1、公共文件添加日志查询次数变量${logfornumber}2、修改安全策略allow协议http和ssl全流程用例3、新建log验证关键字(循环验证)
This commit is contained in:
lyf
@@ -1,123 +1,276 @@
|
||||
*** Settings ***
|
||||
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
|
||||
Test Teardown DeletePolicyAndObjectAndApplicationAndSignature ${policyIds} ${objectids}
|
||||
Force Tags tsg_adc tsg_security
|
||||
Library OperatingSystem
|
||||
Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot
|
||||
Resource ../../../02-Keyword/tsg_adc/FileOperation.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/policy_object/Policy.robot
|
||||
Resource ../../../03-Variable/ApplicationID.txt
|
||||
Resource ../../../03-Variable/BifangApiVariable.txt
|
||||
Resource ../../../02-Keyword/tsg_bfapi/policy_object/Application.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/policy_object/ProcessPolicyBody.robot
|
||||
Library ../../../04-CustomLibrary/Library/VerifyPolicy.py
|
||||
|
||||
*** Variables ***
|
||||
${policyIds} ${EMPTY}
|
||||
${objectids} ${EMPTY}
|
||||
|
||||
*** Test Cases ***
|
||||
SecurityPolicy-Allow-Http-00001
|
||||
[Tags] Allow IP FQDN DENY HTTP
|
||||
#创建对象IP
|
||||
#${rescode} ${object_IP_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"ip","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_IP","objectDesc":"","subObjectIds":[],"addItemList":[{"addrType":4,"protocol":0,"direction":0,"clientIp1":"192.168.50.31","clientIp2":"192.168.50.31","clientIpFormat":"range","clientPortFormat":"","clientPort1":"","clientPort2":"","serverIpFormat":"","serverIp1":"","serverIp2":"","serverPortFormat":"","serverPort1":"","serverPort2":""}],"updateItemList":[],"deleteItemIds":[]}}
|
||||
#log ${object_IP_Id}
|
||||
#创建对象FQDN
|
||||
${rescodeip} ${object_FQDN_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn","objectSubType":"","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"SecurityPolicy-Allow-Http-00001_FQDN_icbc","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["$www.icbc.com.cn"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
|
||||
log ${object_FQDN_Id}
|
||||
${objectids} set Variable ${object_FQDN_Id}
|
||||
#创建 Deny 搭配Allow
|
||||
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001_Deny","policyType":"tsg_security","action":"deny","userTags":"${userTagIds}","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","method":"drop"},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001_Deny","policyType":"tsg_security","action":"deny","userTags":"${userTagIds}","doBlacklist":0,"doLog":1,"policyDesc":"autotest","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","method":"drop"},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
|
||||
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001_Deny","policyType":"tsg_security","action":"deny","userTags":"${userTagIds}","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","method":"drop"},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
|
||||
log ${addPolicyStr}
|
||||
${rescode} ${policyId1} AddPolicy ${addPolicyStr}
|
||||
log ${policyId1}
|
||||
${policyIds} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
|
||||
#创建allow策略
|
||||
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"${userTagIds}","doBlacklist":0,"doLog":1,"policyDesc":"autotest","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP"},"referenceObject":[],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"${userTagIds}","doBlacklist":0,"doLog":1,"policyDesc":"autotest","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP"},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
|
||||
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"${userTagIds}","doBlacklist":0,"doLog":1,"policyDesc":"autotest","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP"},"referenceObject":[],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
|
||||
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
|
||||
log ${policyId2}
|
||||
${policyIds2} set Variable {"policyType":"tsg_security","policyIds":[${policyId2}]}
|
||||
${policyIds1} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
|
||||
${policyIds} Create List ${policyIds1} ${policyIds2}
|
||||
#${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_IP_Id},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
[Tags] Allow IP HTTP
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId} AddObjects ${1} ${objectDict}
|
||||
${objectids} set Variable ${objectId}
|
||||
|
||||
Comment 创建Allow策略
|
||||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=allow source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"HTTP"} isValid=${1} appIdObjects=${HTTP_ID}
|
||||
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
|
||||
${policyIds} set Variable ${policyId}[0][policyIds][0]
