*** Settings *** Test Teardown DeleteAfterCase ${policyIds} ${objectids} Force Tags tsg_adc tsg_security selfserver Library OperatingSystem Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot Resource ../../../03-Variable/PolicyObjectDefault.txt Resource ../../../02-Keyword/tsg_common/StmpHandle.robot Resource ../../../03-Variable/AllFlowCaseVariable.txt Resource ../../../02-Keyword/tsg_adc/FileOperation.robot Resource ../../../03-Variable/BifangApiVariable.txt Library Custometest Library json *** Variables *** ${policyIds} ${EMPTY} ${objectids} ${EMPTY} ${url} /policy/profile/responsepages ${profiledId} ${EMPTY} ${dict} ${None} ${caseName} SecurityPolicy-Deny-AllProtol-00001 *** Keywords *** create-object-policy [Arguments] @{flag} Comment 创建目标IP ${objectDict} Create Dictionary ... objectType=IP ... isValid=1 ... objectSubType=${Default_ObjectSubType} ... isInitialize=${Default_IsInitialize} ... isExclusion=${Default_IsExclusion} ... objectName=${caseName}_IPobject ... objectDesc=${Default_ObjectDesc} ... subObjectIds=${Default_SubObjectIds} ... addItemList=CIDR|192.168.100.5|32|0/0&${Default_AddItem_ServerIpFormat}|${Default_AddItem_ServerIp1}|${Default_AddItem_ServerIp2}|${Default_AddItem_ServerPort}|${Default_AddItem_IsInitialize}|${Default_AddItem_ItemName}|${Default_AddItem_ItemDesc} ${rescode} ${objectId} AddObject2 ${1} ${objectDict} ${objectids} Run Keyword If '${testPart}'=='all' set Variable ${objectId} Comment 创建安全策略,针对所有协议,相当于BlackIP ${policyDict} Create Dictionary ... policyName=${caseName} ... policyType=tsg_security ... policyDesc=${Default_PolicyDesc} ... action=deny ... effectiveRange=${Default_EffectiveRange} ... userRegion=${Default_UserRegion} ... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR ... isValid=${Default_IsValid} ... appObjectIdArray=2,3,4,5,6 ... userTags=${Default_UserTags} ... doLog=2 ... scheduleId=${Default_ScheduleId} ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} ${policyIds} Run Keyword If '${testPart}'=='all' Create List {"policyType":"tsg_security","policyIds":[${policyId}]} # 区分执行方式 ${value} Run Keyword If ${flag}==[] insert_policyId_to_file ${caseName} ${policyId} ${objectids} ... ELSE Create Dictionary policyId=${policyId} objectId=${objectids} Set Test Variable ${dict} ${value} function-test Run Keyword If '${testPart}'=='all' Sleep ${policyVerificationSleepSeconds}s ${starttime} Get Time Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/${caseName}_HTTP.bat ... ELSE set variable curl -kv http://open.node.com/ ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset ... ELSE Create List Connection reset by peer ${starttime_http} Get Time ${rescode} SystemCommands ${commandstr} ${stringlist} Run Keyword If '${testPart}'=='all' Sleep ${policyLogVerificationSleepSeconds}s ${endtime_http} Get Time #日志验证 #GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com Comment 功能端验证SSL验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/${caseName}_SSL.bat ... ELSE set variable curl -kv https://open.node.com/ ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset #OpenSSL SSL_connect: Connection was reset in connection to #Send failure: Connection was reset ... ELSE Create List OpenSSL SSL_connect: Connection reset by peer in connection to ${starttime_ssl} Get Time ${rescode} SystemCommands ${commandstr} ${stringlist} Run Keyword If '${testPart}'=='all' Sleep ${policyLogVerificationSleepSeconds}s ${endtime_ssl} Get Time #日志验证 #GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni open.node.com Comment 功能端验证DNS验证 Comment 功能端验证MAIL验证 #${mail} EmailLogin mail.tsgmail.com 25 dongxiaoyan@mail.tsgmail.com dxy123 ${starttime_mail} Get Time ${Smtp服务器} Set Variable 192.168.100.5 ${Smtp服务器端口} Set Variable 25 ${邮箱账号} Set Variable dongxiaoyan@mail.tsgmail.com ${邮箱密码} Set Variable dxy123 ${邮件主题} Set Variable что- иностранныеsuject ${发送者} Set Variable dongxiaoyan@mail.tsgmail.com ${附件} Set Variable ["${mailpath}/朱明明测试文件.txt"] ${接收者} Set Variable ["jwctest@mail.tsgmail.com"] ${抄送者} Set Variable ["zmmtest@mail.tsgmail.com"] ${密送者} Set