Functional verification for SNMPv3 with MD5/DES

https://vaporio.atlassian.net/browse/VIO-1919
This already worked, here is functional verification.

This PR also fixes the tests in CI which were silently not running
and therefore false passing. That looks like it was broken months ago.
See this run: https://build.vio.sh/blue/organizations/jenkins/vapor-ware%2Fsynse-snmp-plugin/detail/craig-VIO-1911-7/7/pipeline/113
Click on Integration Test
Expand make integration-test
Result:
+ make integration-test
make: Nothing to be done for 'integration-test'.
Meaning: Tests were not running in CI.

This PR requires:
https://github.com/vapor-ware/ci-shared/pull/195
vapor-ware/snmp-emulator#6

.jenkins

@@ -2,13 +2,12 @@
 
 
 // Include this shared CI repository to load script helpers and libraries.
-library identifier: 'vapor@1.20.1', retriever: modernSCM([
+library identifier: 'vapor@1.20.2', retriever: modernSCM([
   $class: 'GitSCMSource',
   remote: 'https://github.com/vapor-ware/ci-shared.git',
   credentialsId: 'vio-bot-gh',
 ])
 
-
 golangPipeline([
   'image': 'docker.io/vaporio/snmp-plugin',
   'skipSetup': true,

Makefile

@@ -2,8 +2,11 @@
 # Synse SNMP Plugin
 #
 
+# Typical Makefile usage on a dev box:
+# make clean build fmt lint test-dev-box ; echo $?
+
 PLUGIN_NAME    := snmp
-PLUGIN_VERSION := 2.2.2
+PLUGIN_VERSION := 2.2.3
 IMAGE_NAME     := vaporio/snmp-plugin
 BIN_NAME       := synse-snmp-plugin
 
@@ -78,24 +81,37 @@ help:  ## Print usage information
 
 .DEFAULT_GOAL := help
 
-# This test recipe probably is probably what ci is hooking into now? It's hard to tell.
-# You can't run tests on a dev box like this anymore without standing up the emulator first.
-.PHONY: test
-test: ## Run all tests
-	go test -cover ./... || exit
+.PHONY: unit-test
+unit-test: test
 
 .PHONY: integration-test
-unit-test: test
+integration-test: test
+
+.PHONY: start-snmp-emulators
+start-snmp-emulators: ## Start emulators for functional tests.
+	# Start the SNMP emulator for the pxgmsups (Eaton UPS) in a docker container in the background.
+	# Tests run on the local machine.
+	docker-compose -f ./emulator/ups/pxgms_ups/test_snmp.yml down || true
+	docker-compose -f ./emulator/ups/pxgms_ups/test_snmp.yml build
+	docker-compose -f ./emulator/ups/pxgms_ups/test_snmp.yml up -d
+	# Start the SNMP emulator for the pxgmsups (Eaton UPS) in a docker container in the background.
+	# Tests run on the local machine.
+	docker-compose -f ./emulator/ups/tripplite_ups/test_snmp.yml down || true
+	docker-compose -f ./emulator/ups/tripplite_ups/test_snmp.yml build
+	docker-compose -f ./emulator/ups/tripplite_ups/test_snmp.yml up -d
 
+.PHONY: stop-snmp-emulators
+stop-snmp-emulators: ## Shutdown the emulators.
+	docker-compose -f ./emulator/ups/tripplite_ups/test_snmp.yml down
+	docker-compose -f ./emulator/ups/pxgms_ups/test_snmp.yml down
 
-# FIXME: try to streamline the below
+.PHONY: run-tests
+run-tests: ## Run the tests. Requires the emulators to be up.
+	go test -cover -v ./... || (echo TESTS FAILED $$?; docker-compose -f ./emulator/ups/pxgms_ups/test_snmp.yml kill; exit 1)
 
-.PHONY: test-dev-box
-test-dev-box:  ## Run all tests on a dev box.
-	# Start the SNMP emulator in a docker container in the background.
-	# Tests run on the local machine.
-	docker-compose -f ./emulator/test_snmp.yml down || true
-	docker-compose -f ./emulator/test_snmp.yml build
-	docker-compose -f ./emulator/test_snmp.yml up -d
-	go test -cover -v ./... || (echo TESTS FAILED $$?; docker-compose -f ./emulator/test_snmp.yml kill; exit 1)
-	docker-compose -f ./emulator/test_snmp.yml down
+.PHONY: test-dev-box ## Start the emulators on your dev box, run tests, stop the emulators.
+test-dev-box: start-snmp-emulators run-tests stop-snmp-emulators  ## Start emulators, run all tests, stop emulators.
+
+.PHONY: test
+test: ## CI hooks into this. CI starts its own emulators externally to this. This just runs all tests.
+	go test -cover -v ./... || exit

