feat(DirectLink): implement BGP MD5 changes

ajay-malhotra1 · ajay-malhotra1 · commit bd2088567b8c · 2021-06-23T14:47:10.000-07:00
* Provide an option to add Key Protect or HPCS key instance while creating gateways using authentication_key

* Provide an option to update/clear the Key Protect or HPCS key instance while updating gateways

* Added integration tests for BGP MD5 functionality
diff --git a/direct-link/v1.ts b/direct-link/v1.ts
@@ -283,6 +283,11 @@ class DirectLinkV1 extends BaseService {
    *
    * @param {Object} params - The parameters to send to the service.
    * @param {string} params.id - Direct Link gateway identifier.
+   * @param {GatewayPatchTemplateAuthenticationKey} [params.authenticationKey] - The identity of the standard key to use
+   * for BGP MD5 authentication key.
+   * The key material that you provide must be base64 encoded and original string must be maximum 126 ASCII characters
+   * in length.
+   * To clear the optional `authentication_key` field patch its crn to `""`.
    * @param {boolean} [params.global] - Gateways with global routing (`true`) can connect to networks outside of their
    * associated region.
    * @param {string} [params.loaRejectReason] - Use this field during LOA rejection to provide the reason for the
@@ -318,6 +323,7 @@ class DirectLinkV1 extends BaseService {
       }
 
       const body = {
+        'authentication_key': _params.authenticationKey,
         'global': _params.global,
         'loa_reject_reason': _params.loaRejectReason,
         'macsec_config': _params.macsecConfig,
@@ -368,13 +374,10 @@ class DirectLinkV1 extends BaseService {
    * @param {Object} params - The parameters to send to the service.
    * @param {string} params.id - Direct Link Connect gateway identifier.
    * @param {string} params.action - Action request.
-   * @param {GatewayActionTemplateAuthenticationKey} [params.authenticationKey] - BGP MD5 authentication key.
-   *
-   * BGP MD5 keys must be type=standard.
-   *
+   * @param {GatewayActionTemplateAuthenticationKey} [params.authenticationKey] - The identity of the standard key to
+   * use for BGP MD5 authentication key.
    * The key material that you provide must be base64 encoded and original string must be maximum 126 ASCII characters
    * in length.
-   *
    * To clear the optional `authentication_key` field patch its crn to `""`.
    * @param {boolean} [params.global] - Required for create_gateway_approve requests to select the gateway's routing
    * option.  Gateways with global routing (`true`) can connect to networks outside of their associated region.
@@ -1241,6 +1244,12 @@ namespace DirectLinkV1 {
   export interface UpdateGatewayParams {
     /** Direct Link gateway identifier. */
     id: string;
+    /** The identity of the standard key to use for BGP MD5 authentication key.
+     *  The key material that you provide must be base64 encoded and original string must be maximum 126 ASCII
+     *  characters in length.
+     *  To clear the optional `authentication_key` field patch its crn to `""`.
+     */
+    authenticationKey?: GatewayPatchTemplateAuthenticationKey;
     /** Gateways with global routing (`true`) can connect to networks outside of their associated region. */
     global?: boolean;
     /** Use this field during LOA rejection to provide the reason for the rejection.
@@ -1288,13 +1297,9 @@ namespace DirectLinkV1 {
     id: string;
     /** Action request. */
     action: CreateGatewayActionConstants.Action | string;
-    /** BGP MD5 authentication key.
-     *
-     *  BGP MD5 keys must be type=standard.
-     *
+    /** The identity of the standard key to use for BGP MD5 authentication key.
      *  The key material that you provide must be base64 encoded and original string must be maximum 126 ASCII
      *  characters in length.
-     *
      *  To clear the optional `authentication_key` field patch its crn to `""`.
      */
     authenticationKey?: GatewayActionTemplateAuthenticationKey;
@@ -1536,13 +1541,9 @@ namespace DirectLinkV1 {
 