|
||||
|
||||
${starttime} Get Time
|
||||
#功能端验证
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
${commandreturn} OperatingSystem.Run curl -I \ -m \ 10 \ -o \ /dev/null \ -s \ -w \ \ \%{http_code} \ \ http://www.icbc.com.cn
|
||||
should contain ${commandreturn} 200
|
||||
Sleep ${policyLogVerificationSleepSeconds}s
|
||||
${endtime} Get Time
|
||||
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "106"}
|
||||
${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"}
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
${rescode} ${resData} VerifyPolicies ${verifyList}
|
||||
# 打印检查结果
|
||||
${objectid_verify} Set Variable ${objectids}
|
||||
${objectid_verify} Catenate SEPARATOR=, ${policyIds}
|
||||
# # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中
|
||||
log ${objectid_verify}
|
||||
${testType} Evaluate type($objectid_verify)
|
||||
${testType} Evaluate type($resData)
|
||||
log ${resData}
|
||||
sleep 5
|
||||
${ok} VerifyProxy ${resData} ${objectid_verify}
|
||||
Should Be Equal As Strings ${ok} true
|
||||
|
||||
Comment 功能端验证HTTP验证
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Allow_HTTP_00001_1.bat
|
||||
... ELSE set variable ${curlbatpath}/command/SecurityPolicy_Allow_HTTP_00001_1_L.bat
|
||||
${stringlist} run keyword if '${systemType}'=='Windows' Create List 首页 - 橙光
|
||||
... ELSE Create List 首页 - 橙光
|
||||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||||
|
||||
|
||||
Comment 日志验证
|
||||
#日志验证
|
||||
${s} Convert to String ${policyId2}
|
||||
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host icbc
|
||||
${s} Convert to String ${policyIds}
|
||||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} http_host www.66rpg.com
|
||||
Should Be Equal As Strings ${returnvalue} true
|
||||
|
||||
SecurityPolicy-Allow-Http-00002
|
||||
[Tags] Allow SubID Category DENY HTTP
|
||||
# #创建对象Subid
|
||||
# ${rescode} ${object_Subid_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"subscriberid","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"SecurityPolicy-Allow-Http-00002_subid","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["$zmmtest"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
|
||||
# log ${object_Subid_Id}
|
||||
# ${objectids} set Variable ${object_Subid_Id}
|
||||
#创建对象Categry
|
||||
${rescodeip} ${object_Category_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn_category","objectSubType":"","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"SecurityPolicy-Allow-Http-00002-Categry","objectDesc":"autotest","subObjectIds":[],"addItemList":[{"keywordArray":["*www.ccb.com"],"itemId":"","isValid":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[],"objectId":""}}
|
||||
[Tags] Allow IP HTTP FQDN
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId} AddObjects ${1} ${objectDict}
|
||||
${objectids} set Variable ${objectId}
|
||||
|
||||
log ${object_Category_Id}
|
||||
${objectids} set Variable ${object_Category_Id}
|
||||
#创建 Deny 搭配Allow
|
||||
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyName":"SecurityPolicy-Allow-Http-00002_deny","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","method":"drop","keyring":1},"referenceObject":[{"objectId":${testClentSubID} ,"protocolFields":[]},{"objectId":${object_Category_Id} ,"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00002_deny","policyType":"tsg_security","action":"deny","userTags":"${userTagIds}","doBlacklist":0,"doLog":1,"policyDesc":"autotest","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","method":"drop"},"referenceObject":[{"objectId":${testClentSubID},"protocolFields":[null]},{"objectId":${object_Category_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
|
||||
log ${addPolicyStr}
|
||||
${rescode} ${policyId1} AddPolicy ${addPolicyStr}
|
||||
log ${policyId1}
|
||||
${policyIds} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
|
||||
#创建策略
|
||||
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyName":"SecurityPolicy-Allow-Http-00002","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${testClentSubID},"protocolFields":[]},{"objectId":${object_Category_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00002","policyType":"tsg_security","action":"allow","userTags":"${userTagIds}","doBlacklist":0,"doLog":1,"policyDesc":"autotest","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP"},"referenceObject":[{"objectId":${testClentSubID},"protocolFields":[null]},{"objectId":${object_Category_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
|
||||
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
|
||||
log ${policyId2}
|
||||
${policyIds1} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
|
||||
${policyIds2} set Variable {"policyType":"tsg_security","policyIds":[${policyId2}]}
