summaryrefslogtreecommitdiff
path: root/keyword/policys/policy.robot
diff options
context:
space:
mode:
Diffstat (limited to 'keyword/policys/policy.robot')
-rw-r--r--keyword/policys/policy.robot60
1 files changed, 30 insertions, 30 deletions
diff --git a/keyword/policys/policy.robot b/keyword/policys/policy.robot
index 14c9f00..b19d7d0 100644
--- a/keyword/policys/policy.robot
+++ b/keyword/policys/policy.robot
@@ -780,7 +780,7 @@ ExcuteFtpCommand
${hopeResult} Get From Dictionary ${verify} hopeResult
# ${returnFtp} ${ftp} Run Keyword And Ignore Error Write curl -m 10 ftp://${ftpHost}${ftpUrl} -u ${ftpUserName}:${ftpPassword}
- ${command} Set Variable curl -m 10 ftp://${ftpHost}${ftpUrl} -u ${ftpUserName}:${ftpPassword}
+ ${command} Set Variable curl -m 25 ftp://${ftpHost}${ftpUrl} -u ${ftpUserName}:${ftpPassword}
${returnFtp} ${ftp} Run Keyword And Ignore Error Write ${command}
${return} ${res} Run Keyword And Ignore Error Read delay=15s
@@ -831,7 +831,7 @@ EmailSend
${isUTC} Evaluate ${tsgVersion}>=22.03
${starttime} Run Keyword If "${isUTC}"=="True" Get Current Date UTC exclude_millis=True
... ELSE Get Time
- sleep 5
+ sleep 15
${returnConnect} ${connect} Run Keyword And Ignore Error Open Connection ${manageIp}
${returnLogin} ${login} Run Keyword And Ignore Error SSHLibrary.Login ${manageUser} ${managePassword}
@@ -850,7 +850,7 @@ EmailSend
# ${aaa} SSHLibrary.Execute Command curl --connect-timeout 10 -m 10 --url "smtp://${smtpServer}" --mail-from "${mailFrom}" --mail-rcpt "${mailTo}" -H @${scriptsPath}${mailMessagePath} --user "${mailFrom}:${mailPassword}" -F '=(;type=multipart/mixed' -F '=(;type=multipart/mixed' -F "="Bestman";type=text/plain" -F "file=@${scriptsPath}${mailAttachPath};type=`file --mime-type "${scriptsPath}${mailAttachPath}"|sed 's/.*: //'`;encoder=base64" -F '=)'
# log ${aaa}
- ${return} ${write} Run Keyword And Ignore Error SSHLibrary.Write curl --connect-timeout 10 -m 10 --url "smtp://${smtpServer}" --mail-from "${mailFrom}" --mail-rcpt "${mailTo}" -H @${scriptsPath}${mailMessagePath} --user "${mailFrom}:${mailPassword}" -F '=(;type=multipart/mixed' -F '=(;type=multipart/mixed' -F "="Bestman";type=text/plain" -F "file=@${scriptsPath}${mailAttachPath};type=`file --mime-type "${scriptsPath}${mailAttachPath}"|sed 's/.*: //'`;encoder=base64" -F '=)'
+ ${return} ${write} Run Keyword And Ignore Error SSHLibrary.Write curl --connect-timeout 25 -m 25 --url "smtp://${smtpServer}" --mail-from "${mailFrom}" --mail-rcpt "${mailTo}" -H @${scriptsPath}${mailMessagePath} --user "${mailFrom}:${mailPassword}" -F '=(;type=multipart/mixed' -F '=(;type=multipart/mixed' -F "="Bestman";type=text/plain" -F "file=@${scriptsPath}${mailAttachPath};type=`file --mime-type "${scriptsPath}${mailAttachPath}"|sed 's/.*: //'`;encoder=base64" -F '=)'
${return} ${res} Run Keyword And Ignore Error Read delay=15s
@@ -1356,15 +1356,15 @@ CreatePolicysAndObjects
${destinationList} json.Dumps ${destinationList}
${filterList} json.Dumps ${filterList}
log ${sourceList}
- ${policyJson} Run Keyword If "${tsgVersion}" >= "23.10" Replace String ${policyJson} "sources": null "sources":${sourceList}
+ ${policyJson} Run Keyword If "${tsgVersion}" >= "23.10" Replace String ${policyJson} "source": null "source":${sourceList}
... ELSE Replace String ${policyJson} "source": null "source":${sourceList}
- ${policyJson} Run Keyword If "${tsgVersion}" >= "23.10" Replace String ${policyJson} "destinations": null "destinations":${destinationList}
+ ${policyJson} Run Keyword If "${tsgVersion}" >= "23.10" Replace String ${policyJson} "destination": null "destination":${destinationList}
... ELSE Replace String ${policyJson} "destination": null "destination":${destinationList}
