def test_01_setup(self, dev, state_map):
state = state_map.setdefault(dev)
state.err = True
state.fail_func = pytest.skip
state.parent = dev
state.tmpl = None
state.name = None
state.obj = None
state.targets = [testlib.random_name() for x in range(2)]
if self.FUNC is None:
pytest.skip('{0}.FUNC must be defined'.format(
self.__class__.__name__))
elif self.CLASS is None:
pytest.skip('{0}.CLASS must be defined'.format(
self.__class__.__name__))
elif self.PARAM is None:
pytest.skip('{0}.PARAM must be defined'.format(
self.__class__.__name__))
if isinstance(state.parent, Panorama):
tmpl = Template(testlib.random_name())
state.parent.add(tmpl)
v = Vsys('vsys2')
tmpl.add(v)
state.parent = v
tmpl.create()
state.tmpl = tmpl
else:
vsys_list = [
x.name for x in Vsys.refreshall(dev, add=False, name_only=True)
]
if 'vsys2' not in vsys_list:
pytest.skip('Firewall needs vsys2 to exist')
cls_args = {}
eth_args = {'mode': 'layer3'}
if self.CLASS == Vlan:
eth_args['mode'] = 'layer2'
elif self.CLASS == Zone:
cls_args['mode'] = 'layer3'
state.name = testlib.get_available_interfaces(state.parent)[0]
state.obj = EthernetInterface(state.name, **eth_args)
state.parent.add(state.obj)
if state.tmpl is None:
dev.vsys = 'vsys2'
instances = [
self.CLASS(state.targets[x], **cls_args) for x in range(2)
]
for x in instances:
state.parent.add(x)
x.create()
state.err = False
def create_dependencies(self, dev, state):
state.tags = [
objects.Tag(testlib.random_name(),
color='color{0}'.format(x),
comments=testlib.random_name())
for x in range(1, 5)
]
for x in state.tags:
dev.add(x)
x.create()
def test_01_setup(self, dev, state_map):
state = state_map.setdefault(dev)
state.err = True
state.fail_func = pytest.skip
state.parent = dev
state.tmpl = None
state.name = None
state.obj = None
state.targets = [testlib.random_name() for x in range(2)]
if self.FUNC is None:
pytest.skip('{0}.FUNC must be defined'.format(
self.__class__.__name__))
elif self.CLASS is None:
pytest.skip('{0}.CLASS must be defined'.format(
self.__class__.__name__))
elif self.PARAM is None:
pytest.skip('{0}.PARAM must be defined'.format(
self.__class__.__name__))
if isinstance(state.parent, Panorama):
tmpl = Template(testlib.random_name())
state.parent.add(tmpl)
v = Vsys('vsys2')
tmpl.add(v)
state.parent = v
tmpl.create()
state.tmpl = tmpl
else:
vsys_list = [x.name for x in Vsys.refreshall(dev, add=False, name_only=True)]
if 'vsys2' not in vsys_list:
pytest.skip('Firewall needs vsys2 to exist')
cls_args = {}
eth_args = {'mode': 'layer3'}
if self.CLASS == Vlan:
eth_args['mode'] = 'layer2'
elif self.CLASS == Zone:
cls_args['mode'] = 'layer3'
state.name = testlib.get_available_interfaces(state.parent)[0]
state.obj = EthernetInterface(state.name, **eth_args)
state.parent.add(state.obj)
if state.tmpl is None:
dev.vsys = 'vsys2'
instances = [self.CLASS(state.targets[x], **cls_args) for x in range(2)]
for x in instances:
state.parent.add(x)
x.create()
state.err = False
def setup_state_obj(self, dev, state):
state.obj = objects.Tag(
testlib.random_name(),
color='color1',
comments='My new tag',
)
dev.add(state.obj)
def create_dependencies(self, dev, state):
state.tag = None
state.services = [
objects.ServiceObject(
testlib.random_name(),
"tcp" if x % 2 == 0 else "udp",
destination_port=2000 + x,
description="Service {0}".format(x),
