def test_iso_http_basic_a1(self):
# 下发配置
fun.send(rbmExc, message.addhttp_front['AddCustomAppPolicy'],
FrontDomain, base_path)
fun.send(rbmExc, message.addhttp_back['AddCustomAppPolicy'],
BackDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'FrontDut',
'nginx: worker process')
fun.nginx_worker('ps -ef |grep nginx', 'FrontDut',
'nginx: worker process')
fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
fun.nginx_worker('ps -ef |grep nginx', 'BackDut',
'nginx: worker process')
# 检查配置下发是否成功
for key in self.case1_step1:
re = fun.wait_data(self.case1_step1[key][0], 'FrontDut',
self.case1_step1[key][1], '配置', 100)
print(re)
assert self.case1_step1[key][1] in re
for key in self.case1_step11:
re = fun.wait_data(self.case1_step11[key][0], 'FrontDut',
self.case1_step11[key][1], '配置', 100)
print(re)
assert self.case1_step11[key][1] in re
# 发送get请求,验证隔离下的http策略
print('请求地址为{}'.format(self.http_url))
content = http_check.http_get(self.http_url)
print('验证隔离下的http策略请求内容为:{}'.format(content))
assert content == http_content
def test_http_check_get_a1(self):
# 下发配置
fun.send(rbmExc, message.addhttp['AddAgent'], rbmDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process')
# 检查配置下发是否成功
for key in self.case1_step1:
re = fun.wait_data(self.case1_step1[key][0], 'gw',
self.case1_step1[key][1], '配置', 100)
print('添加策略_re: ', re)
assert self.case1_step1[key][1] in re
# 数据检查
fun.send(rbmExc, message.httpcheck1['SetHttpCheck'], rbmDomain,
base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process')
for key in self.case1_step2:
re = fun.wait_data(self.case1_step2[key][0], 'gw',
self.case1_step2[key][1], '配置', 100)
print("需包含字符串:", self.case1_step2[key][1])
print('httpCheck_re: ', re)
assert self.case1_step2[key][1] in re
# 发送get请求,不包含黑名单内容的普通请求
content = http_check.http_get(url)
print('get普通请求的请求内容为:{}'.format(content))
assert content == http_content
result = fun.search('/opt', 'sh', 'gw')
print('---------fun.search: \n', result)
def test_nginx_test_a1(self):
# 清空环境
for i in self.clr_env:
fun.cmd(i, 'gw')
for i in range(100):
# fun.cmd('systemctl reload nginx_fstack', 'gw')
fun.send(rbmExc, message.addsmtp['AddAgent'], rbmDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
fun.nginx_worker('ps -ef |grep nginx', 'gw',
'nginx: worker process')
fun.send(rbmExc, message.addpop3['AddAgent'], rbmDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
fun.nginx_worker('ps -ef |grep nginx', 'gw',
'nginx: worker process')
ff = fun.cmd('ff_netstat -an', 'gw')
print('ff结果为:{}'.format(ff))
assert proxy_ip in ff
fun.send(rbmExc, message.mailcheck1['SetMailCheck'], rbmDomain,
base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
fun.nginx_worker('ps -ef |grep nginx', 'gw',
'nginx: worker process')
# 配置清空
fun.send(rbmExc, message.delsmtp['DelAgent'], rbmDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
fun.nginx_worker('ps -ef |grep nginx', 'gw',
'nginx: worker process')
fun.send(rbmExc, message.delpop3['DelAgent'], rbmDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
fun.nginx_worker('ps -ef |grep nginx', 'gw',
'nginx: worker process')
print('已经执行了{}次'.format(i + 1))
def test_customapp_app_action_deny(self):
# 下发配置
fun.send(rbmExc, message.add_app_action_deny_front['AddCustomAppPolicy'], FrontDomain, base_path)
fun.send(rbmExc, message.add_app_action_deny_back['AddCustomAppPolicy'], BackDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process')
front_res1 = fun.nginx_worker('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process',name='前置机nginx进程')
assert front_res1 == 1
fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
back_res1 = fun.nginx_worker('ps -ef |grep nginx', 'BackDut', 'nginx: worker process',name='后置机nginx进程')
assert back_res1 == 1
fun.send(rbmExc, message.set_app_default_action_allow['SetCustomAppAction'], FrontDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process')
front_res1 = fun.nginx_worker('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process',name='前置机nginx进程')
assert front_res1 == 1
# 检查配置下发是否成功
for key in self.case4_step1:
re = fun.wait_data(self.case4_step1[key][0], 'FrontDut', self.case4_step1[key][1], '前置机配置', 100)
assert self.case4_step1[key][1] in re
for key in self.case4_step2:
re = fun.wait_data(self.case4_step2[key][0], 'FrontDut', self.case4_step2[key][1], '前置机配置', 100)
assert self.case4_step2[key][1] in re
for key in self.case0_step1:
re = fun.wait_data(self.case0_step1[key][0],'BackDut',self.case0_step1[key][1],'后置机配置',100)
assert self.case0_step1[key][1] in re
# 发送请求,检测定制应用通信策略是否生效
status_code = http_check.http_get(url,flag=1)
print('url:', url)
print('验证应用动作为拒绝,默认动作、规则动作为允许时的定制应用通行策略,get请求的请求内容为:{}'.format(status_code),',请求被禁止。')
assert status_code == 0
# 文件查看audit日志
# fun.wait_data(f"grep -n {proxy_port} /usr/local/nginx/logs/audit.log |tail -1", 'FrontDut',self.case4_step3['step1'][0], '检查Default Deny', 300, flag='存在')
fun.wait_data(f"grep -n {proxy_port} /usr/local/nginx/logs/audit.log |tail -1", 'FrontDut',self.case4_step3['step1'][0], '检查Default Deny', 300)
for key in self.case4_step3:
re = fun.cmd(f"grep -n {proxy_port} /usr/local/nginx/logs/audit.log |tail -1 ", 'FrontDut')
print('re:', re)
assert self.case4_step3[key][0] in re
#移除策略
fun.send(rbmExc, message.del_app_action_front['DelCustomAppPolicy'], FrontDomain, base_path)
fun.send(rbmExc, message.del_app_action_back['DelCustomAppPolicy'], BackDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process')
front_res1 = fun.nginx_worker('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process', name='前置机nginx进程')
assert front_res1 == 1
fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
back_res1 = fun.nginx_worker('ps -ef |grep nginx', 'BackDut', 'nginx: worker process', name='后置机nginx进程')
assert back_res1 == 1
#检查配置移除是否成功
for key in self.case4_step4:
re = fun.wait_data(self.case4_step4[key][0], 'FrontDut', self.case4_step4[key][1], '前置机配置', 100,flag='不存在')
assert self.case4_step4[key][1] not in re
for key in self.case0_step1:
re = fun.wait_data(self.case0_step1[key][0], 'BackDut', self.case0_step1[key][1], '后置机配置', 100, flag='不存在')
assert self.case0_step1[key][1] not in re
def test_http_check_post_a2(self):
# 下发配置
fun.send(rbmExc, message.addhttp['AddAgent'], rbmDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
add_res1 = fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process')
assert add_res1 == 1
# 检查配置下发是否成功
for key in self.case2_step1:
re = fun.wait_data(self.case2_step1[key][0], 'gw', self.case2_step1[key][1], '配置', 100)
print(re)
assert self.case2_step1[key][1] in re
fun.send(rbmExc, message.httpcheck2['SetHttpCheck'], rbmDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
add_res2 = fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process')
assert add_res2 == 1
for key in self.case2_step2:
