*** Settings *** Test Teardown DeletePolicyAndObjectAndApplicationAndSignature ${policyIds} ${objectids} Force Tags tsg_adc tsg_security Library OperatingSystem Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot Resource ../../../02-Keyword/tsg_adc/FileOperation.robot Resource ../../../02-Keyword/tsg_bfapi/policy_object/Policy.robot Resource ../../../03-Variable/ApplicationID.txt Resource ../../../03-Variable/BifangApiVariable.txt Resource ../../../02-Keyword/tsg_bfapi/policy_object/Application.robot Resource ../../../02-Keyword/tsg_bfapi/policy_object/ProcessPolicyBody.robot Library ../../../04-CustomLibrary/Library/VerifyPolicy.py *** Variables *** ${policyIds} ${EMPTY} ${objectids} ${EMPTY} *** Test Cases *** SecurityPolicy-Deny-DNS-00001 [Tags] Deny IP DNS Comment 创建IP ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 ${addItemLists} Create list ${addItemList1} ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} ${rescode} ${objectId} AddObjects ${1} ${objectDict} ${objectids} set Variable ${objectId} Comment 创建Deny策略 ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=deny source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"DNS","method":"drop"} isValid=${1} appIdObjects=${DNS_ID} ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 ${policyIds} set Variable ${policyId}[0][policyIds][0] ${starttime} Get Time #功能端验证 Sleep ${policyVerificationSleepSeconds}s Comment 策略验证 #新增策略验证 #创建attributes中的字典 ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string":"32" } ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip": "252.252.252.252","port": "443","tableName": "TSG_SECURITY_DESTINATION_ADDR","addrType": 4,"protocol": "6"} # 合成attributes字典集 ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${verifySession} Create Dictionary attributes=${attributes} ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} log ${verifyList} ${rescode} ${resData} VerifyPolicies ${verifyList} # 打印检查结果 ${objectid_verify} Set Variable ${objectids} ${objectid_verify} Catenate SEPARATOR=, ${policyIds} # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 log ${objectid_verify} ${testType} Evaluate type($objectid_verify) ${testType} Evaluate type($resData) log ${resData} sleep 5 ${ok} VerifyProxy ${resData} ${objectid_verify} Should Be Equal As Strings ${ok} true Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable nslookup -d www.facebook.com ... ELSE set variable nslookup www.facebook.com ${stringlist} run keyword if '${systemType}'=='Windows' Create List 超时 ... ELSE Create List timed out ${rescode} SystemCommands ${commandstr} ${stringlist} Comment 日志验证 #日志验证 ${s} Convert to String ${policyIds} ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} dns_qname DNS SecurityPolicy-Deny-DNS-00002 [Tags] Deny IP DNS QNAME Comment 创建IP ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 ${addItemLists} Create list ${addItemList1} ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} ${rescode} ${objectId} AddObjects ${1} ${objectDict} ${objectids} set Variable ${objectId} Comment 创建fqdn ${addItemList1} Create Dictionary keywordArray=*www.arctictrucks.ru isHexbin=${0} ${addItemLists} Create list ${addItemList1} ${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} Comment 创建Deny策略 ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=deny source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"DNS","method":"redirect","resolution":[{"qtype":"A","answer":[{"atype":"CNAME","value":"www.jd.com","ttl":{"min":500,"max":500}},{"atype":"A","value":"192.168.41.186","ttl":{"min":300,"max":300}}]}]} filterList=${objectId1}|TSG_FIELD_DNS_QNAME isValid=${1} appIdObjects=${DNS_ID} ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 ${policyIds} set Variable ${policyId}[0][policyIds][0] ${starttime} Get Time #功能端验证 Sleep ${policyVerificationSleepSeconds}s Comment 策略验证 #新增策略验证 #创建attributes中的字典 ${qname_fqdn_id} Create Dictionary attributeType=string attributeName=qname appId=32 appName=dns protocol=dns attributeValue={"string": "www.arctictrucks.ru"} ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string":"32" } ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip": "252.252.252.252","port": "443","tableName": "TSG_SECURITY_DESTINATION_ADDR","addrType": 4,"protocol": "6"} # 合成attributes字典集 ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${qname_fqdn_id} ${verifySession} Create Dictionary attributes=${attributes} ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} log ${verifyList} ${rescode} ${resData} VerifyPolicies ${verifyList} # 打印检查结果 ${objectid_verify} Set Variable ${objectids} ${objectid_verify} Catenate SEPARATOR=, ${policyIds} # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 log ${objectid_verify} ${testType} Evaluate type($objectid_verify) ${testType} Evaluate type($resData) log ${resData} sleep 5 ${ok} VerifyProxy ${resData} ${objectid_verify} Should Be Equal As Strings ${ok} true Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable nslookup -d www.arctictrucks.ru 8.8.8.8 ... ELSE set variable nslookup -debug -query=A \ www.arctictrucks.ru ${stringlist} run keyword if '${systemType}'=='Windows' Create List www.arctictrucks.ru ... ELSE Create List www.arctictrucks.ru ${rescode} SystemCommands ${commandstr} ${stringlist} Comment 日志验证 #日志验证 ${s} Convert to String ${policyIds} ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} dns_qname www.arctictrucks.ru SecurityPolicy-Deny-DNS-00003 [Tags] Deny IP DNS QNAME Comment 创建IP ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 ${addItemLists} Create list ${addItemList1} ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} ${rescode} ${objectId} AddObjects ${1} ${objectDict} ${objectids} set Variable ${objectId} Comment 创建fqdn ${addItemList1} Create Dictionary keywordArray=*aec188.com isHexbin=${0} ${addItemLists} Create list ${addItemList1} ${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} Comment 创建Deny策略 ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=deny source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"DNS","method":"redirect","resolution":[{"qtype":"AAAA","answer":[{"atype":"AAAA","value":"fc00::2:11","ttl":{"min":400,"max":400}},{"atype":"CNAME","value":"www.taobao.com","ttl":{"min":600,"max":600}}]}]} filterList=${objectId1}|TSG_FIELD_DNS_QNAME isValid=${1} appIdObjects=${DNS_ID} ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 ${policyIds} set Variable ${policyId}[0][policyIds][0] ${starttime} Get Time #功能端验证 Sleep ${policyVerificationSleepSeconds}s Comment 策略验证 #新增策略验证 #创建attributes中的字典 ${qname_fqdn_id} Create Dictionary attributeType=string attributeName=qname appId=32 appName=dns protocol=dns attributeValue={"string": "aec188.com"} ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string":"32" } ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip": "252.252.252.252","port": "443","tableName": "TSG_SECURITY_DESTINATION_ADDR","addrType": 4,"protocol": "6"} # 合成attributes字典集 ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${qname_fqdn_id} ${verifySession} Create Dictionary attributes=${attributes} ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} log ${verifyList} ${rescode} ${resData} VerifyPolicies ${verifyList} # 打印检查结果 ${objectid_verify} Set Variable ${objectids} ${objectid_verify} Catenate SEPARATOR=, ${policyIds} # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 log ${objectid_verify} ${testType} Evaluate type($objectid_verify) ${testType} Evaluate type($resData) log ${resData} sleep 5 ${ok} VerifyProxy ${resData} ${objectid_verify} Should Be Equal As Strings ${ok} true Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable nslookup -d aec188.com 8.8.8.8 ... ELSE set variable nslookup -debug -query=AAAA \ aec188.com ${stringlist} run keyword if '${systemType}'=='Windows' Create List aec188.com ... ELSE Create List aec188.com ${rescode} SystemCommands ${commandstr} ${stringlist} Comment 日志验证 #日志验证 ${s} Convert to String ${policyIds} ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} dns_qname aec188.com