) for x in range(4)
]
for x in state.services:
dev.add(x)
x.create()
state.tag = objects.Tag(testlib.random_name(), "color5")
dev.add(state.tag)
state.tag.create()
def setup_state_obj(self, dev, state):
state.obj = objects.ServiceGroup(
testlib.random_name(),
[x.name for x in state.services[:2]],
tag=state.tag.name,
)
dev.add(state.obj)
def setup_state_obj(self, fw, state):
state.obj = network.Vlan(
testlib.random_name(),
state.eths[0],
state.vlan_interface.uid,
)
fw.add(state.obj)
def test_11_batch(self, fw, state_map):
fw.userid.clear_registered_ip() #Fresh start
fw.userid.batch_start()
users = [(testlib.random_name(), testlib.random_ip()) for i in range(5)]
fw.userid.logins(users)
ips = [testlib.random_ip() for x in range(5)]
tags = [testlib.random_name() for y in range(5)]
fw.userid.register(ips, tags)
fw.userid.unregister(ips[2], tags[4])
fw.userid.get_registered_ip(ips[0:3], tags[2:4])
new_ips = [testlib.random_ip() for x in range(3)]
new_tags = [testlib.random_name() for y in range(3)]
fw.userid.audit_registered_ip(dict([(ip, tuple(new_tags)) for ip in new_ips]))
fw.userid.get_registered_ip()
fw.userid.unregister(new_ips, new_tags)
fw.userid.batch_end()
def create_dependencies(self, dev, state):
state.tag = None
state.services = [
objects.ServiceObject(
testlib.random_name(),
'tcp' if x % 2 == 0 else 'udp',
destination_port=2000 + x,
description='Service {0}'.format(x))
for x in range(4)
]
for x in state.services:
dev.add(x)
x.create()
state.tag = objects.Tag(testlib.random_name(), 'color5')
dev.add(state.tag)
state.tag.create()
def create_dependencies(self, pano, state):
state.profiles = []
for x in range(2):
state.profiles.append(device.PasswordProfile(
testlib.random_name(), x, x, x, x))
pano.add(state.profiles[x])
state.profiles[0].create_similar()
def test_02_update_hostname(self, dev, state_map):
state = state_map.setdefault(dev)
if not state.got_device_config:
pytest.xfail('failed to get device config')
# Change the hostname
self.toggle_object_variable(state.dco, 'hostname',
testlib.random_name())
def setup_state_obj(self, dev, state):
state.obj = objects.AddressObject(
testlib.random_name(),
value=testlib.random_ip(),
type='ip-netmask',
description='This is a test',
)
dev.add(state.obj)
def setup_state_obj(self, fw, state):
state.obj = network.Zone(
testlib.random_name(), 'layer2', state.eths[0],
enable_user_identification=False,
include_acl=testlib.random_ip('/24'),
exclude_acl=testlib.random_ip('/24'),
)
fw.add(state.obj)
def create_dependencies(self, fw, state):
state.profiles = []
for x in range(2):
state.profiles.append(device.PasswordProfile(
testlib.random_name(), x, x, x, x))
fw.add(state.profiles[x])
fw.create_type(device.PasswordProfile)
def create_dependencies(self, dev, state):
state.aos = [
objects.AddressObject(testlib.random_name(), testlib.random_ip())
for x in range(4)
]
for x in state.aos:
dev.add(x)
x.create()
def setup_state_obj(self, fw, state):
state.obj = network.IpsecTunnel(
testlib.random_name(),
tunnel_interface=state.ti.name,
type='auto-key',
ak_ike_gateway=state.ike_gw.name,
ak_ipsec_crypto_profile='default',
)
fw.add(state.obj)
def setup_state_obj(self, fw, state):
state.obj = network.IpsecCryptoProfile(
testlib.random_name(),
ah_authentication=['md5', 'sha256'],
dh_group='group1',
