使用自建服务器用例目录，下面根据策略类型创建api_proxy或api_security目录；用例都打上selfserver标签

2020-04-14 16:05:17 +08:00
parent 44bd76e32b
commit b8148b1de4
1 changed files with 105 additions and 0 deletions
--- a/01-TestCase/tsg_adc/selfserver/DenyAllTests.robot
+++ b/01-TestCase/tsg_adc/selfserver/DenyAllTests.robot
@@ -0,0 +1,105 @@
+*** Settings ***
+Test Teardown     DeleteAllAfterAdc    ${policyIds}    ${objectids}
+Force Tags        tsg_adc    tsg_security    all_protol
+Library           OperatingSystem
+Resource          ../../../../02-Keyword/tsg_adc/SystemCommand.robot
+Resource          ../../../../02-Keyword/tsg_bfapi/PolicyObject.robot
+Resource          ../../../../02-Keyword/tsg_bfapi/LogVariable.robot
+Library           Custometest
+Library           json
+
+*** Variables ***
+${policyIds}      ${EMPTY}
+${objectids}      ${EMPTY}
+${url}            /policy/profile/responsepages
+${profiledId}     ${EMPTY}
+
+*** Test Cases ***
+SecurityPolicy-Deny-AllProtol-00001
+    [Tags]    Deny    
+    # 创建对象-IP
+    # addItemList全参数：（为方便说明，将参数值拆分为几部分，其实际值为单条无空格/回车字符串，每部分内代表的各参数不可跳跃。）
+    #     [addrType]|[protocol]|[direction]|[isSession]#                        第一部分（可省略）
+    #     [clientIpFormat]|[clientIp1]|[clientIp2]|[clientPort1/clientPort2]&   第二部分（不可省略）
+    #     [serverIpFormat]|[serverIp1]|[serverIp2]|[serverPort1/serverPort2]|   第三部分（可省略）
+    #     [isInitialize]|[itemName]|[itemDesc],                                 第四部分（可省略）
+    #     ...
+    Comment    创建目标IP
+    ${objectDict}    Create Dictionary
+		   	   ...    objectType=ip
+           	   ...    isValid=${1}
+           	   ...    addItemList=range|192.168.100.5|192.168.100.5|0/65535
+    ${rescode}    ${objectId}    AddObject2    ${1}    ${objectDict}    
+    ${objectids}    set Variable    ${object_FQDN_Id}
+    
+    Comment    创建安全策略，针对所有协议，相当于BlackIP
+    ${policyDict}    Create Dictionary
+			   ...    policyName=SecurityPolicy-Deny-AllProtol-00001
+		   	   ...    policyType=tsg_security
+               ...    policyDesc=autotest        
+               ...    userTags=
+           	   ...    action=deny
+           	   ...    effectiveRange=Nursurtan|Transtelecom&Astel,|Astel&Transtelecom
+           	   ...    userRegion=method:rst
+           	   ...    referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR
+           	   ...    isValid=${0}
+           	   ...    appObjectIdArray=2,3,4,5,6
+    ${rescode}    ${policyId}    AddPolicy2    ${1}    ${policyDict}
+    ${policyId1}    set Variable    {"policyType":"tsg_security","policyIds":[${policyId}]}   
+
+    ${s}    Convert to String    ${policyId}
+    Comment    功能端验证HTTP验证
+    ${commandstr}    run keyword if    '${systemType}'=='Windows'    set variable    curl -kv http://open.node.com/ | iconv -f utf-8 -t gbk
+    ...    ELSE    set variable    curl -kv http://open.node.com/
+   
+    ${stringlist}     run keyword if    '${systemType}'=='Windows'    Create List    Recv failure: Connection was reset
+    ...    ELSE    Create List    Recv failure: Connection reset by peer
+    
+    ${starttime}    Get Time
+    Sleep    ${policyVerificationSleepSeconds}s
+    ${rescode}    SystemCommands    ${commandstr}    ${stringlist}
+    Sleep    ${policyLogVerificationSleepSeconds}s
+    ${endtime}    Get Time
+    #日志验证
+    GetLogList    security_event_log    ${starttime}    ${endtime}    ${testClentIP}    ${s}    http_host	open.node.com
+    
+    Comment    功能端验证SSL验证
+    ${commandstr}    run keyword if    '${systemType}'=='Windows'    set variable    curl -kv https://open.node.com/ | iconv -f utf-8 -t gbk
+    ...    ELSE    set variable    curl -kv https://open.node.com/
+   
+    ${stringlist}     run keyword if    '${systemType}'=='Windows'    Create List    Connection was reset
+    ...    #OpenSSL SSL_connect: Connection was reset in connection to
+    #Send failure: Connection was reset
+    ...    ELSE    Create List    OpenSSL SSL_connect: Connection reset by peer in connection to
+    
+    ${starttime}    Get Time
+    Sleep    ${policyVerificationSleepSeconds}s
+    ${rescode}    SystemCommands    ${commandstr}    ${stringlist}
+    Sleep    ${policyLogVerificationSleepSeconds}s
+    ${endtime}    Get Time
+    #日志验证
+    GetLogList    security_event_log    ${starttime}    ${endtime}    ${testClentIP}    ${s}    ssl_sni	open.node.com
+    
+    Comment    功能端验证DNS验证
+    
+    Comment    功能端验证FTP验证    
+    ${starttime}    Get Time
+    Sleep    ${policyVerificationSleepSeconds}s
+    
+    ${ftpLogin}    FTP_login    ftp:192.168.100.5 -u"ftp_user:qazXSW@edc"
+    should contain    ${ftpLogin}    fail 
+    Sleep    ${policyLogVerificationSleepSeconds}s
+    ${endtime}    Get Time
+    #日志验证
+    GetLogList    security_event_log    ${starttime}    ${endtime}    ${testClentIP}    ${s}    ftp_account    ftp_user
+    
+    Comment    功能端验证MAIL验证
+    ${starttime}    Get Time
+    ${mail}    EmailLogin    mail.tsgmail.com    25    dongxiaoyan@mail.tsgmail.com    dxy123
+    should contain    ${mail}    fail
+    Sleep    ${policyLogVerificationSleepSeconds}s
+    ${endtime}    Get Time
+    #日志验证
+    GetLogList    security_event_log    ${starttime}    ${endtime}    ${testClentIP}    ${s}    mail_account    dongxiaoyan@mail.tsgmail.com
+    
+#{"opAction":"add","policyList":{"policyId":"","policyName":"dxytest","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"rst"},"referenceObject":[{"objectId":6926,"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":6943,"protocolFields":["TSG_SECURITY_DESTINATION_ADDR"]}],"isValid":0,"scheduleId":[],"appObjectIdArray":[2,3,4,5,6]}}