def Tnt5211328c(self): UiLib.bindFunction(self, UiLib.Enable_Peap_Eap_Mschap, []) functs = [self.Enable_Peap_Eap_Mschap] runFunctionsInOrderV2(functs, self, RETRIES, resumeLastSession=True, killFFWhenFinished=True, record=record_option) # PEZ Authentication Flow s_log.info("---------------- PEZ AUTHENTICATION FLOW -----------") self.pezlib = Pezlib() self.pezlib.run_and_verify_pezcmd('/tmp/' + 'SIMPLE_USER_peapms.py', tls_config=False, negative_test=False) # Add Validation Steps UiLib.bindFunction( self, UiLib.radius_live_logs, [NAUplift_Constants.AD_SIMPLE_USER + '@' + AD_DOMAIN_NAME, None]) functs = [self.radius_live_logs] runFunctionsInOrderV2(functs, self, RETRIES, killFFWhenFinished=True, record=record_option)
def Tnt5213050c(self): UiLib.bindFunction(self, UiLib.edit_identity_source_in_default_policy, ["Internal Users", POLICY_SET]) funcs = [self.edit_identity_source_in_default_policy] runFunctionsInOrderV2(funcs, self, RETRIES, resumeLastSession=True, killFFWhenFinished=True, record=record_option) # PEZ Authentication Flow s_log.info("---------------- PEZ AUTHENTICATION FLOW -----------") self.pezlib = Pezlib() ## Run EAP-TLS Authentication self.pezlib.run_and_verify_pezcmd('/tmp/' + 'USER_peap.py', tls_config=False, negative_test=False) # Add Validation Steps UiLib.bindFunction(self, UiLib.radius_live_logs, [NAUplift_Constants.ADD_USER, None]) functs = [self.radius_live_logs] runFunctionsInOrderV2(functs, self, RETRIES, resumeLastSession=True, killFFWhenFinished=True, record=record_option)
def Tnt5281274c(self): # pez_utils.start_pez_docker_image(docker_image="dockerhub.cisco.com/isepy-release-docker/pez-executer", # docker_image_version="v4") UiLib.bindFunction( self, UiLib.networkDevices_create_with_range_and_two_secret, [ NAUplift_Constants.NETWORK_DEVICE_NAME, self.nad_ip, NAUplift_Constants.SHARED_SECRET, 'asci', '32' ]) functs = [self.networkDevices_create_with_range_and_two_secret] runFunctionsInOrderV2(functs, self, RETRIES, resumeLastSession=True, killFFWhenFinished=True, record=record_option) # PEZ Authentication Flow s_log.info("---------------- PEZ AUTHENTICATION FLOW -----------") self.pezlib = Pezlib() self.pezlib.run_and_verify_pezcmd('/tmp/' + 'USER_peapms.py', tls_config=False, negative_test=False) # Add Validation Steps UiLib.bindFunction(self, UiLib.radius_live_logs, [NAUplift_Constants.ADD_USER, None]) functs = [self.radius_live_logs] runFunctionsInOrderV2(functs, self, RETRIES, killFFWhenFinished=True, record=record_option)
def Tnt5048980c(self): UiLib.bindFunction(self, UiLib.identities_add_simple_user, [ NAUplift_Constants.ADD_USER, NAUplift_Constants.ADD_EMAIL, NAUplift_Constants.ADD_PASSWORD ]) functs = [self.identities_add_simple_user] runFunctionsInOrderV2(functs, self, RETRIES, resumeLastSession=True, killFFWhenFinished=True, record=record_option) # PEZ Authentication Flow s_log.info("---------------- PEZ AUTHENTICATION FLOW -----------") self.pezlib = Pezlib() self.pezlib.run_and_verify_pezcmd('/tmp/' + 'UTF8USER_peapms.py', tls_config=False, negative_test=False) # Add Validation Steps UiLib.bindFunction(self, UiLib.radius_live_logs, [NAUplift_Constants.ADD_UTF8USER, None]) functs = [self.radius_live_logs] runFunctionsInOrderV2(functs, self, RETRIES, resumeLastSession=True, killFFWhenFinished=True, record=record_option)
def get_device_attributes(obj): obj.nad_ip = cfg.te.get_PEZ().get_ip() UiLib.check_app_up(cfg.te.get_POSITRON()[0].get_ip()) obj.selenium_url = cfg.te.get_WIN_CLIENT().get_internal_selenium() s_log.info("###### SELENIUM URL ######## {} ".format(obj.selenium_url)) obj.iseIP = cfg.te.get_POSITRON()[0].get_ip() # obj.iseIP = '10.197.88.215' s_log.info("###### ISE IP ######## {} ".format(obj.iseIP)) obj.iseUrl = "https://" + obj.iseIP + "/" s_log.info("###### ISE URL ######## {} ".format(obj.iseUrl)) obj.iseUser = cfg.te.get_POSITRON()[0].get_login() s_log.info("###### ISE User ######## {} ".format(obj.iseUser)) obj.isePassword = cfg.te.get_POSITRON()[0].get_password() s_log.info("###### ISE Password ######## {} ".format(obj.isePassword)) obj.homeDir = automationDir()
def Tnt5212069c(self): # PEZ Authentication Flow s_log.info("---------------- PEZ AUTHENTICATION FLOW -----------") self.pezlib = Pezlib() # Run PEAP-GTC Authentication self.pezlib.run_and_verify_pezcmd('/tmp/' + 'UTF_USER_peap.py', tls_config=False, negative_test=False) # Add Validation Steps UiLib.bindFunction(self, UiLib.radius_live_logs, [NAUplift_Constants.AD_UTF_USER, AD_DOMAIN_NAME]) functs = [self.radius_live_logs] runFunctionsInOrderV2(functs, self, RETRIES, killFFWhenFinished=True, record=record_option)
def Tnt5753124c(self): # pez_utils.start_pez_docker_image(docker_image="dockerhub.cisco.com/isepy-release-docker/pez-executer", # docker_image_version="v4") UiLib.bindFunction(self, UiLib.config_network_device, [ NAUplift_Constants.NETWORK_DEVICE_NAME, self.nad_ip, NAUplift_Constants.SHARED_SECRET ]) UiLib.bindFunction(self, UiLib.edit_identity_source_in_default_policy, [NAUplift_Constants.AD_NAME, POLICY_SET]) UiLib.bindFunction( self, UiLib.create_authorization_rule_for_simple_condition, [ POLICY_SET, AUTHZ_POLICY_NAME[1], AUTH_COND_NAME[1], AUTH_PROFILE, None ]) functs = [ self.config_network_device, self.edit_identity_source_in_default_policy, self.create_authorization_rule_for_simple_condition ] runFunctionsInOrderV2( functs, self, RETRIES, resumeLastSession=True, killFFWhenFinished=True, #record=record_option record=True) # PEZ Authentication Flow s_log.info("---------------- PEZ AUTHENTICATION FLOW -----------") self.pezlib = Pezlib() # Run PEAP-GTC Authentication self.pezlib.run_and_verify_pezcmd('/tmp/' + 'SIMPLE_USER_peap.py', tls_config=False, negative_test=False) # Add Validation Steps UiLib.bindFunction( self, UiLib.radius_live_logs, [NAUplift_Constants.AD_SIMPLE_USER + '@' + AD_DOMAIN_NAME, None]) functs = [self.radius_live_logs] runFunctionsInOrderV2(functs, self, RETRIES, resumeLastSession=True, killFFWhenFinished=True, record=record_option, recordingDir=NAS_FOLDER)