- ${policyJson} Run Keyword If "${tsgVersion}" >= "23.10" Replace String ${policyJson} "filters": null "filters":${filterList}
+ ${policyJson} Run Keyword If "${tsgVersion}" >= "23.10" Replace String ${policyJson} "filter": null "filter":${filterList}
... ELSE Replace String ${policyJson} "filterList": null "filterList":${filterList}
log ${policyJson}
#${policyInfo} Get From Dictionary ${policyData} condation
- Comment 处理策略数据: "opAction": "add" "returnData": 1 "policyName": "autotest" "policyType": "tsg_security" "action": "allow" "userTags": "" "doBlacklist": 0 "doLog": 1 "policyDesc": "autotest" "effectiveRange": "userRegion": "appIdObjects": "appSelectorObjects": "isValid": 1 "scheduleId":
+ Comment 处理策略数据: "opAction": "add" "returnData": 1 "policyName": "autotest" "policyType": "security" "action": "allow" "userTags": "" "doBlacklist": 0 "doLog": 1 "policyDesc": "autotest" "effectiveRange": "userRegion": "appIdObjects": "appSelectorObjects": "isValid": 1 "scheduleId":
#转json替换
#${policyJson} json.Dumps ${ipMode}
#JSON处理
@@ -1389,16 +1389,18 @@ CreatePolicysAndObjects
... ELSE Set Variable ${policyJson}}
${return} ${policyType} Run Keyword And Ignore Error Get From Dictionary ${policyData} policyType
- #${policyType} Run Keyword If "${return}"!="FAIL" Set Variable ${policyType} ELSE Set Variable ${EMPTY}
+ ${policyType} Run Keyword If "${policyType}"=="tsg_security" Set Variable security
+ ... ELSE Set Variable ${policyType}
log ${policyType}
log ${action}
log ${policyJson}
- ${policyJson} = Run Keyword If "${return}"!="FAIL" and "${policyType}" != "pxy_manipulation" and "${action}"!="intercept" and "${tsgVersion}" < "23.05" Replace String ${policyJson} "type": "tsg_security" "type": "${policyType}"
- ... ELSE IF "${action}"=="intercept" and "${tsgVersion}" >= "23.05" Replace String ${policyJson} "type": "tsg_security" "type": "pxy_intercept"
- ... ELSE IF "${action}"=="monitor" and "${policyType}"=="tsg_security" Replace String ${policyJson} "type": "tsg_security" "type": "monitor"
- ... ELSE IF "${policyType}" == "pxy_manipulation" Replace String ${policyJson} "type": "tsg_security" "type": "pxy_manipulation"
+ ${policyJson} = Run Keyword If "${return}"!="FAIL" and "${policyType}" != "pxy_manipulation" and "${action}"!="intercept" and "${tsgVersion}" < "23.05" Replace String ${policyJson} "type": "security" "type": "${policyType}"
+ ... ELSE IF "${action}"=="intercept" and "${tsgVersion}" >= "23.05" Replace String ${policyJson} "type": "security" "type": "pxy_intercept"
+ ... ELSE IF "${action}"=="monitor" and "${policyType}"=="security" Replace String ${policyJson} "type": "security" "type": "monitor"
+ ... ELSE IF "${policyType}" == "pxy_manipulation" Replace String ${policyJson} "type": "security" "type": "pxy_manipulation"
... ELSE Set Variable ${policyJson}
+
${return} ${method} Run Keyword And Ignore Error Get From Dictionary ${policyData} method
#${method} Run Keyword If "${return}"!="FAIL" Set Variable ${method} ELSE Set Variable ${EMPTY}
@@ -1518,21 +1520,18 @@ CreatePolicysAndObjects
log ${appIdObjects}
FOR ${key} IN @{appIdObjects}
log ${key}
- ${appObjId} Get From Dictionary ${objprotol} ${key}
- # ${appObjId} Create Dictionary objectId=${appObjId}
- # ${appObjId} json.Dumps ${appObjId}
- # Log To Console ${appObjId}
- # ${appObjId} Set Variable {\"object_id\":${appObjId}}
+ ${appObjId} Get From Dictionary ${objprotol} ${key}
Append To List ${object_ids} ${appObjId}
log ${object_ids}
log ${profileIds}
- ${userRegionStr} Run Keyword If "${method}" == "alert" and ("${profileIds}"=="None" or "${profileIds}"=="${EMPTY}") Set Variable {"method": "${method}","code":${code},"${messageKey}":"${message}"}
