138 lines
14 KiB
Plaintext
138 lines
14 KiB
Plaintext
*** Settings ***
|
||
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
|
||
Force Tags tsg_adc Demo
|
||
Library OperatingSystem
|
||
Library json
|
||
Library Collections
|
||
Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot
|
||
Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot
|
||
Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot
|
||
Resource ../../../03-Variable/BifangApiVariable.txt
|
||
Resource ../../../03-Variable/AllFlowCaseVariable.txt
|
||
|
||
*** Variables ***
|
||
${policyIds} ${EMPTY}
|
||
${objectids} ${EMPTY}
|
||
|
||
*** Keywords ***
|
||
create-object-policy
|
||
[Arguments] @{flag}
|
||
#创建对象
|
||
${rescode} ${objectId} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"SecurityPolicy-HTTPS-Intecept-Demo001dxytest_fqdn_baidu", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"SecurityPolicy-HTTPS-Intecept-Demo001dxytest_fqdn_baidu", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*baidu.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||
log ${objectId}
|
||
${objectids} set Variable ${objectId}
|
||
#创建策略
|
||
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-SSL-Intecept-Demo001","policyType":"tsg_security","action":"intercept","userTags":"${userTagIds}","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${objectId},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[3]}}
|
||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-SSL-Intecept-Demo001","policyType":"tsg_security","action":"intercept","userTags":"${userTagIds}","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":0},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${objectId},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[3]}}
|
||
${rescode} ${policyId} AddPolicy ${addPolicyStr}
|
||
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
|
||
log ${rescode}
|
||
log ${policyId}
|
||
# 区分执行方式
|
||
${value} Run Keyword If ${flag}==[] insert_policyId_to_file SecurityPolicy-SSL-Intecept-Demo001 ${policyId} ${objectids}
|
||
... ELSE Create Dictionary policyId=${policyId} objectId=${objectids}
|
||
Set Test Variable ${dict} ${value}
|
||
|
||
function-test
|
||
# 功能端验证
|
||
@{stringlist} set variable CN=Tango Secure Gateway CA Content-Type: text/html value=百度一下
|
||
${starttime} Get Time
|
||
log ${curlbatpath}/SecurityPolicy-SSL-Intecept-Demo001.bat
|
||
Sleep ${policyVerificationSleepSeconds}s
|
||
${commandreturn} OperatingSystem.Run ${curlbatpath}/SecurityPolicy-SSL-Intecept-Demo001.bat
|
||
FOR ${var} IN @{stringlist}
|
||
log ${var}
|
||
Should Contain ${commandreturn} ${var}
|
||
END
|
||
Sleep ${policyLogVerificationSleepSeconds}s
|
||
${endtime} Get Time
|
||
# 区分执行方式
|
||
Run Keyword If ${dict}==${None} insert_time_to_file SecurityPolicy-SSL-Intecept-Demo001 ${starttime} ${endtime}
|
||
... ELSE Run Keyword Set To Dictionary ${dict} starttime=${starttime} endtime=${endtime}
|
||
|
||
log-test
|
||
# 日志验证
|
||
${obj} Run Keyword If ${dict}==${None} json.Loads ${SecurityPolicy-SSL-Intecept-Demo001}
|
||
... ELSE Set Variable ${dict}
|
||
${policyId} Set Variable ${obj}[policyId]
|
||
${s} Convert to String ${policyId}
|
||
GetLogList security_event_log ${obj}[starttime] ${obj}[endtime] ${testClentIP} ${s} ssl_sni baidu.com
|
||
# 清理测试数据
|
||
#${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
|
||
# DeletePolicyAndObject ${policyIds} ${obj}[objectId]
|
||
|
||
*** Test Cases ***
|
||
SecurityPolicy-DNS-Deny-Redrict-Demo001
|
||
[Tags] SecurityPolciy DNS DENY Redirect
|
||
#登录 放到setup
|
||
#Login
|
||
#创建对象fqdn
|
||
${rescode} ${objectId} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"SecurityPolicy-DNS-Deny-Redrict-Demo001dxytest_fqdn_jd", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"dxytest_fqdn_jd", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||
log ${objectId}
|
||
${objectids} set Variable ${objectId}
|
||
#多个id拼接
|
||
#${objectids} Catenate SEPARATOR=, ${objectids} ${objectId}
|
||
#${objectids} set Variable ${objectId}
|
||
#Catenate SEPARATOR=,
|
||
#添加策略
|
||
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":[{"policyId":"","policyName":"SecurityPolicy-DNS-Deny-Redrict-Demo001","policyType":"tsg_security","action":"deny","userTags":"${userTagIds}","doBlacklist":0,"doLog":1,"policyDesc":"autotest","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"DNS","method":"redirect","resolution":[{"qtype":"A","answer":[{"atype":"CNAME","value":"www.autotest1A.com","ttl":{"min":30,"max":30}},{"atype":"A","value":"1.1.1.1","ttl":{"min":30,"max":30}}]},{"qtype":"AAAA","answer":[{"atype":"CNAME","value":"www.autotest4A.com","ttl":{"min":40,"max":40}},{"atype":"AAAA","value":"f::a","ttl":{"min":40,"max":40}}]}]},"referenceObject":[{"objectId":112,"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${objectId},"protocolFields":["TSG_FIELD_DNS_QNAME"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[4]}]}
