Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Currently VES supports 4 authentication methods:

noAuth  --> Works by default. No changes are required.

basicAuth      --> Works with/without https healthcheck endpoint (readiness) defined; DCAE healthcheck pass on either case. VES blueprint needs to be overwritten.
certOnly        --> Works only when https healthcheck endpoint (readiness) is removed from blueprint; DCAE healthcheck also pass (when readiness is not explicitly defined). VES blueprint needs to be overwritten.
certBasicAuth-->Works with/without https healthcheck endpoint (readiness) defined; DCAE healthcheck pass on either case. VES blueprint needs to be overwritten.

For Dublin, there is created separate jira (DCAEGEN2-1593) for documentation updates to include steps for deploying VESCollector with above authentication enabled.

Readiness support on certOnly mode can be dealt vwith healtchecks disabled. Support for healtchecks is planned as future enhancement (DCAEGEN2-1594).

For enabling TLS, as new application port is involved the service should be redeployed (by modifying the parameters in blueprint), esp when changing from noAuth to basicAuth/certOnly/certBasicAuth. The latter 3 types use 8443 while the noAuth uses 8080. Any changes within basicAuth/certOnly/certBasicAuth can be done through consul update as k8s deployment descriptor (which contains the service definition and healthcheck spec) are still valid.authentication methods certBasicAuth. It is possible to run as a option noAuth method, hovewer HTTP it is not supported by default.


High level test cases for auth.method = "

...

certBasicAuth"  :

...

When application is setup for TLS and auth.method = "basicAuth", healthcheck endpoint must be using 8443 (change submitted to override and support 8080 for healthcheck is not required nor valid) must be send via HTTPS and has basicAuth user/pass in header.

...


TC ID

Test Case Name

Test Case

Description

Execution

Expected Result  Test Status
T01Client with correct basic auth and correct certificatecurl -vk --cert cert
rootCA
.
crt
pem --key
rootCA
key.
key -
pem -
pass collector -
u sample1:sample1 -X POST https://
192.168.0.22:30417/eventListener/v7 -d @event.json --header "Content-Type: application/json"PASS. HTTP/1.1 202

 

Status
colourGreen
titlePASSED

T02Client with correct basic auth and incorrect certificatecurl -vk -u sample1:sample1 -X --cert incorrect_rootCA.crt --key rootCA.key --pass collector POST https://192.168.0.22:
{xdcae-ves-collector_ip}:30417/eventListener/v7 -d @event.json --header "Content-Type: application/json"PASS. HTTP/1.1 202

Status
colourGreen
titlePASSED

T03
T02Client with
correct
incorrect basic auth and
without
correct certificatecurl -vk -
u sample1:sample1
-
X  POST https://192.168.0.22:30417/eventListener/v7 -d @event.json --header "Content-Type: application/json"PASS. HTTP/1.1 202

Status
colourGreen
titlePASSED

T04Client without basic auth and without certificatecurl -vk -X POST https://192.168.0.22:30417/eventListener/v7 -d @event.json --header "Content-Type: application/json"FAIL, HTTP/1.1 401

Status
colourGreen
titlePASSED

T05Client without basic auth and with correct certificatecurl -vk --
cert
rootCA.crt --key rootCA.key --pass collector -X POST https://192.168.0.22:30417/eventListener/v7 -d @event.json --header "Content-Type: application/json"FAIL, HTTP/1.1 401

Status
colourGreen
titlePASSED

T06Client with incorrect basic auth and with correct certificatecurl -vk --
cert
rootCA
.
crt
pem --key
rootCA.key --pass collector -u sample2:sample1 -X POS https://192.168.0.22:30417/eventListener/v7 -d @event.json --header "Content-Type: application/json"curl -vk --cert rootCA.crt --
key
rootCA
.
key --pass collector
pem -u sample1
:sample2 -X POS https://192.168.0.22:30417/eventListener/v7 -d @event.json --header "Content-Type
:
application/json"FAIL, HTTP/1.1 401

Status
colourGreen
titlePASSED

T07Client with incorrect basic auth and without certificatecurl -vk  -u
sample2
:sample1 -X POS https://192.168.0.22:30417/eventListener/v7 -d @event.json --header "Content-Type: application/json"FAIL , HTTP/1.1 401

Status
colourGreen
titlePASSED

High level test cases for auth.method = "certOnly"  :

TC ID

Test Case Name

Test Case Description

Expected Result  Test StatusT01Client with correct basic auth and correct certificatecurl -vk --cert rootCA.crt --key rootCA.key
-
-pass collector -u sample1:sample1 -PASS. HTTP/1.1 202

 

