Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[TACACS] Improve TACACS run command on IPV6 failed issue. #12819

Merged
merged 4 commits into from
May 17, 2024
Merged

[TACACS] Improve TACACS run command on IPV6 failed issue. #12819

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
3453280
Improve TACACS run command on IPV6 failed issue
liuh-80 May 11, 2024
97aeb27
Improve code format
liuh-80 May 11, 2024
8459ede
Improve code by PR comments
liuh-80 May 17, 2024
a7537da
Fix warning
liuh-80 May 17, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
31 changes: 25 additions & 6 deletions tests/tacacs/test_ro_user.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
import pytest
import time
from tests.common.helpers.assertions import pytest_assert
from .utils import check_output
from .utils import check_output, tacacs_running, start_tacacs_server

import logging

Expand Down Expand Up @@ -77,6 +77,21 @@ def wait_for_tacacs(localhost, remote_ip, username, password):
current_attempt += 1


def ssh_remote_run_retry(localhost, dutip, ptfhost, user, password, command, retry_count=3):
while retry_count > 0:
res = ssh_remote_run(localhost, dutip, user,
password, command)

# TACACS server randomly crash after receive authorization request from IPV6
Copy link
Contributor

@qiluo-msft qiluo-msft May 16, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

crash

Wondering what happens after TACACS crash? did it auto restart? #Closed

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It not auto restarts because it not a systemd service. and not found any error message in syslog and tacplus service log.

if not tacacs_running(ptfhost):
start_tacacs_server(ptfhost)
retry_count -= 1
else:
return res

pytest_assert(False, "cat command failed because TACACS server not running")


def test_ro_user(localhost, duthosts, enum_rand_one_per_hwsku_hostname, tacacs_creds, check_tacacs):
duthost = duthosts[enum_rand_one_per_hwsku_hostname]
dutip = duthost.mgmt_ip
Expand All @@ -86,13 +101,16 @@ def test_ro_user(localhost, duthosts, enum_rand_one_per_hwsku_hostname, tacacs_c
check_output(res, 'test', 'remote_user')


def test_ro_user_ipv6(localhost, duthosts, enum_rand_one_per_hwsku_hostname, tacacs_creds, check_tacacs_v6):
def test_ro_user_ipv6(localhost, ptfhost, duthosts, enum_rand_one_per_hwsku_hostname, tacacs_creds, check_tacacs_v6):
duthost = duthosts[enum_rand_one_per_hwsku_hostname]
dutip = duthost.mgmt_ip
res = ssh_remote_run(localhost, dutip, tacacs_creds['tacacs_ro_user'],
tacacs_creds['tacacs_ro_user_passwd'], 'cat /etc/passwd')

check_output(res, 'test', 'remote_user')
res = ssh_remote_run_retry(localhost, dutip, ptfhost,
tacacs_creds['tacacs_ro_user'],
tacacs_creds['tacacs_ro_user_passwd'],
"cat /etc/passwd")

check_output(res, 'testadmin', 'remote_user_su')


def test_ro_user_allowed_command(localhost, duthosts, enum_rand_one_per_hwsku_hostname, tacacs_creds, check_tacacs):
Expand Down Expand Up @@ -173,7 +191,8 @@ def test_ro_user_allowed_command(localhost, duthosts, enum_rand_one_per_hwsku_ho
" 'sudo sonic-installer list' is banned")


def test_ro_user_banned_by_sudoers_command(localhost, duthosts, enum_rand_one_per_hwsku_hostname, tacacs_creds, check_tacacs):
def test_ro_user_banned_by_sudoers_command(localhost, duthosts, enum_rand_one_per_hwsku_hostname,
tacacs_creds, check_tacacs):
duthost = duthosts[enum_rand_one_per_hwsku_hostname]
dutip = duthost.mgmt_ip

Expand Down
11 changes: 7 additions & 4 deletions tests/tacacs/test_rw_user.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
import pytest

from .test_ro_user import ssh_remote_run
from .test_ro_user import ssh_remote_run, ssh_remote_run_retry
from .utils import check_output

pytestmark = [
Expand All @@ -21,12 +21,15 @@ def test_rw_user(localhost, duthosts, enum_rand_one_per_hwsku_hostname, tacacs_c
check_output(res, 'testadmin', 'remote_user_su')


def test_rw_user_ipv6(localhost, duthosts, enum_rand_one_per_hwsku_hostname, tacacs_creds, check_tacacs_v6):
def test_rw_user_ipv6(localhost, duthosts, ptfhost, enum_rand_one_per_hwsku_hostname,
tacacs_creds, check_tacacs_v6):
"""test tacacs rw user
"""
duthost = duthosts[enum_rand_one_per_hwsku_hostname]
dutip = duthost.mgmt_ip
res = ssh_remote_run(localhost, dutip, tacacs_creds['tacacs_rw_user'],
tacacs_creds['tacacs_rw_user_passwd'], "cat /etc/passwd")
res = ssh_remote_run_retry(localhost, dutip, ptfhost,
tacacs_creds['tacacs_rw_user'],
tacacs_creds['tacacs_rw_user_passwd'],
"cat /etc/passwd")

check_output(res, 'testadmin', 'remote_user_su')
9 changes: 5 additions & 4 deletions tests/tacacs/utils.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,11 +34,12 @@ def check_all_services_status(ptfhost):
logger.info(res["stdout_lines"])


def start_tacacs_server(ptfhost):
def tacacs_running(ptfhost):
out = ptfhost.command("service tacacs_plus status", module_ignore_errors=True)["stdout"]
return "tacacs+ running" in out
def tacacs_running(ptfhost):
out = ptfhost.command("service tacacs_plus status", module_ignore_errors=True)["stdout"]
return "tacacs+ running" in out


def start_tacacs_server(ptfhost):
ptfhost.command("service tacacs_plus restart", module_ignore_errors=True)
return wait_until(5, 1, 0, tacacs_running, ptfhost)

Expand Down
Loading