Variable ["lyftest@mail.tsgmail.com"] ${邮件正文} Set Variable 朱明明contentчто-иностранныеsuject ${mail} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件} should contain ${mail} mail_fail Run Keyword If '${testPart}'=='all' Sleep ${policyLogVerificationSleepSeconds}s ${endtime_mail} Get Time #日志验证 #GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} mail_protocol_type SMTP Comment 功能端验证FTP验证 ${starttime_ftp} Get Time ${ftpLogin} FTP_login ftp://192.168.100.5:21 -u"ftp_user:qazXSW@edc" test.txt should contain ${ftpLogin} ftp_fail #日志验证 #GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ftp_account '' Run Keyword If '${testPart}'=='all' Sleep ${policyLogVerificationSleepSeconds}s ${endtime_ftp} Get Time ${endtime} Get Time # 区分执行方式 Run Keyword If ${dict}==${None} insert_time_to_file ${caseName} ${starttime} ${endtime} ... ELSE Run Keyword Set To Dictionary ${dict} ${starttime} ${endtime} log-test # 日志验证 ${obj} Run Keyword If ${dict}==${None} json.Loads ${caseName} ... ELSE Set Variable ${dict} ${policyId} Set Variable ${obj}[policyId] ${s} Convert to String ${policyId} ${objectids} Run Keyword If '${testPart}'!='all' set Variable ${obj}[objectids] ${policyIds} Run Keyword If '${testPart}'!='all' Create List {"policyType":"tsg_security","policyIds":[${policyId}]} Comment 功能端验证HTTP验证 #日志验证 GetLogList security_event_log ${starttime_http} ${endtime_http} ${testClentIP} ${s} http_host open.node.com ${obj}[starttime] ${obj}[endtime] Comment 功能端验证SSL验证 #日志验证 GetLogList security_event_log ${starttime_ssl} ${endtime_ssl} ${testClentIP} ${s} ssl_sni open.node.com Comment 功能端验证DNS验证 Comment 功能端验证MAIL验证 #日志验证 GetLogList security_event_log ${starttime_mail} ${endtime_mail} ${testClentIP} ${s} mail_protocol_type SMTP Comment 功能端验证FTP验证 #日志验证 GetLogList security_event_log ${starttime_ftp} ${endtime_ftp} ${testClentIP} ${s} ftp_account '' log-test_bak # 日志验证 ${obj} Run Keyword If ${dict}==${None} json.Loads ${caseName} ... ELSE Set Variable ${dict} ${policyId} Set Variable ${obj}[policyId] ${s} Convert to String ${policyId} ${objectids} Run Keyword If '${testPart}'!='all' set Variable ${obj}[objectids] ${policyIds} Run Keyword If '${testPart}'!='all' Create List {"policyType":"tsg_security","policyIds":[${policyId}]} Comment 功能端验证HTTP验证 #日志验证 #GetLogList security_event_log ${starttime_http} ${endtime_http} ${testClentIP} ${s} http_host open.node.com GetLogList security_event_log ${obj}[starttime_http] ${obj}[endtime_http] ${testClentIP} ${s} http_host open.node.com ${obj}[starttime] ${obj}[endtime] Comment 功能端验证SSL验证 #日志验证 #GetLogList security_event_log ${starttime_ssl} ${endtime_ssl} ${testClentIP} ${s} ssl_sni open.node.com GetLogList security_event_log ${obj}[starttime_ssl} ${obj}[endtime_ssl} ${testClentIP} ${s} ssl_sni open.node.com Comment 功能端验证DNS验证 Comment 功能端验证MAIL验证 #日志验证 #GetLogList security_event_log ${starttime_mail} ${endtime_mail} ${testClentIP} ${s} mail_protocol_type SMTP GetLogList security_event_log ${obj}[starttime_mail} ${obj}[endtime_mail} ${testClentIP} ${s} mail_protocol_type SMTP Comment 功能端验证FTP验证 #日志验证 #GetLogList security_event_log ${starttime_ftp} ${endtime_ftp} ${testClentIP} ${s} ftp_account '' GetLogList security_event_log ${obj}[starttime_ftp} ${obj}[endtime_ftp} ${testClentIP} ${s} ftp_account '' *** Test Cases *** MultiSecurityPolicy-Deny-AllProtol-00001 [Tags] securitypolciy deny allprotol multistep #${caseName} set variable SecurityPolicy-Deny-AllProtol-00001 Run Keyword If '${testPart}'=='all' Run Keywords create-object-policy True ... AND function-test ... AND log-test ... ELSE IF ${testPart}==1 Run Keyword create-object-policy ... ELSE IF ${testPart}==2 Run Keyword function-test ... ELSE IF ${testPart}==3 Run Keyword log-test #{"opAction":"add","policyList":{"policyId":"","policyName":"dxytest","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"rst"},"referenceObject":[{"objectId":6926,"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":6943,"protocolFields":["TSG_SECURITY_DESTINATION_ADDR"]}],"isValid":0,"scheduleId":[],"appObjectIdArray":[2,3,4,5,6]}}