+ ${userRegionStr} Run Keyword If "${method}" == "alert" and ("${profileIds}"=="None" or "${profileIds}"=="${EMPTY}") Set Variable {"method": "${method}","code":${code},"${messageKey}":"${message}","packet_capture":{"enable":0}}
... ELSE IF "${method}" == "alert" and "${profileIds}"!="None" Set Variable {"method": "${method}","code":${code},"${messageKey}":${profileIds},"packet_capture":{"enable":0}}
... ELSE IF "${method}" == "block" and "${key}"=="mail" and "${return}" != "FAIL" Set Variable {"method": "${method}","code":${code},"packet_capture":{"enable":${logCapture},"capture_depth":${captureDepth}}}
... ELSE IF "${method}" == "block" and "${key}"=="mail" and "${return}" == "FAIL" Set Variable {"method": "${method}","code":${code},"packet_capture":{"enable":0}}
... ELSE IF "${method}" == "hijack" or "${method}" == "insert" or "${method}" == "run_script" Set Variable {"method": "${method}","${messageKey}":${profileIds}}
- ... ELSE IF "${method}" == "redirect" and "${key}"=="http" and "${policyType}" == "tsg_security" and "${return}" == "FAIL" Set Variable {"method": "${method}","code":${code},"to":"${redirect_to}","packet_capture":{"enable":0}}
- ... ELSE IF "${method}" == "redirect" and "${key}"=="http" and "${policyType}" != "tsg_security" and "${return}" == "FAIL" Set Variable {"method": "${method}","code":${code},"to":"${redirect_to}"}
+ ... ELSE IF "${method}" == "tamper" Set Variable {"method": "${method}","tamper_mode": "complete","packet_capture":{"enable":0}}
+ ... ELSE IF "${method}" == "redirect" and "${key}"=="http" and "${policyType}" == "security" and "${return}" == "FAIL" Set Variable {"method": "${method}","code":${code},"to":"${redirect_to}","packet_capture":{"enable":0}}
+ ... ELSE IF "${method}" == "redirect" and "${key}"=="http" and "${policyType}" != "security" and "${return}" == "FAIL" Set Variable {"method": "${method}","code":${code},"to":"${redirect_to}"}
... ELSE IF "${method}" == "redirect" and "${key}"=="dns" Set Variable {"method": "${method}","resolution":${dnsResolution},"packet_capture":{"enable":0}}
... ELSE IF "${method}" == "replace" or "${method}" == "edit_element" Set Variable {"method": "${method}","rules":${rules}}
... ELSE IF "${method}" == "rate_limit" and "${return}" == "FAIL" Set Variable {"method": "${method}","bps":${bps},"enforce_direction":"both","packet_capture":{"enable":0}}
@@ -1548,21 +1547,21 @@ CreatePolicysAndObjects
... ELSE IF "${action}" == "deny" and "${method}" != "drop" and "${return}" != "FAIL" Set Variable {"method": "${method}","packet_capture":{"enable":${logCapture},"capture_depth":${captureDepth}}}
... ELSE IF "${action}" == "deny" and "${method}" == "drop" and "${return}" != "FAIL" and "${tsgVersion}" >= "23.01" Set Variable {"method": "${method}","send_icmp_unreachable":${sendIcmpUnreachable},"send_tcp_reset":${send_tcp_reset},"after_n_packets":${after_n_packets},"send_tcp_reset":${send_tcp_reset},"packet_capture":{"enable":${logCapture},"capture_depth":${captureDepth}}}
... ELSE IF "${action}" == "deny" and "${method}" == "drop" and "${return}" != "FAIL" and "${tsgVersion}" < "23.01" Set Variable {"method": "${method}","send_icmp_unreachable":${sendIcmpUnreachable},"enforce_direction":"both","packet_capture":{"enable":${logCapture},"capture_depth":${captureDepth}}}
- ... ELSE IF "${action}" == "deny" and "${method}" != "block" and "${return}" == "FAIL" and "${policyType}" == "tsg_security" Set Variable {"method": "${method}","packet_capture":{"enable":0}}
- ... ELSE IF "${action}" == "deny" and "${method}" != "block" and "${return}" == "FAIL" and "${policyType}" != "tsg_security" Set Variable {"method": "${method}"}