|
||||
${policyIds} Create List ${policyIds1} ${policyIds2}
|
||||
Comment 创建fqdn
|
||||
${addItemList1} Create Dictionary keywordArray=$www.66rpg.com isHexbin=${0}
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId1} AddObjects ${1} ${objectDict1}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1}
|
||||
|
||||
Comment 创建Allow策略
|
||||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=allow source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_HOST isValid=${1} appIdObjects=${HTTP_ID}
|
||||
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
|
||||
${policyIds} set Variable ${policyId}[0][policyIds][0]
|
||||
|
||||
${starttime} Get Time
|
||||
#功能端验证
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
${starttime} Get Time
|
||||
${commandreturn} OperatingSystem.Run curl -I \ -m \ 10 \ -o \ /dev/null \ -s \ -w \ \ \%{http_code} \ \ http://www.ccb.com
|
||||
should contain ${commandreturn} 200
|
||||
Sleep ${policyLogVerificationSleepSeconds}s
|
||||
${endtime} Get Time
|
||||
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${qname_fqdn_id} Create Dictionary attributeType=string attributeName=host appId=106 appName=http protocol=http attributeValue={"string": "www.66rpg.com"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "106"}
|
||||
${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"}
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${qname_fqdn_id}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
${rescode} ${resData} VerifyPolicies ${verifyList}
|
||||
# 打印检查结果
|
||||
${objectid_verify} Set Variable ${objectids}
|
||||
${objectid_verify} Catenate SEPARATOR=, ${policyIds} ${objectid_verify}
|
||||
# # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中
|
||||
log ${objectid_verify}
|
||||
${testType} Evaluate type($objectid_verify)
|
||||
${testType} Evaluate type($resData)
|
||||
log ${resData}
|
||||
sleep 5
|
||||
${ok} VerifyProxy ${resData} ${objectid_verify}
|
||||
Should Be Equal As Strings ${ok} true
|
||||
|
||||
Comment 功能端验证HTTP验证
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Allow_HTTP_00001_1.bat
|
||||
... ELSE set variable ${curlbatpath}/command/SecurityPolicy_Allow_HTTP_00001_1_L.bat
|
||||
${stringlist} run keyword if '${systemType}'=='Windows' Create List 首页 - 橙光
|
||||
... ELSE Create List 首页 - 橙光
|
||||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||||
|
||||
Comment 日志验证
|
||||
#日志验证
|
||||
${s} Convert to String ${policyId2}
|
||||
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host ccb
|
||||
${s} Convert to String ${policyIds}
|
||||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} http_host www.66rpg.com
|
||||
Should Be Equal As Strings ${returnvalue} true
|
||||
|
||||
SecurityPolicy-Allow-Http-00003
|
||||
[Tags] Allow IP FQDN DENY HTTP
|
||||
#创建对象IP
|
||||
#${rescode} ${object_IP_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"ip","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_IP","objectDesc":"","subObjectIds":[],"addItemList":[{"addrType":4,"protocol":0,"direction":0,"clientIp1":"192.168.50.31","clientIp2":"192.168.50.31","clientIpFormat":"range","clientPortFormat":"","clientPort1":"","clientPort2":"","serverIpFormat":"","serverIp1":"","serverIp2":"","serverPortFormat":"","serverPort1":"","serverPort2":""}],"updateItemList":[],"deleteItemIds":[]}}
|
||||
#log ${object_IP_Id}
|
||||
#创建对象FQDN
|
||||
${rescodeip} ${object_FQDN_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn","objectSubType":"","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"SecurityPolicy-Allow-Http-00001_FQDN_xiaozhu","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*.xiaozhu.com"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
|
||||
log ${object_FQDN_Id}
|
||||
${objectids} set Variable ${object_FQDN_Id}
|
||||
#创建 Deny 搭配Allow
|
||||
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00003_Deny","policyType":"tsg_security","action":"deny","userTags":"${userTagIds}","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","method":"drop"},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001_Deny","policyType":"tsg_security","action":"deny","userTags":"${userTagIds}","doBlacklist":0,"doLog":1,"policyDesc":"autotest","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","method":"drop"},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
|
||||
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00003_Deny","policyType":"tsg_security","action":"deny","userTags":"${userTagIds}","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","method":"drop"},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
|
||||
log ${addPolicyStr}
|
||||
${rescode} ${policyId1} AddPolicy ${addPolicyStr}
|
||||
log ${policyId1}
|
||||