README.md

@@ -191,6 +191,7 @@ The Synse SNMP Plugin is licensed under GPLv3. See [LICENSE](LICENSE) for more i
 
 [![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgh.neting.cc%2Fvapor-ware%2Fsynse-snmp-plugin.svg?type=large)](https://app.fossa.io/projects/git%2Bgh.neting.cc%2Fvapor-ware%2Fsynse-snmp-plugin?ref=badge_large)
 
+
 [synse-server]: https://github.com/vapor-ware/synse-server
 [synse-cli]: https://github.com/vapor-ware/synse-cli
 [plugin-dockerhub]: https://hub.docker.com/r/vaporio/snmp-plugin

emulator/README.md

@@ -1 +1,2 @@
-This directory contains what we need to run the SNMP emulator in a container for testing.
+This directory contains what we need to run SNMP emulators in containers
+for testing.

emulator/Dockerfile → emulator/ups/pxgms_ups/Dockerfile

@@ -1,4 +1,4 @@
-# Ths dockerfile starts the SNMP emulator in a container for testing.
+# Ths dockerfile starts the PXGMS UPS (Eaton UPS) SNMP emulator in a container for testing.
 FROM vaporio/vapor-endpoint-base-x64:1.0
 
 RUN pip install -I \
@@ -7,6 +7,7 @@ RUN pip install -I \
     pyasn1
 
 # The emulator will not start as root, so we need to add a user.
+# As root, the Error message is the following:
 # snmp-emulator    | ERROR: cant drop priveleges: Must drop priveleges to a non-priveleged user&group (sic)
 # Create the user and ${HOME}
 RUN groupadd -r docker && useradd -r -g docker snmp
@@ -31,6 +32,7 @@ EXPOSE 1024/udp
 
 # Args are:
 # data directory (typically /home/snmp/data)
-# port (normally using 11011 for single emulator)
+# port (normally using 1024 and up)
 # log file name (trying to keep these names unique)
-CMD ["./start_snmp_emulator.sh","./data","1024","snmp-emulator-ups.log"]
+# SNMP version, typically V3
+CMD ["./start_snmp_emulator.sh","./data","1024","snmp-emulator-ups-pxgms.log", "V3"]

emulator/ups/pxgms_ups/README.md

@@ -0,0 +1,2 @@
+This directory contains the pxgms ups emulator for the Eaton UPS. The data
+file is a snmpwalk from SNMP OID .1.3.6.1

emulator/ups/pxgms_ups/start_snmp_emulator.sh

@@ -0,0 +1,90 @@
+#!/bin/bash
+
+# Start the snmp emulator.
+# This is intended to be a universal script to this github repo,
+# however we cannot do symlinks because docker cannot follow them above the Dockerfile.
+
+# The snmp emulator cannot run as root.
+# Running a python file to load a configuration file will work,
+# but then we don't have access to things like snmpsimd.py when we Popen.
+# It is not a path issue.
+
+# Arguments are positional:
+
+# Required arguements.
+DATA_DIRECTORY=$1 # Where SNMP MIB/OID emulated data lives.
+NETWORK_PORT=$2   # Here in order to run multiple emulators.
+LOG_DIRECTORY=$3  # Ideally an emulator unique name for logs. Useful for debugging.
+SNMP_VERSION=$4   # V1, V2c, V3. Only V3 is currently supported.
+
+# Check required args:
+
+# Enure DATA_DIRECTORY is set
+if [ -z ${DATA_DIRECTORY+x} ]; then
+  echo "DATA_DIRECTORY is unset";
+  exit 1
+else echo "DATA_DIRECTORY is set to '${DATA_DIRECTORY}'";
+fi
+
+# Enure NETWORK_PORT is set
+if [ -z ${NETWORK_PORT+x} ]; then
+  echo "NETWORK_PORT is unset";
+  exit 1
+else echo "NETWORK_PORT is set to '${NETWORK_PORT}'";
+fi
+
+# Enure LOG_DIRECTORY is set
+if [ -z ${LOG_DIRECTORY+x} ]; then
+  echo "LOG_DIRECTORY is unset";
+  exit 1
+else echo "LOG_DIRECTORY is set to '${LOG_DIRECTORY}'";
+fi
+
+# Enure SNMP_VERSION is set
+if [ -z ${SNMP_VERSION+x} ]; then
+  echo "SNMP_VERSION is unset";
+  exit 1
+else echo "SNMP_VERSION is set to '${SNMP_VERSION}'";
+fi
+
+# Only SNMP V3 is currently suported.
+# FUTURE: Support V1 and V2c.
+if [[ ${SNMP_VERSION} -ne V3 ]] ; then
+  echo "SNMP_VERSION [${SNMP_VERSION}] is not V3"
+  exit 1
+fi
+
+# Optional arguments, once snmp v1 and v2c are supported.
+# Currently these are required as well because we only support:
+# V3_SECURITY_LEVEL=authPriv
+# V3_AUTHENTICATION_PROTOCOL={SHA | MD5}
+# V3_PRIVACY_PROTOCOL={AES | DES}
+
+V3_SECURITY_LEVEL=$5
+V3_AUTHENTICATION_PROTOCOL=$6
+V3_PRIVACY_PROTOCOL=$7
+
+# Enure V3_SECURITY_LEVEL is set
+if [ -z ${V3_SECURITY_LEVEL+x} ]; then
+  echo "V3_SECURITY_LEVEL is unset";
+  exit 1
+else echo "V3_SECURITY_LEVEL is set to '${V3_SECURITY_LEVEL}'";
+fi
+
+# Only auth and privacy are currently supported.
+# FUTURE: Support noAuthNoPriv and authNoPriv.
+if [[ ${V3_SECURITY_LEVEL} -ne authPriv ]] ; then
+  echo "V3_SECURITY_LEVEL [${V3_SECURITY_LEVEL}] is not authPriv"
+  exit 1
+fi
+
+python `which snmpsimd.py` \
+    --data-dir=${DATA_DIRECTORY} \
+    --agent-udpv4-endpoint=0.0.0.0:${NETWORK_PORT} \
+    --v3-user=simulator \
+    --v3-auth-key=auctoritas \
+    --v3-auth-proto=${V3_AUTHENTICATION_PROTOCOL} \
+    --v3-priv-key=privatus \
+    --v3-priv-proto=${V3_PRIVACY_PROTOCOL} \
+    2>&1 | tee /logs/${LOG_DIRECTORY}
+