   /** gateway. */
   export interface Gateway {
-    /** BGP MD5 authentication key.
-     *
-     *  BGP MD5 keys must be type=standard.
-     *
+    /** The identity of the standard key to use for BGP MD5 authentication key.
      *  The key material that you provide must be base64 encoded and original string must be maximum 126 ASCII
      *  characters in length.
-     *
      *  To clear the optional `authentication_key` field patch its crn to `""`.
      */
     authentication_key?: GatewayAuthenticationKey;
@@ -1551,7 +1552,7 @@ namespace DirectLinkV1 {
     /** (DEPRECATED) BGP base CIDR is deprecated and no longer recognized by the Direct Link APIs.
      *
      *  See bgp_cer_cidr and bgp_ibm_cidr fields instead for IP related information.
-     *
+     * 
      *  Deprecated field bgp_base_cidr will be removed from the API specificiation after 15-MAR-2021.
      */
     bgp_base_cidr?: string;
@@ -1623,15 +1624,21 @@ namespace DirectLinkV1 {
     vlan?: number;
   }
 
-  /** BGP MD5 authentication key. BGP MD5 keys must be type=standard. The key material that you provide must be base64 encoded and original string must be maximum 126 ASCII characters in length. To clear the optional `authentication_key` field patch its crn to `""`. */
+  /** The identity of the standard key to use for BGP MD5 authentication key. The key material that you provide must be base64 encoded and original string must be maximum 126 ASCII characters in length. To clear the optional `authentication_key` field patch its crn to `""`. */
   export interface GatewayActionTemplateAuthenticationKey {
-    /** connectivity association key crn. */
+    /** The CRN of the [Key Protect Standard
+     *  Key](https://cloud.ibm.com/docs/key-protect?topic=key-protect-getting-started-tutorial) or [Hyper Protect Crypto
+     *  Service Standard Key](https://cloud.ibm.com/docs/hs-crypto?topic=hs-crypto-get-started) for this resource.
+     */
     crn: string;
   }
 
-  /** BGP MD5 authentication key. BGP MD5 keys must be type=standard. The key material that you provide must be base64 encoded and original string must be maximum 126 ASCII characters in length. To clear the optional `authentication_key` field patch its crn to `""`. */
+  /** The identity of the standard key to use for BGP MD5 authentication key. The key material that you provide must be base64 encoded and original string must be maximum 126 ASCII characters in length. To clear the optional `authentication_key` field patch its crn to `""`. */
   export interface GatewayAuthenticationKey {
-    /** connectivity association key crn. */
+    /** The CRN of the [Key Protect Standard
+     *  Key](https://cloud.ibm.com/docs/key-protect?topic=key-protect-getting-started-tutorial) or [Hyper Protect Crypto
+     *  Service Standard Key](https://cloud.ibm.com/docs/hs-crypto?topic=hs-crypto-get-started) for this resource.
+     */
     crn: string;
   }
 
@@ -1785,6 +1792,15 @@ namespace DirectLinkV1 {
     crn: string;
   }
 
+  /** The identity of the standard key to use for BGP MD5 authentication key. The key material that you provide must be base64 encoded and original string must be maximum 126 ASCII characters in length. To clear the optional `authentication_key` field patch its crn to `""`. */
+  export interface GatewayPatchTemplateAuthenticationKey {
+    /** The CRN of the [Key Protect Standard
+     *  Key](https://cloud.ibm.com/docs/key-protect?topic=key-protect-getting-started-tutorial) or [Hyper Protect Crypto
+     *  Service Standard Key](https://cloud.ibm.com/docs/hs-crypto?topic=hs-crypto-get-started) for this resource.
+     */
+    crn: string;
+  }
+
   /** gateway port for type=connect gateways. */
   export interface GatewayPort {
     /** Port Identifier. */
@@ -1815,6 +1831,12 @@ namespace DirectLinkV1 {
 
   /** Create gateway template. */
   export interface GatewayTemplate {
+    /** The identity of the standard key to use for BGP MD5 authentication key.
+     *  The key material that you provide must be base64 encoded and original string must be maximum 126 ASCII
+     *  characters in length.
+     *  To clear the optional `authentication_key` field patch its crn to `""`.
+     */
+    authentication_key?: GatewayTemplateAuthenticationKey;
     /** BGP ASN. */
     bgp_asn: number;
     /** (DEPRECATED) BGP base CIDR.
@@ -1863,6 +1885,33 @@ namespace DirectLinkV1 {
     type: string;
   }
 