def Tnt5048856c(self): # # PEZ Authentication Flow s_log.info("---------------- PEZ AUTHENTICATION FLOW -----------") self.pezlib = Pezlib() # Run Peap EAP MSCHAPV2 Authentication self.pezlib.run_and_verify_pezcmd('/tmp/' + 'user_nxtlgn_pwdcng_peapms.py', tls_config=False, negative_test=False) # Add Validation Steps UiLib.bindFunction(self, UiLib.radius_live_logs, ["user_nxtlgn_pwdchng", None]) functs = [self.radius_live_logs] runFunctionsInOrderV2(functs, self, RETRIES, resumeLastSession=True, killFFWhenFinished=True, record=record_option)
def Tnt5121851c(self): # step2: # Enable domain in the Authentication domain UiLib.bindFunction(self, UiLib.domain_authentication_enable, [ NAUplift_Constants.AD_SCOPE1, NAUplift_Constants.AD_NAME, AD_DOMAIN_NAME ]) funcs = [self.domain_authentication_enable] runFunctionsInOrderV2(funcs, self, RETRIES, resumeLastSession=True, killFFWhenFinished=True, record=record_option) # PEZ Authentication Flow s_log.info("---------------- PEZ AUTHENTICATION FLOW -----------") self.pezlib = Pezlib() # Run EAP-TLS Authentication self.pezlib.run_and_verify_pezcmd('/tmp/' + 'SIMPLE_USER_peap.py', tls_config=False, negative_test=False) # Add Validation Steps UiLib.bindFunction( self, UiLib.radius_live_logs, [NAUplift_Constants.AD_SIMPLE_USER + "@" + AD_DOMAIN_NAME, None]) functs = [self.radius_live_logs] runFunctionsInOrderV2(functs, self, RETRIES, resumeLastSession=True, killFFWhenFinished=True, record=record_option)
def Tnt5212325c(self): # pez_utils.start_pez_docker_image(docker_image="dockerhub.cisco.com/isepy-release-docker/pez-executer", # docker_image_version="v4") # PEZ Authentication Flow s_log.info("---------------- PEZ AUTHENTICATION FLOW -----------") self.pezlib = Pezlib() # Run EAP-TLS Authentication self.pezlib.run_and_verify_pezcmd('/tmp/' + 'SIMPLE_USER_peap.py', tls_config=False, negative_test=False) # Add Validation Steps UiLib.bindFunction( self, UiLib.radius_live_logs, [NAUplift_Constants.AD_SIMPLE_USER + "@" + AD_DOMAIN_NAME, None]) functs = [self.radius_live_logs] runFunctionsInOrderV2(functs, self, RETRIES, resumeLastSession=True, killFFWhenFinished=True, record=record_option)
def Tnt5988327c(self): UiLib.bindFunction(self, UiLib.delete_user_identity, [NAUplift_Constants.ADD_USER]) # create new identity source sequence UiLib.bindFunction(self, UiLib.create_identity_source_sequence, [ IDENTITY_SEQUENCE_NAME, ["Internal Users", NAUplift_Constants.AD_NAME] ]) UiLib.bindFunction( self, UiLib.create_authentication_rule_for_simple_condition, [ POLICY_SET, AUTHENTICATION_POLICY, AUTH_COND_NAME[2], IDENTITY_SEQUENCE_NAME ]) functs = [ self.delete_user_identity, self.create_identity_source_sequence, self.create_authentication_rule_for_simple_condition ] runFunctionsInOrderV2(functs, self, RETRIES, resumeLastSession=True, killFFWhenFinished=True, record=record_option) # PEZ Authentication Flow s_log.info("---------------- PEZ AUTHENTICATION FLOW -----------") self.pezlib = Pezlib() self.pezlib.run_and_verify_pezcmd('/tmp/' + 'USER_peapms.py', tls_config=False, negative_test=False) # Add Validation Steps UiLib.bindFunction(self, UiLib.radius_live_logs, [NAUplift_Constants.ADD_USER, None]) functs = [self.radius_live_logs] runFunctionsInOrderV2(functs, self, RETRIES, killFFWhenFinished=True, record=record_option)
def setup(self): s_log.info('Logging into the ISE') self.selenium_url = cfg.te.get_WIN_CLIENT().get_internal_selenium() s_log.info("###### SELENIUM URL ######## {} ".format( self.selenium_url)) self.iseIP = cfg.te.get_POSITRON()[0].get_ip() s_log.info("###### ISE IP ######## {} ".format(self.iseIP)) self.iseUrl = "https://" + self.iseIP + "/" s_log.info("###### ISE URL ######## {} ".format(self.iseUrl)) self.iseUser = cfg.te.get_POSITRON()[0].get_login() s_log.info("###### ISE User ######## {} ".format(self.iseUser)) self.isePassword = cfg.te.get_POSITRON()[0].get_password() s_log.info("###### ISE Password ######## {} ".format(self.isePassword)) UiLib.check_app_up(self.iseIP) self.nad_ip = cfg.te.get_PEZ().get_ip() self.homeDir = automationDir() # Preconfigure Settings UiLib.bindFunction(self, UiLib.delete_all_policy_sets, []) UiLib.bindFunction(self, UiLib.delete_library_conditions_with_prefix, ['Tnt']) UiLib.bindFunction(self, UiLib.remove_all_identity_source_from_sequence, ['All_User_ID_Stores', 'default']) # funcs = [ self.delete_all_policy_sets, self.delete_library_conditions_with_prefix, self.remove_all_identity_source_from_sequence ] retries = 3 runFunctionsInOrderV2(funcs, self, retries, recordingDir=NAS_FOLDER)
def set_peap_eap_tests_common_settting(obj): AD_USERNAME = '******' AD_USER_PASSWORD = '******' AD_USER_ATTRS = '-upn [email protected] -memberof "cn=Administrators,cn=Builtin,dc=demo,dc=local"' ad2016.add_user_with_attr(userToAdd=AD_USERNAME, userPwd=AD_USER_PASSWORD, domain=AD_DOMAIN_NAME, attributeDetails=AD_USER_ATTRS) AD_SPL_ATR = '-memberof "cn=Administrators,cn=Builtin,dc=demo,dc=local" -mustchpwd yes' ad2016.add_user_with_attr(userToAdd=NAUplift_Constants.AD_VAR_LEN_USER, userPwd=NAUplift_Constants.AD_VAR_LEN_PWD, domain=AD_DOMAIN_NAME, attributeDetails=AD_SPL_ATR) ad2016.add_utf_user( userToAdd=NAUplift_Constants.AD_UTF_USER, userPassword=NAUplift_Constants.AD_USER_PASSWORD, domain=AD_DOMAIN_NAME, attributeDetails= '-memberof "cn=Administrators,cn=Builtin,dc=demo,dc=local"') UiLib.bindFunction(obj, UiLib.securitySetting_setCheckbox, ['SHA1', True]) # ---Active Directory: # Connect\join to AD server: # Navigate to Administration > Identity Management > External Identity Sources > AD # Enter the AD Name and Identity Store Name, and click Join. # Enter the credentials of the AD account that can add and make changes to computer objects, and click Save Configuration. #Retrieve groups and attributes UiLib.bindFunction(obj, UiLib.create_active_directory_with_any_mode, [ NAUplift_Constants.AD_NAME, AD_DOMAIN_NAME, AD_ADMIN_USERNAME, AD_ADMIN_PASSWORD, True, NAUplift_Constants.AD_SCOPE1, SELECT_GROUP_AD, AD_ATTRIBUTES, NAUplift_Constants.ADD_USER ]) UiLib.bindFunction(obj, UiLib.identities_add_simple_user, [ NAUplift_Constants.ADD_USER_SPECIAL, NAUplift_Constants.ADD_EMAIL, NAUplift_Constants.ADD_PASSWORD ]) UiLib.bindFunction(obj, UiLib.disable_lower_upper_in_pswdpolicy, []) # Configure an Internal User "UTF8-user-name" where the username is in UTF-8 characters UiLib.bindFunction(obj, UiLib.identities_add_simple_user, [ NAUplift_Constants.ADD_UTF8USER, NAUplift_Constants.ADD_EMAIL, NAUplift_Constants.ADD_PASSWORD ]) UiLib.bindFunction(obj, UiLib.enable_inner_checkbox_password_policy, []) # Step3: enable Peap GTC in allowed protocols UiLib.bindFunction(obj, UiLib.enable_peap_gtc_in_allowed_protocol, []) UiLib.bindFunction(obj, UiLib.config_network_device, [ NAUplift_Constants.NETWORK_DEVICE_NAME, obj.nad_ip, NAUplift_Constants.SHARED_SECRET ]) funcs = [ obj.securitySetting_setCheckbox, obj.create_active_directory_with_any_mode, obj.identities_add_simple_user, obj.disable_lower_upper_in_pswdpolicy, obj.identities_add_simple_user, obj.enable_inner_checkbox_password_policy, obj.enable_peap_gtc_in_allowed_protocol, obj.config_network_device ] runFunctionsInOrderV2(funcs, obj, RETRIES, resumeLastSession=True, killFFWhenFinished=True, record=record_option) internal_user = [NAUplift_Constants.ADD_USER, "user_nxtlgn_pwdchng"] for index in range(len(internal_user)): # enable "change password" next logging. UiLib.bindFunction( obj, UiLib.create_user_with_passwdchange_in_next_login, [ internal_user[index], NAUplift_Constants.ADD_EMAIL, NAUplift_Constants.ADD_PASSWORD, True ]) funcs = [obj.create_user_with_passwdchange_in_next_login] runFunctionsInOrderV2(funcs, obj, RETRIES, resumeLastSession=True, killFFWhenFinished=True, record=record_option) for index in range(len(AUTH_COND_NAME)): UiLib.bindFunction(obj, UiLib.create_simple_library_condition, [ AUTH_COND_NAME[index], DICT_NAME[index], ATTRIBUTE[index], 'EQUALS', ATTRIBUTE_VALUE[index] ]) funcs = [obj.create_simple_library_condition] runFunctionsInOrderV2(funcs, obj, RETRIES, resumeLastSession=True, killFFWhenFinished=True, record=record_option) UiLib.bindFunction(obj, UiLib.create_policy_set, [POLICY_SET, AUTH_COND_NAME[0], POLICY_SET_PROTOCOL]) UiLib.bindFunction(obj, UiLib.edit_identity_source_in_default_policy, [NAUplift_Constants.AD_NAME, POLICY_SET]) UiLib.bindFunction(obj, UiLib.create_authorization_rule_for_simple_condition, [ POLICY_SET, AUTHZ_POLICY_NAME[0], AUTH_COND_NAME[0], AUTH_PROFILE, None ]) funcs = [ obj.create_policy_set, obj.edit_identity_source_in_default_policy, obj.create_authorization_rule_for_simple_condition ] runFunctionsInOrderV2(funcs, obj, RETRIES, resumeLastSession=True, killFFWhenFinished=True, record=record_option)
def cleanup(self): time.sleep(5) # Validation in ISE UiLib.bindFunction(self, UiLib.login_different_ise, [self.iseLoginurl, self.iseUser, self.isePassword]) UiLib.bindFunction(self, UiLib.trustedCertificates_deleteTrustedCertificate, [NAUplift_Constants.FRIENDLYNAME_ISE_TRUSTED_CERT]) UiLib.bindFunction(self, UiLib.delete_user_identity, [NAUplift_Constants.ADD_USER]) UiLib.bindFunction(self, UiLib.delete_network_device, [NAUplift_Constants.NETWORK_DEVICE_NAME]) UiLib.bindFunction(self, UiLib.delete_policy_set, [[POLICY_SET]]) # Delete Library Conditions UiLib.bindFunction(self, UiLib.delete_multiple_library_condition, [[AUTH_COND_NAME]]) # UiLib.bindFunction(self, UiLib.delete_radius_server_sequence, [NAUplift_Constants.RADIUS_SEQUENCE_NAME]) UiLib.bindFunction(self, UiLib.delete_rad_server, [NAUplift_Constants.RADIUS_SERVER_NAME]) funcs = [ self.login_different_ise, self.trustedCertificates_deleteTrustedCertificate, self.delete_user_identity, self.delete_network_device, self.delete_policy_set, self.delete_multiple_library_condition, self.delete_radius_server_sequence, self.delete_rad_server ] retries = 3 runFunctionsInOrderV2(funcs, self, retries, record=False, killPreviousFF=False) time.sleep(5) self.app.quit() self.app.run() # Confiuration to Radius Server # LOGIN to Ise UiLib.bindFunction(self, UiLib.login_different_ise, [ self.iseUrl_radserver, self.iseUser_radserver, self.isePassword_radserver ]) UiLib.bindFunction(self, UiLib.trustedCertificates_deleteTrustedCertificate, [NAUplift_Constants.FRIENDLYNAME_ISE_TRUSTED_CERT]) UiLib.bindFunction(self, UiLib.delete_user_identity, [NAUplift_Constants.ADD_USER]) UiLib.bindFunction(self, UiLib.delete_network_device, [NAUplift_Constants.NETWORK_DEVICE_NAME]) funcs = [ self.login_different_ise, self.trustedCertificates_deleteTrustedCertificate, self.delete_user_identity, self.delete_network_device ] retries = 3 runFunctionsInOrderV2(funcs, self, retries, record=False, killPreviousFF=False) time.sleep(5) self.app.quit()
def Tnt5994926c(self): UiLib.bindFunction(self, UiLib.Disable_Weak_Ciphers, []) # Setup for FIPS mode, removing the default protocols UiLib.bindFunction(self, UiLib.edit_default_allowed_protocols, [NAUplift_Constants.DEFAULT_POLICY_SET, False]) # Setup the allowed protocols for FIPS mode. # Enable FIPS mode under Administration->Settings UiLib.bindFunction(self, UiLib.fips_mode_enabling_and_disabling, ["Enabled"]) funcs = [ self.Disable_Weak_Ciphers, self.edit_default_allowed_protocols, self.fips_mode_enabling_and_disabling ] runFunctionsInOrderV2(funcs, self, RETRIES, record=record_option, killFFWhenFinished=True) time.sleep(100) s_log.info("Waited first 100 seconds") time.sleep(100) s_log.info("Waited second 100 seconds") time.sleep(100) s_log.info("Waited third 100 seconds") time.sleep(100) s_log.info("Waited fourth 100 seconds") time.sleep(100) s_log.info("Waited fifth 100 seconds") time.sleep(100) s_log.info("Waited sixth 100 seconds") time.sleep(100) s_log.info("Waited seventh 100 seconds") time.sleep(100) s_log.info("Waited eighth 100 