Configure BGP MD5 authentication key on Physical Routers

Mapping:
BgpRouter.BgpRouterParameters.AuthData => bgp.group.authentication-key
BgpRouter.BgpSessionAttributes.AuthData => bgp.group.neighbour.authentication-key

Closes-Bug: #1449793

Change-Id: I05aa73a307a03b82343bd4e962f720018d478d84

src/config/device-manager/device_manager/physical_router_config.py

@@ -379,6 +379,13 @@ def _add_family_etree(self, parent, params):
                 etree.SubElement(family_etree, family)
     # end _add_family_etree
 
+    def add_bgp_auth_config(self, bgp_config, bgp_params):
+        if bgp_params.get('auth_data') is None:
+            return
+        keys = bgp_params['auth_data'].get('key_items', [])
+        if len(keys) > 0:
+            etree.SubElement(bgp_config, "authentication-key").text = keys[0].get('key')
+
     def set_bgp_config(self, params):
         self.bgp_params = params
         if (self.vnc_managed is None or self.vnc_managed == False):
@@ -406,6 +413,7 @@ def _get_bgp_config_xml(self, external=False):
         local_address = etree.SubElement(bgp_config, "local-address")
         local_address.text = self.bgp_params['address']
         self._add_family_etree(bgp_config, self.bgp_params)
+        self.add_bgp_auth_config(bgp_config, self.bgp_params)
         etree.SubElement(bgp_config, "keep").text = "all"
         return bgp_config
     # end _get_bgp_config_xml
@@ -465,6 +473,7 @@ def _get_neighbor_config_xml(self, bgp_config, peers):
                     # not specified
                     if attr.get('bgp_router') is None:
                         self._add_family_etree(nbr, attr)
+                        self.add_bgp_auth_config(nbr, attr)
                         break
             if params.get('autonomous_system') is not None:
                 etree.SubElement(nbr, "peer-as").text = str(params.get('autonomous_system'))

src/config/device-manager/test/test_dm_config.py

@@ -118,6 +118,39 @@ def check_netconf_config_mesg(self, target, xml_config_str):
         result = dictMatch(expect_cfg, gen_cfg)
         self.assertTrue(result)
 
+    def test_dm_md5_auth_config(self):
+        bgp_router, pr = self.create_router('router1', '1.1.1.1')
+        key = AuthenticationKeyItem(0, 'bgppswd')
+        bgp_router.get_bgp_router_parameters().set_auth_data(AuthenticationData('md5', [key]))
+        self._vnc_lib.bgp_router_update(bgp_router)
+
+        gevent.sleep(2)
+
+        xml_config_str = '<config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0"><configuration><groups operation="replace"><name>__contrail__</name><protocols><bgp><group operation="replace"><name>__contrail__</name><type>internal</type><multihop/><local-address>1.1.1.1</local-address><family><route-target/><inet-vpn><unicast/></inet-vpn><evpn><signaling/></evpn><inet6-vpn><unicast/></inet6-vpn></family><authentication-key>bgppswd</authentication-key><keep>all</keep></group><group operation="replace"><name>__contrail_external__</name><type>external</type><multihop/><local-address>1.1.1.1</local-address><family><route-target/><inet-vpn><unicast/></inet-vpn><evpn><signaling/></evpn><inet6-vpn><unicast/></inet6-vpn></family><authentication-key>bgppswd</authentication-key><keep>all</keep></group></bgp></protocols><routing-options><route-distinguisher-id/><autonomous-system>64512</autonomous-system></routing-options></groups><apply-groups operation="replace">__contrail__</apply-groups></configuration></config>'
+        self.check_netconf_config_mesg('1.1.1.1', xml_config_str)
+
+        #bgp peering, auth validate
+        bgp_router1, pr1 = self.create_router('router2', '10.1.1.1')
+        bgp_router2, pr2 = self.create_router('router3', '20.2.2.2')
+        families = AddressFamilies(['route-target', 'inet-vpn', 'e-vpn'])
+        key1 = AuthenticationKeyItem(0, 'bgppswd')
+        auth1 = AuthenticationData('md5', [key1])
+        bgp_router1.get_bgp_router_parameters().set_auth_data(auth1)
+        key2 = AuthenticationKeyItem(0, 'bgppswd-neigh')
+        auth2 = AuthenticationData('md5', [key2])
+        bgp_sess_attrs = [BgpSessionAttributes(address_families=families, auth_data=auth2)]
+        bgp_sessions = [BgpSession(attributes=bgp_sess_attrs)]
+        bgp_peering_attrs = BgpPeeringAttributes(session=bgp_sessions)
+        bgp_router1.add_bgp_router(bgp_router2, bgp_peering_attrs)
+        self._vnc_lib.bgp_router_update(bgp_router1)
+
+        gevent.sleep(2)
+
+        xml_config_str = '<config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0"><configuration><groups operation="replace"><name>__contrail__</name><protocols><bgp><group operation="replace"><name>__contrail__</name><type>internal</type><multihop/><local-address>10.1.1.1</local-address><family><route-target/><inet-vpn><unicast/></inet-vpn><evpn><signaling/></evpn><inet6-vpn><unicast/></inet6-vpn></family><authentication-key>bgppswd</authentication-key><keep>all</keep><neighbor><name>20.2.2.2</name><family><route-target/><inet-vpn><unicast/></inet-vpn><evpn><signaling/></evpn></family><authentication-key>bgppswd-neigh</authentication-key></neighbor></group><group operation="replace"><name>__contrail_external__</name><type>external</type><multihop/><local-address>10.1.1.1</local-address><family><route-target/><inet-vpn><unicast/></inet-vpn><evpn><signaling/></evpn><inet6-vpn><unicast/></inet6-vpn></family><authentication-key>bgppswd</authentication-key><keep>all</keep></group></bgp></protocols><routing-options><route-distinguisher-id/><autonomous-system>64512</autonomous-system></routing-options></groups><apply-groups operation="replace">__contrail__</apply-groups></configuration></config>'
+        self.check_netconf_config_mesg('1.1.1.1', xml_config_str)
+
+    #end test_dm_md5_auth_config
+
     #dynamic tunnel test case - 1
     # 1. configure ip fabric subnets, 
     # 2. create physical  router with data plane source ip