From ba78d1dced76da4e624053bc6c9bdff3ec037007 Mon Sep 17 00:00:00 2001
From: Zhihao Ma <stgmsa@gmail.com>
Date: Fri, 7 Mar 2025 05:56:38 -0500
Subject: [PATCH] adds teap test variables adds teap config creation steps

---
 .../08_create_teap_profile.yml                | 27 +++++++
 .../09_enable_teap_in_eap_profile.yml         | 22 ++++++
 .../08_create_teap_profile.yml                | 27 +++++++
 .../09_enable_teap_in_eap_profile.yml         | 22 ++++++
 t/venom/vars/all.yml                          | 70 +++++++++++++++++++
 5 files changed, 168 insertions(+)
 create mode 100644 t/venom/test_suites/wired_dot1x_eap_teap/08_create_teap_profile.yml
 create mode 100644 t/venom/test_suites/wired_dot1x_eap_teap/09_enable_teap_in_eap_profile.yml
 create mode 100644 t/venom/test_suites/wireless_dot1x_eap_teap/08_create_teap_profile.yml
 create mode 100644 t/venom/test_suites/wireless_dot1x_eap_teap/09_enable_teap_in_eap_profile.yml

diff --git a/t/venom/test_suites/wired_dot1x_eap_teap/08_create_teap_profile.yml b/t/venom/test_suites/wired_dot1x_eap_teap/08_create_teap_profile.yml
new file mode 100644
index 000000000000..c42db9fe9aa1
--- /dev/null
+++ b/t/venom/test_suites/wired_dot1x_eap_teap/08_create_teap_profile.yml
@@ -0,0 +1,27 @@
+name: Create TEAP Profile
+testcases:
+  - name: get_login_token
+    steps:
+      - type: get_login_token
+
+  - name: create_teap_profile
+    steps:
+      - type: http
+        method: POST
+        url: '{{.pfserver_webadmin_url}}/api/v1/config/radiusd/teap_profiles'
+        ignore_verify_ssl: true
+        body: >-
+          {
+            "id":"test-teap-profile",
+            "isClone":false,
+            "isNew":true,
+            "authority_identity":"1234",
+            "identity_types":"machine,user",
+            "pac_opaque_key":"0123456789abcdef0123456789ABCDEF",
+            "tls":"tls-eap-teap"
+          }
+        headers:
+          "Authorization": "{{.get_login_token.result.token}}"
+          "Content-Type": "application/json"
+        assertions:
+          - result.statuscode ShouldEqual 201
diff --git a/t/venom/test_suites/wired_dot1x_eap_teap/09_enable_teap_in_eap_profile.yml b/t/venom/test_suites/wired_dot1x_eap_teap/09_enable_teap_in_eap_profile.yml
new file mode 100644
index 000000000000..f8f4581ea534
--- /dev/null
+++ b/t/venom/test_suites/wired_dot1x_eap_teap/09_enable_teap_in_eap_profile.yml
@@ -0,0 +1,22 @@
+name: Enable TEAP in default EAP Profile
+testcases:
+  - name: get_login_token
+    steps:
+      - type: get_login_token
+
+  - name: enable_teap_in_default_profile
+    steps:
+      - type: http
+        method: PATCH
+        url: '{{.pfserver_webadmin_url}}/api/v1/config/radiusd/eap_profile/default'
+        ignore_verify_ssl: true
+        body: >-
+          {