re = fun.wait_data(self.case2_step2[key][0], 'gw', self.case2_step2[key][1], '配置', 100)
print(re)
assert self.case2_step2[key][1] in re
# 发送post请求,不包含黑名单内容的普通请求
content = http_check.http_post(url)
print('多个黑名单时post普通请求的请求内容为:{}'.format(content))
assert content == http_content
# 发送post请求,请求内容不包含黑名单内容
content = http_check.http_post(url, self.data)
print('多个黑名单时post请求内容不包含黑名单的请求应返回的内容为:{}'.format(content))
assert content == http_content
# 发送post请求,请求内容包含第一个黑名单
status_code = http_check.http_post(url, self.case2_data1)
print('多个黑名单时post请求内容包含第一个黑名单返回的状态码为:{}'.format(status_code))
assert status_code == 403
# 发送post请求,请求内容包含第二个黑名单
status_code = http_check.http_post(url, self.case2_data2)
print('多个黑名单时post请求内容包含第二个黑名单返回的状态码为:{}'.format(status_code))
assert status_code == 403
# 移除策略,还原环境
fun.send(rbmExc, message.delhttp['DelAgent'], rbmDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
del_res1 = fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process')
assert del_res1 == 1
# 检查代理是否成功移除
for key in self.case2_step1:
re = fun.wait_data(self.case2_step1[key][0], 'gw', self.case2_step1[key][1], '配置', 100, flag='不存在')
assert self.case2_step1[key][1] not in re
# 检查网页访问策略是否清空
fun.send(rbmExc, message.delhttpcheck['DropHttpCheck'], rbmDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
del_res2 = fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process')
assert del_res2 == 1
for key in self.delcheck:
re = fun.wait_data(self.delcheck[key][0], 'gw', self.delcheck[key][1], '配置', 100, flag='不存在')
assert self.delcheck[key][1] not in re
def test_ftp_check_delete_a1(self):
# 下发配置
fun.send(rbmExc, message.addftp['AddAgent'], rbmDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process')
# 检查配置下发是否成功
for key in self.case1_step1:
re = fun.wait_data(self.case1_step1[key][0], 'gw',
self.case1_step1[key][1], '配置', 100)
print(re)
assert self.case1_step1[key][1] in re
for key in self.case1_step11:
re = fun.wait_data(self.case1_step11[key][0], 'gw',
self.case1_step11[key][1], '配置', 100)
print(re)
assert self.case1_step11[key][1] in re
fun.send(rbmExc, message.ftpcheck1['SetFtpCheck'], rbmDomain,
base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process')
for key in self.case1_step2:
re = fun.wait_data(self.case1_step2[key][0], 'gw',
self.case1_step2[key][1], '配置', 100)
print(re)
assert self.case1_step2[key][1] in re
# 1、登录ftp服务器,用户为白名单用户
fp = con_ftp.connect_ftp(self.host, self.port, self.username,
self.password)
print('欢迎语是:{}'.format(fp.getwelcome()))
assert '220' in fp.getwelcome()
# 2、登录ftp服务器,上传文件(上传命令被禁止)
fp = con_ftp.connect_ftp(self.host, self.port, self.username,
self.password)
print('欢迎语是:{}'.format(fp.getwelcome()))
result1 = con_ftp.uploadFile(fp, self.upremotePath, self.uplocalPath)
print('ftp上传文件扩展名{}为白名单结果为:{}'.format(self.uplocalPath, result1))
assert result1 == 0
# 3、登录ftp服务器,下载文件扩展名为白名单(下载命令被禁止)
fp = con_ftp.connect_ftp(self.host, self.port, self.username,
self.password)
print('欢迎语是:{}'.format(fp.getwelcome()))
result2 = con_ftp.downFile(fp, self.downremotePath, self.downlocalPath)
print('ftp下载(下载命令被禁止)文件扩展名{}为白名单结果为:{}'.format(self.downremotePath,
result2))
assert result2 == 0
# 4、 登录ftp服务器,删除(删除命令被禁止)目录下的文件
fp = con_ftp.connect_ftp(self.host, self.port, self.username,
self.password)
print('欢迎语是:{}'.format(fp.getwelcome()))
result3 = con_ftp.deleallFile(fp, delePath)
print('ftp删除(删除命令被禁止){}的结果为:{}'.format(delePath, result3))
assert result3 == 0
def data_check_setup_met(dut='gw'):
start = time.time()
fun.wait_data('ps -ef |grep agentjsac', dut,
'/usr/bin/agentjsac -c /etc/jsac/agentjsac.config')
fun.nginx_worker('ps -ef |grep nginx', dut, 'nginx: worker process')
print(
"=========================== data_check_setup_met 结束 耗时:{}s =================================="
.format(time.time() - start))
def test_ftp_check_upload_a2(self):
# 下发配置
fun.send(rbmExc, message.addftp['AddAgent'], rbmDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process')
# 检查配置下发是否成功
for key in self.case2_step1:
re = fun.wait_data(self.case2_step1[key][0], 'gw',
self.case2_step1[key][1], '配置', 100)
print(re)
assert self.case2_step1[key][1] in re
for key in self.case2_step11:
re = fun.wait_data(self.case2_step11[key][0], 'gw',
self.case2_step11[key][1], '配置', 100)
print(re)
assert self.case2_step11[key][1] in re
fun.send(rbmExc, message.ftpcheck2['SetFtpCheck'], rbmDomain,
base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process')
for key in self.case2_step2:
re = fun.wait_data(self.case2_step2[key][0], 'gw',
self.case2_step2[key][1], '配置', 100)
print(re)
assert self.case2_step2[key][1] in re
# 登录ftp服务器,上传文件扩展名为白名单
fp = con_ftp.connect_ftp(self.host, self.port, self.username,
self.password)
print('欢迎语是:{}'.format(fp.getwelcome()))
result1 = con_ftp.uploadFile(fp, self.case2_upremotePath,
self.case2_uplocalPath)
print('第一个ftp上传文件扩展名{}为白名单结果为:{}'.format(self.case2_uplocalPath,
result1))
assert result1 == 1
# 登录ftp服务器,上传文件扩展名为白名单
fp = con_ftp.connect_ftp(self.host, self.port, self.username,
self.password)
print('欢迎语是:{}'.format(fp.getwelcome()))
result2 = con_ftp.uploadFile(fp, self.case2_allow_upremotePath,
self.case2_allow_uplocalPath)
print('第二个ftp上传文件扩展名{}为白名单结果为:{}'.format(self.case2_allow_uplocalPath,
result2))
assert result2 == 1
# 登录ftp服务器,上传文件扩展名为非白名单
fp = con_ftp.connect_ftp(self.host, self.port, self.username,
self.password)
print('欢迎语是:{}'.format(fp.getwelcome()))
result3 = con_ftp.uploadFile(fp, self.case2_deny_upremotePath,
self.case2_deny_uplocalPath)
print('ftp上传文件扩展名{}为非白名单结果为:{}'.format(self.case2_deny_uplocalPath,
result3))
assert result3 == 0
def test_ftp_check_upload_a1(self):
# 下发配置
fun.send(rbmExc, message.addftp['AddAgent'], rbmDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
add_res1 = fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process')
assert add_res1 == 1
# 检查配置下发是否成功
for key in self.case1_step1:
re = fun.wait_data(self.case1_step1[key][0], 'gw', self.case1_step1[key][1], '配置', 100)
print(re)
assert self.case1_step1[key][1] in re
for key in self.case1_step11:
re = fun.wait_data(self.case1_step11[key][0], 'gw', self.case1_step11[key][1], '配置', 100)
print(re)
assert self.case1_step11[key][1] in re
fun.send(rbmExc, message.ftpcheck1['SetFtpCheck'], rbmDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
add_res2 = fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process')
assert add_res2 == 1
for key in self.case1_step2:
re = fun.wait_data(self.case1_step2[key][0], 'gw', self.case1_step2[key][1], '配置', 100)
print(re)
assert self.case1_step2[key][1] in re
# 登录ftp服务器,上传文件扩展名为白名单
fp = con_ftp.connect_ftp(self.host, self.port, self.username, self.password)
print('欢迎语是:{}'.format(fp.getwelcome()))
result1 = con_ftp.uploadFile(fp, self.case1_upremotePath, self.case1_uplocalPath)
print('ftp上传文件扩展名{}为白名单结果为:{}'.format(self.case1_uplocalPath, result1))
assert result1 == 1