|
||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":[{"policyId":"","policyName":"SecurityPolicy-DNS-Deny-Redrict-Demo001","policyType":"tsg_security","action":"deny","userTags":"${userTagIds}","doBlacklist":0,"doLog":1,"policyDesc":"autotest","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"DNS","method":"redirect","resolution":[{"qtype":"A","answer":[{"atype":"CNAME","value":"www.autotest1A.com","ttl":{"min":30,"max":30}},{"atype":"A","value":"1.1.1.1","ttl":{"min":30,"max":30}}]},{"qtype":"AAAA","answer":[{"atype":"CNAME","value":"www.autotest4A.com","ttl":{"min":40,"max":40}},{"atype":"AAAA","value":"f::a","ttl":{"min":40,"max":40}}]}]},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${objectId},"protocolFields":["TSG_FIELD_DNS_QNAME"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[4]}]}
|
||
${rescode} ${policyId} AddPolicy ${addPolicyStr}
|
||
log ${policyId}
|
||
#Integer ${rescode} 200
|
||
#目前只有一个所以无拼接
|
||
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
|
||
#注意如果时多个policyId或者多个ObjectID需要拼接成,号分割的串,或者拼在下面即可
|
||
#功能端验证
|
||
${commandstr} set variable nslookup -d www.jd.com
|
||
@{stringlist} set variable canonical name = www.autotest1A.com ttl = 30 (30 secs) internet address = 1.1.1.1 canonical name = www.autotest4A.com ttl = 40 (40 secs) AAAA IPv6 address = f::a
|
||
${starttime} Get Time
|
||
Sleep ${policyVerificationSleepSeconds}s
|
||
${rescode} SystemCommand ${commandstr} @{stringlist}
|
||
Sleep ${policyLogVerificationSleepSeconds}s
|
||
${endtime} Get Time
|
||
log ${rescode}
|
||
${s} Convert to String ${policyId}
|
||
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} dns_qname www.jd.com
|
||
|
||
|
||
SecurityPolicy-SSL-Intecept-Demo001
|
||
[Tags] SecurityPolciy SSL Intercept HTTPS
|
||
Run Keyword If '${testPart}'=='all' Run Keywords create-object-policy True
|
||
... AND function-test
|
||
... AND log-test
|
||
... ELSE IF ${testPart}==1 Run Keyword create-object-policy
|
||
... ELSE IF ${testPart}==2 Run Keyword function-test
|
||
... ELSE IF ${testPart}==3 Run Keyword log-test
|
||
|
||
|
||
|
||
SecurityPolicy-SSL-Intecept-Demo002
|
||
[Tags] SecurityPolciy SSL Intercept HTTPS HTTP-SSL
|
||
#因为只选择app协议时要求选择IP,所有如果测试机IP不是默认对象时,需要添加测试机ip作为条件
|
||
${localIP} set variable {"opAction":"add","returnData":1,"objectList":{"objectType":"ip","objectSubType":"endpoint","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"autotestLocalIPObject_SecurityPolicy-SSL-Intecept-Demo002","objectDesc":"LocalIPObject_SecurityPolicy-SSL-Intecept-Demo002自动化测试机IP","subObjectIds":[],"addItemList":[{"addrType":4,"protocol":0,"direction":0,"isSession":"endpoint","clientIp1":"${testClentIP}","clientIp2":"${testClentIP}","clientIpFormat":"range","clientPortFormat":"range","clientPort1":0,"clientPort2":0,"serverIpFormat":"range","serverIp1":"","serverIp2":"","serverPortFormat":"range","serverPort1":0,"serverPort2":0}],"updateItemList":[],"deleteItemIds":[]}}
|
||
${rescodeip} ${objidip} AddObject ${localIP}
|
||
${objectids} set Variable ${objidip}
|
||
#创建策略
|
||
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-SSL-Intecept-Demo002","policyType":"tsg_security","action":"intercept","userTags":"${userTagIds}","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":1,"protocol_errors":1,"cert_pinning":1},"certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${objidip},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2,3]}}
|
||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-SSL-Intecept-Demo002","policyType":"tsg_security","action":"intercept","userTags":"${userTagIds}","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":1,"protocol_errors":1,"cert_pinning":1},"certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2,3]}}
|
||
${rescode} ${policyId} AddPolicy ${addPolicyStr}
|
||
#功能端验证
|
||
# 区分执行方式
|
||
@{stringlist} set variable CN=Tango Secure Gateway CA Content-Type: text/html value=百度一下
|
||
${starttime} Get Time
|
||
Sleep ${policyVerificationSleepSeconds}s
|
||
${commandreturn} OperatingSystem.Run ${curlbatpath}/SecurityPolicy-SSL-Intecept-Demo001.bat
|
||
FOR ${var} IN @{stringlist}
|
||
log ${var}
|
||
Should Contain ${commandreturn} ${var}
|
||
END
|
||
Sleep ${policyLogVerificationSleepSeconds}s
|
||
${endtime} Get Time
|
||
# 区分执行方式
|
||
# 日志验证
|
||
${s} Convert to String ${policyId}
|
||
GetLogList security_event_log ${obj}[starttime] ${obj}[endtime] ${testClentIP} ${s} ssl_sni baidu.com
|
||
# 清理测试数据
|
||
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
|