lifetime_hours=4,
lifesize_gb=2,
)
fw.add(state.obj)
def setup_state_obj(self, fw, state):
state.obj = network.IpsecTunnel(
testlib.random_name(),
tunnel_interface=state.ti.name,
type='auto-key',
ak_ike_gateway=state.ike_gw.name,
ak_ipsec_crypto_profile='default',
)
fw.add(state.obj)
def setup_state_obj(self, dev, state):
state.obj = objects.ServiceObject(
testlib.random_name(),
protocol="tcp",
source_port="1025-65535",
destination_port="80,443,8080",
description="My service object",
)
dev.add(state.obj)
def setup_state_obj(self, dev, state):
state.obj = objects.ServiceObject(
testlib.random_name(),
protocol='tcp',
source_port='1025-65535',
destination_port='80,443,8080',
description='My service object',
)
dev.add(state.obj)
def test_11_batch(self, fw, state_map):
fw.userid.clear_registered_ip() # Fresh start
fw.userid.batch_start()
users = [(testlib.random_name(), testlib.random_ip())
for i in range(5)]
fw.userid.logins(users)
ips = [testlib.random_ip() for x in range(5)]
tags = [testlib.random_name() for y in range(5)]
fw.userid.register(ips, tags)
fw.userid.unregister(ips[2], tags[4])
fw.userid.get_registered_ip(ips[0:3], tags[2:4])
new_ips = [testlib.random_ip() for x in range(3)]
new_tags = [testlib.random_name() for y in range(3)]
fw.userid.audit_registered_ip(
dict([(ip, tuple(new_tags)) for ip in new_ips]))
fw.userid.get_registered_ip()
fw.userid.unregister(new_ips, new_tags)
fw.userid.batch_end()
def setup_state_obj(self, fw, state):
state.obj = network.IkeCryptoProfile(
testlib.random_name(),
authentication=['sha256', ],
dh_group=['group1', ],
lifetime_minutes=42,
)
fw.add(state.obj)
state.obj.set_encryption('3des')
def setup_state_obj(self, dev, state):
state.obj = objects.AddressGroup(
testlib.random_name(),
dynamic_value="'{0}' or '{1}'".format(
state.tags[0].name, state.tags[1].name),
description='This is my description',
tag=state.tags[2].name,
)
dev.add(state.obj)
def setup_state_obj(self, fw, state):
state.obj = network.IpsecCryptoProfile(
testlib.random_name(),
ah_authentication=['md5', 'sha256'],
dh_group='group1',
lifetime_hours=4,
lifesize_gb=2,
)
fw.add(state.obj)
def setup_state_obj(self, fw, state):
state.obj = network.Zone(
testlib.random_name(),
'layer2',
state.eths[0],
enable_user_identification=False,
include_acl=testlib.random_ip('/24'),
exclude_acl=testlib.random_ip('/24'),
)
fw.add(state.obj)
def setup_state_obj(self, fw, state):
state.obj = network.VirtualWire(
testlib.random_name(),
tag=random.randint(1, 4000),
interface1=state.eths[0],
interface2=state.eths[1],
multicast=True,
pass_through=False,
)
fw.add(state.obj)
def setup_state_obj(self, fw, state):
state.obj = network.StaticRoute(
testlib.random_name(),
destination=testlib.random_ip('/32'),
nexthop_type='ip-address',
nexthop=testlib.random_ip(),
admin_dist=random.randint(10, 240),
metric=random.randint(1, 65535),
)
state.vr.add(state.obj)
def setup_state_obj(self, fw, state):
state.obj = network.VirtualWire(
testlib.random_name(),
tag=random.randint(1, 4000),
interface1=state.eths[0],
interface2=state.eths[1],
multicast=True,
pass_through=False,
)
fw.add(state.obj)
def test_09_audit_registered_ip(self, fw, state_map):
state = state_map.setdefault(fw)
original = set(fw.userid.get_registered_ip())
new_ips = [testlib.random_ip() for x in range(5)]