# 登录ftp服务器,上传文件扩展名为非白名单
fp = con_ftp.connect_ftp(self.host, self.port, self.username, self.password)
print('欢迎语是:{}'.format(fp.getwelcome()))
result2 = con_ftp.uploadFile(fp, self.case1_deny_upremotePath, self.case1_deny_uplocalPath)
print('ftp上传文件扩展名{}为非白名单结果为:{}'.format(self.case1_deny_uplocalPath, result2))
assert result2 == 0
# 移除策略,还原环境
fun.send(rbmExc, message.delftp['DelAgent'], rbmDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
del_res1 = fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process')
assert del_res1 == 1
# 检查代理是否成功移除
for key in self.case1_step1:
re = fun.wait_data(self.case1_step1[key][0], 'gw', self.case1_step1[key][1], '配置', 100, flag='不存在')
assert self.case1_step1[key][1] not in re
# 检查ftp传输策略是否清空
fun.send(rbmExc, message.delftpcheck['DropFtpCheck'], rbmDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
del_res2 = fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process')
assert del_res2 == 1
for key in self.delcheck:
re = fun.wait_data(self.delcheck[key][0], 'gw', self.delcheck[key][1], '配置', 100, flag='不存在')
assert self.delcheck[key][1] not in re
def test_customapp_default_action_allow(self):
# 下发配置
fun.send(rbmExc, message.add_app_default_action_front['AddCustomAppPolicy'], FrontDomain, base_path)
fun.send(rbmExc, message.add_app_default_action_back['AddCustomAppPolicy'], BackDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process')
front_res1 = fun.nginx_worker('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process',name='前置机nginx进程')
assert front_res1 ==1
fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
back_res1 = fun.nginx_worker('ps -ef |grep nginx', 'BackDut', 'nginx: worker process',name='后置机nginx进程')
assert back_res1 == 1
fun.send(rbmExc, message.set_app_default_action_allow['SetCustomAppAction'], FrontDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process')
front_res1 = fun.nginx_worker('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process', name='前置机nginx进程')
assert front_res1 == 1
# 检查配置下发是否成功
for key in self.case1_step1:
# re = fun.cmd(self.case1_step1[key][0], 'FrontDut')
# print(re)
re = fun.wait_data(self.case1_step1[key][0], 'FrontDut', self.case1_step1[key][1], '前置机配置', 100)
assert self.case1_step1[key][1] in re
for key in self.case1_step2:
# re = fun.cmd(self.case1_step2[key][0], 'FrontDut')
# print(re)
re = fun.wait_data(self.case1_step2[key][0], 'FrontDut', self.case1_step2[key][1], '前置机配置', 100)
assert self.case1_step2[key][1] in re
for key in self.case0_step1:
re = fun.wait_data(self.case0_step1[key][0],'BackDut',self.case0_step1[key][1],'后置机配置',100)
assert self.case0_step1[key][1] in re
# 发送请求,检测定制应用通信策略是否生效
status_code = http_check.http_get(url,flag=1)
print('url:', url)
print('验证默认动作为允许,应用、规则动作为允许时的定制应用通行策略,get请求的请求内容为:{}'.format(status_code))
assert status_code == 200
#移除策略
fun.send(rbmExc, message.del_app_upstream_front['DelCustomAppPolicy'], FrontDomain, base_path)
fun.send(rbmExc, message.del_app_upstream_back['DelCustomAppPolicy'], BackDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process')
front_res1 = fun.nginx_worker('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process',name='前置机nginx进程')
assert front_res1 == 1
fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
back_res1 = fun.nginx_worker('ps -ef |grep nginx', 'BackDut', 'nginx: worker process',name='后置机nginx进程')
assert back_res1 == 1
# 检查配置移除是否成功
for key in self.case1_step3:
# re = fun.cmd(self.case1_step1[key][0], 'FrontDut')
# print(re)
re = fun.wait_data(self.case1_step3[key][0], 'FrontDut', self.case1_step3[key][1], '前置机配置', 100,flag='不存在')
assert self.case1_step3[key][1] not in re
for key in self.case0_step1:
re = fun.wait_data(self.case0_step1[key][0],'BackDut',self.case0_step1[key][1],'后置机配置',100,flag='不存在')
assert self.case0_step1[key][1] not in re
def test_add_MIME_allow(self):
# 下发配置
fun.send(rbmExc, message.addhttp['AddAgent'], rbmDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process')
fun.send(rbmExc, message.httpcheck2['SetHttpCheck'], rbmDomain,
base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process')
def clear_datacheck(protocol, base_path):
if protocol == 'http':
fun.send(rbmExc, message.delhttpcheck['DropHttpCheck'], FrontDomain,
base_path)
elif protocol == 'mail':
fun.send(rbmExc, message.delmailcheck['DropMailCheck'], FrontDomain,
base_path)
elif protocol == 'ftp':
fun.send(rbmExc, message.delftpcheck['DropFtpCheck'], FrontDomain,
base_path)
fun.wait_data('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process')
fun.nginx_worker('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process')
def test_http_check_uri_a2(self):
# 下发配置
fun.send(rbmExc, message.addhttp['AddAgent'], rbmDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process')
# 检查配置下发是否成功
for key in self.case2_step1:
re = fun.wait_data(self.case2_step1[key][0], 'gw', self.case2_step1[key][1], '配置', 100)
print(re)
assert self.case2_step1[key][1] in re
fun.send(rbmExc, message.httpcheck2['SetHttpCheck'], rbmDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process')
for key in self.case2_step2:
re = fun.wait_data(self.case2_step2[key][0], 'gw', self.case2_step2[key][1], '配置', 100)
print(re)
assert self.case2_step2[key][1] in re
# 发送get请求,不包含黑名单内容的普通请求
content = http_check.http_get(url)
print('多个黑名单时get普通请求的请求内容为:{}'.format(content))
assert content == http_content
# 发送post请求,不包含黑名单内容的普通请求
content = http_check.http_post(url)
print('多个黑名单时get普通请求的请求内容为:{}'.format(content))
assert content == http_content
# 发送get请求,请求内容包含第一个黑名单
status_code = http_check.http_get(self.case2_uri1,self.data)
print('多个黑名单时get请求内容包含第一个黑名单返回的状态码为:{}'.format(status_code))
assert status_code == 403
# 发送post请求,请求内容包含第一个黑名单
status_code = http_check.http_post(self.case2_uri1, self.data)
print('多个黑名单时get请求内容包含第一个黑名单返回的状态码为:{}'.format(status_code))
assert status_code == 403
# 发送get请求,请求内容包含第二个黑名单
status_code = http_check.http_get(self.case2_uri2, self.data)
print('多个黑名单时get请求内容包含第二个黑名单返回的状态码为:{}'.format(status_code))
assert status_code == 403
# 发送post请求,请求内容包含第二个黑名单
status_code = http_check.http_post(self.case2_uri2, self.data)
print('多个黑名单时get请求内容包含第二个黑名单返回的状态码为:{}'.format(status_code))
assert status_code == 403
def data_check_teardown_met(protocol, base_path, dut='gw'):
start = time.time()
if protocol == 'mail':
fun.send(rbmExc, message.delsmtp['DelAgent'], rbmDomain, base_path)
fun.wait_data('ps -ef |grep nginx', dut, 'nginx: worker process')
fun.nginx_worker('ps -ef |grep nginx', dut, 'nginx: worker process')
fun.send(rbmExc, message.delpop3['DelAgent'], rbmDomain, base_path)
elif protocol == 'ftp':
fun.send(rbmExc, message.delftp['DelAgent'], rbmDomain, base_path)
elif protocol == 'http':
fun.send(rbmExc, message.delhttp['DelAgent'], rbmDomain, base_path)
else:
pass