seconds") time.sleep(100) s_log.info("Waited ninth 100 seconds") time.sleep(100) s_log.info("Waited tenth 100 seconds") time.sleep(100) s_log.info("Waited eleventh 100 seconds") # Creating New Protocol UiLib.bindFunction(self, UiLib.new_allowed_protocol, ["Peap_allowed_protocol"]) UiLib.bindFunction(self, UiLib.edit_default_policy_set, ["Peap_allowed_protocol", POLICY_SET]) funcs = [self.new_allowed_protocol, self.edit_default_policy_set] runFunctionsInOrderV2(funcs, self, RETRIES, record=record_option, killFFWhenFinished=True) # PEZ Authentication Flow s_log.info("---------------- PEZ AUTHENTICATION FLOW -----------") self.pezlib = Pezlib() self.pezlib.run_and_verify_pezcmd('/tmp/' + 'USER_peapms.py', tls_config=False, negative_test=False) # Add Validation Steps UiLib.bindFunction(self, UiLib.radius_live_logs, [NAUplift_Constants.ADD_USER, None]) functs = [self.radius_live_logs] runFunctionsInOrderV2(functs, self, RETRIES, killFFWhenFinished=True, record=record_option)
def Tnt5121584c(self): # Constants from CLOUD file AD_DOMAIN_NAME = cfg.suite.get_AD()[0].get_hostname() AD_ADMIN_USERNAME = cfg.suite.get_AD()[0].get_login() AD_ADMIN_PASSWORD = cfg.suite.get_AD()[0].get_password() GROUP_AD = AD_DOMAIN_NAME + "/Builtin/Administrators" # Enabling Scope mode and creating AD, joining in the group. UiLib.bindFunction(self, UiLib.create_active_directory_with_any_mode, [ NAUplift_Constants.AD_NAME, AD_DOMAIN_NAME, AD_ADMIN_USERNAME, AD_ADMIN_PASSWORD, True, NAUplift_Constants.AD_SCOPE1, GROUP_AD, NAUplift_Constants.INFO, AD_ADMIN_USERNAME ]) # Adding ad in the identity sequence stores UiLib.bindFunction(self, UiLib.adding_id_source, [NAUplift_Constants.AD_NAME]) UiLib.bindFunction(self, UiLib.edit_identity_source_in_default_policy, [NAUplift_Constants.AD_SCOPE1, POLICY_SET]) UiLib.bindFunction(self, UiLib.config_network_device, [ NAUplift_Constants.NETWORK_DEVICE_NAME, self.nad_ip, NAUplift_Constants.SHARED_SECRET ]) UiLib.bindFunction(self, UiLib.create_simple_library_condition, [ POLICY_SET_COND_NAME, 'Network Access', 'Protocol', 'Equals', 'RADIUS' ]) UiLib.bindFunction( self, UiLib.create_policy_set, [POLICY_SET, POLICY_SET_COND_NAME, POLICY_SET_PROTOCOL]) funcs = [ self.create_active_directory_with_any_mode, self.adding_id_source, self.config_network_device, self.create_simple_library_condition, self.create_policy_set, self.edit_identity_source_in_default_policy, ] runFunctionsInOrderV2(funcs, self, retries, resumeLastSession=True, recordingDir=NAS_FOLDER) UiLib.bindFunction(self, UiLib.create_simple_library_condition, [ AUTHZ_COND_NAME, NAUplift_Constants.AD_NAME, NAUplift_Constants.INFO, 'Equals', NAUplift_Constants.SPL_CHARACTERS ]) UiLib.bindFunction( self, UiLib.create_authorization_rule_for_simple_condition, [ POLICY_SET, 'Authz_rule_1', AUTHZ_COND_NAME, 'PermitAccess', None ]) funcs = [ self.create_simple_library_condition, self.create_authorization_rule_for_simple_condition ] runFunctionsInOrderV2(funcs, self, retries, resumeLastSession=True, recordingDir=NAS_FOLDER, killFFWhenFinished=True) # Pez authorization s_log.info("---------------- PEZ AUTHENTICATION FLOW -----------") pez = Pezlib() status = [] try: s_log.info("Running for {}".format(AD_ADMIN_USERNAME)) pez.run_pap_via_pez(1, NAUplift_Constants.strPath, self.iseIP, AD_ADMIN_USERNAME, AD_ADMIN_PASSWORD, NAUplift_Constants.SHARED_SECRET, "10.0.10.151", "00:05:02:00:00:01") status.append(True) except Exception as e: status.append(False) s_log.error(e) if not all(status): self.failed( "Authentication failed or username is not as expected. Please check the logs above." )
def cleanup(self): # Deleting PolicySet # Deleting Policy UiLib.bindFunction(self, UiLib.delete_policy_set, [[POLICY_SET]]) # Delete Library Conditions UiLib.bindFunction(self, UiLib.delete_multiple_library_condition, [[POLICY_SET_COND_NAME, AUTHZ_COND_NAME]]) # removing ad in the identity sequence stores UiLib.bindFunction(self, UiLib.removing_id_source, [NAUplift_Constants.AD_NAME]) # Deleting AD UiLib.bindFunction( self, UiLib.delete_ad_in_scope, [NAUplift_Constants.AD_SCOPE1, NAUplift_Constants.AD_NAME]) # Delete Scope UiLib.bindFunction(self, UiLib.delete_scope, [NAUplift_Constants.AD_SCOPE1]) # Exit from Scope UiLib.bindFunction(self, UiLib.exit_scope_mode, []) # funcs = [ self.delete_policy_set, self.delete_multiple_library_condition, self.removing_id_source, self.delete_ad_in_scope, self.delete_scope, self.exit_scope_mode ] runFunctionsInOrderV2(funcs, self, retries, recordingDir=NAS_FOLDER, killFFWhenFinished=True)
def setup(self): self.nad_ip = cfg.te.get_PEZ().get_ip() UiLib.check_app_up(cfg.te.get_POSITRON()[0].get_ip()) self.selenium_url = cfg.te.get_WIN_CLIENT().get_internal_selenium() s_log.info("###### SELENIUM URL ######## {} ".format(self.selenium_url)) self.iseIP = cfg.te.get_POSITRON()[0].get_ip() s_log.info("###### ISE IP ######## {} ".format(self.iseIP)) self.iseUrl = "https://" + self.iseIP + "/" s_log.info("###### ISE URL ######## {} ".format(self.iseUrl)) self.iseUser = cfg.te.get_POSITRON()[0].get_login() s_log.info("###### ISE User ######## {} ".format(self.iseUser)) self.isePassword = cfg.te.get_POSITRON()[0].get_password() s_log.info("###### ISE Password ######## {} ".format(self.isePassword)) self.homeDir = automationDir() # Preconfigure Settings UiLib.bindFunction(self, UiLib.delete_all_policy_sets, []) UiLib.bindFunction(self, UiLib.delete_library_conditions_with_prefix, ['Tnt']) UiLib.bindFunction(self, UiLib.remove_all_identity_source_from_sequence, ['All_User_ID_Stores', 'default']) UiLib.bindFunction(self, UiLib.config_certificate_authprofile, [NAUplift_Constants.CER_NAME, NAUplift_Constants.CER_NAME, NAUplift_Constants.CER_DESCRIPTION, NAUplift_Constants.CER_ATTRIBUTE, '[not applicable]', NAUplift_Constants.MATCH_CLIENT_CERT_ENABLE] ) UiLib.bindFunction(self, UiLib.trustedCertificates_deleteTrustedCertificate, [NAUplift_Constants.FRIENDLYNAME_ISE_TRUSTED_CERT]) # funcs = [self.delete_all_policy_sets, self.delete_library_conditions_with_prefix, self.remove_all_identity_source_from_sequence, self.config_certificate_authprofile, self.trustedCertificates_deleteTrustedCertificate ] retries = 3 runFunctionsInOrderV2(funcs, self, retries, recordingDir=NAS_FOLDER)
