,4 @@ testcases:
command: |
cd /usr/local/pf/t/venom ; \
sudo VENOM_COMMON_FLAGS='--output-dir={{.test_suite_results_dir}}/{{.venom.testcase}}' \
/usr/local/pf/t/venom/venom-wrapper.sh {{.nodes_test_suite_dir}}/wireless_dot1x_eap_peap/run_wpasupplicant.yml
/usr/local/pf/t/venom/venom-wrapper.sh {{.nodes_test_suite_dir}}/wireless_dot1x_eap_teap/run_wpasupplicant.yml
6 changes: 3 additions & 3 deletions t/venom/test_suites/wireless_dot1x_eap_teap/50_check_radius_audit_log.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ testcases:
{
"field": "connection_type",
"op": "equals",
"value": "{{.wireless_dot1x_eap_peap.profiles.wireless.filters.connection_type}}"
"value": "{{.wireless_dot1x_eap_teap.profiles.wireless.filters.connection_type}}"
}
]
}
Expand Down Expand Up @@ -90,5 +90,5 @@ testcases:
"Content-Type": "application/json"
assertions:
- result.statuscode ShouldEqual 200
- result.bodyjson.item.radius_reply ShouldContainSubstring 'Tunnel-Private-Group-Id = "{{.wireless_dot1x_eap_peap.roles.ad_user.vlan_id}}"'
- result.bodyjson.item.profile ShouldEqual "{{.wireless_dot1x_eap_peap.profiles.wireless.id}}"
- result.bodyjson.item.radius_reply ShouldContainSubstring 'Tunnel-Private-Group-Id = "{{.wireless_dot1x_eap_teap.roles.ad_user.vlan_id}}"'
- result.bodyjson.item.profile ShouldEqual "{{.wireless_dot1x_eap_teap.profiles.wireless.id}}"
Loading

0 comments on commit 2a6b21e

Please sign in to comment.