+  /** The identity of the standard key to use for BGP MD5 authentication key. The key material that you provide must be base64 encoded and original string must be maximum 126 ASCII characters in length. To clear the optional `authentication_key` field patch its crn to `""`. */
+  export interface GatewayTemplateAuthenticationKey {
+    /** The CRN of the [Key Protect Standard
+     *  Key](https://cloud.ibm.com/docs/key-protect?topic=key-protect-getting-started-tutorial) or [Hyper Protect Crypto
+     *  Service Standard Key](https://cloud.ibm.com/docs/hs-crypto?topic=hs-crypto-get-started) for this resource.
+     */
+    crn: string;
+  }
+
+  /** The identity of the standard key to use for BGP MD5 authentication key. The key material that you provide must be base64 encoded and original string must be maximum 126 ASCII characters in length. To clear the optional `authentication_key` field patch its crn to `""`. */
+  export interface GatewayTemplateGatewayTypeConnectTemplateAuthenticationKey {
+    /** The CRN of the [Key Protect Standard
+     *  Key](https://cloud.ibm.com/docs/key-protect?topic=key-protect-getting-started-tutorial) or [Hyper Protect Crypto
+     *  Service Standard Key](https://cloud.ibm.com/docs/hs-crypto?topic=hs-crypto-get-started) for this resource.
+     */
+    crn: string;
+  }
+
+  /** The identity of the standard key to use for BGP MD5 authentication key. The key material that you provide must be base64 encoded and original string must be maximum 126 ASCII characters in length. To clear the optional `authentication_key` field patch its crn to `""`. */
+  export interface GatewayTemplateGatewayTypeDedicatedTemplateAuthenticationKey {
+    /** The CRN of the [Key Protect Standard
+     *  Key](https://cloud.ibm.com/docs/key-protect?topic=key-protect-getting-started-tutorial) or [Hyper Protect Crypto
+     *  Service Standard Key](https://cloud.ibm.com/docs/hs-crypto?topic=hs-crypto-get-started) for this resource.
+     */
+    crn: string;
+  }
+
   /** Virtual connection. */
   export interface GatewayVirtualConnection {
     /** The date and time resource was created. */
@@ -2043,12 +2092,24 @@ namespace DirectLinkV1 {
 
   /** Gateway fields specific to type=connect gateway create. */
   export interface GatewayTemplateGatewayTypeConnectTemplate extends GatewayTemplate {
+    /** The identity of the standard key to use for BGP MD5 authentication key.
+     *  The key material that you provide must be base64 encoded and original string must be maximum 126 ASCII
+     *  characters in length.
+     *  To clear the optional `authentication_key` field patch its crn to `""`.
+     */
+    authentication_key?: GatewayTemplateGatewayTypeConnectTemplateAuthenticationKey;
     /** Select Port Label for new type=connect gateway. */
     port: GatewayPortIdentity;
   }
 
   /** Gateway fields specific to type=dedicated gateway create. */
   export interface GatewayTemplateGatewayTypeDedicatedTemplate extends GatewayTemplate {
+    /** The identity of the standard key to use for BGP MD5 authentication key.
+     *  The key material that you provide must be base64 encoded and original string must be maximum 126 ASCII
+     *  characters in length.
+     *  To clear the optional `authentication_key` field patch its crn to `""`.
+     */
+    authentication_key?: GatewayTemplateGatewayTypeDedicatedTemplateAuthenticationKey;
     /** Carrier name. */
     carrier_name: string;
     /** Cross connect router. */
diff --git a/directlink.env.enc b/directlink.env.enc
diff --git a/test/integration/direct-link-provider.v2.test.js b/test/integration/direct-link-provider.v2.test.js
@@ -601,11 +601,11 @@ describe('DirectLinkProviderV2', () => {
     });
   });
 