class US355292_Tnt5212445c_Proxy_Authentication_using_EAP_TLS(aetest.Testcase): @aetest.setup def setup(self): s_log.info('Logging into the ISE') try: self.selenium_url = cfg.te.get_WIN_CLIENT().get_internal_selenium() s_log.info("###### SELENIUM URL ######## {} ".format( self.selenium_url)) self.iseIP = cfg.te.get_POSITRON()[0].get_ip() s_log.info("###### ISE IP ######## {} ".format(self.iseIP)) self.iseLoginurl = "https://" + self.iseIP + "/" s_log.info("###### ISE URL ######## {} ".format(self.iseLoginurl)) self.iseUser = cfg.te.get_POSITRON()[0].get_login() s_log.info("###### ISE User ######## {} ".format(self.iseUser)) self.isePassword = cfg.te.get_POSITRON()[0].get_password() s_log.info("###### ISE Password ######## {} ".format( self.isePassword)) # RAD SERVER DETAILS self.iseIP_radserver = cfg.te.get_POSITRON()[1].get_ip() s_log.info("###### Radius IP ######## {} ".format( self.iseIP_radserver)) self.iseUrl_radserver = "https://" + self.iseIP_radserver + "/" s_log.info("###### Radius URL ######## {} ".format( self.iseUrl_radserver)) self.iseUser_radserver = cfg.te.get_POSITRON()[1].get_login() s_log.info("###### Radius User ######## {} ".format(self.iseUser)) self.isePassword_radserver = cfg.te.get_POSITRON()[1].get_password( ) s_log.info("###### Radius Password ######## {} ".format( self.isePassword)) UiLib.check_app_up(cfg.te.get_POSITRON()[0].get_ip()) self.homeDir = automationDir() self.uilib = UiLib(self, seleniumUrl=self.selenium_url, iseUrl=self.iseLoginurl, logger=s_log, iseUser=self.iseUser, isePass=self.isePassword) self.app = self.uilib.login_into_ise() UiLib.bindFunction(self, UiLib.delete_network_device, [NAUplift_Constants.NETWORK_DEVICE_NAME]) UiLib.bindFunction(self, UiLib.delete_all_policy_sets, []) # Delete Library Conditions UiLib.bindFunction(self, UiLib.delete_library_conditions_with_prefix, ['Tnt']) UiLib.bindFunction(self, UiLib.delete_user_identity, [NAUplift_Constants.ADD_USER]) UiLib.bindFunction(self, UiLib.delete_radius_server_sequence, [NAUplift_Constants.RADIUS_SEQUENCE_NAME]) UiLib.bindFunction(self, UiLib.delete_rad_server, [NAUplift_Constants.RADIUS_SERVER_NAME]) UiLib.bindFunction(self, UiLib.remove_all_identity_source_from_sequence, ['All_User_ID_Stores', 'default']) UiLib.bindFunction( self, UiLib.trustedCertificates_deleteTrustedCertificate, [NAUplift_Constants.FRIENDLYNAME_ISE_TRUSTED_CERT]) funcs = [ self.delete_network_device, self.delete_all_policy_sets, self.delete_library_conditions_with_prefix, self.delete_user_identity, self.delete_radius_server_sequence, self.delete_rad_server, self.remove_all_identity_source_from_sequence, self.trustedCertificates_deleteTrustedCertificate ] retries = 3 runFunctionsInOrderV2(funcs, self, retries, record=False, killPreviousFF=False) time.sleep(5) self.app.quit() self.app.run() UiLib.bindFunction(self, UiLib.login_different_ise, [ self.iseUrl_radserver, self.iseUser_radserver, self.isePassword_radserver ]) UiLib.bindFunction(self, UiLib.delete_all_policy_sets, []) UiLib.bindFunction(self, UiLib.delete_library_conditions_with_prefix, ['Tnt']) UiLib.bindFunction(self, UiLib.delete_user_identity, [NAUplift_Constants.ADD_USER]) UiLib.bindFunction(self, UiLib.delete_network_device, [NAUplift_Constants.NETWORK_DEVICE_NAME]) UiLib.bindFunction( self, UiLib.trustedCertificates_deleteTrustedCertificate, [NAUplift_Constants.FRIENDLYNAME_ISE_TRUSTED_CERT]) funcs = [ self.login_different_ise, self.delete_all_policy_sets, self.delete_library_conditions_with_prefix, self.delete_user_identity, self.delete_network_device, self.trustedCertificates_deleteTrustedCertificate ] retries = 3 runFunctionsInOrderV2(funcs, self, retries, record=False, killPreviousFF=False) time.sleep(5) self.app.quit() self.app.run() self.app = self.uilib.login_into_ise() except Exception as E: s_log.error("Failed to Login to ISE - {}".format(E)) assert False @aetest.test def Tnt5212445c(self): # Step 1: # - Configure Radius Server UiLib.bindFunction(self, UiLib.rad_server, [ NAUplift_Constants.RADIUS_SERVER_NAME, self.iseIP_radserver, NAUplift_Constants.SHARED_SECRET ]) # Step 2: # - Configure Radius Server Sequence UiLib.bindFunction(self, UiLib.configure_radius_server_sequence, [ NAUplift_Constants.RADIUS_SEQUENCE_NAME, [NAUplift_Constants.RADIUS_SERVER_NAME] ]) # # Step 3: # # - Configure Authentication Proxy - Forward all # UiLib.bindFunction(self, UiLib.edit_default_policy_set, # [NAUplift_Constants.RADIUS_SEQUENCE_NAME]) UiLib.bindFunction( self, UiLib.create_simple_library_condition, [AUTH_COND_NAME, 'Network Access', 'Protocol', 'EQUALS', 'RADIUS']) # Step 6: # create new policy set UiLib.bindFunction(self, UiLib.create_policy_set, [ POLICY_SET, AUTH_COND_NAME, NAUplift_Constants.RADIUS_SEQUENCE_NAME ]) nad_ip = cfg.te.get_PEZ().get_ip() UiLib.bindFunction(self, UiLib.config_network_device, [ NAUplift_Constants.NETWORK_DEVICE_NAME, nad_ip, NAUplift_Constants.SHARED_SECRET ]) # Step 4 # Add Internal User UiLib.bindFunction(self, UiLib.identities_add_simple_user, [ NAUplift_Constants.ADD_USER, NAUplift_Constants.ADD_EMAIL, NAUplift_Constants.ADD_NEWPASSWORD ]) self.certificate_file = NAUplift_Constants.strPath + "resources/CommonCriteria/" + \ NAUplift_Constants.ISE_TRUSTED_CERT s_log.info("CERTIFICATE FILE PATH: {}".format(self.certificate_file)) # step 7: # import root certificate on ISE: # Navigate to System > Certificate Operations > Trust Certificates, # import root certificate UiLib.bindFunction(self, UiLib.trustedCertificates_setTrustedCert, [ self.certificate_file, NAUplift_Constants.FRIENDLYNAME_ISE_TRUSTED_CERT ]) retries = 3 funcs = [ self.rad_server, self.configure_radius_server_sequence, self.create_simple_library_condition, self.create_policy_set, self.config_network_device, self.identities_add_simple_user, self.trustedCertificates_setTrustedCert, ] runFunctionsInOrderV2(funcs, self, retries, record=False, killPreviousFF=False) self.app.quit() self.app.run() # Configuration of RADIUS SERVER UiLib.bindFunction(self, UiLib.login_different_ise, [ self.iseUrl_radserver, self.iseUser_radserver, self.isePassword_radserver ]) # Step 09: Add user in RADIUS SERVER UiLib.bindFunction(self, UiLib.identities_add_simple_user, [ NAUplift_Constants.ADD_USER, NAUplift_Constants.ADD_EMAIL, NAUplift_Constants.ADD_NEWPASSWORD ]) UiLib.bindFunction(self, UiLib.config_network_device, [ NAUplift_Constants.NETWORK_DEVICE_NAME, self.iseIP, NAUplift_Constants.SHARED_SECRET ]) # step 11: # import root certificate on ISE to Radius Server: # Navigate to System > Certificate Operations > Trust Certificates, import root certificate UiLib.bindFunction(self, UiLib.trustedCertificates_setTrustedCert, [ self.certificate_file, NAUplift_Constants.FRIENDLYNAME_ISE_TRUSTED_CERT ]) funcs = [ self.login_different_ise, self.identities_add_simple_user, self.config_network_device, self.trustedCertificates_setTrustedCert, ] runFunctionsInOrderV2(funcs, self, retries, record=False, killPreviousFF=False) # PEZ Authentication Flow s_log.info("---------------- PEZ AUTHENTICATION FLOW -----------") self.pezlib = Pezlib() # Copy Certificates to PEZ self.pezlib.copy_cert_pez( root_path=NAUplift_Constants.strPath, ise_trusted_cert=NAUplift_Constants.ISE_TRUSTED_CERT, client_certificate=NAUplift_Constants.ClientSystemCerts, client_key=NAUplift_Constants.ClientSystemKeys) # Run EAP-TLS Authentication self.pezlib.run_eap_tls( root_path=NAUplift_Constants.strPath, ise_trust_cert=NAUplift_Constants.ISE_TRUSTED_CERT, client_sys_cert=NAUplift_Constants.ClientSystemCerts, client_sys_key=NAUplift_Constants.ClientSystemKeys, ise_ip=self.iseIP) # Validation Steps in Radius Server UiLib.bindFunction(self, UiLib.radius_live_logs, [NAUplift_Constants.ADD_USER, None]) functs = [ self.radius_live_logs, ] runFunctionsInOrderV2(functs, self, retries, record=False, killPreviousFF=False) self.app.quit() self.app.run() # Validation in ISE UiLib.bindFunction(self, UiLib.login_different_ise, [self.iseLoginurl, self.iseUser, self.isePassword]) UiLib.bindFunction(self, UiLib.radius_live_logs, [NAUplift_Constants.ADD_USER, None]) functs = [self.login_different_ise, self.radius_live_logs] runFunctionsInOrderV2(functs, self, retries, record=False, killPreviousFF=False) self.app.quit() self.app.run() @aetest.cleanup def cleanup(self): time.sleep(5) # Validation in ISE UiLib.bindFunction(self, UiLib.login_different_ise, [self.iseLoginurl, self.iseUser, self.isePassword]) UiLib.bindFunction(self, UiLib.trustedCertificates_deleteTrustedCertificate, [NAUplift_Constants.FRIENDLYNAME_ISE_TRUSTED_CERT]) UiLib.bindFunction(self, UiLib.delete_user_identity, [NAUplift_Constants.ADD_USER]) UiLib.bindFunction(self, UiLib.delete_network_device, [NAUplift_Constants.NETWORK_DEVICE_NAME]) UiLib.bindFunction(self, UiLib.delete_policy_set, [[POLICY_SET]]) # Delete Library Conditions UiLib.bindFunction(self, UiLib.delete_multiple_library_condition, [[AUTH_COND_NAME]]) # UiLib.bindFunction(self, UiLib.delete_radius_server_sequence, [NAUplift_Constants.RADIUS_SEQUENCE_NAME]) UiLib.bindFunction(self, UiLib.delete_rad_server, [NAUplift_Constants.RADIUS_SERVER_NAME]) funcs = [ self.login_different_ise, self.trustedCertificates_deleteTrustedCertificate, self.delete_user_identity, self.delete_network_device, self.delete_policy_set, self.delete_multiple_library_condition, self.delete_radius_server_sequence, self.delete_rad_server ] retries = 3 runFunctionsInOrderV2(funcs, self, retries, record=False, killPreviousFF=False) time.sleep(5) self.app.quit() self.app.run() # Confiuration to Radius Server # LOGIN to Ise UiLib.bindFunction(self, UiLib.login_different_ise, [ self.iseUrl_radserver, self.iseUser_radserver, self.isePassword_radserver ]) UiLib.bindFunction(self, UiLib.trustedCertificates_deleteTrustedCertificate, [NAUplift_Constants.FRIENDLYNAME_ISE_TRUSTED_CERT]) UiLib.bindFunction(self, UiLib.delete_user_identity, [NAUplift_Constants.ADD_USER]) UiLib.bindFunction(self, UiLib.delete_network_device, [NAUplift_Constants.NETWORK_DEVICE_NAME]) funcs = [ self.login_different_ise, self.trustedCertificates_deleteTrustedCertificate, self.delete_user_identity, self.delete_network_device ] retries = 3 runFunctionsInOrderV2(funcs, self, retries, record=False, killPreviousFF=False) time.sleep(5) self.app.quit()
def cleanup(self): pass UiLib.bindFunction(self, UiLib.trustedCertificates_deleteTrustedCertificate, [NAUplift_Constants.FRIENDLYNAME_ISE_TRUSTED_CERT]) UiLib.bindFunction(self, UiLib.config_certificate_authprofile, [NAUplift_Constants.CER_NAME, NAUplift_Constants.CER_NAME, NAUplift_Constants.CER_DESCRIPTION, NAUplift_Constants.CER_ATTRIBUTE, '[not applicable]', NAUplift_Constants.MATCH_CLIENT_CERT_ENABLE]) UiLib.bindFunction(self, UiLib.delete_policy_set, [[POLICY_SET]]) # Delete Library Conditions UiLib.bindFunction(self, UiLib.delete_multiple_library_condition, [CONDITIONS]) UiLib.bindFunction(self, UiLib.delete_network_device, [NAUplift_Constants.NETWORK_DEVICE_NAME]) funcs = [self.trustedCertificates_deleteTrustedCertificate, self.config_certificate_authprofile, self.delete_policy_set, self.delete_multiple_library_condition, self.delete_network_device ] retries = 3 runFunctionsInOrderV2(funcs, self, retries, record=False, killPreviousFF=False) UiLib.bindFunction(self, UiLib.delete_multiple_library_condition, [AUTH_CONDITIONS]) UiLib.bindFunction(self, UiLib.deleting_ad, [NAUplift_Constants.AD_NAME]) funcs = [self.delete_multiple_library_condition, self.deleting_ad ] retries = 3 runFunctionsInOrderV2(funcs, self, retries, record=False, killPreviousFF=False)