${policyIds} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
|
||||
#创建allow策略
|
||||
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00003","policyType":"tsg_security","action":"allow","userTags":"${userTagIds}","doBlacklist":0,"doLog":1,"policyDesc":"autotest","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP"},"referenceObject":[],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"${userTagIds}","doBlacklist":0,"doLog":1,"policyDesc":"autotest","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP"},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
|
||||
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00003","policyType":"tsg_security","action":"allow","userTags":"${userTagIds}","doBlacklist":0,"doLog":1,"policyDesc":"autotest","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP"},"referenceObject":[],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
|
||||
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
|
||||
log ${policyId2}
|
||||
${policyIds2} set Variable {"policyType":"tsg_security","policyIds":[${policyId2}]}
|
||||
${policyIds1} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
|
||||
${policyIds} Create List ${policyIds1} ${policyIds2}
|
||||
#${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_IP_Id},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
[Tags] Allow IP HTTP URL
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId} AddObjects ${1} ${objectDict}
|
||||
${objectids} set Variable ${objectId}
|
||||
|
||||
Comment 创建url
|
||||
${addItemList1} Create Dictionary keywordArray=$clintonairport.com/airlines-flights/covid/ isHexbin=${0}
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId1} AddObjects ${1} ${objectDict1}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1}
|
||||
|
||||
Comment 创建Allow策略
|
||||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=allow source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_URL isValid=${1} appIdObjects=${HTTP_ID}
|
||||
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
|
||||
${policyIds} set Variable ${policyId}[0][policyIds][0]
|
||||
|
||||
${starttime} Get Time
|
||||
#功能端验证
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
${commandreturn} OperatingSystem.Run curl -I \ -m \ 10 \ -o \ /dev/null \ -s \ -w \ \ \%{http_code} \ \ http://www.xiaozhu.com/
|
||||
should contain ${commandreturn} 200
|
||||
Sleep ${policyLogVerificationSleepSeconds}s
|
||||
${endtime} Get Time
|
||||
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${url} Create Dictionary attributeType=string attributeName=url appId=106 appName=http protocol=http attributeValue={"string": "clintonairport.com/airlines-flights/covid/"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "106"}
|
||||
${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"}
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${url}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
${rescode} ${resData} VerifyPolicies ${verifyList}
|
||||
# 打印检查结果
|
||||
${objectid_verify} Set Variable ${objectids}
|
||||
${objectid_verify} Catenate SEPARATOR=, ${policyIds} ${objectid_verify}
|
||||
# # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中
|
||||
log ${objectid_verify}
|
||||
${testType} Evaluate type($objectid_verify)
|
||||
${testType} Evaluate type($resData)
|
||||
log ${resData}
|
||||
sleep 5
|
||||
${ok} VerifyProxy ${resData} ${objectid_verify}
|
||||
Should Be Equal As Strings ${ok} true
|
||||
|
||||
Comment 功能端验证HTTP验证
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Allow_HTTP_00001.bat
|
||||
... ELSE set variable ${curlbatpath}/command/SecurityPolicy_Allow_HTTP_00001_L.bat
|
||||
${stringlist} run keyword if '${systemType}'=='Windows' Create List COVID
|
||||
... ELSE Create List COVID
|
||||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||||
|
||||
Comment 日志验证
|
||||
#日志验证
|
||||
${s} Convert to String ${policyId2}
|
||||
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host .xiaozhu.com
|
||||
${s} Convert to String ${policyIds}
|
||||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} http_host clintonairport.com
|
||||
Should Be Equal As Strings ${returnvalue} true
|
||||
|
||||
SecurityPolicy-Allow-Http-00004
|
||||
[Tags] Allow IP HTTP FQDN+URL
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId} AddObjects ${1} ${objectDict}
|
||||
${objectids} set Variable ${objectId}
|
||||
|
||||
Comment 创建fqdn
|
||||
${addItemList1} Create Dictionary keywordArray=*clintonairport.com isHexbin=${0}
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId1} AddObjects ${1} ${objectDict}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1}
|
||||
|
||||
Comment 创建url
|
||||
${addItemList1} Create Dictionary keywordArray=$clintonairport.com/airlines-flights/covid/ isHexbin=${0}