-  // Skipping the below test until integration CRN is available for authentication_key
-  describe.skip('Direct Link Provider Gateways with Client API with authenticationKey', () => {
+  describe('Direct Link Provider Gateways with Client API with authenticationKey', () => {
     jest.setTimeout(timeout);
 
-    const gwName = 'NODE-INT-SDK-PROVIDER-' + timestamp;
+    const time = currentDate.getTime().toString();
+    const gwName = 'NODE-INT-SDK-PROVIDER-' + time;
     const speedMbps = 1000;
 
     let portId = '';
diff --git a/test/integration/direct-link.v1.test.js b/test/integration/direct-link.v1.test.js
@@ -1057,4 +1057,104 @@ describe('DirectLinkV1', () => {
       }
     });
   });
+
+  describe('Create MD5 enabled gateway', () => {
+    // Save the gateway ID for update/delete
+    let gatewayId = '';
+    const time = currentDate.getTime().toString();
+
+    // GatewayTemplate for dedicated gateway
+    const gatewayTemplate = {
+      name: 'NODE-INT-SDK-DEDICATED-MD5' + time,
+      type: 'dedicated',
+      speed_mbps: 1000,
+      global: true,
+      bgp_asn: 64999,
+      metered: false,
+      carrier_name: 'myCarrierName',
+      customer_name: 'newCustomerName',
+      cross_connect_router: 'LAB-xcr01.dal09',
+      location_name: config.LOCATION_NAME,
+      authentication_key: {
+        crn: config.AUTHENTICATION_KEY,
+      },
+    };
+
+    it('should successfully create a gateway with authentication key', async done => {
+      jest.setTimeout(timeout);
+
+      const params = {
+        gatewayTemplate: gatewayTemplate,
+      };
+
+      try {
+        dlService.createGateway(params).then(response => {
+          expect(response.hasOwnProperty('status')).toBe(true);
+          expect(response.status).toBe(201);
+          if (null != response && null != response.result && null != response.result.id) {
+            gatewayId = response.result.id;
+          }
+
+          expect(response.result.id).toBeDefined();
+          expect(response.result.name).toBe(gatewayTemplate.name);
+          expect(response.result.type).toBe(gatewayTemplate.type);
+          expect(response.result.speed_mbps).toBe(gatewayTemplate.speed_mbps);
+          expect(response.result.global).toBe(gatewayTemplate.global);
+          expect(response.result.bgp_asn).toBe(gatewayTemplate.bgp_asn);
+          expect(response.result.bgp_cer_cidr).toBeDefined();
+          expect(response.result.bgp_ibm_cidr).toBeDefined();
+          expect(response.result.metered).toBe(gatewayTemplate.metered);
+          expect(response.result.cross_connect_router).toBe(gatewayTemplate.cross_connect_router);
+          expect(response.result.location_name).toBe(gatewayTemplate.location_name);
+          expect(response.result.location_display_name).toBe(config.LOCATION_DISPLAY_NAME);
+          expect(response.result.created_at).toBeDefined();
+          expect(response.result.link_status).toBe('down');
+          expect(response.result.operational_status).toBe('awaiting_loa');
+          expect(response.result.resource_group).toBeDefined();
+          expect(response.result.authentication_key.crn).toBe(config.AUTHENTICATION_KEY);
+          done();
+        });
+      } catch (err) {
+        done(err);
+      }
+    });
+
+    it('should successfully clear/update the authentication key', async done => {
+      const params = {
+        id: gatewayId,
+        authenticationKey: {
+          crn: '',
+        },
+      };
+
+      try {
+        dlService.updateGateway(params).then(response => {
+          expect(response.status).toBe(200);
+          expect(response.result.id).toBe(gatewayId);
+          expect(response.result.name).toBe(gatewayTemplate.name);
+          expect(response.result.type).toBe(gatewayTemplate.type);
+          expect(response.result.authentication_key).toBeUndefined();
+          done();
+        });
+      } catch (err) {
+        done(err);
+      }
+    });
+
+    // delete the dedicated gateway
+    it('Successfully delete the gateway', done => {
+      const params = {
+        id: gatewayId,
+      };
+
+      try {
+        dlService.deleteGateway(params).then(response => {
+          expect(response.status).toBe(204);
+          done();
+        });
+      } catch (err) {
+        done(err);
+      }
+    });
+  });
 });
diff --git a/test/unit/direct-link.v1.test.js b/test/unit/direct-link.v1.test.js
@@ -194,13 +194,20 @@ describe('DirectLinkV1', () => {
         window_size: 148809600,
       };
 
