def test_bats_002_disable_pseudotap(sut_handle, shieldx_logger):
# Initialize
cloud_mgmt = CloudMgmt(sut_handle)
# List Infra Connectors
cloud_list = cloud_mgmt.get_cloud_infra()
name = "Juan-Azure-Cloud"
pseudotap = False
client_secret_key = "rwQBYeXhg5Isgyxlxa5cOW1wCdK7XdBE/vLYT4lA0I0="
# Before change
cloud = cloud_mgmt.get_cloud_infra_by_name(name)
if cloud is not None:
shieldx_logger.info("Before pseudotap change")
shieldx_logger.info("Cloud Info: {}".format(cloud))
else:
assert False, "Get cloud failed!"
# Set pseudotap
cloud["inlinePassiveInspection"] = pseudotap
cloud["clientSecretKey"] = client_secret_key
update_cloud = {key: value for key, value in cloud.items() if value}
shieldx_logger.info("Update Cloud: {}".format(update_cloud))
cloud_mgmt.update_cloud_infra(update_cloud)
# Check job
time.sleep(60)
# After change
cloud = cloud_mgmt.get_cloud_infra_by_name(name)
shieldx_logger.info("After pseudotap change")
shieldx_logger.info("Cloud Info: {}".format(cloud))
def test_bats_001_create_resource_group(sut_handle, config_file, datadir,
shieldx_logger):
# Initialize
cloud_mgmt = CloudMgmt(sut_handle)
# JSON Config Reader
config_reader = CCR()
# Selected Rule IDs
resolved_input_json_file = str((datadir / config_file).resolve())
rg_config = config_reader.read_json_config(resolved_input_json_file)
# Create resource Group
resource_group = rg_config["rg1"]
resource_group["name"] = "VP_ResourceGroup"
resource_group["description"] = "CIDR Based RG"
resource_group["purpose"] = "POLICY"
resource_group["resourceType"] = "CIDR"
resource_group["memberList"] = [{
"id": 0,
"cidr": "192.168.131.5/32"
}, {
"id": 0,
"cidr": "192.168.131.51/32"
}]
rg_id = cloud_mgmt.create_resource_group(resource_group)
shieldx_logger.info("Resource Group Created, ID: {}".format(rg_id))
def test_bats_000_get_resource_groups(sut_handle, shieldx_logger):
# Initialize
cloud_mgmt = CloudMgmt(sut_handle)
# Create resource Group
resource_groups = cloud_mgmt.get_resource_groups()
for resource_group in resource_groups:
shieldx_logger.info("Resource Group: {}".format(resource_group))
def test_bats_003_del_resource_group_by_name(sut_handle, shieldx_logger):
# Initialize
cloud_mgmt = CloudMgmt(sut_handle)
# Create resource Group
rg_name = "VP_ResourceGroup"
is_deleted = cloud_mgmt.remove_resource_group_by_name(rg_name)
shieldx_logger.info("Remove RG Status: {}".format(is_deleted))
def test_bats_002_get_resource_group_by_name(sut_handle, shieldx_logger):
# Initialize
cloud_mgmt = CloudMgmt(sut_handle)
# Create resource Group
rg_name = "VP_ResourceGroup"
rg = cloud_mgmt.get_resource_group_by_name(rg_name)
shieldx_logger.info("Resource Group: {}".format(rg))
def test_create_aws_connector(sut_handle, shieldx_logger, datadir,
input_json_file):
# Initialize
cloud_mgmt = CloudMgmt(sut_handle)
config_reader = CCR()
converter = DSC()
resolved_input_json_file = str((datadir / input_json_file).resolve())
cloud_payload = dict(
config_reader.read_json_config(resolved_input_json_file))
aws_cloud = cloud_payload["aws_cloud"]
# Fetch ACL Policy, Default ACL Policy = 3
acl_id = 3
aws_cloud["aclPolicyId"] = acl_id
# Inline Inspection: Active | Passive
pseudo_tap = "false"
aws_cloud["inlinePassiveInspection"] = pseudo_tap
# Create Infra Connector
cloud_id = cloud_mgmt.create_cloud(aws_cloud)
shieldx_logger.info("Cloud Type: {}".format("AWS"))
shieldx_logger.info("Cloud ID: {}".format(cloud_id))
shieldx_logger.info("---")
# Initialize
jobs_mgmt = JobsApis(sut_handle)
jobs = jobs_mgmt.get_jobs()