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId2} AddObjects ${1} ${objectDict1}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2}
|
||||
|
||||
Comment 创建Allow策略
|
||||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=allow source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_HOST,${objectId2}|TSG_FIELD_HTTP_URL isValid=${1} appIdObjects=${HTTP_ID}
|
||||
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
|
||||
${policyIds} set Variable ${policyId}[0][policyIds][0]
|
||||
|
||||
${starttime} Get Time
|
||||
#功能端验证
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${url} Create Dictionary attributeType=string attributeName=url appId=106 appName=http protocol=http attributeValue={"string": "clintonairport.com/airlines-flights/covid/"}
|
||||
${qname_fqdn_id} Create Dictionary attributeType=string attributeName=host appId=106 appName=http protocol=http attributeValue={"string": "clintonairport.com"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "106"}
|
||||
${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"}
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${url} ${qname_fqdn_id}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
${rescode} ${resData} VerifyPolicies ${verifyList}
|
||||
# 打印检查结果
|
||||
${objectid_verify} Set Variable ${objectids}
|
||||
${objectid_verify} Catenate SEPARATOR=, ${policyIds} ${objectid_verify}
|
||||
# # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中
|
||||
log ${objectid_verify}
|
||||
${testType} Evaluate type($objectid_verify)
|
||||
${testType} Evaluate type($resData)
|
||||
log ${resData}
|
||||
sleep 5
|
||||
${ok} VerifyProxy ${resData} ${objectid_verify}
|
||||
Should Be Equal As Strings ${ok} true
|
||||
|
||||
Comment 功能端验证HTTP验证
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Allow_HTTP_00001.bat
|
||||
... ELSE set variable ${curlbatpath}/command/SecurityPolicy_Allow_HTTP_00001_L.bat
|
||||
${stringlist} run keyword if '${systemType}'=='Windows' Create List COVID
|
||||
... ELSE Create List COVID
|
||||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||||
|
||||
Comment 日志验证
|
||||
#日志验证
|
||||
${s} Convert to String ${policyIds}
|
||||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} http_host clintonairport.com
|
||||
Should Be Equal As Strings ${returnvalue} true
|
||||
|
||||
@@ -1,91 +1,148 @@
|
||||
*** Settings ***
|
||||
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
|
||||
Test Teardown DeletePolicyAndObjectAndApplicationAndSignature ${policyIds} ${objectids}
|
||||
Force Tags tsg_adc tsg_security
|
||||
Library OperatingSystem
|
||||
Library Selenium2Library
|
||||
Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot
|
||||
|
||||
Resource ../../../02-Keyword/tsg_adc/FileOperation.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/policy_object/Policy.robot
|
||||
Resource ../../../03-Variable/ApplicationID.txt
|
||||
Resource ../../../03-Variable/BifangApiVariable.txt
|
||||
Resource ../../../02-Keyword/tsg_bfapi/policy_object/Application.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/policy_object/ProcessPolicyBody.robot
|
||||
Library ../../../04-CustomLibrary/Library/VerifyPolicy.py
|
||||
*** Variables ***
|
||||
${policyIds} ${EMPTY}
|
||||
${objectids} ${EMPTY}
|
||||
|
||||
*** Test Cases ***
|
||||
SecurityPolicy-Allow-SSL-00001
|
||||
[Tags] Allow IP FQDN DENY HTTP
|
||||
#创建对象 IP
|
||||
#${rescode} ${object_IP_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"ip","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_IP","objectDesc":"","subObjectIds":[],"addItemList":[{"addrType":4,"protocol":0,"direction":0,"clientIp1":"192.168.50.31","clientIp2":"192.168.50.31","clientIpFormat":"range","clientPortFormat":"","clientPort1":"","clientPort2":"","serverIpFormat":"","serverIp1":"","serverIp2":"","serverPortFormat":"","serverPort1":"","serverPort2":""}],"updateItemList":[],"deleteItemIds":[]}}
|
||||
#log ${object_IP_Id}
|
||||
#创建对象 FQDN
|
||||
${rescodeip} ${object_FQDN_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_FQDN_icbc","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*ww.sogou.com"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
|
||||
log ${object_FQDN_Id}
|
||||
${objectids} set Variable ${object_FQDN_Id}
|
||||
#创建 Deny 搭配Allow
|
||||
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyName":"SecurityPolicy-Allow-SSL-00001_deny","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","method":"drop","keyring":1},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyName":"SecurityPolicy-Allow-SSL-00001_deny","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","method":"drop"},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[3]}}
|
||||