+      // GatewayTemplateGatewayTypeDedicatedTemplateAuthenticationKey
+      const gatewayTemplateGatewayTypeDedicatedTemplateAuthenticationKeyModel = {
+        crn:
+          'crn:v1:bluemix:public:kms:us-south:a/766d8d374a484f029d0fca5a40a52a1c:5d343839-07d3-4213-a950-0f71ed45423f:key:7fc1a0ba-4633-48cb-997b-5749787c952c',
+      };
+
       // ResourceGroupIdentity
       const resourceGroupIdentityModel = {
         id: '56969d6043e9465c883cb9f7363e78e8',
       };
 
       // GatewayTemplateGatewayTypeDedicatedTemplate
       const gatewayTemplateModel = {
+        authentication_key: gatewayTemplateGatewayTypeDedicatedTemplateAuthenticationKeyModel,
         bgp_asn: 64999,
         bgp_base_cidr: 'testString',
         bgp_cer_cidr: '169.254.0.10/30',
@@ -427,6 +434,12 @@ describe('DirectLinkV1', () => {
     describe('positive tests', () => {
       // Request models needed by this operation.
 
+      // GatewayPatchTemplateAuthenticationKey
+      const gatewayPatchTemplateAuthenticationKeyModel = {
+        crn:
+          'crn:v1:bluemix:public:kms:us-south:a/766d8d374a484f029d0fca5a40a52a1c:5d343839-07d3-4213-a950-0f71ed45423f:key:7fc1a0ba-4633-48cb-997b-5749787c952c',
+      };
+
       // GatewayMacsecConfigPatchTemplateFallbackCak
       const gatewayMacsecConfigPatchTemplateFallbackCakModel = {
         crn:
@@ -450,6 +463,7 @@ describe('DirectLinkV1', () => {
       test('should pass the right params to createRequest', () => {
         // Construct the params object for operation updateGateway
         const id = 'testString';
+        const authenticationKey = gatewayPatchTemplateAuthenticationKeyModel;
         const global = true;
         const loaRejectReason = 'The port mentioned was incorrect';
         const macsecConfig = gatewayMacsecConfigPatchTemplateModel;
@@ -459,6 +473,7 @@ describe('DirectLinkV1', () => {
         const speedMbps = 1000;
         const params = {
           id: id,
+          authenticationKey: authenticationKey,
           global: global,
           loaRejectReason: loaRejectReason,
           macsecConfig: macsecConfig,
@@ -482,6 +497,7 @@ describe('DirectLinkV1', () => {
         const expectedAccept = 'application/json';
         const expectedContentType = 'application/json';
         checkMediaHeaders(createRequestMock, expectedAccept, expectedContentType);
+        expect(options.body['authentication_key']).toEqual(authenticationKey);
         expect(options.body['global']).toEqual(global);
         expect(options.body['loa_reject_reason']).toEqual(loaRejectReason);
         expect(options.body['macsec_config']).toEqual(macsecConfig);
@@ -542,7 +558,7 @@ describe('DirectLinkV1', () => {
       // GatewayActionTemplateAuthenticationKey
       const gatewayActionTemplateAuthenticationKeyModel = {
         crn:
-          'crn:v1:staging:public:kms:us-south:a/3b1bd7fa2bc3406ea70ba4ade8aa3f1b:6f2b3d69-9e70-46e6-bcaa-f96ecc232cbc:key:4f9d186a-5cc1-4305-94fc-af183ddf65bc',
+          'crn:v1:bluemix:public:kms:us-south:a/766d8d374a484f029d0fca5a40a52a1c:5d343839-07d3-4213-a950-0f71ed45423f:key:7fc1a0ba-4633-48cb-997b-5749787c952c',
       };
 
       // ResourceGroupIdentity