def setup(self): s_log.info('Logging into the ISE') try: self.selenium_url = cfg.te.get_WIN_CLIENT().get_internal_selenium() s_log.info("###### SELENIUM URL ######## {} ".format( self.selenium_url)) self.iseIP = cfg.te.get_POSITRON()[0].get_ip() s_log.info("###### ISE IP ######## {} ".format(self.iseIP)) self.iseLoginurl = "https://" + self.iseIP + "/" s_log.info("###### ISE URL ######## {} ".format(self.iseLoginurl)) self.iseUser = cfg.te.get_POSITRON()[0].get_login() s_log.info("###### ISE User ######## {} ".format(self.iseUser)) self.isePassword = cfg.te.get_POSITRON()[0].get_password() s_log.info("###### ISE Password ######## {} ".format( self.isePassword)) # RAD SERVER DETAILS self.iseIP_radserver = cfg.te.get_POSITRON()[1].get_ip() s_log.info("###### Radius IP ######## {} ".format( self.iseIP_radserver)) self.iseUrl_radserver = "https://" + self.iseIP_radserver + "/" s_log.info("###### Radius URL ######## {} ".format( self.iseUrl_radserver)) self.iseUser_radserver = cfg.te.get_POSITRON()[1].get_login() s_log.info("###### Radius User ######## {} ".format(self.iseUser)) self.isePassword_radserver = cfg.te.get_POSITRON()[1].get_password( ) s_log.info("###### Radius Password ######## {} ".format( self.isePassword)) UiLib.check_app_up(cfg.te.get_POSITRON()[0].get_ip()) self.homeDir = automationDir() self.uilib = UiLib(self, seleniumUrl=self.selenium_url, iseUrl=self.iseLoginurl, logger=s_log, iseUser=self.iseUser, isePass=self.isePassword) self.app = self.uilib.login_into_ise() UiLib.bindFunction(self, UiLib.delete_network_device, [NAUplift_Constants.NETWORK_DEVICE_NAME]) UiLib.bindFunction(self, UiLib.delete_all_policy_sets, []) # Delete Library Conditions UiLib.bindFunction(self, UiLib.delete_library_conditions_with_prefix, ['Tnt']) UiLib.bindFunction(self, UiLib.delete_user_identity, [NAUplift_Constants.ADD_USER]) UiLib.bindFunction(self, UiLib.delete_radius_server_sequence, [NAUplift_Constants.RADIUS_SEQUENCE_NAME]) UiLib.bindFunction(self, UiLib.delete_rad_server, [NAUplift_Constants.RADIUS_SERVER_NAME]) UiLib.bindFunction(self, UiLib.remove_all_identity_source_from_sequence, ['All_User_ID_Stores', 'default']) UiLib.bindFunction( self, UiLib.trustedCertificates_deleteTrustedCertificate, [NAUplift_Constants.FRIENDLYNAME_ISE_TRUSTED_CERT]) funcs = [ self.delete_network_device, self.delete_all_policy_sets, self.delete_library_conditions_with_prefix, self.delete_user_identity, self.delete_radius_server_sequence, self.delete_rad_server, self.remove_all_identity_source_from_sequence, self.trustedCertificates_deleteTrustedCertificate ] retries = 3 runFunctionsInOrderV2(funcs, self, retries, record=False, killPreviousFF=False) time.sleep(5) self.app.quit() self.app.run() UiLib.bindFunction(self, UiLib.login_different_ise, [ self.iseUrl_radserver, self.iseUser_radserver, self.isePassword_radserver ]) UiLib.bindFunction(self, UiLib.delete_all_policy_sets, []) UiLib.bindFunction(self, UiLib.delete_library_conditions_with_prefix, ['Tnt']) UiLib.bindFunction(self, UiLib.delete_user_identity, [NAUplift_Constants.ADD_USER]) UiLib.bindFunction(self, UiLib.delete_network_device, [NAUplift_Constants.NETWORK_DEVICE_NAME]) UiLib.bindFunction( self, UiLib.trustedCertificates_deleteTrustedCertificate, [NAUplift_Constants.FRIENDLYNAME_ISE_TRUSTED_CERT]) funcs = [ self.login_different_ise, self.delete_all_policy_sets, self.delete_library_conditions_with_prefix, self.delete_user_identity, self.delete_network_device, self.trustedCertificates_deleteTrustedCertificate ] retries = 3 runFunctionsInOrderV2(funcs, self, retries, record=False, killPreviousFF=False) time.sleep(5) self.app.quit() self.app.run() self.app = self.uilib.login_into_ise() except Exception as E: s_log.error("Failed to Login to ISE - {}".format(E)) assert False
def Tnt5205712c(self): AD_DOMAIN_NAME = "demo.local" #cfg.suite.get_AD()[0].get_hostname() AD_ADMIN_USERNAME = cfg.suite.get_AD()[0].get_login() AD_ADMIN_PASSWORD = cfg.suite.get_AD()[0].get_password() attribute_check_map = {'sAMAccountName': NAUplift_Constants.ADD_USER, 'userPrincipalName': NAUplift_Constants.ADD_USER + '@' + AD_DOMAIN_NAME} AD_USERNAME = '******' AD_USER_PASSWORD = '******' AD_USER_ATTRS = '-samid testsuite1 -upn [email protected] -memberof "cn=Administrators,cn=Builtin,dc=demo,dc=local"' AD2016.add_user_with_attr(userToAdd=AD_USERNAME, userPwd=AD_USER_PASSWORD, domain=AD_DOMAIN_NAME, attributeDetails=AD_USER_ATTRS) cert_path= NAUplift_Constants.strPath + "tests/suites/network_access/uplift_test/test_data/eap_tls_cert/" + \ NAUplift_Constants.ISE_TRUSTED_CERT cert=NAUplift_Constants.ClientSystemCerts AD2016.add_cert_to_user(certname=NAUplift_Constants.ClientSystemCerts, certpath=cert_path, user=AD_USERNAME, certificatePath="C:\\Users\\Administrator\\{}".format(cert)) UiLib.bindFunction(self, UiLib.securitySetting_setCheckbox, ['SHA1', True]) UiLib.bindFunction(self, UiLib.create_active_directory_with_any_mode, [NAUplift_Constants.AD_NAME, AD_DOMAIN_NAME, AD_ADMIN_USERNAME, AD_ADMIN_PASSWORD, False, None, None, AD_ATTRIBUTES, NAUplift_Constants.ADD_USER # NAUplift_Constants.AD_SHORT_USER ]) self.certificate_file = NAUplift_Constants.strPath + "resources/CommonCriteria/" + \ NAUplift_Constants.ISE_TRUSTED_CERT s_log.info("CERTIFICATE FILE PATH: {}".format(self.certificate_file)) UiLib.bindFunction(self, UiLib.trustedCertificates_setTrustedCert, [self.certificate_file, NAUplift_Constants.FRIENDLYNAME_ISE_TRUSTED_CERT]) UiLib.bindFunction(self, UiLib.config_network_device, [NAUplift_Constants.NETWORK_DEVICE_NAME, self.nad_ip, NAUplift_Constants.SHARED_SECRET]) funcs = [self.securitySetting_setCheckbox, self.create_active_directory_with_any_mode, self.trustedCertificates_setTrustedCert, self.config_network_device, ] retries = 3 runFunctionsInOrderV2(funcs, self, retries,recordingDir=NAS_FOLDER) UiLib.bindFunction(self, UiLib.create_simple_library_condition, [CONDITIONS[0], 'Network Access', 'Protocol', 'EQUALS', 