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyName":"SecurityPolicy-Allow-SSL-00001_deny","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","method":"drop"},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
log ${addPolicyStr}
|
||||
${rescode} ${policyId1} AddPolicy ${addPolicyStr}
|
||||
log ${policyId1}
|
||||
${policyIds} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
|
||||
#创建策略
|
||||
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyName":"SecurityPolicy-Allow-SSL-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyName":"SecurityPolicy-Allow-SSL-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL"},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[3]}} \
|
||||
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyName":"SecurityPolicy-Allow-SSL-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL"},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
|
||||
log ${policyId2}
|
||||
${policyIds1} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
|
||||
${policyIds2} set Variable {"policyType":"tsg_security","policyIds":[${policyId2}]}
|
||||
${policyIds} Create List ${policyIds1} ${policyIds2}
|
||||
#${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_IP_Id},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
[Tags] Allow IP SNI SSL
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId} AddObjects ${1} ${objectDict}
|
||||
${objectids} set Variable ${objectId}
|
||||
|
||||
Comment 创建fqdn
|
||||
${addItemList1} Create Dictionary keywordArray=$www.facebook.com isHexbin=${0}
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId1} AddObjects ${1} ${objectDict1}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1}
|
||||
|
||||
Comment 创建Allow策略
|
||||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=allow source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL"} filterList=${objectId1}|TSG_FIELD_SSL_SNI isValid=${1} appIdObjects=${SSL_ID}
|
||||
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
|
||||
${policyIds} set Variable ${policyId}[0][policyIds][0]
|
||||
|
||||
${starttime} Get Time
|
||||
#功能端验证
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
${starttime} Get Time
|
||||
${commandreturn} OperatingSystem.Run curl -I \ -m \ 10 \ -o \ /dev/null \ -s \ -w \ \ \%{http_code} \ \ https://www.sogou.com
|
||||
should contain ${commandreturn} 200
|
||||
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${sni} Create Dictionary attributeType=string attributeName=sni appId=126 appName=ssl protocol=ssl attributeValue={"string": "www.facebook.com"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "126"}
|
||||
${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"}
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${sni}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
${rescode} ${resData} VerifyPolicies ${verifyList}
|
||||
# 打印检查结果
|
||||
${objectid_verify} Set Variable ${objectids}
|
||||
${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyIds}
|
||||
# # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中
|
||||
log ${objectid_verify}
|
||||
${testType} Evaluate type($objectid_verify)
|
||||
${testType} Evaluate type($resData)
|
||||
log ${resData}
|
||||
sleep 5
|
||||
${ok} VerifyProxy ${resData} ${objectid_verify}
|
||||
Should Be Equal As Strings ${ok} true
|
||||
|
||||
Sleep ${policyLogVerificationSleepSeconds}s
|
||||
${endtime} Get Time
|
||||
|
||||
Comment 功能端验证HTTP验证
|
||||
Open Browser https://www.facebook.com ${browserType}
|
||||
sleep 2
|
||||
${text} Get Text xpath=//*[@id="content"]/div/div/div/div[1]/h2
|
||||
Should Be Equal As Strings ${text} 联系你我,分享生活,尽在 Facebook
|
||||
|
||||
Comment 日志验证
|
||||
#日志验证
|
||||
${s} Convert to String ${policyId2}
|
||||
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni www.sogou.com
|
||||
${s} Convert to String ${policyIds}
|
||||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni www.facebook.com
|
||||
Should Be Equal As Strings ${returnvalue} true
|
||||
|
||||
|
||||
|
||||
|
||||
SecurityPolicy-Allow-SSL-00002
|
||||
[Tags] Allow SubID Category DENY HTTP
|
||||
# #创建对象Subid
|
||||
# ${rescode} ${object_Subid_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"subscriberid","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_subid","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["$zmmtest"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
|
||||
# log ${object_Subid_Id}
|
||||
# ${objectids} set Variable ${object_Subid_Id}
|
||||
#创建对象Categry
|
||||
${rescodeip} ${object_Category_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn_category","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_category","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*jd.com"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