fun.wait_data('ps -ef |grep nginx', dut, 'nginx: worker process')
fun.nginx_worker('ps -ef |grep nginx', dut, 'nginx: worker process')
print("=========================== data_check_teardown_met 结束 耗时:{}s ==================================".format(
time.time() - start))
def test_ftp_check_user_a2(self):
# 下发配置
fun.send(rbmExc, message.addftp['AddAgent'], rbmDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process')
# 检查配置下发是否成功
for key in self.case2_step1:
re = fun.wait_data(self.case2_step1[key][0], 'gw',
self.case2_step1[key][1], '配置', 100)
print(re)
assert self.case2_step1[key][1] in re
for key in self.case2_step11:
re = fun.wait_data(self.case2_step11[key][0], 'gw',
self.case2_step11[key][1], '配置', 100)
print(re)
assert self.case2_step11[key][1] in re
fun.send(rbmExc, message.ftpcheck2['SetFtpCheck'], rbmDomain,
base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process')
for key in self.case2_step2:
re = fun.wait_data(self.case2_step2[key][0], 'gw',
self.case2_step2[key][1], '配置', 100)
print(re)
assert self.case2_step2[key][1] in re
# 登录ftp服务器,用户为白名单用户
fp = con_ftp.connect_ftp(self.host, self.port, self.username,
self.password)
print('ftp第一个白名单用户{}欢迎语是:{}'.format(self.username, fp.getwelcome()))
assert '220' in fp.getwelcome()
fp = con_ftp.connect_ftp(self.host, self.port, self.case2_allow_user,
self.password)
print('ftp第二个白名单用户{}欢迎语是:{}'.format(self.case2_allow_user,
fp.getwelcome()))
assert '220' in fp.getwelcome()
# 登录ftp服务器,用户为非白名单用户
fp = con_ftp.connect_ftp(self.host, self.port, self.case2_deny_user,
self.password)
print('ftp非白名单用户{}结果为:{}'.format(self.case2_deny_user, fp))
assert fp == 0
def test_iso_tcp_keyword_a2(self):
# 下发配置
fun.send(rbmExc, message.addftp_front['AddCustomAppPolicy'], FrontDomain, base_path)
fun.send(rbmExc, message.addftp_back['AddCustomAppPolicy'], BackDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process')
front_res = fun.nginx_worker('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process', name='前置机nginx进程')
assert front_res == 1
fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
back_res = fun.nginx_worker('ps -ef |grep nginx', 'BackDut', 'nginx: worker process', name='后置机nginx进程')
assert back_res == 1
# 检查配置下发是否成功
for key in self.case2_step1:
re = fun.wait_data(self.case2_step1[key][0], 'FrontDut', self.case2_step1[key][1], '配置', 100)
print(re)
assert self.case2_step1[key][1] in re
for key in self.case2_step11:
re = fun.wait_data(self.case2_step11[key][0], 'FrontDut', self.case2_step11[key][1], '配置', 100)
print(re)
assert self.case2_step11[key][1] in re
# # 登录ftp服务器,下载命令被禁止
# fp = con_ftp.connect_ftp(proxy_ip, self.ftp_proxy_port, self.ftp_user, self.ftp_pass)
# print('欢迎语是:{}'.format(fp.getwelcome()))
# result = con_ftp.downFile(fp, self.case2_downremotePath, self.case2_downlocalPath)
# print('下载命令被禁止的ftp传输策略结果为:{}'.format(result))
# assert result == 0
# 移除策略,清空环境
fun.send(rbmExc, message.delftp_front['DelCustomAppPolicy'], FrontDomain, base_path)
fun.send(rbmExc, message.delftp_back['DelCustomAppPolicy'], BackDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process')
fdel_res = fun.nginx_worker('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process', name='前置机nginx进程')
assert fdel_res == 1
fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
bdel_res = fun.nginx_worker('ps -ef |grep nginx', 'BackDut', 'nginx: worker process', name='后置机nginx进程')
assert bdel_res == 1
# 检查策略移除是否成功
for key in self.case2_step1:
re = fun.wait_data(self.case2_step1[key][0], 'FrontDut', self.case2_step1[key][1], '配置', 100, flag='不存在')
print(re)
assert self.case2_step1[key][1] not in re
def test_iso_ftp_up_down_dir_a1(self):
# 下发配置
fun.send(rbmExc, message.addftp_front['AddCustomAppPolicy'], FrontDomain, base_path)
fun.send(rbmExc, message.addftp_back['AddCustomAppPolicy'], BackDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process')
front_res = fun.nginx_worker('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process', name='前置机nginx进程')
assert front_res == 1
fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
back_res = fun.nginx_worker('ps -ef |grep nginx', 'BackDut', 'nginx: worker process', name='后置机nginx进程')
assert back_res == 1
# 检查配置下发是否成功
for key in self.case1_step1:
re = fun.wait_data(self.case1_step1[key][0], 'FrontDut', self.case1_step1[key][1], '配置', 100)
print(re)
assert self.case1_step1[key][1] in re
for key in self.case1_step11:
re = fun.wait_data(self.case1_step11[key][0], 'FrontDut', self.case1_step11[key][1], '配置', 100)
print(re)
assert self.case1_step11[key][1] in re
# 登录ftp服务器,下载一个文件夹内的所有文件夹
fp = con_ftp.connect_ftp(proxy_ip, self.ftp_proxy_port, self.ftp_user, self.ftp_pass)
print('欢迎语是:{}'.format(fp.getwelcome()))
result = con_ftp.DownDir(fp, ftp_remoteDir, ftp_localDir)
print('ftp走隔离下载一个文件夹内的所有文件夹结果为:{}'.format(result))
assert result == 1
# 移除策略,清空环境
fun.send(rbmExc, message.delftp_front['DelCustomAppPolicy'], FrontDomain, base_path)
fun.send(rbmExc, message.delftp_back['DelCustomAppPolicy'], BackDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process')
fdel_res = fun.nginx_worker('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process', name='前置机nginx进程')
assert fdel_res == 1
fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
bdel_res = fun.nginx_worker('ps -ef |grep nginx', 'BackDut', 'nginx: worker process', name='后置机nginx进程')
assert bdel_res == 1
# 检查策略移除是否成功
for key in self.case2_step1:
re = fun.wait_data(self.case2_step1[key][0], 'FrontDut', self.case2_step1[key][1], '配置', 100, flag='不存在')
print(re)
assert self.case2_step1[key][1] not in re
def test_iso_http_redirect_a1(self):
# 下发配置
fun.send(rbmExc, message.addhttp_redirect_front['AddCustomAppPolicy'], FrontDomain, base_path)
fun.send(rbmExc, message.addhttp_redirect_back['AddCustomAppPolicy'], BackDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process')
front_res = fun.nginx_worker('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process', name='前置机nginx进程')
assert front_res == 1
fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
back_res = fun.nginx_worker('ps -ef |grep nginx', 'BackDut', 'nginx: worker process', name='后置机nginx进程')
assert back_res == 1
# 检查配置下发是否成功
for key in self.case1_step1:
re = fun.wait_data(self.case1_step1[key][0], 'FrontDut', self.case1_step1[key][1], '配置', 100)
print(re)
assert self.case1_step1[key][1] in re
for key in self.case1_step11:
re = fun.wait_data(self.case1_step11[key][0], 'FrontDut', self.case1_step11[key][1], '配置', 100)
print(re)
assert self.case1_step11[key][1] in re
# 发送get请求,验证隔离下的http策略
print('请求地址为{}'.format(self.http_url))
status_code = http_check.http_get(self.http_url,flag=1)
print('验证隔离下的http策略请求状态码为:{}'.format(status_code))
assert status_code == 200
# 移除策略,清空环境
fun.send(rbmExc, message.delhttp_redirect_front['DelCustomAppPolicy'], FrontDomain, base_path)