+            "eap_authentication_types":["GTC", "MD5", "MSCHAPv2", "PEAP", "TLS", "TTLS", "TEAP"],
+            "teap_config":"test-teap-profile"
+          }
+        headers:
+          "Authorization": "{{.get_login_token.result.token}}"
+          "Content-Type": "application/json"
+        assertions:
+          - result.statuscode ShouldEqual 200
diff --git a/t/venom/test_suites/wireless_dot1x_eap_teap/08_create_teap_profile.yml b/t/venom/test_suites/wireless_dot1x_eap_teap/08_create_teap_profile.yml
new file mode 100644
index 000000000000..c42db9fe9aa1
--- /dev/null
+++ b/t/venom/test_suites/wireless_dot1x_eap_teap/08_create_teap_profile.yml
@@ -0,0 +1,27 @@
+name: Create TEAP Profile
+testcases:
+  - name: get_login_token
+    steps:
+      - type: get_login_token
+
+  - name: create_teap_profile
+    steps:
+      - type: http
+        method: POST
+        url: '{{.pfserver_webadmin_url}}/api/v1/config/radiusd/teap_profiles'
+        ignore_verify_ssl: true
+        body: >-
+          {
+            "id":"test-teap-profile",
+            "isClone":false,
+            "isNew":true,
+            "authority_identity":"1234",
+            "identity_types":"machine,user",
+            "pac_opaque_key":"0123456789abcdef0123456789ABCDEF",
+            "tls":"tls-eap-teap"
+          }
+        headers:
+          "Authorization": "{{.get_login_token.result.token}}"
+          "Content-Type": "application/json"
+        assertions:
+          - result.statuscode ShouldEqual 201
diff --git a/t/venom/test_suites/wireless_dot1x_eap_teap/09_enable_teap_in_eap_profile.yml b/t/venom/test_suites/wireless_dot1x_eap_teap/09_enable_teap_in_eap_profile.yml
new file mode 100644
index 000000000000..f8f4581ea534
--- /dev/null
+++ b/t/venom/test_suites/wireless_dot1x_eap_teap/09_enable_teap_in_eap_profile.yml
@@ -0,0 +1,22 @@
+name: Enable TEAP in default EAP Profile
+testcases:
+  - name: get_login_token
+    steps:
+      - type: get_login_token
+
+  - name: enable_teap_in_default_profile
+    steps:
+      - type: http
+        method: PATCH
+        url: '{{.pfserver_webadmin_url}}/api/v1/config/radiusd/eap_profile/default'
+        ignore_verify_ssl: true
+        body: >-
+          {
+            "eap_authentication_types":["GTC", "MD5", "MSCHAPv2", "PEAP", "TLS", "TTLS", "TEAP"],
+            "teap_config":"test-teap-profile"
+          }
+        headers:
+          "Authorization": "{{.get_login_token.result.token}}"
+          "Content-Type": "application/json"
+        assertions:
+          - result.statuscode ShouldEqual 200
diff --git a/t/venom/vars/all.yml b/t/venom/vars/all.yml
index 175e8fd036a8..277356d47947 100644
--- a/t/venom/vars/all.yml
+++ b/t/venom/vars/all.yml
@@ -184,6 +184,76 @@ wireless_dot1x_eap_peap.profiles.wireless.filters.connection_type: Wireless-802.