new_tags = [testlib.random_name() for i in range(8)]
ip_tags_pairs = dict([(ip, tuple(new_tags)) for ip in new_ips])
fw.userid.audit_registered_ip(ip_tags_pairs)
state.multi_register_02 = [new_ips, new_tags]
new_set = set(fw.userid.get_registered_ip())
assert len(new_set) < len(original)
assert new_set == set(new_ips)
def setup_state_obj(self, fw, state):
state.obj = network.StaticRoute(
testlib.random_name(),
testlib.random_ip('/32'),
'ip-address',
testlib.random_ip(),
state.eth,
random.randint(10, 240),
random.randint(1, 65535),
)
state.vr.add(state.obj)
def create_dependencies(self, fw, state):
state.management_profiles = []
state.eth = testlib.get_available_interfaces(fw)[0]
state.management_profiles = [
network.ManagementProfile(testlib.random_name(),
ping=bool(x)) for x in range(2)]
for x in state.management_profiles:
fw.add(x)
state.management_profiles[0].create_similar()
def test_09_audit_registered_ip(self, fw, state_map):
state = state_map.setdefault(fw)
original = set(fw.userid.get_registered_ip())
new_ips = [testlib.random_ip() for x in range(5)]
new_tags = [testlib.random_name() for i in range(8)]
ip_tags_pairs = dict([(ip, tuple(new_tags)) for ip in new_ips])
fw.userid.audit_registered_ip(ip_tags_pairs)
state.multi_register_02 = [new_ips, new_tags]
new_set = set(fw.userid.get_registered_ip())
assert len(new_set) < len(original)
assert new_set == set(new_ips)
def setup_state_obj(self, fw, state):
state.obj = network.StaticRoute(
testlib.random_name(),
testlib.random_ip('/32'),
'ip-address',
testlib.random_ip(),
state.eth,
random.randint(10, 240),
random.randint(1, 65535),
)
state.vr.add(state.obj)
def test_01_setup(self, dev, state_map):
state = state_map.setdefault(dev)
state.err = True
state.fail_func = pytest.skip
state.parent = dev
state.name = None
state.delete_parent = False
state.obj = None
if self.CLASS is None:
pytest.skip('{0}.CLASS must be defined'.format(
self.__class__.__name__))
elif self.VSYS_PARAM is None:
pytest.skip('{0}.VSYS_PARAM must be defined'.format(
self.__class__.__name__))
if isinstance(state.parent, Panorama):
tmpl = Template(testlib.random_name())
state.parent.add(tmpl)
state.parent = tmpl
state.parent.add(Vsys('vsys1'))
state.parent.add(Vsys('vsys2'))
state.parent.add(Vsys('vsys3'))
state.parent.create()
state.delete_parent = True
else:
vsys_list = [
x.name for x in Vsys.refreshall(dev, add=False, name_only=True)
]
if not all('vsys{0}'.format(x) in vsys_list for x in range(1, 4)):
pytest.skip('Firewall needs vsys1 - vsys3 to exist')
args = {}
if self.CLASS == EthernetInterface:
state.name = testlib.get_available_interfaces(state.parent)[0]
args = {'mode': 'layer3'}
else:
state.name = testlib.random_name()
state.obj = self.CLASS(state.name, **args)
state.parent.add(state.obj)
state.err = False
def setup_state_obj(self, fw, state):
ip = testlib.random_ipv6('')
state.obj = network.StaticRouteV6(
testlib.random_name(),
destination=ip + '/64',
nexthop_type='ipv6-address',
nexthop=ip + '1',
interface=state.eth,
admin_dist=random.randint(100, 200),
metric=random.randint(1, 65535),
)
state.vr.add(state.obj)
def create_dependencies(self, fw, state):
state.management_profiles = []
state.eth = testlib.get_available_interfaces(fw)[0]
state.management_profiles = [
network.ManagementProfile(testlib.random_name(), ping=bool(x))