# Get Latest Job
shieldx_logger.info("Jobs count: {}".format(len(jobs)))
job = jobs[0]
job_id = job["id"]
# Monitor job progress
is_completed = False
retry = 0
max_retry = 10
time.sleep(60)
while retry < max_retry:
job = jobs_mgmt.get_job_by_id(job_id)
shieldx_logger.info("Job {} - {} - {}".format(job["id"], job["state"],
job["status"]))
if job["state"] == "COMPLETED":
break
retry += 1
time.sleep(60)
def test_get_clouds(sut_handle, shieldx_logger):
# Initialize
cloud_mgmt = CloudMgmt(sut_handle)
# List Infra Connectors
cloud_list = cloud_mgmt.get_cloud_infra()
# Enumerate Infra Connectors
for cloud_info in cloud_list:
shieldx_logger.info("Cloud Type: {}".format(cloud_info["type"]))
shieldx_logger.info("Cloud Name: {}".format(cloud_info["name"]))
shieldx_logger.info("Cloud ID: {}".format(cloud_info["id"]))
shieldx_logger.info("---")
def test_delete_aws_connector(sut_handle, shieldx_logger, datadir,
input_json_file):
# Initialize
cloud_mgmt = CloudMgmt(sut_handle)
config_reader = CCR()
resolved_input_json_file = str((datadir / input_json_file).resolve())
cloud_payload = dict(
config_reader.read_json_config(resolved_input_json_file))
aws_cloud = cloud_payload["aws_cloud"]
name = aws_cloud["name"]
cloud_infra = cloud_mgmt.get_cloud_infra_by_name(name)
cloud_id = cloud_infra["id"]
shieldx_logger.info("Cloud Name: {}".format(name))
shieldx_logger.info("Cloud ID: {}".format(cloud_id))
shieldx_logger.info("---")
# Delete
cloud_mgmt.delete_cloud(cloud_id)
# Initialize
jobs_mgmt = JobsApis(sut_handle)
jobs = jobs_mgmt.get_jobs()
# Get Latest Job
shieldx_logger.info("Jobs count: {}".format(len(jobs)))
job = jobs[0]
job_id = job["id"]
# Monitor job progress
is_completed = False
retry = 0
max_retry = 10
time.sleep(60)
while not is_completed and retry < max_retry:
job = jobs_mgmt.get_job_by_id(job_id)
if job["state"] == "COMPLETED":
is_completed = True
shieldx_logger.info("Job {} - {} - {}".format(job["id"], job["state"],
job["status"]))
retry += 1
time.sleep(60)
def test_bats_000_check_cloud(sut_handle, shieldx_logger):
# Initialize
cloud_mgmt = CloudMgmt(sut_handle)
# List Infra Connectors
cloud_list = cloud_mgmt.get_cloud_infra()
# Enumerate Infra Connectors
for cloud_info in cloud_list:
shieldx_logger.info("Cloud Type: {}".format(cloud_info["type"]))
shieldx_logger.info("Cloud ID: {}".format(cloud_info["id"]))
shieldx_logger.info("Pseudo TAP: {}".format(
cloud_info["inlinePassiveInspection"]))
shieldx_logger.info("Cloud Info: {}".format(cloud_info))
shieldx_logger.info("---")
def test_get_aws_cloud_objects(sut_handle, shieldx_logger, datadir,
input_json_file):
# Initialize
cloud_mgmt = CloudMgmt(sut_handle)
config_reader = CCR()
converter = DSC()
resolved_input_json_file = str((datadir / input_json_file).resolve())
cloud_payload = dict(
config_reader.read_json_config(resolved_input_json_file))
aws_cloud = cloud_payload["aws_cloud"]
name = aws_cloud["name"]
cloud_infra = cloud_mgmt.get_cloud_infra_by_name(name)
cloud_id = cloud_infra["id"]
shieldx_logger.info("Cloud Name: {}".format(name))
shieldx_logger.info("Cloud ID: {}".format(cloud_id))
shieldx_logger.info("---")
# Objects
cloud_objects = cloud_mgmt.get_cloud_objects(cloud_id)
#for key in cloud_objects:
# shieldx_logger.info("{}".format(key))
# #shieldx_logger.info("{} - {}".format(key, cloud_objects[key]))
networks = converter.list_of_dict_to_dict(cloud_objects["networks"],
"name")
shieldx_logger.info("Network: {} - {}".format(
networks["Juan-Management-Subnet"]["name"],