Status
colourGreen
titlePASSED

T02Client with incorrect basic auth and correct certificatecurl -vk --cert rootCA.crt --key rootCA.key --pass collector -u sample1:sample2 -X POST https://192.168.0.22:
X POST https://
192.168.0.22:30417/eventListener/v7 -d @event.json --header "Content-Type: application/json"
{xdcae-ves-collector_ip}:30417/eventListener/v7 -d @event.json --header "Content-Type: application/json"PASS. HTTP/1.1 202

Status
colourGreen
titlePASSED

T03Client without basic auth and with correct certificatecurl -vk --cert
rootCA
cert.
crt
pem --key key
rootCA
.
key --pass collector
pem -X POST https://
192.168.0.22
{xdcae-ves-collector_ip}:30417/eventListener/v7 -d @event.json --header "Content-Type: application/json"PASS. HTTP/1.1 202

Status
colourGreen
titlePASSED

T04Client
without basic auth and without certificatecurl -vk -X POST https://192.168.0.22:30417/eventListener/v7 -d @event.json --header "Content-Type: application/json"FAIL, connection closed because of bad certificate

Status
colourGreen
titlePASSED

T05Client with correct basic auth and without certificatecurl -vk --pass collector -u sample1:sample1 -X POST https://192.168.0.22:30417/eventListener/v7 -d @event.json --header "Content-Type: application/json"FAIL, connection closed because of bad certificate

Status
colourGreen
titlePASSED

T06Client with correct basic auth and with incorrect certificate
with correct basic auth and incorrect certificatecurl -vk --cert incorrect
_rootCAcurl -vk --cert incorrect_rootCA.crt --key rootCA.key --pass collector -X POST https://192.168.0.22:
.crt --key rootCA.key --pass collector -u sample1:sample1 -X POST https://
192.168.0.22:30417/eventListener/v7 -d @event.json --header "Content-Type: application/json"FAIL, connection closed because of bad certificate

Status
colourGreen
titlePASSED

T07Client with without basic auth and with incorrect certificate
TC ID

Test Case Name

Test Case Description

Expected Result  Test Status
{xdcae-ves-collector_ip}:30417/eventListener/v7 -d @event.json --header "Content-Type: application/json"FAIL, connection closed because of bad certificate

Status
colourGreen
titlePASSED

High level test cases for auth.method = "certBasicAuth"  :

TC ID

Test Case Name

Test Case Description

Expected Result  Test StatusT01Any HTTPS request is refusedcurl -vk --cert rootCA.crt --key rootCA.key --pass collector -u sample1:sample1 -X POST https://192.168.0.22:Client with correct basic auth and correct -cert rootCA.crt --key rootCA.key --pass collector -192.168.0.22 and correct certificate rootCA:sample2 192.168.0.22:30417/eventListener/v7 -d @event.json --header "Content-Type: application/json"
T01T05Client with correct basic auth and without certificatecurl -vk -u sample1:sample1 -X POST https://{xdcae-ves-collector_ip}:30417/eventListener/v7 -d @event.json --header "Content-Type: application/json"PASS. HTTP/1.1 202

 

Status
colourGreen
titlePASSED

T02T06Client with incorrect certificate and incorrect basic authcurl -vk --cert incorrect.crt --key rootCA.key --pass collector -u dummy:sample1 -X POST https://PASS. HTTP/1.1 202

Status
colourGreen
titlePASSED

T03Client without basic auth and with correct certificatecurl -vk --cert rootCA.crt --key rootCA.key --pass collector -X POST https://192.168.0.22:30417/eventListener/v7 -d @event.json --header "Content-Type: application/json"PASS. HTTP/1.1 202

Status
colourGreen
titlePASSED

T04Client with correct basic auth and incorrect certificatePASS. HTTP/1.1 202

Status
colourGreen
titlePASSED

T05Client with correct basic auth and without certificatecurl -vk -u sample1:sample1 -X POST https://192.168.0.22{xdcae-ves-collector_ip}:30417/eventListener/v7 -d @event.json --header "Content-Type: application/json"PASS. HTTP/1.1 202

Status
colourGreen
titlePASSED

T06Client with incorrect certificate and incorrect basic authFAIL, connection closed because of bad certificateauthentication

Status
colourGreen
titlePASSED

T07Client without certificate and without basic authcurl -vk -X POST https://192.168.0.22:30417/eventListener/v7 -d @event.json --header "Content-Type: application/json"FAIL, HTTP/1.1 401

Status
colourGreen
titlePASSED

High level test cases for auth.method = "noAuth"  :

{xdcae-ves-collector_ip}:30417/eventListener/v7 -d @event.json --header "Content-Type: application/json"FAIL
. Connection refused

 

Status
colourGreen
titlePASSED

T02HTTP POST request is handled

curl -vX POST http://localhost:8080/eventListener/v7 -d @event.json --header "Content-Type: application/json"

PASS.
, HTTP/1.1
200
401

Status
colourGreen
titlePASSED