|
||||
log ${object_Category_Id}
|
||||
${objectids} set Variable ${object_Category_Id}
|
||||
#创建 Deny 搭配Allow
|
||||
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyName":"SecurityPolicy-Allow-SSL-00001_deny","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","method":"drop","keyring":1},"referenceObject":[{"objectId":${testClentSubID} ,"protocolFields":[]},{"objectId":${object_Category_Id} ,"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyName":"SecurityPolicy-Allow-SSL-00001_deny","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","method":"drop"},"referenceObject":[{"objectId":${testClentSubID} ,"protocolFields":[null]},{"objectId":${object_Category_Id} ,"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[3]}}
|
||||
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyName":"SecurityPolicy-Allow-SSL-00001_deny","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","method":"drop"},"referenceObject":[{"objectId":${testClentSubID} ,"protocolFields":[]},{"objectId":${object_Category_Id} ,"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
log ${addPolicyStr}
|
||||
${rescode} ${policyId1} AddPolicy ${addPolicyStr}
|
||||
log ${policyId1}
|
||||
${policyIds} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
|
||||
#创建策略
|
||||
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyName":"SecurityPolicy-Allow-SSL-00002","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1},"referenceObject":[{"objectId":${testClentSubID},"protocolFields":[]},{"objectId":${object_Category_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyName":"SecurityPolicy-Allow-SSL-00002","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL"},"referenceObject":[{"objectId":${testClentSubID},"protocolFields":[null]},{"objectId":${object_Category_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[3]}}
|
||||
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyName":"SecurityPolicy-Allow-SSL-00002","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL"},"referenceObject":[{"objectId":${testClentSubID},"protocolFields":[]},{"objectId":${object_Category_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
|
||||
log ${policyId2}
|
||||
${policyIds1} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
|
||||
${policyIds2} set Variable {"policyType":"tsg_security","policyIds":[${policyId2}]}
|
||||
${policyIds} Create List ${policyIds1} ${policyIds2}
|
||||
#${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyName":"SecurityPolicy-Allow-Http-00002","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_Subid_Id},"protocolFields":[]},{"objectId":${object_Category_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
#log ${rescode}
|
||||
#log ${policyId}
|
||||
[Tags] Allow IP SSL
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId} AddObjects ${1} ${objectDict}
|
||||
${objectids} set Variable ${objectId}
|
||||
|
||||
|
||||
Comment 创建Allow策略
|
||||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=allow source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL"} isValid=${1} appIdObjects=${SSL_ID}
|
||||
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
|
||||
${policyIds} set Variable ${policyId}[0][policyIds][0]
|
||||
|
||||
${starttime} Get Time
|
||||
#功能端验证
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
${starttime} Get Time
|
||||
${commandreturn} OperatingSystem.Run curl -I \ -m \ 10 \ -o \ /dev/null \ -s \ -w \ \ \%{http_code} \ \ https://www.jd.com/
|
||||
should contain ${commandreturn} 200
|
||||
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "126"}
|
||||
${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"}
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
${rescode} ${resData} VerifyPolicies ${verifyList}
|
||||
# 打印检查结果
|
||||
${objectid_verify} Set Variable ${objectids}
|
||||
${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyIds}
|
||||
# # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中
|
||||
log ${objectid_verify}
|
||||
${testType} Evaluate type($objectid_verify)
|
||||
${testType} Evaluate type($resData)
|
||||
log ${resData}
|
||||
sleep 5
|
||||
${ok} VerifyProxy ${resData} ${objectid_verify}
|
||||
Should Be Equal As Strings ${ok} true
|
||||
|
||||
Sleep ${policyLogVerificationSleepSeconds}s
|
||||
${endtime} Get Time
|
||||
|
||||
Comment 功能端验证HTTP验证
|
||||
Open Browser https://www.facebook.com ${browserType}
|
||||
sleep 2
|
||||
${text} Get Text xpath=//*[@id="content"]/div/div/div/div[1]/h2
|
||||
Should Be Equal As Strings ${text} 联系你我,分享生活,尽在 Facebook
|
||||
|
||||
Comment 日志验证
|
||||
#日志验证
|
||||
${s} Convert to String ${policyId2}
|
||||
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni www.jd.com
|
||||