networks["Juan-Management-Subnet"]["id"]))
shieldx_logger.info("Network: {} - {}".format(
networks["Juan-Backplane-Subnet"]["name"],
networks["Juan-Management-Subnet"]["id"]))
shieldx_logger.info("Network: {} - {}".format(
networks["Juan-Workload-Subnet"]["name"],
networks["Juan-Management-Subnet"]["id"]))
tenants = converter.list_of_dict_to_dict(cloud_objects["tenants"], "name")
shieldx_logger.info("Tenant: {} - {} - {}".format(
tenants["Juan-Test-VPC"]["name"], tenants["Juan-Test-VPC"]["id"],
tenants["Juan-Test-VPC"]["regionId"]))
def __init__(self, rest_session, logger):
# Logger
self.logger = logger
# Session
self.rest_session = rest_session
# Policy Mgmt
self.tpp_mgmt = TPP(rest_session)
self.sps_mgmt = SPS(rest_session)
self.acl_mgmt = ACL(rest_session)
self.cloud_mgmt = CloudMgmt(rest_session)
# SX Info
self._source_policy = "All Threats"
self._default_acl_policy = "Default ACL Policy"
# Payloads
self._payload = PolicyPayload()
# Cache All Threats
self.all_threats_cache = {}
self._cache_all_threats()
def test_create_deployment(sut_handle, shieldx_logger, datadir,
input_json_file):
# Initialize
cloud_mgmt = CloudMgmt(sut_handle)
dp_mgmt = DPMgmt(sut_handle)
config_reader = CCR()
converter = DSC()
resolved_input_json_file = str((datadir / input_json_file).resolve())
aws_payload = dict(
config_reader.read_json_config(resolved_input_json_file))
aws_cloud = aws_payload["aws_cloud"]
aws_deployment = aws_payload["aws_deployment"]
cloud_name = aws_cloud["name"]
cloud_infra = cloud_mgmt.get_cloud_infra_by_name(cloud_name)
cloud_id = cloud_infra["id"]
# Objects
cloud_objects = cloud_mgmt.get_cloud_objects(cloud_id)
networks = converter.list_of_dict_to_dict(cloud_objects["networks"],
"name")
tenants = converter.list_of_dict_to_dict(cloud_objects["tenants"], "name")
#for key in cloud_objects:
# shieldx_logger.info("{}".format(key))
# #shieldx_logger.info("{} - {}".format(key, cloud_objects[key]))
# Fill in deployment payload
tenant_name = aws_deployment["deploymentSpecification"]["tenantNameStr"]
mgmt_network_name = aws_deployment["deploymentSpecification"][
"mgmtNetworkNameStr"]
bkpln_network_name = aws_deployment["deploymentSpecification"][
"backPlaneNetworkStr"]
aws_deployment["cloudId"] = cloud_id
aws_deployment["deploymentSpecification"]["cloudId"] = cloud_id
aws_deployment["deploymentSpecification"]["cloudid"] = cloud_id
aws_deployment["deploymentSpecification"]["regionId"] = tenants[
tenant_name]["regionId"]
aws_deployment["deploymentSpecification"]["tenantId"] = tenants[
tenant_name]["id"]
aws_deployment["deploymentSpecification"]["availabilityZoneId"] = networks[
mgmt_network_name]["availabilityZoneId"]
aws_deployment["deploymentSpecification"]["mgmtNetworkId"] = networks[
mgmt_network_name]["id"]
aws_deployment["deploymentSpecification"]["backPlaneNetworkId"] = networks[
bkpln_network_name]["id"]
shieldx_logger.info("DP - {}".format(aws_deployment))
dp_id = dp_mgmt.create_deployment(aws_deployment)
shieldx_logger.info("Deployment ID: {}".format(dp_id))
shieldx_logger.info("---")
# Initialize
jobs_mgmt = JobsApis(sut_handle)
jobs = jobs_mgmt.get_jobs()
# Get Latest Job
shieldx_logger.info("Jobs count: {}".format(len(jobs)))
job = jobs[0]
job_id = job["id"]
# Monitor job progress
is_completed = False
retry = 0
max_retry = 10
time.sleep(60)
while retry < max_retry:
job = jobs_mgmt.get_job_by_id(job_id)
shieldx_logger.info("Job {} - {} - {}".format(job["id"], job["state"],
job["status"]))
if job["state"] == "COMPLETED":
break
retry += 1
time.sleep(60)