fun.send(rbmExc, message.delhttp_redirect_back['DelCustomAppPolicy'], BackDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process')
fdel_res = fun.nginx_worker('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process',name='前置机nginx进程')
assert fdel_res == 1
fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
bdel_res = fun.nginx_worker('ps -ef |grep nginx', 'BackDut', 'nginx: worker process',name='后置机nginx进程')
assert bdel_res == 1
# 检查策略移除是否成功
for key in self.case1_step1:
re = fun.wait_data(self.case1_step1[key][0], 'FrontDut', self.case1_step1[key][1], '配置', 100, flag='不存在')
print(re)
assert self.case1_step1[key][1] not in re
def test_iso_tcp_keyword_a3(self):
# 下发配置
fun.send(rbmExc, message.addtcp_front['AddCustomAppPolicy'], FrontDomain, base_path)
fun.send(rbmExc, message.addtcp_back['AddCustomAppPolicy'], BackDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process')
front_res = fun.nginx_worker('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process', name='前置机nginx进程')
assert front_res == 1
fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
back_res = fun.nginx_worker('ps -ef |grep nginx', 'BackDut', 'nginx: worker process', name='后置机nginx进程')
assert back_res == 1
# 检查配置下发是否成功
for key in self.case3_step1:
re = fun.wait_data(self.case3_step1[key][0], 'FrontDut', self.case3_step1[key][1], '配置', 100)
print(re)
assert self.case3_step1[key][1] in re
for key in self.case3_step11:
re = fun.wait_data(self.case3_step11[key][0], 'FrontDut', self.case3_step11[key][1], '配置', 100)
print(re)
assert self.case3_step11[key][1] in re
# # 发送get请求,包含关键字过滤为get的请求应该被禁止
# print('请求地址为{}'.format(http_url))
# status_code = http_check.http_get(http_url)
# print('包含关键字过滤为get的请求返回的状态码为:{}'.format(status_code))
# assert status_code == 0
# 移除策略,清空环境
fun.send(rbmExc, message.deltcp_front['DelCustomAppPolicy'], FrontDomain, base_path)
fun.send(rbmExc, message.deltcp_back['DelCustomAppPolicy'], BackDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process')
fdel_res = fun.nginx_worker('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process', name='前置机nginx进程')
assert fdel_res == 1
fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
bdel_res = fun.nginx_worker('ps -ef |grep nginx', 'BackDut', 'nginx: worker process', name='后置机nginx进程')
assert bdel_res == 1
# 检查策略移除是否成功
for key in self.case3_step1:
re = fun.wait_data(self.case3_step1[key][0], 'FrontDut', self.case3_step1[key][1], '配置', 100, flag='不存在')
print(re)
assert self.case3_step1[key][1] not in re
def test_iso_http_basic_a3(self):
# 下发配置
fun.send(rbmExc, message.addhttp_front_post['AddCustomAppPolicy'],
FrontDomain, base_path)
fun.send(rbmExc, message.addhttp_back_post['AddCustomAppPolicy'],
BackDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'FrontDut',
'nginx: worker process')
fun.nginx_worker('ps -ef |grep nginx', 'FrontDut',
'nginx: worker process')
fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
fun.nginx_worker('ps -ef |grep nginx', 'BackDut',
'nginx: worker process')
# 检查配置下发是否成功
for key in self.case3_step1:
re = fun.wait_data(self.case3_step1[key][0], 'FrontDut',
self.case3_step1[key][1], '配置', 100)
print(re)
assert self.case3_step1[key][1] in re
for key in self.case3_step11:
re = fun.wait_data(self.case3_step11[key][0], 'FrontDut',
self.case3_step11[key][1], '配置', 100)
print(re)
assert self.case3_step11[key][1] in re
#服务器端开启post上传服务
#发送post请求,验证post请求是否正常
print('请求地址为{}'.format(self.http_url))
content = http_check.http_post(self.http_url)
print('post普通请求的请求内容为:{}'.format(content))
# 发送post请求,验证隔离下的http策略上传一个10M大小的文件
print('上传的服务器地址为{}'.format(self.upfile_url))
result = http_check.http_upload(self.upfile_url, self.upfilename,
self.uplocalPath, self.upMIME_type)
assert result == 1
def test_mail_check_addr_a2(self):
# 下发配置
fun.send(rbmExc, message.addsmtp['AddAgent'], rbmDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process')
fun.send(rbmExc, message.addpop3['AddAgent'], rbmDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process')
# 检查配置下发是否成功
for key in self.case2_step1:
re = fun.wait_data(self.case2_step1[key][0], 'gw',
self.case2_step1[key][1], '配置', 100)
print(re)
assert self.case2_step1[key][1] in re
for key in self.case2_step11:
re = fun.wait_data(self.case2_step11[key][0], 'gw',
self.case2_step11[key][1], '配置', 100)
print(re)
assert self.case2_step11[key][1] in re
fun.send(rbmExc, message.mailcheck2['SetMailCheck'], rbmDomain,
base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process')
for key in self.case2_step2:
re = fun.wait_data(self.case2_step2[key][0], 'gw',
self.case2_step2[key][1], '配置', 100)
print(re)
assert self.case2_step2[key][1] in re
# 发送邮件,邮件地址为白名单地址
result1 = send_smtp.post_email(self.mail_sender, self.mail_receivers,
self.mail_cc, self.mail_bcc,
self.mail_host, self.mail_port,
self.mail_user, self.mail_pass,
self.attach_path, self.file, self.title,
self.context, 0, 0)
print('白名单地址{}结果为:{}'.format(self.mail_sender, result1))
assert result1 == 1
# 接收邮件
msg = recv_pop3.get_email(self.pop3_email, self.pop3_pwd,
self.pop3_server_host, self.pop3_server_port)
mail_list = recv_pop3.print_info(msg) # 解析
assert self.title, self.context in mail_list
print('白名单接收者{}成功接收邮件'.format(self.pop3_email))
# 发送邮件,邮件地址为非白名单地址
result2 = send_smtp.post_email(self.deny_mail, self.mail_receivers,
self.mail_cc, self.mail_bcc,
self.mail_host, self.mail_port,
self.deny_mail, self.deny_pwd,
self.attach_path, self.file, self.title,
self.context, 0, 0)
print('非白名单地址{}结果为:{}'.format(self.deny_mail, result2))
assert result2 == 0
def test_http_check_MIME_deny_a1(self):
# 下发配置
fun.send(rbmExc, message.addhttp['AddAgent'], rbmDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process')
# 检查配置下发是否成功
for key in self.case1_step1:
re = fun.wait_data(self.case1_step1[key][0], 'gw',
self.case1_step1[key][1], '配置', 100)
print(re)
assert self.case1_step1[key][1] in re
fun.send(rbmExc, message.httpcheck1['SetHttpCheck'], rbmDomain,
base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process')
for key in self.case1_step2:
re = fun.wait_data(self.case1_step2[key][0], 'gw',
self.case1_step2[key][1], '配置', 100)
print(re)
assert self.case1_step2[key][1] in re
# 发送get请求,不指定内容的普通请求
content = http_check.http_get(url)
print('get普通请求的请求内容为:{}'.format(content))
assert content == http_content
# 发送get请求,请求内容不包含MIME黑名单
status_code = http_check.http_get(self.base_uri, self.data, flag=1)
print('get请求内容不包含MIME黑名单返回的状态码为:{}'.format(status_code))
assert status_code == 200
# 发送get请求,请求内容包含MIME黑名单
status_code = http_check.http_get(self.case1_uri, self.data, flag=1)
print('get请求内容包含MIME黑名单返回的状态码为:{}'.format(status_code))
assert status_code == 403
def test_mail_check_extend_a1(self):
# 下发配置
fun.send(rbmExc, message.addsmtp['AddAgent'], rbmDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process')
