diff --git a/01-TestCase/tsg_adc/test_demo/AllFlowDemo.robot b/01-TestCase/tsg_adc/test_demo/AllFlowDemo.robot new file mode 100644 index 0000000..d2fd169 --- /dev/null +++ b/01-TestCase/tsg_adc/test_demo/AllFlowDemo.robot @@ -0,0 +1,102 @@ +*** Settings *** +Test Teardown DeletePolicyAndObject ${policyIds} ${objectids} +Force Tags tsg_adc Demo +Library OperatingSystem +Library json +Library Collections +Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot +Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot +Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot +Resource ../../../03-Variable/BifangApiVariable.txt +Resource ../../../03-Variable/AllFlowCaseVariable.txt + +*** Keywords *** +create-object-policy + [Arguments] @{flag} + #创建对象 + ${rescode} ${objectId} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"SecurityPolicy-HTTPS-Intecept-Demo001dxytest_fqdn_baidu", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"SecurityPolicy-HTTPS-Intecept-Demo001dxytest_fqdn_baidu", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*baidu.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } + log ${objectId} + ${objectids} set Variable ${objectId} + #创建策略 + ${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-DNS-Deny-Redrict-Demo001","policyType":"tsg_security","action":"intercept","userTags":"${userTagIds}","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${objectId},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[3]}} + #${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-HTTPS-Intecept-Demo001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${objectId}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } + ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-DNS-Deny-Redrict-Demo001","policyType":"tsg_security","action":"intercept","userTags":"${userTagIds}","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":0},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${objectId},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[3]}} + ${rescode} ${policyId} AddPolicy ${addPolicyStr} + log ${rescode} + log ${policyId} + # 区分执行方式 + ${value} Run Keyword If ${flag}==[] insert_policyId_to_file SecurityPolicy-SSL-Intecept-Demo001 ${policyId} ${objectids} + ... ELSE Create Dictionary policyId=${policyId} objectId=${objectids} + Set Test Variable ${dict} ${value} + +function-test + # 功能端验证 + @{stringlist} set variable CN=Tango Secure Gateway CA Content-Type: text/html value=百度一下 + ${starttime} Get Time + log ${curlbatpath}/SecurityPolicy-SSL-Intecept-Demo001.bat + Sleep ${policyVerificationSleepSeconds}s + ${commandreturn} OperatingSystem.Run ${curlbatpath}/SecurityPolicy-SSL-Intecept-Demo001.bat + FOR ${var} IN @{stringlist} + log ${var} + Should Contain ${commandreturn} ${var} + END + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + # 区分执行方式 + Run Keyword If ${dict}==${None} insert_time_to_file SecurityPolicy-SSL-Intecept-Demo001 ${starttime} ${endtime} + ... ELSE Run Keyword Set To Dictionary ${dict} starttime=${starttime} endtime=${endtime} + +log-test + # 日志验证 + ${obj} Run Keyword If ${dict}==${None} json.Loads ${SecurityPolicy-SSL-Intecept-Demo001} + ... ELSE Set Variable ${dict} + ${policyId} Set Variable ${obj}[policyId] + ${s} Convert to String ${policyId} + GetLogList security_event_log ${obj}[starttime] ${obj}[endtime] ${testClentIP} ${s} ssl_sni baidu.com + # 清理测试数据 + ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} + DeletePolicyAndObject ${policyIds} ${obj}[objectId] + +*** Test Cases *** +SecurityPolicy-DNS-Deny-Redrict-Demo001 + [Tags] SecurityPolciy DNS DENY Redirect + #登录 放到setup + #Login + #创建对象fqdn + ${rescode} ${objectId} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"SecurityPolicy-DNS-Deny-Redrict-Demo001dxytest_fqdn_jd", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"dxytest_fqdn_jd", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } + log ${objectId} + ${objectids} set Variable ${objectId} + #多个id拼接 + #${objectids} Catenate SEPARATOR=, ${objectids} ${objectId} + #${objectids} set Variable ${objectId} + #Catenate SEPARATOR=, + #添加策略 + ${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":[{"policyId":"","policyName":"SecurityPolicy-DNS-Deny-Redrict-Demo001","policyType":"tsg_security","action":"deny","userTags":"${userTagIds}","doBlacklist":0,"doLog":1,"policyDesc":"autotest","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"DNS","method":"redirect","resolution":[{"qtype":"A","answer":[{"atype":"CNAME","value":"www.autotest1A.com","ttl":{"min":30,"max":30}},{"atype":"A","value":"1.1.1.1","ttl":{"min":30,"max":30}}]},{"qtype":"AAAA","answer":[{"atype":"CNAME","value":"www.autotest4A.com","ttl":{"min":40,"max":40}},{"atype":"AAAA","value":"f::a","ttl":{"min":40,"max":40}}]}]},"referenceObject":[{"objectId":112,"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${objectId},"protocolFields":["TSG_FIELD_DNS_QNAME"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[4]}]} + ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":[{"policyId":"","policyName":"SecurityPolicy-DNS-Deny-Redrict-Demo001","policyType":"tsg_security","action":"deny","userTags":"${userTagIds}","doBlacklist":0,"doLog":1,"policyDesc":"autotest","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"DNS","method":"redirect","resolution":[{"qtype":"A","answer":[{"atype":"CNAME","value":"www.autotest1A.com","ttl":{"min":30,"max":30}},{"atype":"A","value":"1.1.1.1","ttl":{"min":30,"max":30}}]},{"qtype":"AAAA","answer":[{"atype":"CNAME","value":"www.autotest4A.com","ttl":{"min":40,"max":40}},{"atype":"AAAA","value":"f::a","ttl":{"min":40,"max":40}}]}]},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${objectId},"protocolFields":["TSG_FIELD_DNS_QNAME"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[4]}]} + ${rescode} ${policyId} AddPolicy ${addPolicyStr} + log ${policyId} + #Integer ${rescode} 200 + #目前只有一个所以无拼接 + ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} + #注意如果时多个policyId或者多个ObjectID需要拼接成,号分割的串,或者拼在下面即可 + #功能端验证 + ${commandstr} set variable nslookup -d www.jd.com + @{stringlist} set variable canonical name = www.autotest1A.com ttl = 30 (30 secs) internet address = 1.1.1.1 canonical name = www.autotest4A.com ttl = 40 (40 secs) AAAA IPv6 address = f::a + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + ${rescode} SystemCommand ${commandstr} @{stringlist} + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + log ${rescode} + ${s} Convert to String ${policyId} + GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} dns_qname www.jd.com + + +SecurityPolicy-SSL-Intecept-Demo001 + [Tags] SecurityPolciy SSL Intercept HTTPS + Run Keyword If '${testPart}'=='all' Run Keywords create-object-policy True + ... AND function-test + ... AND log-test + ... ELSE IF ${testPart}==1 Run Keyword create-object-policy + ... ELSE IF ${testPart}==2 Run Keyword function-test + ... ELSE IF ${testPart}==3 Run Keyword log-test