diff options
| author | dongxiaoyan <[email protected]> | 2020-04-01 12:42:05 +0800 |
|---|---|---|
| committer | dongxiaoyan <[email protected]> | 2020-04-01 12:42:05 +0800 |
| commit | acc676857bd85512f344a8d06aa1ae8846e7c0db (patch) | |
| tree | f2a7e19139d7f763e699ae10a997184c168fed76 /01-TestCase/tsg_adc/api_security/AllowSSLTests.robot | |
Diffstat (limited to '01-TestCase/tsg_adc/api_security/AllowSSLTests.robot')
| -rw-r--r-- | 01-TestCase/tsg_adc/api_security/AllowSSLTests.robot | 87 |
1 files changed, 87 insertions, 0 deletions
diff --git a/01-TestCase/tsg_adc/api_security/AllowSSLTests.robot b/01-TestCase/tsg_adc/api_security/AllowSSLTests.robot new file mode 100644 index 0000000..06b0395 --- /dev/null +++ b/01-TestCase/tsg_adc/api_security/AllowSSLTests.robot @@ -0,0 +1,87 @@ +*** Settings *** +Test Teardown DeletePolicyAndObject ${policyIds} ${objectids} +Force Tags tsg_adc tsg_security +Library OperatingSystem +Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot +Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot +Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot + +*** Variables *** +${policyIds} ${EMPTY} +${objectids} ${EMPTY} + +*** Test Cases *** +SecurityPolicy-Allow-SSL-00001 + [Tags] Allow IP FQDN DENY HTTP + #创建对象IP + #${rescode} ${object_IP_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"ip","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_IP","objectDesc":"","subObjectIds":[],"addItemList":[{"addrType":4,"protocol":0,"direction":0,"clientIp1":"192.168.50.31","clientIp2":"192.168.50.31","clientIpFormat":"range","clientPortFormat":"","clientPort1":"","clientPort2":"","serverIpFormat":"","serverIp1":"","serverIp2":"","serverPortFormat":"","serverPort1":"","serverPort2":""}],"updateItemList":[],"deleteItemIds":[]}} + #log ${object_IP_Id} + #创建对象FQDN + ${rescodeip} ${object_FQDN_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_FQDN_icbc","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*ww.sogou.com"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}} + log ${object_FQDN_Id} + ${objectids} set Variable ${object_FQDN_Id} + #创建 Deny 搭配Allow + ${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyName":"SecurityPolicy-Allow-SSL-00001_deny","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","method":"drop","keyring":1},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}} + ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyName":"SecurityPolicy-Allow-SSL-00001_deny","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","method":"drop","keyring":1},"referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}} + log ${addPolicyStr} + ${rescode} ${policyId1} AddPolicy ${addPolicyStr} + log ${policyId1} + ${policyIds} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]} + #创建策略 + ${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyName":"SecurityPolicy-Allow-SSL-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}} + ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyName":"SecurityPolicy-Allow-SSL-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1},"referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}} \ + ${rescode} ${policyId2} AddPolicy ${addPolicyStr} + log ${policyId2} + ${policyIds1} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]} + ${policyIds2} set Variable {"policyType":"tsg_security","policyIds":[${policyId2}]} + ${policyIds} Create List ${policyIds1} ${policyIds2} + #${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_IP_Id},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}} + #功能端验证 + Sleep ${policyVerificationSleepSeconds}s + ${starttime} Get Time + ${commandreturn} OperatingSystem.Run curl -I \ -m \ 10 \ -o \ /dev/null \ -s \ -w \ \ \%{http_code} \ \ https://www.sogou.com + should contain ${commandreturn} 200 + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId2} + GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni icbc + +SecurityPolicy-Allow-SSL-00002 + [Tags] Allow SubID Category DENY HTTP + #创建对象Subid + ${rescode} ${object_Subid_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"subscriberid","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_subid","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["$zmmtest"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}} + log ${object_Subid_Id} + ${objectids} set Variable ${object_Subid_Id} + #创建对象Categry + ${rescodeip} ${object_Category_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn_category","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_category","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*arch.jd.com"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}} + log ${object_Category_Id} + ${objectids} set Variable ${object_Subid_Id},${object_Category_Id} + #创建 Deny 搭配Allow + ${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyName":"SecurityPolicy-Allow-SSL-00001_deny","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","method":"drop","keyring":1},"referenceObject":[{"objectId":${object_Subid_Id} ,"protocolFields":[]},{"objectId":${object_Category_Id} ,"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}} + ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyName":"SecurityPolicy-Allow-SSL-00001_deny","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","method":"drop","keyring":1},"referenceObject":[{"objectId":${object_Subid_Id} ,"protocolFields":[]},{"objectId":${object_Category_Id} ,"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}} + log ${addPolicyStr} + ${rescode} ${policyId1} AddPolicy ${addPolicyStr} + log ${policyId1} + ${policyIds} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]} + #创建策略 + ${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyName":"SecurityPolicy-Allow-SSL-00002","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1},"referenceObject":[{"objectId":${object_Subid_Id},"protocolFields":[]},{"objectId":${object_Category_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}} + ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyName":"SecurityPolicy-Allow-SSL-00002","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1},"referenceObject":[{"objectId":${object_Subid_Id},"protocolFields":[]},{"objectId":${object_Category_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}} + ${rescode} ${policyId2} AddPolicy ${addPolicyStr} + log ${policyId2} + ${policyIds1} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]} + ${policyIds2} set Variable {"policyType":"tsg_security","policyIds":[${policyId2}]} + ${policyIds} Create List ${policyIds1} ${policyIds2} + #${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyName":"SecurityPolicy-Allow-Http-00002","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_Subid_Id},"protocolFields":[]},{"objectId":${object_Category_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}} + #log ${rescode} + #log ${policyId} + #功能端验证 + Sleep ${policyVerificationSleepSeconds}s + ${starttime} Get Time + ${commandreturn} OperatingSystem.Run curl -I \ -m \ 10 \ -o \ /dev/null \ -s \ -w \ \ \%{http_code} \ \ http://www.ccb.com + should contain ${commandreturn} 200 + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId2} + GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni icbc |