fun.send(rbmExc, message.addpop3['AddAgent'], rbmDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process')
# 检查配置下发是否成功
for key in self.case1_step1:
re = fun.wait_data(self.case1_step1[key][0], 'gw',
self.case1_step1[key][1], '配置', 100)
print(re)
assert self.case1_step1[key][1] in re
for key in self.case1_step11:
re = fun.wait_data(self.case1_step11[key][0], 'gw',
self.case1_step11[key][1], '配置', 100)
print(re)
assert self.case1_step11[key][1] in re
fun.send(rbmExc, message.mailcheck1['SetMailCheck'], rbmDomain,
base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process')
for key in self.case1_step2:
re = fun.wait_data(self.case1_step2[key][0], 'gw',
self.case1_step2[key][1], '配置', 100)
print(re)
assert self.case1_step2[key][1] in re
# 发送邮件,邮件地址为黑名单文件扩展名
result1 = send_smtp.post_email(self.mail_sender, self.mail_receivers,
self.mail_cc, self.mail_bcc,
self.mail_host, self.mail_port,
self.mail_user, self.mail_pass,
self.case1_attach1, self.case1_file1,
self.case1_title, self.context, 0, 1)
print('黑名单文件扩展名{}结果为:{}'.format(self.case1_file1, result1))
assert result1 == 0
# 发送邮件,邮件地址为非黑名单文件扩展名
result2 = send_smtp.post_email(self.mail_sender, self.mail_receivers,
self.mail_cc, self.mail_bcc,
self.mail_host, self.mail_port,
self.mail_user, self.mail_pass,
self.case1_attach2, self.case1_file2,
self.case1_title, self.context, 0, 1)
print('非黑名单文件扩展名{}结果为:{}'.format(self.case1_file2, result2))
assert result2 == 1
# 接收邮件
msg = recv_pop3.get_email(self.pop3_email, self.pop3_pwd,
self.pop3_server_host, self.pop3_server_port)
mail_list = recv_pop3.print_info(msg) # 解析
assert self.case1_title, self.context in mail_list
def test_iso_http_basic_a2(self):
# 下发配置
fun.send(rbmExc, message.addhttp_front['AddCustomAppPolicy'],
FrontDomain, base_path)
fun.send(rbmExc, message.addhttp_back['AddCustomAppPolicy'],
BackDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'FrontDut',
'nginx: worker process')
fun.nginx_worker('ps -ef |grep nginx', 'FrontDut',
'nginx: worker process')
fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
fun.nginx_worker('ps -ef |grep nginx', 'BackDut',
'nginx: worker process')
# 检查配置下发是否成功
for key in self.case2_step1:
re = fun.wait_data(self.case2_step1[key][0], 'FrontDut',
self.case2_step1[key][1], '配置', 100)
print(re)
assert self.case2_step1[key][1] in re
for key in self.case2_step11:
re = fun.wait_data(self.case2_step11[key][0], 'FrontDut',
self.case2_step11[key][1], '配置', 100)
print(re)
assert self.case2_step11[key][1] in re
# 发送get请求,验证get请求是否正常
print('请求地址为{}'.format(http_url))
content = http_check.http_get(http_url)
print('验证隔离下的get请求内容为:{}'.format(content))
# 发送get请求,验证隔离下的http策略下载一个10M大小的文件
print('下载的服务器地址为{}'.format(self.downfile_url))
result = http_check.http_download(self.downfile_url,
self.downlocalPath)
assert result == 1
def test_mail_check_addr_a1(self):
# 下发配置
fun.send(rbmExc, message.addsmtp['AddAgent'], rbmDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process')
fun.send(rbmExc, message.addpop3['AddAgent'], rbmDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process')
# 检查配置下发是否成功
for key in self.case1_step1:
re = fun.wait_data(self.case1_step1[key][0], 'gw',
self.case1_step1[key][1], '配置', 100)
print(re)
assert self.case1_step1[key][1] in re
for key in self.case1_step11:
re = fun.wait_data(self.case1_step11[key][0], 'gw',
self.case1_step11[key][1], '配置', 100)
print(re)
assert self.case1_step11[key][1] in re
fun.send(rbmExc, message.mailcheck1['SetMailCheck'], rbmDomain,
base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process')
length = len(self.case1_step2)
print(length)
for key in self.case1_step2:
re = fun.wait_data(self.case1_step2[key][0], 'gw',
self.case1_step2[key][1], '配置', 100)
print(re)
assert self.case1_step2[key][1] in re
# 发送邮件,邮件地址为白名单地址
result1 = send_smtp.post_email(self.mail_sender, self.mail_receivers,
self.mail_cc, self.mail_bcc,
self.mail_host, self.mail_port,
self.mail_user, self.mail_pass,
self.attach_path, self.file, self.title,
self.context, 0, 0)
print('白名单地址{}结果为:{}'.format(self.mail_sender, result1))
assert result1 == 1
# 发送邮件,邮件地址为非白名单地址
result2 = send_smtp.post_email(self.deny_mail, self.mail_receivers,
self.mail_cc, self.mail_bcc,
self.mail_host, self.mail_port,
self.deny_mail, self.deny_pwd,
self.attach_path, self.file, self.title,
self.context, 0, 0)
print('非白名单地址{}结果为:{}'.format(self.deny_mail, result2))
assert result2 == 0
def test_iso_tcp_a1(self):
# 下发配置
fun.send(rbmExc, message.addsmtp_front['AddCustomAppPolicy'], FrontDomain, base_path)
fun.send(rbmExc, message.addsmtp_back['AddCustomAppPolicy'], BackDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process')
fun.nginx_worker('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process')
fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
fun.nginx_worker('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
fun.send(rbmExc, message.addpop3_front['AddCustomAppPolicy'], FrontDomain, base_path)
fun.send(rbmExc, message.addpop3_back['AddCustomAppPolicy'], BackDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process')
fun.nginx_worker('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process')
fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
fun.nginx_worker('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
# 检查配置下发是否成功
for key in self.case1_step1:
re = fun.wait_data(self.case1_step1[key][0], 'FrontDut', self.case1_step1[key][1], '配置', 100)
print(re)
assert self.case1_step1[key][1] in re
for key in self.case1_step11:
re = fun.wait_data(self.case1_step11[key][0], 'FrontDut', self.case1_step11[key][1], '配置', 100)
print(re)
assert self.case1_step11[key][1] in re
# 发送邮件,检测隔离代理是否生效
result = send_smtp.post_email(self.mail_sender, self.mail_receivers, self.mail_cc, self.mail_bcc,
self.mail_host, self.mail_port, self.mail_user, self.mail_pass,
self.attach_path, self.file, self.title, self.context, 0, 0)
print('隔离下的邮件代理{}结果为:{}'.format(self.title,result))
assert result == 1
# 接收邮件
msg = recv_pop3.get_email(self.pop3_email, self.pop3_pwd, proxy_ip, self.pop3_proxy_port)
print(msg)
mail_list = recv_pop3.print_info(msg) # 解析
print('接收邮件解析到的列表为{}'.format(mail_list))
assert self.title, self.context in mail_list
def iso_teardown_met(protocol, base_path):
start = time.time()
if protocol == 'mail':
fun.send(rbmExc, message.delsmtp_front['DelCustomAppPolicy'], FrontDomain, base_path)
fun.send(rbmExc, message.delsmtp_back['DelCustomAppPolicy'], BackDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process')
fun.nginx_worker('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process')
fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
fun.nginx_worker('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
fun.send(rbmExc, message.delpop3_front['DelCustomAppPolicy'], FrontDomain, base_path)
