*** Settings ***
Test Teardown     DeletePolicyAndObject    ${policyIds}    ${objectids}
Force Tags        tsg_adc    Security_Policy
Library           OperatingSystem
Resource          ../../../../02-Keyword/tsg_adc/SystemCommand.robot
Resource          ../../../../02-Keyword/tsg_bfapi/PolicyObject.robot
Resource          ../../../../02-Keyword/tsg_bfapi/LogVariable.robot
Resource          ../../../../02-Keyword/tsg_bfapi/ApiRequest.robot
Resource          ../../../../03-Variable/AllFlowCaseVariable.txt

*** Variables ***
${policyIds}      ${EMPTY}
${objectids}      ${EMPTY}

*** Test Cases ***
SecurityPolicy-Deny-DNS-00001
    [Tags]    Selfserver    Deny    Dns    Ip+Fqdn右匹配
    Comment    创建fqdn
    ${objectDict}    Create Dictionary    objectType=fqdn    isValid=${1}    addItemList=*yhd.com
    ${rescode}    ${object_fqdn_Id}    AddObject2    ${1}    ${objectDict}
    ${objectids}    set Variable    ${object_fqdn_Id}
    Comment    创建安全策略
    ${policyDict}    Create Dictionary    policyName=SecurityPolicy-Deny-DNS-00001    policyType=tsg_security    policyDesc=autotest    userTags=    action=deny    effectiveRange=    userRegion={"protocol": "DNS","method":"drop"}    isValid=${1}    appObjectIdArray=4    referenceObject=${object_fqdn_Id}|TSG_FIELD_DNS_QNAME
    ${rescode}    ${policyId}    AddPolicy2    ${1}    ${policyDict}
    #删除策略
    ${policyIds}    Create List    {"policyType":"tsg_security","policyIds":[${policyId}]}
    Comment    功能端验证HTTP验证
    ${commandstr}    run keyword if    '${systemType}'=='Windows'    set variable    nslookup -d www.yhd.com
    ...    ELSE    set variable    nslookup -d www.yhd.com
    ${stringlist}    run keyword if    '${systemType}'=='Windows'    Create List    超时
    ...    ELSE    Create List    canonical name = www.yhd.com
    ${starttime}    Get Time
    Sleep    ${policyVerificationSleepSeconds}s
    ${rescode}    SystemCommands    ${commandstr}    ${stringlist}
    Sleep    ${policyLogVerificationSleepSeconds}s
    ${endtime}    Get Time
    #日志验证
    ${s}    Convert to String    ${policyId}
    GetLogList    security_event_log    ${starttime}    ${endtime}    ${testClentIP}    ${s}    dns_qname    yhd.com

SecurityPolicy-Deny-DNS-00002
    [Tags]    Selfserver    Deny    Dns    Ip+Cat完整匹配
    Comment    创建fqdn
    ${objectDict}    Create Dictionary    objectType=fqdn_category    isValid=${1}    addItemList=$www.toutiao.com
    ${rescode}    ${object_fqdn_Id}    AddObject2    ${1}    ${objectDict}
    ${objectids}    set Variable    ${object_fqdn_Id}
    Comment    创建安全策略
    ${policyDict}    Create Dictionary    policyName=SecurityPolicy-Deny-DNS-00001    policyType=tsg_security    policyDesc=autotest    userTags=    action=deny    effectiveRange=    userRegion={"protocol":"DNS","method":"redirect","resolution":[{"qtype":"A","answer":[{"atype":"CNAME","value":"www.vip.com","ttl":{"min":300,"max":300}}]}]}    isValid=${1}    appObjectIdArray=4
    ${rescode}    ${policyId}    AddPolicy2    ${1}    ${policyDict}
    #删除策略
    ${policyIds}    Create List    {"policyType":"tsg_security","policyIds":[${policyId}]}
    Comment    功能端验证HTTP验证
    ${commandstr}    run keyword if    '${systemType}'=='Windows'    set variable    nslookup -d www.toutiao.com
    ...    ELSE    set variable    nslookup \ www.toutiao.com
    ${stringlist}    run keyword if    '${systemType}'=='Windows'    Create List    canonical name = www.vip.com
    ...    ELSE    Create List    canonical name = www.vip.com
    ${starttime}    Get Time
    Sleep    ${policyVerificationSleepSeconds}s
    ${rescode}    SystemCommands    ${commandstr}    ${stringlist}
    Sleep    ${policyLogVerificationSleepSeconds}s
    ${endtime}    Get Time
    #日志验证
    ${s}    Convert to String    ${policyId}
    GetLogList    security_event_log    ${starttime}    ${endtime}    ${testClentIP}    ${s}    dns_qname    toutiao.com