- ... ELSE IF "${action}" == "monitor" and "${returnMirrorVlan}"!="FAIL" and "${mirrorVlan}"!= "None" and "${policyType}" == "tsg_security" and "${return}" == "FAIL" Set Variable {"traffic_mirror":{"enable":${mirrorEnable},"mirror_vlan":${mirrorVlan}},"packet_capture":{"enable":0}}
- ... ELSE IF "${action}" == "monitor" and "${returnMirrorVlan}"=="FAIL" and "${policyType}" == "tsg_security" and "${return}" == "FAIL" Set Variable {"traffic_mirror":{"enable":${mirrorEnable},"mirror_vlan":null},"packet_capture":{"enable":0}}
- ... ELSE IF "${action}" == "monitor" and "${returnMirrorVlan}"=="FAIL" and "${policyType}" == "tsg_security" and "${return}" != "FAIL" Set Variable {"traffic_mirror":{"enable":${mirrorEnable},"mirror_vlan":null},"packet_capture":{"enable":${logCapture},"capture_depth":${captureDepth}}}
+ ... ELSE IF "${action}" == "deny" and "${method}" != "block" and "${return}" == "FAIL" and "${policyType}" == "security" Set Variable {"method": "${method}","packet_capture":{"enable":0}}
+ ... ELSE IF "${action}" == "deny" and "${method}" != "block" and "${return}" == "FAIL" and "${policyType}" != "security" Set Variable {"method": "${method}"}
+ ... ELSE IF "${action}" == "monitor" and "${returnMirrorVlan}"!="FAIL" and "${mirrorVlan}"!= "None" and "${policyType}" == "security" and "${return}" == "FAIL" Set Variable {"traffic_mirror":{"enable":${mirrorEnable},"mirror_vlan":${mirrorVlan}},"packet_capture":{"enable":0}}
+ ... ELSE IF "${action}" == "monitor" and "${returnMirrorVlan}"=="FAIL" and "${policyType}" == "security" and "${return}" == "FAIL" Set Variable {"traffic_mirror":{"enable":${mirrorEnable},"mirror_vlan":null},"packet_capture":{"enable":0}}
+ ... ELSE IF "${action}" == "monitor" and "${returnMirrorVlan}"=="FAIL" and "${policyType}" == "security" and "${return}" != "FAIL" Set Variable {"traffic_mirror":{"enable":${mirrorEnable},"mirror_vlan":null},"packet_capture":{"enable":${logCapture},"capture_depth":${captureDepth}}}
... ELSE IF "${action}" == "intercept" and "${key}" == "ssl" and ${tsgVersion}<=22.10 Set Variable {"protocol":"SSL","keyring": ${keyring},"decryption":${decryption},"traffic_mirror":${traffic_mirror}}
- ... ELSE IF "${action}" == "intercept" and "${key}" == "ssl" and ${tsgVersion}>=22.11 and "${decryption}" == "None" and "${decryption}" != "${EMPTY}" Set Variable {"protocol":"SSL","keyring_for_trusted":${keyring},"keyring_for_untrusted":${unTurstKeyringId},"decryption":${defaultDescryptionId},"tcp_option_profile":1,"traffic_mirror":${traffic_mirror}}
- ... ELSE IF "${action}" == "intercept" and "${key}" == "ssl" and ${tsgVersion}>=22.11 and "${decryption}" != "None" Set Variable {"protocol":"SSL","keyring_for_trusted":${keyring},"keyring_for_untrusted":${unTurstKeyringId},"decryption":${decryption},"tcp_option_profile":1,"traffic_mirror":${traffic_mirror}}
+ ... ELSE IF "${action}" == "intercept" and "${key}" == "ssl" and ${tsgVersion}>=22.11 and "${decryption}" == "None" and "${decryption}" != "${EMPTY}" Set Variable {"protocol":"SSL","keyring_for_trusted":${keyring},"keyring_for_untrusted":${unTurstKeyringId},"decryption_profile":${defaultDescryptionId},"tcp_option_profile":1,"traffic_mirror":${traffic_mirror}}
+ ... ELSE IF "${action}" == "intercept" and "${key}" == "ssl" and ${tsgVersion}>=22.11 and "${decryption}" != "None" Set Variable {"protocol":"SSL","keyring_for_trusted":${keyring},"keyring_for_untrusted":${unTurstKeyringId},"decryption_profile":${decryption},"tcp_option_profile":1,"traffic_mirror":${traffic_mirror}}
... ELSE IF "${action}" == "intercept" and "${key}" == "http" and ${tsgVersion}>=22.11 Set Variable {"protocol":"HTTP","tcp_option_profile":1,"traffic_mirror":${traffic_mirror}}