fun.send(rbmExc, message.delpop3_back['DelCustomAppPolicy'], BackDomain, base_path)
elif protocol == 'ftp':
fun.send(rbmExc, message.delftp['DelAgent'], rbmDomain, base_path)
elif protocol == 'http':
fun.send(rbmExc, message.delhttp['DelAgent'], rbmDomain, base_path)
else:
pass
fun.wait_data('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process')
fun.nginx_worker('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process')
fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
fun.nginx_worker('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
print("=========================== data_check_teardown_met 结束 耗时:{}s ==================================".format(
time.time() - start))
def test_iso_mail_check_alltype_a1(self):
# 下发配置
print(
'1、下发邮件的隔离代理:代理ip为前置机安全卡的ip,port为8885(smtp)和8886(pop3),等待nginx的24个进程起来;cat /etc/jsac/customapp.stream应该包含代理ip和port,netstat -anp |grep tcp应该可以查看到监听ip和端口'
)
fun.send(rbmExc, message.addsmtp_front['AddCustomAppPolicy'],
FrontDomain, base_path)
fun.send(rbmExc, message.addsmtp_back['AddCustomAppPolicy'],
BackDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'FrontDut',
'nginx: worker process')
front_res1 = fun.nginx_worker('ps -ef |grep nginx',
'FrontDut',
'nginx: worker process',
name='前置机nginx进程')
assert front_res1 == 1
fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
back_res1 = fun.nginx_worker('ps -ef |grep nginx',
'BackDut',
'nginx: worker process',
name='后置机nginx进程')
assert back_res1 == 1
fun.send(rbmExc, message.addpop3_front['AddCustomAppPolicy'],
FrontDomain, base_path)
fun.send(rbmExc, message.addpop3_back['AddCustomAppPolicy'],
BackDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'FrontDut',
'nginx: worker process')
front_res2 = fun.nginx_worker('ps -ef |grep nginx',
'FrontDut',
'nginx: worker process',
name='前置机nginx进程')
assert front_res2 == 1
fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
back_res2 = fun.nginx_worker('ps -ef |grep nginx',
'BackDut',
'nginx: worker process',
name='后置机nginx进程')
assert back_res2 == 1
# 检查配置下发是否成功
for key in self.case1_step1:
re = fun.wait_data(self.case1_step1[key][0], 'FrontDut',
self.case1_step1[key][1], '配置', 100)
print(re)
assert self.case1_step1[key][1] in re
for key in self.case1_step11:
re = fun.wait_data(self.case1_step11[key][0], 'FrontDut',
self.case1_step11[key][1], '配置', 100)
print(re)
assert self.case1_step11[key][1] in re
print(
'2、下发地址白名单:[email protected]、[email protected];黑名单主题:test;黑名单文件名:test;附件扩展名黑名单:txt,等待nginx的24个进程起来;cat /etc/jsac/filter.json文件应该包含:allow-from、deny-topic、deny-basename、deny-suffix和地址白名单:[email protected]、[email protected];黑名单主题:test;黑名单文件名:test;附件扩展名黑名单:txt'
)
fun.send(rbmExc, message.mailcheck1['SetMailCheck'], FrontDomain,
base_path)
fun.wait_data('ps -ef |grep nginx', 'FrontDut',
'nginx: worker process')
add_check = fun.nginx_worker('ps -ef |grep nginx', 'FrontDut',
'nginx: worker process')
assert add_check == 1
for key in self.case1_step2:
re = fun.wait_data(self.case1_step2[key][0], 'FrontDut',
self.case1_step2[key][1], '配置', 100)
print(re)
assert self.case1_step2[key][1] in re
# 1、发送邮件,邮件地址为非白名单地址
print('3、控制台发送邮件,邮件地址为非白名单地址:[email protected],查看发送结果;发送失败')
result1 = send_smtp.post_email(self.deny_mail, self.mail_receivers,
self.mail_cc, self.mail_bcc,
self.mail_host, self.mail_port,
self.deny_mail, self.deny_pwd,
self.attach_path, self.deny_name_file,
self.title, self.context, 0, 1)
print('非白名单地址{}结果为:{}'.format(self.deny_mail, result1))
assert result1 == 0
# 2、发送邮件,邮件地址为黑名单主题
print('4、控制台发送邮件,邮件主题为黑名单主题:test,查看发送结果;发送失败')
result2 = send_smtp.post_email(self.mail_sender, self.mail_receivers,
self.mail_cc, self.mail_bcc,
self.mail_host, self.mail_port,
self.mail_user, self.mail_pass,
self.attach_path, self.deny_name_file,
self.deny_title, self.context, 0, 1)
print('黑名单主题{}结果为:{}'.format(self.deny_title, result2))
assert result2 == 0
# 3、发送邮件,邮件地址为黑名单文件名
print('5、控制台发送邮件,邮件附件文件名为黑名单文件名:test,查看发送结果;发送失败')
result3 = send_smtp.post_email(self.mail_sender, self.mail_receivers,
self.mail_cc, self.mail_bcc,
self.mail_host, self.mail_port,
self.mail_user, self.mail_pass,
self.attach_file, self.deny_name_file,
self.title, self.context, 0, 1)
print('黑名单文件名{}结果为:{}'.format(self.deny_name_file, result3))
assert result3 == 0
# 4、发送邮件,邮件地址为黑名单文件扩展名
print('6、控制台发送邮件,邮件附件扩展名为黑名单扩展名:txt,查看发送结果;发送失败')
result4 = send_smtp.post_email(
self.mail_sender, self.mail_receivers, self.mail_cc, self.mail_bcc,
self.mail_host, self.mail_port, self.mail_user, self.mail_pass,
self.attach_extend, self.deny_extend_file, self.title,
self.context, 0, 1)
print('黑名单文件扩展名{}结果为:{}'.format(self.deny_extend_file, result4))
assert result4 == 0
# 5、发送邮件,邮件地址为白名单地址、非黑名单主题、非黑名单文件名、非黑名单文件扩展名
print(
'7、控制台发送邮件,邮件地址为白名单地址:[email protected];非黑名单主题:我不是黑名单主题,测试多种类型(隔离的数据结构检查);附件文件名为非黑名单:1;附件扩展名为非黑名单:xls,查看发送结果;发送成功'
)
result5 = send_smtp.post_email(self.mail_sender, self.mail_receivers,
self.mail_cc, self.mail_bcc,
self.mail_host, self.mail_port,
self.mail_user, self.mail_pass,
self.attach_path, self.file, self.title,
self.context, 0, 1)
print('各种参数均为白名单结果为:{}'.format(result5))
assert result5 == 1
# 接收邮件
print(
'8、接收邮件,接收邮件地址为白名单地址:[email protected],查看pop3协议收到的邮件内容是否为刚刚发送的;接收邮件内容为非黑名单扩展名发送的'
)
msg = recv_pop3.get_email(self.pop3_email, self.pop3_pwd,
self.pop3_server_host, self.pop3_server_port)
mail_list = recv_pop3.print_info(msg) # 解析
assert self.title, self.context in mail_list
# 移除策略,还原环境
print(
'9、移除邮件的隔离策略,清空环境,等待nginx的24个进程起来;cat /etc/jsac/customapp.stream应该不包含代理ip和port'
)
fun.send(rbmExc, message.delsmtp_front['DelCustomAppPolicy'],
FrontDomain, base_path)
fun.send(rbmExc, message.delsmtp_back['DelCustomAppPolicy'],
BackDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'FrontDut',
'nginx: worker process')
fdel_res1 = fun.nginx_worker('ps -ef |grep nginx',
'FrontDut',
'nginx: worker process',
name='前置机nginx进程')
assert fdel_res1 == 1
fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
bdel_res1 = fun.nginx_worker('ps -ef |grep nginx',
'BackDut',
'nginx: worker process',
name='后置机nginx进程')
assert bdel_res1 == 1
fun.send(rbmExc, message.delpop3_front['DelCustomAppPolicy'],
FrontDomain, base_path)
fun.send(rbmExc, message.delpop3_back['DelCustomAppPolicy'],
BackDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'FrontDut',
'nginx: worker process')
fdel_res2 = fun.nginx_worker('ps -ef |grep nginx',
'FrontDut',
'nginx: worker process',
name='前置机nginx进程')
assert fdel_res2 == 1
fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
bdel_res2 = fun.nginx_worker('ps -ef |grep nginx',
'BackDut',
'nginx: worker process',
name='后置机nginx进程')
assert bdel_res2 == 1
# 检查策略移除是否成功
for key in self.case1_step1:
re = fun.wait_data(self.case1_step1[key][0],
'FrontDut',
self.case1_step1[key][1],
'配置',
100,
flag='不存在')
print(re)
assert self.case1_step1[key][1] not in re
# 检查邮件策略是否清空
print(
