Adding test for Certz-5

[Steubert]

README Location: https://github.com/openconfig/featureprofiles/blob/main/feature/gnsi/certz/tests/trust_bundle_rotation/README.md

Raised an issue for the failure https://partnerissuetracker.corp.google.com/u/1/issues/498449054

Logs Attached.

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces a new test suite to validate the trust bundle rotation functionality within the Certz service. It ensures that the system correctly handles both valid and invalid trust bundle updates, maintaining secure connectivity across different cryptographic key types. The implementation leverages existing internal service utilities to manage test data and perform rigorous validation of the rotation process.

Highlights

• New Test Implementation: Added a comprehensive test suite for Certz-5 trust bundle rotation, covering both positive and negative scenarios for RSA and ECDSA key types.
• Test Infrastructure: Implemented helper functions to handle PEM file concatenation, PKCS#7 bundle generation via OpenSSL, and dynamic script patching for test data management.
• Validation Logic: Introduced table-driven testing to verify service connectivity and TLS validation before and after trust bundle rotation operations.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[OpenConfigBot]

Pull Request Functional Test Report for #5291 / 21c3b20

Virtual Devices

Device	Test	Test Documentation	Job	Raw Log
Arista cEOS		Certz-4: Trust Bundle Certz-5: Trust Bundle Rotation
Cisco 8000E		Certz-4: Trust Bundle Certz-5: Trust Bundle Rotation
Cisco XRd		Certz-4: Trust Bundle Certz-5: Trust Bundle Rotation
Juniper ncPTX		Certz-4: Trust Bundle Certz-5: Trust Bundle Rotation
Nokia SR Linux		Certz-4: Trust Bundle Certz-5: Trust Bundle Rotation
Openconfig Lemming		Certz-4: Trust Bundle Certz-5: Trust Bundle Rotation

Hardware Devices

Device	Test	Test Documentation	Raw Log
Arista 7808		Certz-4: Trust Bundle Certz-5: Trust Bundle Rotation
Cisco 8808		Certz-4: Trust Bundle Certz-5: Trust Bundle Rotation
Juniper PTX10008		Certz-4: Trust Bundle Certz-5: Trust Bundle Rotation
Nokia 7250 IXR-10e		Certz-4: Trust Bundle Certz-5: Trust Bundle Rotation

Help

[gemini-code-assist]

Code Review

This pull request introduces a comprehensive test suite for GNSI Certz trust bundle rotation, implementing both positive and negative test cases for RSA and ECDSA key types. The review feedback identifies several opportunities to improve the robustness and idiomatic nature of the Go code. Specifically, it recommends removing global state variables to ensure test independence, replacing fragile regex-based script patching with parameterized calls, and using the correct Ondatra API for device addresses. Additionally, it suggests removing redundant logging timestamps and cleanup calls to streamline the test execution.