*** Settings *** Test Teardown DeletePolicyAndObjectAndApplicationAndSignature ${policyIds} ${objectids} Force Tags tsg_adc tsg_security Library OperatingSystem Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot Resource ../../../02-Keyword/tsg_adc/FileOperation.robot Resource ../../../02-Keyword/tsg_bfapi/policy_object/Policy.robot Resource ../../../03-Variable/ApplicationID.txt Resource ../../../03-Variable/BifangApiVariable.txt Resource ../../../02-Keyword/tsg_bfapi/policy_object/Application.robot Resource ../../../02-Keyword/tsg_bfapi/policy_object/ProcessPolicyBody.robot Library ../../../04-CustomLibrary/Library/VerifyPolicy.py *** Variables *** ${policyIds} ${EMPTY} ${objectids} ${EMPTY} *** Test Cases *** SecurityPolicy-Allow-Http-00001 [Tags] Allow IP HTTP Comment 创建IP ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 ${addItemLists} Create list ${addItemList1} ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} ${rescode} ${objectId} AddObjects ${1} ${objectDict} ${objectids} set Variable ${objectId} Comment 创建Allow策略 ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=allow source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"HTTP"} isValid=${1} appIdObjects=${HTTP_ID} ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 ${policyIds} set Variable ${policyId}[0][policyIds][0] ${starttime} Get Time #功能端验证 Sleep ${policyVerificationSleepSeconds}s Comment 策略验证 #新增策略验证 #创建attributes中的字典 ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} # 合成attributes字典集 ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${verifySession} Create Dictionary attributes=${attributes} ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} log ${verifyList} ${rescode} ${resData} VerifyPolicies ${verifyList} # 打印检查结果 ${objectid_verify} Set Variable ${objectids} ${objectid_verify} Catenate SEPARATOR=, ${policyIds} ${objectid_verify} # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 log ${objectid_verify} ${testType} Evaluate type($objectid_verify) ${testType} Evaluate type($resData) log ${resData} sleep 5 ${ok} VerifyProxy ${resData} ${objectid_verify} Should Be Equal As Strings ${ok} true Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Allow_HTTP_00001_1.bat ... ELSE set variable ${curlbatpath}/command/SecurityPolicy_Allow_HTTP_00001_1_L.bat ${stringlist} run keyword if '${systemType}'=='Windows' Create List 首页 - 橙光 ... ELSE Create List 首页 - 橙光 ${rescode} SystemCommands ${commandstr} ${stringlist} Comment 日志验证 #日志验证 ${s} Convert to String ${policyIds} ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} http_host www.66rpg.com Should Be Equal As Strings ${returnvalue} true SecurityPolicy-Allow-Http-00002 [Tags] Allow IP HTTP FQDN Comment 创建IP ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 ${addItemLists} Create list ${addItemList1} ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} ${rescode} ${objectId} AddObjects ${1} ${objectDict} ${objectids} set Variable ${objectId} Comment 创建fqdn ${addItemList1} Create Dictionary keywordArray=$www.66rpg.com isHexbin=${0} ${addItemLists} Create list ${addItemList1} ${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} Comment 创建Allow策略 ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=allow source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_HOST isValid=${1} appIdObjects=${HTTP_ID} ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 ${policyIds} set Variable ${policyId}[0][policyIds][0] ${starttime} Get Time #功能端验证 Sleep ${policyVerificationSleepSeconds}s Comment 策略验证 #新增策略验证 #创建attributes中的字典 ${qname_fqdn_id} Create Dictionary attributeType=string attributeName=host appId=67 appName=http protocol=http attributeValue={"string": "www.66rpg.com"} ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} # 合成attributes字典集 ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${qname_fqdn_id} ${verifySession} Create Dictionary attributes=${attributes} ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} log ${verifyList} ${rescode} ${resData} VerifyPolicies ${verifyList} # 打印检查结果 ${objectid_verify} Set Variable ${objectids} ${objectid_verify} Catenate SEPARATOR=, ${policyIds} ${objectid_verify} # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 log ${objectid_verify} ${testType} Evaluate type($objectid_verify) ${testType} Evaluate type($resData) log ${resData} sleep 5 ${ok} VerifyProxy ${resData} ${objectid_verify} Should Be Equal As Strings ${ok} true Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Allow_HTTP_00001_1.bat ... ELSE set variable ${curlbatpath}/command/SecurityPolicy_Allow_HTTP_00001_1_L.bat ${stringlist} run keyword if '${systemType}'=='Windows' Create List 首页 - 橙光 ... ELSE Create List 首页 - 橙光 ${rescode} SystemCommands ${commandstr} ${stringlist} Comment 日志验证 #日志验证 ${s} Convert to String ${policyIds} ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} http_host www.66rpg.com Should Be Equal As Strings ${returnvalue} true SecurityPolicy-Allow-Http-00003 [Tags] Allow IP HTTP URL Comment 创建IP ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 ${addItemLists} Create list ${addItemList1} ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} ${rescode} ${objectId} AddObjects ${1} ${objectDict} ${objectids} set Variable ${objectId} Comment 创建url ${addItemList1} Create Dictionary keywordArray=clintonairport.com/airlines-flights/covid/ isHexbin=${0} ${addItemLists} Create list ${addItemList1} ${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists} ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} Comment 创建Allow策略 ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=allow source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_URL isValid=${1} appIdObjects=${HTTP_ID} ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 ${policyIds} set Variable ${policyId}[0][policyIds][0] ${starttime} Get Time #功能端验证 Sleep ${policyVerificationSleepSeconds}s Comment 策略验证 #新增策略验证 #创建attributes中的字典 ${url} Create Dictionary attributeType=string attributeName=url appId=67 appName=http protocol=http attributeValue={"string": "clintonairport.com/airlines-flights/covid/"} ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} # 合成attributes字典集 ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${url} ${verifySession} Create Dictionary attributes=${attributes} ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} log ${verifyList} ${rescode} ${resData} VerifyPolicies ${verifyList} # 打印检查结果 ${objectid_verify} Set Variable ${objectids} ${objectid_verify} Catenate SEPARATOR=, ${policyIds} ${objectid_verify} # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 log ${objectid_verify} ${testType} Evaluate type($objectid_verify) ${testType} Evaluate type($resData) log ${resData} sleep 5 ${ok} VerifyProxy ${resData} ${objectid_verify} Should Be Equal As Strings ${ok} true Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Allow_HTTP_00001.bat ... ELSE set variable ${curlbatpath}/command/SecurityPolicy_Allow_HTTP_00001_L.bat ${stringlist} run keyword if '${systemType}'=='Windows' Create List clintonairport.com ... ELSE Create List clintonairport.com ${rescode} SystemCommands ${commandstr} ${stringlist} Comment 日志验证 #日志验证 ${s} Convert to String ${policyIds} ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} http_host clintonairport.com Should Be Equal As Strings ${returnvalue} true SecurityPolicy-Allow-Http-00004 [Tags] Allow IP HTTP FQDN+URL Comment 创建IP ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 ${addItemLists} Create list ${addItemList1} ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} ${rescode} ${objectId} AddObjects ${1} ${objectDict} ${objectids} set Variable ${objectId} Comment 创建fqdn ${addItemList1} Create Dictionary keywordArray=*clintonairport.com isHexbin=${0} ${addItemLists} Create list ${addItemList1} ${objectDict} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} ${rescode} ${objectId1} AddObjects ${1} ${objectDict} ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} Comment 创建url ${addItemList1} Create Dictionary keywordArray=clintonairport.com/airlines-flights/covid/ isHexbin=${0} ${addItemLists} Create list ${addItemList1} ${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists} ${rescode} ${objectId2} AddObjects ${1} ${objectDict1} ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2} Comment 创建Allow策略 ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=allow source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_HOST,${objectId2}|TSG_FIELD_HTTP_URL isValid=${1} appIdObjects=${HTTP_ID} ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 ${policyIds} set Variable ${policyId}[0][policyIds][0] ${starttime} Get Time #功能端验证 Sleep ${policyVerificationSleepSeconds}s Comment 策略验证 #新增策略验证 #创建attributes中的字典 ${url} Create Dictionary attributeType=string attributeName=url appId=67 appName=http protocol=http attributeValue={"string": "clintonairport.com/airlines-flights/covid/"} ${qname_fqdn_id} Create Dictionary attributeType=string attributeName=host appId=67 appName=http protocol=http attributeValue={"string": "clintonairport.com"} ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} # 合成attributes字典集 ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${url} ${qname_fqdn_id} ${verifySession} Create Dictionary attributes=${attributes} ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} log ${verifyList} ${rescode} ${resData} VerifyPolicies ${verifyList} # 打印检查结果 ${objectid_verify} Set Variable ${objectids} ${objectid_verify} Catenate SEPARATOR=, ${policyIds} ${objectid_verify} # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 log ${objectid_verify} ${testType} Evaluate type($objectid_verify) ${testType} Evaluate type($resData) log ${resData} sleep 5 ${ok} VerifyProxy ${resData} ${objectid_verify} Should Be Equal As Strings ${ok} true Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Allow_HTTP_00001.bat ... ELSE set variable ${curlbatpath}/command/SecurityPolicy_Allow_HTTP_00001_L.bat ${stringlist} run keyword if '${systemType}'=='Windows' Create List COVID ... ELSE Create List COVID ${rescode} SystemCommands ${commandstr} ${stringlist} Comment 日志验证 #日志验证 ${s} Convert to String ${policyIds} ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} http_host clintonairport.com Should Be Equal As Strings ${returnvalue} true