for x in range(2)
]
for x in state.management_profiles:
fw.add(x)
state.management_profiles[0].create_similar()
def test_05_add_ipv4_proxy_id(self, fw, state_map):
state = self.sanity(fw, state_map)
state.proxy_id = network.IpsecTunnelIpv4ProxyId(
testlib.random_name(),
local=testlib.random_netmask(),
remote=testlib.random_netmask(),
any_protocol=True,
)
state.obj.add(state.proxy_id)
state.proxy_id.create()
def setup_state_obj(self, fw, state):
ip = testlib.random_ipv6('')
state.obj = network.StaticRouteV6(
testlib.random_name(),
destination=ip + '/64',
nexthop_type='ipv6-address',
nexthop=ip + '1',
interface=state.eth,
admin_dist=random.randint(100, 200),
metric=random.randint(1, 65535),
)
state.vr.add(state.obj)
def test_05_add_ipv4_proxy_id(self, fw, state_map):
state = self.sanity(fw, state_map)
state.proxy_id = network.IpsecTunnelIpv4ProxyId(
testlib.random_name(),
local=testlib.random_netmask(),
remote=testlib.random_netmask(),
any_protocol=True,
)
state.obj.add(state.proxy_id)
state.proxy_id.create()
def create_dependencies(self, fw, state):
state.eth_obj = None
state.eth = testlib.get_available_interfaces(fw)[0]
state.eth_obj = network.EthernetInterface(state.eth, 'layer3',
testlib.random_ip('/24'))
fw.add(state.eth_obj)
state.eth_obj.create()
state.vr = network.VirtualRouter(testlib.random_name(),
interface=state.eth)
fw.add(state.vr)
state.vr.create()
def create_dependencies(self, fw, state):
state.eth_obj = None
state.eth = testlib.get_available_interfaces(fw)[0]
state.eth_obj = network.EthernetInterface(
state.eth, 'layer3', testlib.random_ip('/24'), ipv6_enabled=True)
fw.add(state.eth_obj)
state.eth_obj.create()
state.vr = network.VirtualRouter(
testlib.random_name(), interface=state.eth)
fw.add(state.vr)
state.vr.create()
def test_01_setup(self, dev, state_map):
state = state_map.setdefault(dev)
state.err = True
state.fail_func = pytest.skip
state.parent = dev
state.name = None
state.delete_parent = False
state.obj = None
if self.CLASS is None:
pytest.skip('{0}.CLASS must be defined'.format(
self.__class__.__name__))
elif self.VSYS_PARAM is None:
pytest.skip('{0}.VSYS_PARAM must be defined'.format(
self.__class__.__name__))
if isinstance(state.parent, Panorama):
tmpl = Template(testlib.random_name())
state.parent.add(tmpl)
state.parent = tmpl
state.parent.add(Vsys('vsys1'))
state.parent.add(Vsys('vsys2'))
state.parent.add(Vsys('vsys3'))
state.parent.create()
state.delete_parent = True
else:
vsys_list = [x.name for x in Vsys.refreshall(dev, add=False, name_only=True)]
if not all('vsys{0}'.format(x) in vsys_list for x in range(1, 4)):
pytest.skip('Firewall needs vsys1 - vsys3 to exist')
args = {}
if self.CLASS == EthernetInterface:
state.name = testlib.get_available_interfaces(state.parent)[0]
args = {'mode': 'layer3'}
else:
state.name = testlib.random_name()
state.obj = self.CLASS(state.name, **args)
state.parent.add(state.obj)
state.err = False
def setup_state_obj(self, fw, state):
state.obj = network.IkeCryptoProfile(
testlib.random_name(),
authentication=[
'sha256',
],
dh_group=[
'group1',
],
lifetime_minutes=42,
)
fw.add(state.obj)
state.obj.set_encryption('3des')
def create_dependencies(self, fw, state):
state.management_profiles = []
state.eth = testlib.get_available_interfaces(fw)[0]
state.management_profiles = [
