dongxiaoyan-tsg-autotest/01-TestCase/tsg_adc/selfserver/DenyAllTests.robot

*** Settings ***
Test Teardown     DeletePolicyAndObject    ${policyIds}    ${objectids}    
Force Tags        tsg_adc    tsg_security    all_protol
Library           OperatingSystem
Resource          ../../../02-Keyword/tsg_adc/SystemCommand.robot
Resource          ../../../02-Keyword/tsg_bfapi/PolicyObject.robot
Resource          ../../../02-Keyword/tsg_bfapi/LogVariable.robot
Library           Custometest
Library           json

*** Variables ***
${policyIds}      ${EMPTY}
${objectids}      ${EMPTY}
${url}            /policy/profile/responsepages
${profiledId}     ${EMPTY}

*** Test Cases ***
SecurityPolicy-Deny-AllProtol-00001
    [Tags]    Deny    
    # 创建对象-IP
    # addItemList全参数：（为方便说明，将参数值拆分为几部分，其实际值为单条无空格/回车字符串，每部分内代表的各参数不可跳跃。）
    #     [addrType]|[protocol]|[direction]|[isSession]#                        第一部分（可省略）
    #     [clientIpFormat]|[clientIp1]|[clientIp2]|[clientPort1/clientPort2]&   第二部分（不可省略）
    #     [serverIpFormat]|[serverIp1]|[serverIp2]|[serverPort1/serverPort2]|   第三部分（可省略）
    #     [isInitialize]|[itemName]|[itemDesc],                                 第四部分（可省略）
    #     ...
    Comment    创建目标IP
    ${objectDict}    Create Dictionary
		   	   ...    objectType=ip
           	   ...    isValid=${1}
           	   ...    addItemList=CIDR|192.168.100.5|32|0/0
    ${rescode}    ${objectId}    AddObject2    ${1}    ${objectDict}    
    ${objectids}    set Variable    ${objectId}
    
    Comment    创建安全策略，针对所有协议，相当于BlackIP
    ${policyDict}    Create Dictionary
			   ...    policyName=SecurityPolicy-Deny-AllProtol-00001
		   	   ...    policyType=tsg_security
               ...    policyDesc=autotest        
               ...    userTags=
           	   ...    action=deny
           	   ...    effectiveRange=Nursurtan|Transtelecom&Astel,|Astel&Transtelecom
           	   ...    userRegion=method:rst
           	   ...    referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR
           	   ...    isValid=${1}
           	   ...    appObjectIdArray=2,3,4,5,6
    ${rescode}    ${policyId}    AddPolicy2    ${1}    ${policyDict}
    ${policyId}    set Variable    {"policyType":"tsg_security","policyIds":[${policyId}]}   

    ${s}    Convert to String    ${policyId}
    Comment    功能端验证HTTP验证
    ${commandstr}    run keyword if    '${systemType}'=='Windows'    set variable    ${curlbatpath}/selfserver/SecurityPolicy-Deny-AllProtol-00001_HTTP.bat
    ...    ELSE    set variable    curl -kv http://open.node.com/
   
    ${stringlist}     run keyword if    '${systemType}'=='Windows'    Create List    Connection was reset
    ...    ELSE    Create List    Connection reset by peer
    
    ${starttime}    Get Time
    Sleep    ${policyVerificationSleepSeconds}s
    ${rescode}    SystemCommands    ${commandstr}    ${stringlist}
    Sleep    ${policyLogVerificationSleepSeconds}s
    ${endtime}    Get Time
    #日志验证
    GetLogList    security_event_log    ${starttime}    ${endtime}    ${testClentIP}    ${s}    http_host	open.node.com
    
    Comment    功能端验证SSL验证
    ${commandstr}    run keyword if    '${systemType}'=='Windows'    set variable    ${curlbatpath}/selfserver/SecurityPolicy-Deny-AllProtol-00001_SSL.bat
    ...    ELSE    set variable    curl -kv https://open.node.com/
   
    ${stringlist}     run keyword if    '${systemType}'=='Windows'    Create List    Connection was reset
    #OpenSSL SSL_connect: Connection was reset in connection to
    #Send failure: Connection was reset
    ...    ELSE    Create List    OpenSSL SSL_connect: Connection reset by peer in connection to
    
    ${starttime}    Get Time
    Sleep    ${policyVerificationSleepSeconds}s
    ${rescode}    SystemCommands    ${commandstr}    ${stringlist}
    Sleep    ${policyLogVerificationSleepSeconds}s
    ${endtime}    Get Time
    #日志验证
    GetLogList    security_event_log    ${starttime}    ${endtime}    ${testClentIP}    ${s}    ssl_sni	open.node.com
    
    Comment    功能端验证DNS验证
    
    Comment    功能端验证FTP验证    
    ${starttime}    Get Time
    Sleep    ${policyVerificationSleepSeconds}s
    
    ${ftpLogin}    FTP_login    ftp:192.168.100.5 -u"ftp_user:qazXSW@edc"
    should contain    ${ftpLogin}    fail 
    Sleep    ${policyLogVerificationSleepSeconds}s
    ${endtime}    Get Time
    #日志验证
    GetLogList    security_event_log    ${starttime}    ${endtime}    ${testClentIP}    ${s}    ftp_account    ftp_user
    
    Comment    功能端验证MAIL验证
    ${starttime}    Get Time
    ${mail}    EmailLogin    mail.tsgmail.com    25    dongxiaoyan@mail.tsgmail.com    dxy123
    should contain    ${mail}    fail
    Sleep    ${policyLogVerificationSleepSeconds}s
    ${endtime}    Get Time
    #日志验证
    GetLogList    security_event_log    ${starttime}    ${endtime}    ${testClentIP}    ${s}    mail_account    dongxiaoyan@mail.tsgmail.com
    
#{"opAction":"add","policyList":{"policyId":"","policyName":"dxytest","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"rst"},"referenceObject":[{"objectId":6926,"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":6943,"protocolFields":["TSG_SECURITY_DESTINATION_ADDR"]}],"isValid":0,"scheduleId":[],"appObjectIdArray":[2,3,4,5,6]}}