... ELSE IF "${return}" != "FAIL" Set Variable {"packet_capture":{"enable":${logCapture},"capture_depth":${captureDepth}}}
... ELSE Set Variable {"protocol":"${key}"}
END
${object_ids} Create Dictionary object_ids=${object_ids}
Append To List ${objects} ${object_ids}
- ${application} Create Dictionary objects=${objects} protocol_field=ATTR_APP_ID not_flag=${0}
+ ${application} Create Dictionary objects=${objects} attribute_name=ATTR_APP_ID is_negate=${0}
${application} json.Dumps ${application}
# Run Keyword If "${returnAppIdObjects}"!="FAIL" and "${appIdObjects}" != "${EMPTY}" Remove From List ${appIdObjectIds} 0
log ${userRegionStr}
@@ -1897,7 +1896,7 @@ CreateCondation
... ELSE IF "${protocolField}" == "TSG_FIELD_FTP_ACCOUNT" Set Variable ATTR_FTP_ACCOUNT
... ELSE IF "${protocolField}" == "TSG_FIELD_SIP_ORIGINATOR_DESCRIPTION" Set Variable ATTR_SIP_ORIGINATOR_DESCRIPTION
... ELSE IF "${protocolField}" == "TSG_FIELD_SIP_RESPONDER_DESCRIPTION" Set Variable ATTR_SIP_RESPONDER_DESCRIPTION
- ... ELSE IF "${protocolField}" == "TSG_SECURITY_SOURCE_ADDR" Set Variable ATTR_SOURCE_ADDR
+ ... ELSE IF "${protocolField}" == "TSG_SECURITY_SOURCE_ADDR" Set Variable ATTR_SOURCE_IP
... ELSE IF "${protocolField}" == "TSG_SECURITY_DESTINATION" Set Variable ATTR_DESTINATION_ADDR
... ELSE IF "${protocolField}" == "TSG_FILED_GTP_IMSI" Set Variable ATTR_GTP_IMSI
... ELSE IF "${protocolField}" == "TSG_FILED_GTP_APN" Set Variable ATTR_GTP_APN
@@ -1924,7 +1923,7 @@ CreateCondation
... ELSE Set Variable ${atributeObjectIds}
#${len}= Get Length ${objectIdsList}
#${objectIdsList} Run Keyword IF ${len} != 0 AppendListToList ${objectIdsList} ${objectIds} ELSE Set Variable ${objectIds}
- Run Keyword If "${protocolField}" == "ATTR_SOURCE_ADDR" or "${protocolField}" == "None" or "${protocolField}" == "TSG_SECURITY_SOURCE_LOCATION" or "${protocolField}" == "TSG_SECURITY_SOURCE_ASN" or "${protocolField}" == "ATTR_GTP_IMSI" or "${protocolField}" == "ATTR_GTP_PHONE_NUMBER" or "${protocolField}" == "ATTR_GTP_APN" AppendListToList ${sourceList} ${objectList} #Append To List
+ Run Keyword If "${protocolField}" == "ATTR_SOURCE_IP" or "${protocolField}" == "None" or "${protocolField}" == "TSG_SECURITY_SOURCE_LOCATION" or "${protocolField}" == "TSG_SECURITY_SOURCE_ASN" or "${protocolField}" == "ATTR_GTP_IMSI" or "${protocolField}" == "ATTR_GTP_PHONE_NUMBER" or "${protocolField}" == "ATTR_GTP_APN" AppendListToList ${sourceList} ${objectList} #Append To List
##############destination
... ELSE IF "${protocolField}" == "ATTR_DESTINATION_ADDR" or "${protocolField}" == "ATTR_SERVER_FQDN" or "${protocolField}" == "TSG_SECURITY_DESTINATION_ASN" AppendListToList ${destinationList} ${objectList}
#filter
@@ -2057,6 +2056,7 @@ AirTestFuncVerify
#app执行对应的操作
${airTestJson} Run Keyword If "${policyId}"=="${EMPTY}" Set Variable {"test_device_id":"${deviceId}","app_name":"${app_name}","app_operation":"${app_operation}","upper_device_ip":"${operationIp}","packet_name":"","upper_device_id":"111111","report_name":"${task_id}_${policyName}_no_policy"}
... ELSE Set Variable {"test_device_id":"${deviceId}","app_name":"${app_name}","app_operation":"${app_operation}","upper_device_ip":"${operationIp}","packet_name":"","upper_device_id":"111111","report_name":"${task_id}_${policyName}_with_policy"}
+ log to console ${airTestJson}
${response} BasePostRequest task ${airTestJson}
${returnCode} Set Variable ${response['success']}
${verifyReturn} ${verify} Run Keyword And Ignore Error Run Keyword If "${action}"!="deny" Should Be Equal As Integers ${returnCode} 0
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-30 17:33:40 +0000