network.ManagementProfile(testlib.random_name(),
ping=True,
ssh=True,
https=False) for x in range(2)
]
for x in state.management_profiles:
fw.add(x)
x.create()
def create_dependencies(self, fw, state):
state.eths = testlib.get_available_interfaces(fw, 2)
state.eth_obj_v4 = network.EthernetInterface(
state.eths[0], 'layer3', testlib.random_ip('/24'))
fw.add(state.eth_obj_v4)
state.eth_obj_v6 = network.EthernetInterface(
state.eths[1], 'layer3', ipv6_enabled=True)
fw.add(state.eth_obj_v6)
state.eth_obj_v4.create_similar()
state.vr = network.VirtualRouter(testlib.random_name(), state.eths)
fw.add(state.vr)
state.vr.create()
if any((self.WITH_OSPF, self.WITH_AUTH_PROFILE,
self.WITH_AREA, self.WITH_AREA_INTERFACE)):
state.ospf = network.Ospf(
True, testlib.random_ip())
state.vr.add(state.ospf)
if self.WITH_AUTH_PROFILE:
state.auth = network.OspfAuthProfile(
testlib.random_name(), 'md5')
state.ospf.add(state.auth)
if self.WITH_AREA or self.WITH_AREA_INTERFACE:
state.area = network.OspfArea(testlib.random_ip())
state.ospf.add(state.area)
if self.WITH_AREA_INTERFACE:
state.iface = network.OspfAreaInterface(
state.eths[0], True, True, 'p2mp')
state.area.add(state.iface)
state.ospf.create()
def create_dependencies(self, fw, state):
state.management_profile = network.ManagementProfile(
testlib.random_name(), ping=True)
state.eth = None
fw.add(state.management_profile)
state.management_profile.create()
state.eth = testlib.get_available_interfaces(fw)[0]
state.parent = network.EthernetInterface(
state.eth, 'layer3', ip=testlib.random_ip('/24'),
)
fw.add(state.parent)
state.parent.create()
def setup_state_obj(self, fw, state):
state.obj = network.VirtualRouter(
testlib.random_name(),
interface=state.eth,
ad_static=random.randint(10, 240),
ad_static_ipv6=random.randint(10, 240),
ad_ospf_int=random.randint(10, 240),
ad_ospf_ext=random.randint(10, 240),
ad_ospfv3_int=random.randint(10, 240),
ad_ospfv3_ext=random.randint(10, 240),
ad_ibgp=random.randint(10, 240),
ad_ebgp=random.randint(10, 240),
ad_rip=random.randint(10, 240),
)
fw.add(state.obj)
def create_dependencies(self, fw, state):
state.parent = None
state.eth_objs = []
state.eths = testlib.get_available_interfaces(fw, 2)
for eth in state.eths:
state.eth_objs.append(network.EthernetInterface(
eth, 'layer2'))
fw.add(state.eth_objs[-1])
state.eth_objs[0].create_similar()
state.parent = network.Vlan(
testlib.random_name(), state.eths)
fw.add(state.parent)
state.parent.create()
def setup_state_obj(self, fw, state):
some_ip = testlib.random_ip()
state.obj = network.RedistributionProfile(
testlib.random_name(),
priority=random.randint(1, 255),
action='no-redist',
filter_type=['ospf', 'static', 'connect'],
filter_interface=random.choice(state.eths),
filter_destination=testlib.random_ip(),
filter_nexthop=testlib.random_ip(),
ospf_filter_pathtype=('intra-area', 'ext-1'),
ospf_filter_area=some_ip,
ospf_filter_tag=some_ip,
)
state.vr.add(state.obj)
def setup_state_obj(self, fw, state):
state.obj = network.ManagementProfile(
testlib.random_name(),
ping=True,
telnet=False,
ssh=True,
http=False,
http_ocsp=True,
https=False,
snmp=True,
response_pages=False,
userid_service=True,
userid_syslog_listener_ssl=False,
userid_syslog_listener_udp=True,
permitted_ip=['1.2.3.4', '5.6.7.8'],
)
fw.add(state.obj)