'10、移除邮件策略,等待nginx的24个进程起来;cat /etc/jsac/filter.json文件应该不包含:mail协议'
)
fun.send(rbmExc, message.delmailcheck['DropMailCheck'], FrontDomain,
base_path)
fun.wait_data('ps -ef |grep nginx', 'FrontDut',
'nginx: worker process')
del_check = fun.nginx_worker('ps -ef |grep nginx', 'FrontDut',
'nginx: worker process')
assert del_check == 1
for key in self.delcheck:
re = fun.wait_data(self.delcheck[key][0],
'FrontDut',
self.delcheck[key][1],
'配置',
100,
flag='不存在')
assert self.delcheck[key][1] not in re
def test_customapp_massage_value_equal(self):
# 下发配置
fun.send(
rbmExc,
message.add_app_massage_value_equal_front['AddCustomAppPolicy'],
FrontDomain, base_path)
fun.send(
rbmExc,
message.add_app_massage_value_equal_back['AddCustomAppPolicy'],
BackDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'FrontDut',
'nginx: worker process')
front_res1 = fun.nginx_worker('ps -ef |grep nginx',
'FrontDut',
'nginx: worker process',
name='前置机nginx进程')
assert front_res1 == 1
fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
back_res1 = fun.nginx_worker('ps -ef |grep nginx',
'BackDut',
'nginx: worker process',
name='后置机nginx进程')
assert back_res1 == 1
# 检查配置下发是否成功
for key in self.case1_step1:
re = fun.wait_data(self.case1_step1[key][0], 'FrontDut',
self.case1_step1[key][1], '前置机配置', 100)
assert self.case1_step1[key][1] in re
for key in self.case1_step2:
re = fun.wait_data(self.case1_step2[key][0], 'FrontDut',
self.case1_step2[key][1], '前置机配置', 100)
assert self.case1_step2[key][1] in re
for key in self.case0_step1:
re = fun.wait_data(self.case0_step1[key][0], 'BackDut',
self.case0_step1[key][1], '后置机配置', 100)
assert self.case0_step1[key][1] in re
# 发送请求,检测定制应用通信策略是否生效
status_code = http_check.http_get(url, flag=1)
print('url:', url)
print('验证过滤类型为数值时,测试报文值等于比较值时定制应用通信情况,get请求的请求内容为:{}'.format(
status_code))
assert status_code == 200
# 文件查看audit日志
fun.wait_data(
f"grep -n {proxy_port} /usr/local/nginx/logs/audit.log |tail -2",
'FrontDut',
self.case1_step3['step1'][0],
'检查数值0x50545448',
300,
flag='存在')
for key in self.case1_step3:
re = fun.cmd(
f"grep -n {proxy_port} /usr/local/nginx/logs/audit.log |tail -2 ",
'FrontDut')
print('re:', re)
assert self.case1_step3[key][0] in re
#移除策略
fun.send(rbmExc, message.del_app_end_deny_front['DelCustomAppPolicy'],
FrontDomain, base_path)
fun.send(rbmExc, message.del_app_end_deny_back['DelCustomAppPolicy'],
BackDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'FrontDut',
'nginx: worker process')
front_res1 = fun.nginx_worker('ps -ef |grep nginx',
'FrontDut',
'nginx: worker process',
name='前置机nginx进程')
assert front_res1 == 1
fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
back_res1 = fun.nginx_worker('ps -ef |grep nginx',
'BackDut',
'nginx: worker process',
name='后置机nginx进程')
assert back_res1 == 1
#检查配置移除是否成功
for key in self.case1_step1:
re = fun.wait_data(self.case1_step1[key][0],
'FrontDut',
self.case1_step1[key][1],
'前置机配置',
100,
flag='不存在')
assert self.case1_step1[key][1] not in re
for key in self.case0_step1:
re = fun.wait_data(self.case0_step1[key][0],
'BackDut',
self.case0_step1[key][1],
'后置机配置',
100,
flag='不存在')
assert self.case0_step1[key][1] not in re
def test_iso_tcp_keyword_a1(self):
# 下发配置
fun.send(rbmExc, message.addsmtp_front['AddCustomAppPolicy'], FrontDomain, base_path)
fun.send(rbmExc, message.addsmtp_back['AddCustomAppPolicy'], BackDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process')
front_res1 = fun.nginx_worker('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process', name='前置机nginx进程')
assert front_res1 == 1
fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
back_res1 = fun.nginx_worker('ps -ef |grep nginx', 'BackDut', 'nginx: worker process', name='后置机nginx进程')
assert back_res1 == 1
fun.send(rbmExc, message.addpop3_front['AddCustomAppPolicy'], FrontDomain, base_path)
fun.send(rbmExc, message.addpop3_back['AddCustomAppPolicy'], BackDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process')
front_res2 = fun.nginx_worker('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process', name='前置机nginx进程')
assert front_res2 == 1
fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
back_res2 = fun.nginx_worker('ps -ef |grep nginx', 'BackDut', 'nginx: worker process', name='后置机nginx进程')
assert back_res2 == 1
# 检查配置下发是否成功
for key in self.case1_step1:
re = fun.wait_data(self.case1_step1[key][0], 'FrontDut', self.case1_step1[key][1], '配置', 100)
print(re)
assert self.case1_step1[key][1] in re
for key in self.case1_step11:
re = fun.wait_data(self.case1_step11[key][0], 'FrontDut', self.case1_step11[key][1], '配置', 100)
print(re)
assert self.case1_step11[key][1] in re
# # 发送邮件,邮件主题包含关键字过滤内容
# result1 = send_smtp.post_email(self.mail_sender, self.mail_receivers, self.mail_cc, self.mail_bcc,
# self.mail_host, self.mail_port, self.mail_user, self.mail_pass,
# self.attach_path, self.file, self.smtp_keyword, self.context, 0, 0)
# print('邮件主题包含关键字过滤内容{}的结果为:{}'.format(self.smtp_keyword, result1))
# assert result1 == 0
#
# # 发送邮件,邮件主题不包含关键字过滤内容
# result2 = send_smtp.post_email(self.mail_sender, self.mail_receivers, self.mail_cc, self.mail_bcc,
# self.mail_host, self.mail_port, self.mail_user, self.mail_pass,
# self.attach_path, self.file, self.pop3_keyword, self.context, 0, 0)
# print('邮件主题不包含关键字过滤内容的结果为:{}'.format(result2))
# assert result2 == 1
#
# # 接收邮件
# msg = recv_pop3.get_email(self.pop3_email, self.pop3_pwd, proxy_ip, self.pop3_proxy_port)
# print(msg)
# mail_list = recv_pop3.print_info(msg) # 解析
# print('接收邮件解析到的列表为{}'.format(mail_list))
# assert self.pop3_keyword not in mail_list
# 移除策略,清空环境
fun.send(rbmExc, message.delsmtp_front['DelCustomAppPolicy'], FrontDomain, base_path)
fun.send(rbmExc, message.delsmtp_back['DelCustomAppPolicy'], BackDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process')
fdel_res1 = fun.nginx_worker('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process', name='前置机nginx进程')
assert fdel_res1 == 1
fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
bdel_res1 = fun.nginx_worker('ps -ef |grep nginx', 'BackDut', 'nginx: worker process', name='后置机nginx进程')
assert bdel_res1 == 1
fun.send(rbmExc, message.delpop3_front['DelCustomAppPolicy'], FrontDomain, base_path)
fun.send(rbmExc, message.delpop3_back['DelCustomAppPolicy'], BackDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process')
fdel_res2 = fun.nginx_worker('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process', name='前置机nginx进程')
assert fdel_res2 == 1
fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
bdel_res2 = fun.nginx_worker('ps -ef |grep nginx', 'BackDut', 'nginx: worker process', name='后置机nginx进程')
assert bdel_res2 == 1
# 检查策略移除是否成功
for key in self.case1_step1:
re = fun.wait_data(self.case1_step1[key][0], 'FrontDut', self.case1_step1[key][1], '配置', 100, flag='不存在')
print(re)
assert self.case1_step1[key][1] not in re