${s} Convert to String ${policyIds}
|
||||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni www.facebook.com
|
||||
Should Be Equal As Strings ${returnvalue} true
|
||||
|
||||
@@ -6,8 +6,41 @@ Library RequestsLibrary
|
||||
Library OperatingSystem
|
||||
Library Collections
|
||||
Library string
|
||||
Library ../../04-CustomLibrary/Custometest/log_contrast.py
|
||||
|
||||
|
||||
*** Keywords ***
|
||||
GetLogList_new
|
||||
[Arguments] ${logType} ${startTime} ${client_ip} ${policy_id} ${parmkey} ${parmvalue}
|
||||
FOR ${i} IN RANGE ${logfornumber}
|
||||
Sleep ${policyLogVerificationSleepSeconds}s
|
||||
${endtime} Get Time
|
||||
${logs} GetLogList_new1 ${logType} ${startTime} ${endTime} ${client_ip} ${policy_id} ${parmkey} ${parmvalue}
|
||||
${returnvalue} log_contrast ${logs} ${client_ip} ${policy_id} ${parmkey} ${parmvalue}
|
||||
${trueorfalse} Run Keyword If "${returnvalue}"=="true" set variable true
|
||||
... ELSE set variable false
|
||||
Run Keyword If "${returnvalue}"=="true" Exit for loop
|
||||
END
|
||||
[Return] ${trueorfalse}
|
||||
|
||||
GetLogList_new1
|
||||
[Arguments] ${logType} ${startTime} ${endTime} ${client_ip} ${policy_id} ${parmkey} ${parmvalue}
|
||||
${logCondition} GetLogCondition ${logType} ${startTime} ${endTime} ${client_ip} ${policy_id}
|
||||
log ${logCondition}
|
||||
${LogListResponse} PostRemoteData /${version}/log/list ${logCondition}
|
||||
Should Be Equal As Strings ${LogListResponse.status_code} 200
|
||||
${returnData} To Json ${LogListResponse.content}
|
||||
${responseCode} Get From Dictionary ${returnData} code
|
||||
Log ${responseCode}
|
||||
Should Be Equal ${responseCode} ${200} security_event_log \ \ test query list failed
|
||||
log this time request security_event_log \ table logRecord \ : ${LogListResponse.content}
|
||||
${a} Set Variable this time request security_event_log \ table logRecord \ : ${LogListResponse.content}
|
||||
log ${a}
|
||||
${log} Set Variable ${LogListResponse.json()}[data][list]
|
||||
FOR ${logs} IN ${log}
|
||||
log ${logs}
|
||||
END
|
||||
[Return] ${logs}
|
||||
GetLogList
|
||||
[Arguments] ${logType} ${startTime} ${endTime} ${client_ip} ${policy_id} ${parmkey} ${parmvalue}
|
||||
${logCondition} GetLogCondition ${logType} ${startTime} ${endTime} ${client_ip} ${policy_id}
|
||||
|
||||
@@ -39,7 +39,7 @@ GetAppIdObjects
|
||||
[Return] ${appidobject}
|
||||
|
||||
DeletePolicyAndObjectAndApplicationAndSignature
|
||||
[Arguments] ${policyids} ${objectids} ${appids} ${signatureId}
|
||||
[Arguments] ${policyids} ${objectids} ${appids}=${EMPTY} ${signatureId}=${EMPTY}
|
||||
#删除和对象
|
||||
#2020-09-01修改,引用DeletePolicyAndGroupObject,避免分别维护并兼容之前用例
|
||||
Run Keyword If "${policyids}"=="${EMPTY}" log no policyids to del
|
||||
|
||||
@@ -1,10 +1,10 @@
|
||||
*** Variables ***
|
||||
#登录类型:api | cli | ${None}(tsg mib) | 未指定,默认为ui
|
||||
${loginType} ui
|
||||
${loginType} api
|
||||
#执行环境是否Widonws
|
||||
${systemType} api
|
||||
${systemType} Windows
|
||||
#API配置信息
|
||||
${host} 192.168.44.71
|
||||
${host} 192.168.44.72
|
||||
${port} 8080
|
||||
${authmode} 1
|
||||
${authCode} ${EMPTY}
|
||||
@@ -16,14 +16,14 @@ ${password} 1
|
||||
${encodePassword} ${EMPTY}
|
||||
${token} ${EMPTY}
|
||||
#[Documentation] 测试终端IP统一配置
|
||||
${testClentIP} 192.168.32.32
|
||||
${testClentIP} 192.168.50.52
|
||||
${testSubscriberID} $test57
|
||||
#自动化标签
|
||||
${userTagIds} ${EMPTY}
|
||||
#Documentation] 是否添加测试终端IP到策略统一配置,0为不添加测试终端IP,1为添加测试终端IP,默认1
|
||||
${addTestClentIPFlag} 0
|
||||
#测试环境是否需要把tsgui和api添加为SecurityPolicy-Allow 1为需要,默认1 ,
|
||||
${addTsgUIAPIFlag} 1
|
||||
${addTsgUIAPIFlag} 0
|
||||
#执行需要暂停时间
|
||||
#策略下发后到验证需等待时间
|
||||
${policyVerificationSleepSeconds} 20
|
||||
@@ -31,7 +31,7 @@ ${policyVerificationSleepSeconds} 20
|
||||
${policyLogVerificationSleepSeconds} 60
|
||||
${path} F:/tsg-git/tsg_autotest/05-Other/
|
||||
${Downloadpath} C:/Users/byb11/Downloads/
|
||||
${curlbatpath} ${path}/curl/
|
||||
${curlbatpath} ${path}curl/
|
||||
${mailpath} ${path}/mail/
|
||||
${responsePageFiles} ${path}/response_pages_files/
|
||||
#全流程分阶段测试参数
|
||||
@@ -75,3 +75,5 @@ ${sleep} 3
|
||||
${sleep_Wait} 20
|
||||
#name个人标识
|
||||
${tag} lyf
|
||||
#日志查询次数
|
||||
${logfornumber} 3
|
||||
8
04-CustomLibrary/Custometest/log_contrast.py
Normal file
8
04-CustomLibrary/Custometest/log_contrast.py
Normal file
@@ -0,0 +1,8 @@
|
||||
#!/user/bin/python
|
||||
#-*-coding:utf-8-*-
|
||||
def log_contrast(logs,client_ip,policy_id,parmkey,parmvalue):
|
||||
if (str(client_ip) in str(logs))and (str(policy_id) in str(logs)) and (str(parmkey) in str(logs)) and (str(parmvalue) in str(logs)):
|
||||
print(logs)
|
||||
return "true"
|
||||
else:
|
||||
return "false"
|
||||
Reference in New Issue
Block a user