emulator/ups/pxgms_ups/test_snmp.yml

@@ -0,0 +1,14 @@
+# This is the container running the PXGMS (Eaton) UPS SNMP emulator to test against.
+#
+# The galaxy ups currently runs against this emulator as well, although ideally it
+# would have its own emulator as well.
+#
+# This emulator runs on port 1024.
+snmp-emulator-pxgms-ups:
+  container_name: snmp-emulator-pxgms-ups
+  build: .
+  dockerfile: Dockerfile
+  # This command will override what is in the dockerfile.
+  command: ./start_snmp_emulator.sh ./data 1024 snmp-emulator-pxgms-ups.log V3 authPriv SHA AES
+  ports:
+    - 1024:1024/udp

emulator/ups/tripplite_ups/Dockerfile

@@ -0,0 +1,38 @@
+# Ths dockerfile starts the SNMP emulator for the tripplite ups in a container for testing.
+# This emulator runs on port 1025.
+FROM vaporio/vapor-endpoint-base-x64:1.0
+
+RUN pip install -I \
+    snmpsim \
+    pysnmp \
+    pyasn1
+
+# The emulator will not start as root, so we need to add a user.
+# As root, the Error message is the following:
+# snmp-emulator    | ERROR: cant drop priveleges: Must drop priveleges to a non-priveleged user&group (sic)
+# Create the user and ${HOME}
+RUN groupadd -r docker && useradd -r -g docker snmp
+ADD . /home/snmp
+
+# These SNMP emulator files are specfic to the device being emulated.
+# Data are just places in /home/snmp/data on the emulator to keep it simple.
+ADD data/public.snmpwalk /home/snmp/data/public.snmpwalk
+
+# snmpsmi variation modules (like writecache) are getting installed to a location not in the search path,
+# so copy where it will be found.
+# snmp user owns /home/snmp and /logs.
+RUN mkdir -p /home/snmp/.snmpsim/variation && \
+    cp /usr/local/snmpsim/variation/* /home/snmp/.snmpsim/variation && \
+    chown snmp:docker /home/snmp -R && \
+    chown snmp:docker /logs -R
+USER snmp
+WORKDIR /home/snmp
+
+# Default emulator port is 1024. Expose it.
+EXPOSE 1024/udp
+
+# data directory (typically /home/snmp/data)
+# port (typically 1024 and up)
+# log file name (trying to keep these names unique)
+# SNMP version (V3)
+CMD ["./start_snmp_emulator.sh","./data","1025","snmp-emulator-tripplite-ups.log", "V3"]

emulator/ups/tripplite_ups/README.md

@@ -0,0 +1,2 @@
+This directory contains the pxgms ups emulator for the Tripplite UPS. The
+data file is a snmpwalk from OID .1.3.6.1