 wireless_dot1x_eap_peap.profiles.wireless.filters.connection_sub_type: MS-EAP-Authentication
 wireless_dot1x_eap_peap.profiles.wireless.unreg_on_acct_stop: enabled
 
+
+################################################################################
+# eap_teap test suites specific variables
+################################################################################
+# AD user
+eap_teap.roles.ad_user.id: user_employee
+eap_teap.roles.ad_user.notes: User employee
+eap_teap.roles.ad_user.vlan_id: 100
+
+eap_teap.roles.ad_machine.id: machine_employee
+eap_teap.roles.ad_machine.notes: Machine Employee
+eap_teap.roles.ad_machine.vlan_id: 100
+
+################################################################################
+# dot1x_eap_teap test suite specific variables
+################################################################################
+# Roles
+dot1x_eap_teap.roles.ad_user.id: '{{.eap_teap.roles.ad_user.id}}'
+dot1x_eap_teap.roles.ad_user.notes: '{{.eap_teap.roles.ad_user.notes}}'
+dot1x_eap_teap.roles.ad_user.vlan_id: '{{.eap_teap.roles.ad_user.vlan_id}}'
+
+dot1x_eap_teap.roles.ad_machine.id: '{{.eap_teap.roles.ad_machine.id}}'
+dot1x_eap_teap.roles.ad_machine.notes: '{{.eap_teap.roles.ad_machine.notes}}'
+dot1x_eap_teap.roles.ad_machine.vlan_id: '{{.eap_teap.roles.ad_machine.vlan_id}}'
+
+# Sources
+dot1x_eap_teap.sources.ad_user.name: dot1x_eap_teap_user_auth
+dot1x_eap_teap.sources.ad_user.description: '{{.ad_mgmt_ip}} user authentication'
+dot1x_eap_teap.sources.ad_user.access_duration: '{{.access_duration.default_choice}}'
+
+dot1x_eap_teap.sources.ad_machine.name: dot1x_eap_teap_machine_auth
+dot1x_eap_teap.sources.ad_machine.description: '{{.ad_mgmt_ip}} machine authentication'
+dot1x_eap_teap.sources.ad_machine.access_duration: '{{.access_duration.default_choice}}'
+
+# Connection profiles
+dot1x_eap_teap.profiles.wired.id: catch_dot1x_wired_eap_teap_mschapv2
+dot1x_eap_teap.profiles.wired.description: 802.1X wired EAP-TEAP-MSCHAPv2
+dot1x_eap_teap.profiles.wired.filters.connection_type: Ethernet-EAP
+dot1x_eap_teap.profiles.wired.filters.connection_sub_type: MS-EAP-Authentication
+dot1x_eap_teap.profiles.wired.unreg_on_acct_stop: enabled
+
+################################################################################
+# wireless_dot1x_eap_teap test suite specific variables
+################################################################################
+# Roles
+wireless_dot1x_eap_teap.roles.ad_user.id: '{{.eap_teap.roles.ad_user.id}}'
+wireless_dot1x_eap_teap.roles.ad_user.notes: '{{.eap_teap.roles.ad_user.notes}}'
+wireless_dot1x_eap_teap.roles.ad_user.vlan_id: '{{.eap_teap.roles.ad_user.vlan_id}}'
+
+wireless_dot1x_eap_teap.roles.ad_machine.id: '{{.eap_teap.roles.ad_machine.id}}'
+wireless_dot1x_eap_teap.roles.ad_machine.notes: '{{.eap_teap.roles.ad_machine.notes}}'
+wireless_dot1x_eap_teap.roles.ad_machine.vlan_id: '{{.eap_teap.roles.ad_machine.vlan_id}}'
+
+# Sources
+wireless_dot1x_eap_teap.sources.ad_user.name: wireless_dot1x_eap_teap_user_auth
+wireless_dot1x_eap_teap.sources.ad_user.description: '{{.ad_mgmt_ip}} user authentication'
+wireless_dot1x_eap_teap.sources.ad_user.access_duration: '{{.access_duration.default_choice}}'
+
+wireless_dot1x_eap_teap.sources.ad_machine.name: wireless_dot1x_eap_teap_machine_auth
+wireless_dot1x_eap_teap.sources.ad_machine.description: '{{.ad_mgmt_ip}} machine authentication'
+wireless_dot1x_eap_teap.sources.ad_machine.access_duration: '{{.access_duration.default_choice}}'
+
+# Connection profiles
+wireless_dot1x_eap_teap.profiles.wireless.id: catch_dot1x_wireless_eap_teap_mschapv2
+wireless_dot1x_eap_teap.profiles.wireless.description: 802.1X wireless EAP-TEAP-MSCHAPv2
+wireless_dot1x_eap_teap.profiles.wireless.filters.connection_type: Wireless-802.11-EAP
+wireless_dot1x_eap_teap.profiles.wireless.filters.connection_sub_type: MS-EAP-Authentication
+wireless_dot1x_eap_teap.profiles.wireless.unreg_on_acct_stop: enabled
+
+
 ################################################################################
 ## backup db and restore test suite specific variables
 #################################################################################