diff --git a/01-TestCase/tsg_adc/api_security/AllowHttpTests.robot b/01-TestCase/tsg_adc/api_security/AllowHttpTests.robot index 83c0652..6daa49c 100644 --- a/01-TestCase/tsg_adc/api_security/AllowHttpTests.robot +++ b/01-TestCase/tsg_adc/api_security/AllowHttpTests.robot @@ -1,123 +1,276 @@ -*** Settings *** -Test Teardown DeletePolicyAndObject ${policyIds} ${objectids} -Force Tags tsg_adc tsg_security -Library OperatingSystem -Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot -Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot -Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot -Resource ../../../03-Variable/BifangApiVariable.txt - - -*** Test Cases *** -SecurityPolicy-Allow-Http-00001 - [Tags] Allow IP FQDN DENY HTTP - #创建对象IP - #${rescode} ${object_IP_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"ip","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_IP","objectDesc":"","subObjectIds":[],"addItemList":[{"addrType":4,"protocol":0,"direction":0,"clientIp1":"192.168.50.31","clientIp2":"192.168.50.31","clientIpFormat":"range","clientPortFormat":"","clientPort1":"","clientPort2":"","serverIpFormat":"","serverIp1":"","serverIp2":"","serverPortFormat":"","serverPort1":"","serverPort2":""}],"updateItemList":[],"deleteItemIds":[]}} - #log ${object_IP_Id} - #创建对象FQDN - ${rescodeip} ${object_FQDN_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn","objectSubType":"","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"SecurityPolicy-Allow-Http-00001_FQDN_icbc","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["$www.icbc.com.cn"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_FQDN_Id} - ${objectids} set Variable ${object_FQDN_Id} - #创建 Deny 搭配Allow - #${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001_Deny","policyType":"tsg_security","action":"deny","userTags":"${userTagIds}","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","method":"drop"},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}} - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001_Deny","policyType":"tsg_security","action":"deny","userTags":"${userTagIds}","doBlacklist":0,"doLog":1,"policyDesc":"autotest","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","method":"drop"},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}} - ... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001_Deny","policyType":"tsg_security","action":"deny","userTags":"${userTagIds}","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","method":"drop"},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}} - log ${addPolicyStr} - ${rescode} ${policyId1} AddPolicy ${addPolicyStr} - log ${policyId1} - ${policyIds} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]} - #创建allow策略 - #${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"${userTagIds}","doBlacklist":0,"doLog":1,"policyDesc":"autotest","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP"},"referenceObject":[],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}} - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"${userTagIds}","doBlacklist":0,"doLog":1,"policyDesc":"autotest","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP"},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}} - ... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"${userTagIds}","doBlacklist":0,"doLog":1,"policyDesc":"autotest","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP"},"referenceObject":[],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}} - ${rescode} ${policyId2} AddPolicy ${addPolicyStr} - log ${policyId2} - ${policyIds2} set Variable {"policyType":"tsg_security","policyIds":[${policyId2}]} - ${policyIds1} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]} - ${policyIds} Create List ${policyIds1} ${policyIds2} - #${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_IP_Id},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}} - ${starttime} Get Time - #功能端验证 - Sleep ${policyVerificationSleepSeconds}s - ${commandreturn} OperatingSystem.Run curl -I \ -m \ 10 \ -o \ /dev/null \ -s \ -w \ \ \%{http_code} \ \ http://www.icbc.com.cn - should contain ${commandreturn} 200 - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - #日志验证 - ${s} Convert to String ${policyId2} - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host icbc - -SecurityPolicy-Allow-Http-00002 - [Tags] Allow SubID Category DENY HTTP - # #创建对象Subid - # ${rescode} ${object_Subid_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"subscriberid","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"SecurityPolicy-Allow-Http-00002_subid","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["$zmmtest"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}} - # log ${object_Subid_Id} - # ${objectids} set Variable ${object_Subid_Id} - #创建对象Categry - ${rescodeip} ${object_Category_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn_category","objectSubType":"","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"SecurityPolicy-Allow-Http-00002-Categry","objectDesc":"autotest","subObjectIds":[],"addItemList":[{"keywordArray":["*www.ccb.com"],"itemId":"","isValid":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[],"objectId":""}} - - log ${object_Category_Id} - ${objectids} set Variable ${object_Category_Id} - #创建 Deny 搭配Allow - #${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyName":"SecurityPolicy-Allow-Http-00002_deny","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","method":"drop","keyring":1},"referenceObject":[{"objectId":${testClentSubID} ,"protocolFields":[]},{"objectId":${object_Category_Id} ,"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}} - ${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00002_deny","policyType":"tsg_security","action":"deny","userTags":"${userTagIds}","doBlacklist":0,"doLog":1,"policyDesc":"autotest","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","method":"drop"},"referenceObject":[{"objectId":${testClentSubID},"protocolFields":[null]},{"objectId":${object_Category_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}} - log ${addPolicyStr} - ${rescode} ${policyId1} AddPolicy ${addPolicyStr} - log ${policyId1} - ${policyIds} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]} - #创建策略 - #${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyName":"SecurityPolicy-Allow-Http-00002","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${testClentSubID},"protocolFields":[]},{"objectId":${object_Category_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}} - ${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00002","policyType":"tsg_security","action":"allow","userTags":"${userTagIds}","doBlacklist":0,"doLog":1,"policyDesc":"autotest","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP"},"referenceObject":[{"objectId":${testClentSubID},"protocolFields":[null]},{"objectId":${object_Category_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}} - ${rescode} ${policyId2} AddPolicy ${addPolicyStr} - log ${policyId2} - ${policyIds1} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]} - ${policyIds2} set Variable {"policyType":"tsg_security","policyIds":[${policyId2}]} - ${policyIds} Create List ${policyIds1} ${policyIds2} - #功能端验证 - Sleep ${policyVerificationSleepSeconds}s - ${starttime} Get Time - ${commandreturn} OperatingSystem.Run curl -I \ -m \ 10 \ -o \ /dev/null \ -s \ -w \ \ \%{http_code} \ \ http://www.ccb.com - should contain ${commandreturn} 200 - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - #日志验证 - ${s} Convert to String ${policyId2} - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host ccb - -SecurityPolicy-Allow-Http-00003 - [Tags] Allow IP FQDN DENY HTTP - #创建对象IP - #${rescode} ${object_IP_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"ip","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_IP","objectDesc":"","subObjectIds":[],"addItemList":[{"addrType":4,"protocol":0,"direction":0,"clientIp1":"192.168.50.31","clientIp2":"192.168.50.31","clientIpFormat":"range","clientPortFormat":"","clientPort1":"","clientPort2":"","serverIpFormat":"","serverIp1":"","serverIp2":"","serverPortFormat":"","serverPort1":"","serverPort2":""}],"updateItemList":[],"deleteItemIds":[]}} - #log ${object_IP_Id} - #创建对象FQDN - ${rescodeip} ${object_FQDN_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn","objectSubType":"","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"SecurityPolicy-Allow-Http-00001_FQDN_xiaozhu","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*.xiaozhu.com"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_FQDN_Id} - ${objectids} set Variable ${object_FQDN_Id} - #创建 Deny 搭配Allow - #${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00003_Deny","policyType":"tsg_security","action":"deny","userTags":"${userTagIds}","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","method":"drop"},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}} - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001_Deny","policyType":"tsg_security","action":"deny","userTags":"${userTagIds}","doBlacklist":0,"doLog":1,"policyDesc":"autotest","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","method":"drop"},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}} - ... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00003_Deny","policyType":"tsg_security","action":"deny","userTags":"${userTagIds}","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","method":"drop"},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}} - log ${addPolicyStr} - ${rescode} ${policyId1} AddPolicy ${addPolicyStr} - log ${policyId1} - ${policyIds} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]} - #创建allow策略 - #${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00003","policyType":"tsg_security","action":"allow","userTags":"${userTagIds}","doBlacklist":0,"doLog":1,"policyDesc":"autotest","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP"},"referenceObject":[],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}} - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"${userTagIds}","doBlacklist":0,"doLog":1,"policyDesc":"autotest","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP"},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}} - ... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00003","policyType":"tsg_security","action":"allow","userTags":"${userTagIds}","doBlacklist":0,"doLog":1,"policyDesc":"autotest","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP"},"referenceObject":[],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}} - ${rescode} ${policyId2} AddPolicy ${addPolicyStr} - log ${policyId2} - ${policyIds2} set Variable {"policyType":"tsg_security","policyIds":[${policyId2}]} - ${policyIds1} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]} - ${policyIds} Create List ${policyIds1} ${policyIds2} - #${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_IP_Id},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}} - ${starttime} Get Time - #功能端验证 - Sleep ${policyVerificationSleepSeconds}s - ${commandreturn} OperatingSystem.Run curl -I \ -m \ 10 \ -o \ /dev/null \ -s \ -w \ \ \%{http_code} \ \ http://www.xiaozhu.com/ - should contain ${commandreturn} 200 - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - #日志验证 - ${s} Convert to String ${policyId2} - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host .xiaozhu.com +*** Settings *** +Test Teardown DeletePolicyAndObjectAndApplicationAndSignature ${policyIds} ${objectids} +Force Tags tsg_adc tsg_security +Library OperatingSystem +Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot +Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot +Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot +Resource ../../../02-Keyword/tsg_adc/FileOperation.robot +Resource ../../../02-Keyword/tsg_bfapi/policy_object/Policy.robot +Resource ../../../03-Variable/ApplicationID.txt +Resource ../../../03-Variable/BifangApiVariable.txt +Resource ../../../02-Keyword/tsg_bfapi/policy_object/Application.robot +Resource ../../../02-Keyword/tsg_bfapi/policy_object/ProcessPolicyBody.robot +Library ../../../04-CustomLibrary/Library/VerifyPolicy.py + +*** Variables *** +${policyIds} ${EMPTY} +${objectids} ${EMPTY} + +*** Test Cases *** +SecurityPolicy-Allow-Http-00001 + [Tags] Allow IP HTTP + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建Allow策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=allow source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"HTTP"} isValid=${1} appIdObjects=${HTTP_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + ${starttime} Get Time + #功能端验证 + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "106"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Allow_HTTP_00001_1.bat + ... ELSE set variable ${curlbatpath}/command/SecurityPolicy_Allow_HTTP_00001_1_L.bat + ${stringlist} run keyword if '${systemType}'=='Windows' Create List 首页 - 橙光 + ... ELSE Create List 首页 - 橙光 + ${rescode} SystemCommands ${commandstr} ${stringlist} + + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} http_host www.66rpg.com + Should Be Equal As Strings ${returnvalue} true + +SecurityPolicy-Allow-Http-00002 + [Tags] Allow IP HTTP FQDN + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=$www.66rpg.com isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment 创建Allow策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=allow source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_HOST isValid=${1} appIdObjects=${HTTP_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + ${starttime} Get Time + #功能端验证 + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${qname_fqdn_id} Create Dictionary attributeType=string attributeName=host appId=106 appName=http protocol=http attributeValue={"string": "www.66rpg.com"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "106"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${qname_fqdn_id} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds} ${objectid_verify} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Allow_HTTP_00001_1.bat + ... ELSE set variable ${curlbatpath}/command/SecurityPolicy_Allow_HTTP_00001_1_L.bat + ${stringlist} run keyword if '${systemType}'=='Windows' Create List 首页 - 橙光 + ... ELSE Create List 首页 - 橙光 + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} http_host www.66rpg.com + Should Be Equal As Strings ${returnvalue} true + +SecurityPolicy-Allow-Http-00003 + [Tags] Allow IP HTTP URL + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建url + ${addItemList1} Create Dictionary keywordArray=$clintonairport.com/airlines-flights/covid/ isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment 创建Allow策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=allow source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_URL isValid=${1} appIdObjects=${HTTP_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + ${starttime} Get Time + #功能端验证 + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${url} Create Dictionary attributeType=string attributeName=url appId=106 appName=http protocol=http attributeValue={"string": "clintonairport.com/airlines-flights/covid/"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "106"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${url} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds} ${objectid_verify} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Allow_HTTP_00001.bat + ... ELSE set variable ${curlbatpath}/command/SecurityPolicy_Allow_HTTP_00001_L.bat + ${stringlist} run keyword if '${systemType}'=='Windows' Create List COVID + ... ELSE Create List COVID + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} http_host clintonairport.com + Should Be Equal As Strings ${returnvalue} true + +SecurityPolicy-Allow-Http-00004 + [Tags] Allow IP HTTP FQDN+URL + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=*clintonairport.com isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment 创建url + ${addItemList1} Create Dictionary keywordArray=$clintonairport.com/airlines-flights/covid/ isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId2} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2} + + Comment 创建Allow策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=allow source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_HOST,${objectId2}|TSG_FIELD_HTTP_URL isValid=${1} appIdObjects=${HTTP_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + ${starttime} Get Time + #功能端验证 + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${url} Create Dictionary attributeType=string attributeName=url appId=106 appName=http protocol=http attributeValue={"string": "clintonairport.com/airlines-flights/covid/"} + ${qname_fqdn_id} Create Dictionary attributeType=string attributeName=host appId=106 appName=http protocol=http attributeValue={"string": "clintonairport.com"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "106"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${url} ${qname_fqdn_id} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds} ${objectid_verify} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Allow_HTTP_00001.bat + ... ELSE set variable ${curlbatpath}/command/SecurityPolicy_Allow_HTTP_00001_L.bat + ${stringlist} run keyword if '${systemType}'=='Windows' Create List COVID + ... ELSE Create List COVID + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} http_host clintonairport.com + Should Be Equal As Strings ${returnvalue} true diff --git a/01-TestCase/tsg_adc/api_security/AllowSSLTests.robot b/01-TestCase/tsg_adc/api_security/AllowSSLTests.robot index 0a62d39..381701b 100644 --- a/01-TestCase/tsg_adc/api_security/AllowSSLTests.robot +++ b/01-TestCase/tsg_adc/api_security/AllowSSLTests.robot @@ -1,91 +1,148 @@ -*** Settings *** -Test Teardown DeletePolicyAndObject ${policyIds} ${objectids} -Force Tags tsg_adc tsg_security -Library OperatingSystem -Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot -Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot -Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot - -*** Variables *** -${policyIds} ${EMPTY} -${objectids} ${EMPTY} - -*** Test Cases *** -SecurityPolicy-Allow-SSL-00001 - [Tags] Allow IP FQDN DENY HTTP - #创建对象 IP - #${rescode} ${object_IP_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"ip","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_IP","objectDesc":"","subObjectIds":[],"addItemList":[{"addrType":4,"protocol":0,"direction":0,"clientIp1":"192.168.50.31","clientIp2":"192.168.50.31","clientIpFormat":"range","clientPortFormat":"","clientPort1":"","clientPort2":"","serverIpFormat":"","serverIp1":"","serverIp2":"","serverPortFormat":"","serverPort1":"","serverPort2":""}],"updateItemList":[],"deleteItemIds":[]}} - #log ${object_IP_Id} - #创建对象 FQDN - ${rescodeip} ${object_FQDN_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_FQDN_icbc","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*ww.sogou.com"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_FQDN_Id} - ${objectids} set Variable ${object_FQDN_Id} - #创建 Deny 搭配Allow - #${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyName":"SecurityPolicy-Allow-SSL-00001_deny","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","method":"drop","keyring":1},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}} - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyName":"SecurityPolicy-Allow-SSL-00001_deny","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","method":"drop"},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[3]}} - ... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyName":"SecurityPolicy-Allow-SSL-00001_deny","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","method":"drop"},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}} - log ${addPolicyStr} - ${rescode} ${policyId1} AddPolicy ${addPolicyStr} - log ${policyId1} - ${policyIds} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]} - #创建策略 - #${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyName":"SecurityPolicy-Allow-SSL-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}} - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyName":"SecurityPolicy-Allow-SSL-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL"},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[3]}} \ - ... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyName":"SecurityPolicy-Allow-SSL-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL"},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}} - ${rescode} ${policyId2} AddPolicy ${addPolicyStr} - log ${policyId2} - ${policyIds1} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]} - ${policyIds2} set Variable {"policyType":"tsg_security","policyIds":[${policyId2}]} - ${policyIds} Create List ${policyIds1} ${policyIds2} - #${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_IP_Id},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}} - #功能端验证 - Sleep ${policyVerificationSleepSeconds}s - ${starttime} Get Time - ${commandreturn} OperatingSystem.Run curl -I \ -m \ 10 \ -o \ /dev/null \ -s \ -w \ \ \%{http_code} \ \ https://www.sogou.com - should contain ${commandreturn} 200 - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - #日志验证 - ${s} Convert to String ${policyId2} - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni www.sogou.com - -SecurityPolicy-Allow-SSL-00002 - [Tags] Allow SubID Category DENY HTTP - # #创建对象Subid - # ${rescode} ${object_Subid_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"subscriberid","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_subid","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["$zmmtest"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}} - # log ${object_Subid_Id} - # ${objectids} set Variable ${object_Subid_Id} - #创建对象Categry - ${rescodeip} ${object_Category_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn_category","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_category","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*jd.com"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_Category_Id} - ${objectids} set Variable ${object_Category_Id} - #创建 Deny 搭配Allow - #${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyName":"SecurityPolicy-Allow-SSL-00001_deny","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","method":"drop","keyring":1},"referenceObject":[{"objectId":${testClentSubID} ,"protocolFields":[]},{"objectId":${object_Category_Id} ,"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}} - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyName":"SecurityPolicy-Allow-SSL-00001_deny","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","method":"drop"},"referenceObject":[{"objectId":${testClentSubID} ,"protocolFields":[null]},{"objectId":${object_Category_Id} ,"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[3]}} - ... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyName":"SecurityPolicy-Allow-SSL-00001_deny","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","method":"drop"},"referenceObject":[{"objectId":${testClentSubID} ,"protocolFields":[]},{"objectId":${object_Category_Id} ,"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}} - log ${addPolicyStr} - ${rescode} ${policyId1} AddPolicy ${addPolicyStr} - log ${policyId1} - ${policyIds} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]} - #创建策略 - #${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyName":"SecurityPolicy-Allow-SSL-00002","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1},"referenceObject":[{"objectId":${testClentSubID},"protocolFields":[]},{"objectId":${object_Category_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}} - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyName":"SecurityPolicy-Allow-SSL-00002","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL"},"referenceObject":[{"objectId":${testClentSubID},"protocolFields":[null]},{"objectId":${object_Category_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[3]}} - ... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyName":"SecurityPolicy-Allow-SSL-00002","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL"},"referenceObject":[{"objectId":${testClentSubID},"protocolFields":[]},{"objectId":${object_Category_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}} - ${rescode} ${policyId2} AddPolicy ${addPolicyStr} - log ${policyId2} - ${policyIds1} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]} - ${policyIds2} set Variable {"policyType":"tsg_security","policyIds":[${policyId2}]} - ${policyIds} Create List ${policyIds1} ${policyIds2} - #${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyName":"SecurityPolicy-Allow-Http-00002","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_Subid_Id},"protocolFields":[]},{"objectId":${object_Category_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}} - #log ${rescode} - #log ${policyId} - #功能端验证 - Sleep ${policyVerificationSleepSeconds}s - ${starttime} Get Time - ${commandreturn} OperatingSystem.Run curl -I \ -m \ 10 \ -o \ /dev/null \ -s \ -w \ \ \%{http_code} \ \ https://www.jd.com/ - should contain ${commandreturn} 200 - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - #日志验证 - ${s} Convert to String ${policyId2} - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni www.jd.com +*** Settings *** +Test Teardown DeletePolicyAndObjectAndApplicationAndSignature ${policyIds} ${objectids} +Force Tags tsg_adc tsg_security +Library OperatingSystem +Library Selenium2Library +Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot +Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot +Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot +Resource ../../../02-Keyword/tsg_adc/FileOperation.robot +Resource ../../../02-Keyword/tsg_bfapi/policy_object/Policy.robot +Resource ../../../03-Variable/ApplicationID.txt +Resource ../../../03-Variable/BifangApiVariable.txt +Resource ../../../02-Keyword/tsg_bfapi/policy_object/Application.robot +Resource ../../../02-Keyword/tsg_bfapi/policy_object/ProcessPolicyBody.robot +Library ../../../04-CustomLibrary/Library/VerifyPolicy.py +*** Variables *** +${policyIds} ${EMPTY} +${objectids} ${EMPTY} + +*** Test Cases *** +SecurityPolicy-Allow-SSL-00001 + [Tags] Allow IP SNI SSL + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=$www.facebook.com isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment 创建Allow策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=allow source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL"} filterList=${objectId1}|TSG_FIELD_SSL_SNI isValid=${1} appIdObjects=${SSL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + ${starttime} Get Time + #功能端验证 + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${sni} Create Dictionary attributeType=string attributeName=sni appId=126 appName=ssl protocol=ssl attributeValue={"string": "www.facebook.com"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "126"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${sni} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyIds} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + + Comment 功能端验证HTTP验证 + Open Browser https://www.facebook.com ${browserType} + sleep 2 + ${text} Get Text xpath=//*[@id="content"]/div/div/div/div[1]/h2 + Should Be Equal As Strings ${text} 联系你我,分享生活,尽在 Facebook + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni www.facebook.com + Should Be Equal As Strings ${returnvalue} true + + + + +SecurityPolicy-Allow-SSL-00002 + [Tags] Allow IP SSL + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + + Comment 创建Allow策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=allow source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL"} isValid=${1} appIdObjects=${SSL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + ${starttime} Get Time + #功能端验证 + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "126"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyIds} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + + Comment 功能端验证HTTP验证 + Open Browser https://www.facebook.com ${browserType} + sleep 2 + ${text} Get Text xpath=//*[@id="content"]/div/div/div/div[1]/h2 + Should Be Equal As Strings ${text} 联系你我,分享生活,尽在 Facebook + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni www.facebook.com + Should Be Equal As Strings ${returnvalue} true + \ No newline at end of file diff --git a/02-Keyword/tsg_bfapi/LogVariable.robot b/02-Keyword/tsg_bfapi/LogVariable.robot index dcf9aa5..78def66 100644 --- a/02-Keyword/tsg_bfapi/LogVariable.robot +++ b/02-Keyword/tsg_bfapi/LogVariable.robot @@ -1,60 +1,93 @@ -*** Settings *** -Resource ../../03-Variable/BifangApiVariable.txt -Resource LogSchema.robot -Library REST http://${host}:${port} -Library RequestsLibrary -Library OperatingSystem -Library Collections -Library string - -*** Keywords *** -GetLogList - [Arguments] ${logType} ${startTime} ${endTime} ${client_ip} ${policy_id} ${parmkey} ${parmvalue} - ${logCondition} GetLogCondition ${logType} ${startTime} ${endTime} ${client_ip} ${policy_id} - log ${logCondition} - ${LogListResponse} PostRemoteData /${version}/log/list ${logCondition} - Should Be Equal As Strings ${LogListResponse.status_code} 200 - ${returnData} To Json ${LogListResponse.content} - ${responseCode} Get From Dictionary ${returnData} code - Log ${responseCode} - Should Be Equal ${responseCode} ${200} security_event_log \ \ test query list failed - log this time request security_event_log \ table logRecord \ : ${LogListResponse.content} - ${a} Set Variable this time request security_event_log \ table logRecord \ : ${LogListResponse.content} - log ${a} - ${log} Set Variable ${LogListResponse.json()}[data][list] - FOR ${logs} IN ${log} - log ${logs} - END - log %%%%%%%%%%%%%%%%%%%%%%%%${logs} - Should Contain ${logs}"" ${client_ip} - Should Contain ${logs}"" ${policy_id} - Should Contain ${logs}"" ${parmkey} - Should Contain ${logs}"${parmkey}" ${parmvalue} - - - -GetLogListSize - [Documentation] - ... 描述:ProxyPinning - ... - [Arguments] ${logType} ${startTime} ${endTime} ${client_ip} ${policy_id} ${parmkey} ${parmvalue} - ${logCondition} GetALLLogCondition ${logType} ${startTime} ${endTime} ${client_ip} ${policy_id} 10000 1 - log ${logCondition} - ${LogListResponse} PostRemoteData /${version}/log/list ${logCondition} - Should Be Equal As Strings ${LogListResponse.status_code} 200 - ${returnData} To Json ${LogListResponse.content} - ${data} Get From Dictionary ${returnData} data - ${len} Get Length ${data}[list] - [Return] ${len} - - -GetLogCount - [Arguments] ${logType} ${startTime} ${endTime} ${client_ip} ${policy_id} ${parmkey} ${parmvalue} - ${logCondition} GetALLLogCondition ${logType} ${startTime} ${endTime} ${client_ip} ${policy_id} 10000 1 - ${LogListResponse} PostRemoteData /${version}/log/count ${logCondition} - Should Be Equal As Strings ${LogListResponse.status_code} 200 - ${returnData} To Json ${LogListResponse.content} - ${len} Set Variable ${LogListResponse.json()}[data][total] - #${len} Get From Dictionary ${returnData} total - [Return] ${len} +*** Settings *** +Resource ../../03-Variable/BifangApiVariable.txt +Resource LogSchema.robot +Library REST http://${host}:${port} +Library RequestsLibrary +Library OperatingSystem +Library Collections +Library string +Library ../../04-CustomLibrary/Custometest/log_contrast.py + + +*** Keywords *** +GetLogList_new + [Arguments] ${logType} ${startTime} ${client_ip} ${policy_id} ${parmkey} ${parmvalue} + FOR ${i} IN RANGE ${logfornumber} + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + ${logs} GetLogList_new1 ${logType} ${startTime} ${endTime} ${client_ip} ${policy_id} ${parmkey} ${parmvalue} + ${returnvalue} log_contrast ${logs} ${client_ip} ${policy_id} ${parmkey} ${parmvalue} + ${trueorfalse} Run Keyword If "${returnvalue}"=="true" set variable true + ... ELSE set variable false + Run Keyword If "${returnvalue}"=="true" Exit for loop + END + [Return] ${trueorfalse} + +GetLogList_new1 + [Arguments] ${logType} ${startTime} ${endTime} ${client_ip} ${policy_id} ${parmkey} ${parmvalue} + ${logCondition} GetLogCondition ${logType} ${startTime} ${endTime} ${client_ip} ${policy_id} + log ${logCondition} + ${LogListResponse} PostRemoteData /${version}/log/list ${logCondition} + Should Be Equal As Strings ${LogListResponse.status_code} 200 + ${returnData} To Json ${LogListResponse.content} + ${responseCode} Get From Dictionary ${returnData} code + Log ${responseCode} + Should Be Equal ${responseCode} ${200} security_event_log \ \ test query list failed + log this time request security_event_log \ table logRecord \ : ${LogListResponse.content} + ${a} Set Variable this time request security_event_log \ table logRecord \ : ${LogListResponse.content} + log ${a} + ${log} Set Variable ${LogListResponse.json()}[data][list] + FOR ${logs} IN ${log} + log ${logs} + END + [Return] ${logs} +GetLogList + [Arguments] ${logType} ${startTime} ${endTime} ${client_ip} ${policy_id} ${parmkey} ${parmvalue} + ${logCondition} GetLogCondition ${logType} ${startTime} ${endTime} ${client_ip} ${policy_id} + log ${logCondition} + ${LogListResponse} PostRemoteData /${version}/log/list ${logCondition} + Should Be Equal As Strings ${LogListResponse.status_code} 200 + ${returnData} To Json ${LogListResponse.content} + ${responseCode} Get From Dictionary ${returnData} code + Log ${responseCode} + Should Be Equal ${responseCode} ${200} security_event_log \ \ test query list failed + log this time request security_event_log \ table logRecord \ : ${LogListResponse.content} + ${a} Set Variable this time request security_event_log \ table logRecord \ : ${LogListResponse.content} + log ${a} + ${log} Set Variable ${LogListResponse.json()}[data][list] + FOR ${logs} IN ${log} + log ${logs} + END + log %%%%%%%%%%%%%%%%%%%%%%%%${logs} + Should Contain ${logs}"" ${client_ip} + Should Contain ${logs}"" ${policy_id} + Should Contain ${logs}"" ${parmkey} + Should Contain ${logs}"${parmkey}" ${parmvalue} + + + +GetLogListSize + [Documentation] + ... 描述:ProxyPinning + ... + [Arguments] ${logType} ${startTime} ${endTime} ${client_ip} ${policy_id} ${parmkey} ${parmvalue} + ${logCondition} GetALLLogCondition ${logType} ${startTime} ${endTime} ${client_ip} ${policy_id} 10000 1 + log ${logCondition} + ${LogListResponse} PostRemoteData /${version}/log/list ${logCondition} + Should Be Equal As Strings ${LogListResponse.status_code} 200 + ${returnData} To Json ${LogListResponse.content} + ${data} Get From Dictionary ${returnData} data + ${len} Get Length ${data}[list] + [Return] ${len} + + +GetLogCount + [Arguments] ${logType} ${startTime} ${endTime} ${client_ip} ${policy_id} ${parmkey} ${parmvalue} + ${logCondition} GetALLLogCondition ${logType} ${startTime} ${endTime} ${client_ip} ${policy_id} 10000 1 + ${LogListResponse} PostRemoteData /${version}/log/count ${logCondition} + Should Be Equal As Strings ${LogListResponse.status_code} 200 + ${returnData} To Json ${LogListResponse.content} + ${len} Set Variable ${LogListResponse.json()}[data][total] + #${len} Get From Dictionary ${returnData} total + [Return] ${len} \ No newline at end of file diff --git a/02-Keyword/tsg_bfapi/policy_object/Application.robot b/02-Keyword/tsg_bfapi/policy_object/Application.robot index ce4fbda..cdfbb9f 100644 --- a/02-Keyword/tsg_bfapi/policy_object/Application.robot +++ b/02-Keyword/tsg_bfapi/policy_object/Application.robot @@ -39,7 +39,7 @@ GetAppIdObjects [Return] ${appidobject} DeletePolicyAndObjectAndApplicationAndSignature - [Arguments] ${policyids} ${objectids} ${appids} ${signatureId} + [Arguments] ${policyids} ${objectids} ${appids}=${EMPTY} ${signatureId}=${EMPTY} #删除和对象 #2020-09-01修改,引用DeletePolicyAndGroupObject,避免分别维护并兼容之前用例 Run Keyword If "${policyids}"=="${EMPTY}" log no policyids to del diff --git a/03-Variable/BifangApiVariable.txt b/03-Variable/BifangApiVariable.txt index 2879794..ed790f4 100644 --- a/03-Variable/BifangApiVariable.txt +++ b/03-Variable/BifangApiVariable.txt @@ -1,10 +1,10 @@ *** Variables *** #登录类型:api | cli | ${None}(tsg mib) | 未指定,默认为ui -${loginType} ui +${loginType} api #执行环境是否Widonws -${systemType} api +${systemType} Windows #API配置信息 -${host} 192.168.44.71 +${host} 192.168.44.72 ${port} 8080 ${authmode} 1 ${authCode} ${EMPTY} @@ -16,14 +16,14 @@ ${password} 1 ${encodePassword} ${EMPTY} ${token} ${EMPTY} #[Documentation] 测试终端IP统一配置 -${testClentIP} 192.168.32.32 +${testClentIP} 192.168.50.52 ${testSubscriberID} $test57 #自动化标签 ${userTagIds} ${EMPTY} #Documentation] 是否添加测试终端IP到策略统一配置,0为不添加测试终端IP,1为添加测试终端IP,默认1 ${addTestClentIPFlag} 0 #测试环境是否需要把tsgui和api添加为SecurityPolicy-Allow 1为需要,默认1 , -${addTsgUIAPIFlag} 1 +${addTsgUIAPIFlag} 0 #执行需要暂停时间 #策略下发后到验证需等待时间 ${policyVerificationSleepSeconds} 20 @@ -31,7 +31,7 @@ ${policyVerificationSleepSeconds} 20 ${policyLogVerificationSleepSeconds} 60 ${path} F:/tsg-git/tsg_autotest/05-Other/ ${Downloadpath} C:/Users/byb11/Downloads/ -${curlbatpath} ${path}/curl/ +${curlbatpath} ${path}curl/ ${mailpath} ${path}/mail/ ${responsePageFiles} ${path}/response_pages_files/ #全流程分阶段测试参数 @@ -74,4 +74,6 @@ ${sleep} 3 # 隐式等待时间 ${sleep_Wait} 20 #name个人标识 -${tag} lyf \ No newline at end of file +${tag} lyf +#日志查询次数 +${logfornumber} 3 \ No newline at end of file diff --git a/04-CustomLibrary/Custometest/log_contrast.py b/04-CustomLibrary/Custometest/log_contrast.py new file mode 100644 index 0000000..8a27855 --- /dev/null +++ b/04-CustomLibrary/Custometest/log_contrast.py @@ -0,0 +1,8 @@ +#!/user/bin/python +#-*-coding:utf-8-*- +def log_contrast(logs,client_ip,policy_id,parmkey,parmvalue): + if (str(client_ip) in str(logs))and (str(policy_id) in str(logs)) and (str(parmkey) in str(logs)) and (str(parmvalue) in str(logs)): + print(logs) + return "true" + else: + return "false"