'RADIUS']) UiLib.bindFunction(self, UiLib.create_policy_set, [POLICY_SET, CONDITIONS[0], POLICY_SET_PROTOCOL]) funcs = [self.create_simple_library_condition, self.create_policy_set ] retries = 3 runFunctionsInOrderV2(funcs, self, retries, record=False, killPreviousFF=False) UiLib.bindFunction(self, UiLib.create_library_condition, [NAUplift_Constants.AD_NAME, AD_ATTRIBUTES, ATTRIBUTE_VALUE, AUTH_CONDITIONS, CONDITIONS[1]]) # Configuring the policy in authorization policy UiLib.bindFunction(self, UiLib.create_authorization_rule_for_simple_condition, [POLICY_SET,AUTHORIZATION_RULE_NAME, CONDITIONS[1], AUTHORIZATION_POLICY_PROFILE, SECURITY_GROUP]) UiLib.bindFunction(self, UiLib.config_certificate_authprofile, [NAUplift_Constants.CER_NAME, NAUplift_Constants.CER_NAME, NAUplift_Constants.CER_DESCRIPTION, NAUplift_Constants.CER_ATTRIBUTE, NAUplift_Constants.AD_NAME, NAUplift_Constants.MATCH_CLIENT_CERT_ENABLE]) funcs = [self.create_library_condition, self.create_authorization_rule_for_simple_condition, self.config_certificate_authprofile ] retries = 3 runFunctionsInOrderV2(funcs, self, retries, record=False, killPreviousFF=False) # PEZ Authentication Flow s_log.info("---------------- PEZ AUTHENTICATION FLOW -----------") self.pezlib = Pezlib() # Copy Certificates to PEZ self.pezlib.copy_cert_pez(root_path=NAUplift_Constants.strPath, ise_trusted_cert=NAUplift_Constants.ISE_TRUSTED_CERT, client_certificate=NAUplift_Constants.ClientSystemCerts, client_key=NAUplift_Constants.ClientSystemKeys) # # Run EAP-TLS Authentication self.pezlib.run_eap_tls(root_path=NAUplift_Constants.strPath, ise_trust_cert=NAUplift_Constants.ISE_TRUSTED_CERT, client_sys_cert=NAUplift_Constants.ClientSystemCerts, client_sys_key=NAUplift_Constants.ClientSystemKeys, internal_user=NAUplift_Constants.ADD_USER, ise_ip=self.iseIP) # self.app.run() # self.app = self.uilib.login_into_ise() # Add Validation Steps UiLib.bindFunction(self, UiLib.compare_attributes_from_live_logs, [attribute_check_map]) retries = 3 functs = [self.compare_attributes_from_live_logs] runFunctionsInOrderV2(functs, self, retries, record=False, killPreviousFF=False)
def Tnt5212445c(self): # Step 1: # - Configure Radius Server UiLib.bindFunction(self, UiLib.rad_server, [ NAUplift_Constants.RADIUS_SERVER_NAME, self.iseIP_radserver, NAUplift_Constants.SHARED_SECRET ]) # Step 2: # - Configure Radius Server Sequence UiLib.bindFunction(self, UiLib.configure_radius_server_sequence, [ NAUplift_Constants.RADIUS_SEQUENCE_NAME, [NAUplift_Constants.RADIUS_SERVER_NAME] ]) # # Step 3: # # - Configure Authentication Proxy - Forward all # UiLib.bindFunction(self, UiLib.edit_default_policy_set, # [NAUplift_Constants.RADIUS_SEQUENCE_NAME]) UiLib.bindFunction( self, UiLib.create_simple_library_condition, [AUTH_COND_NAME, 'Network Access', 'Protocol', 'EQUALS', 'RADIUS']) # Step 6: # create new policy set UiLib.bindFunction(self, UiLib.create_policy_set, [ POLICY_SET, AUTH_COND_NAME, NAUplift_Constants.RADIUS_SEQUENCE_NAME ]) nad_ip = cfg.te.get_PEZ().get_ip() UiLib.bindFunction(self, UiLib.config_network_device, [ NAUplift_Constants.NETWORK_DEVICE_NAME, nad_ip, NAUplift_Constants.SHARED_SECRET ]) # Step 4 # Add Internal User UiLib.bindFunction(self, UiLib.identities_add_simple_user, [ NAUplift_Constants.ADD_USER, NAUplift_Constants.ADD_EMAIL, NAUplift_Constants.ADD_NEWPASSWORD ]) self.certificate_file = NAUplift_Constants.strPath + "resources/CommonCriteria/" + \ NAUplift_Constants.ISE_TRUSTED_CERT s_log.info("CERTIFICATE FILE PATH: {}".format(self.certificate_file)) # step 7: # import root certificate on ISE: # Navigate to System > Certificate Operations > Trust Certificates, # import root certificate UiLib.bindFunction(self, UiLib.trustedCertificates_setTrustedCert, [ self.certificate_file, NAUplift_Constants.FRIENDLYNAME_ISE_TRUSTED_CERT ]) retries = 3 funcs = [ self.rad_server, self.configure_radius_server_sequence, self.create_simple_library_condition, self.create_policy_set, self.config_network_device, self.identities_add_simple_user, self.trustedCertificates_setTrustedCert, ] runFunctionsInOrderV2(funcs, self, retries, record=False, killPreviousFF=False) self.app.quit() self.app.run() # Configuration of RADIUS SERVER UiLib.bindFunction(self, UiLib.login_different_ise, [ self.iseUrl_radserver, self.iseUser_radserver, self.isePassword_radserver ]) # Step 09: Add user in RADIUS SERVER UiLib.bindFunction(self, UiLib.identities_add_simple_user, [ NAUplift_Constants.ADD_USER, NAUplift_Constants.ADD_EMAIL, NAUplift_Constants.ADD_NEWPASSWORD ]) UiLib.bindFunction(self, UiLib.config_network_device, [ NAUplift_Constants.NETWORK_DEVICE_NAME, self.iseIP, NAUplift_Constants.SHARED_SECRET ]) # step 11: # import root certificate on ISE to Radius Server: # Navigate to System > Certificate Operations > Trust Certificates, import root certificate UiLib.bindFunction(self, UiLib.trustedCertificates_setTrustedCert, [ self.certificate_file, NAUplift_Constants.FRIENDLYNAME_ISE_TRUSTED_CERT ]) funcs = [ self.login_different_ise, self.identities_add_simple_user, self.config_network_device, self.trustedCertificates_setTrustedCert, ] runFunctionsInOrderV2(funcs, self, retries, record=False, killPreviousFF=False) # PEZ Authentication Flow s_log.info("---------------- PEZ AUTHENTICATION FLOW -----------") self.pezlib = Pezlib() # Copy Certificates to PEZ self.pezlib.copy_cert_pez( root_path=NAUplift_Constants.strPath, ise_trusted_cert=NAUplift_Constants.ISE_TRUSTED_CERT, client_certificate=NAUplift_Constants.ClientSystemCerts, client_key=NAUplift_Constants.ClientSystemKeys) # Run EAP-TLS Authentication self.pezlib.run_eap_tls( root_path=NAUplift_Constants.strPath, ise_trust_cert=NAUplift_Constants.ISE_TRUSTED_CERT, client_sys_cert=NAUplift_Constants.ClientSystemCerts, client_sys_key=NAUplift_Constants.ClientSystemKeys, ise_ip=self.iseIP) # Validation Steps in Radius Server UiLib.bindFunction(self, UiLib.radius_live_logs, [NAUplift_Constants.ADD_USER, None]) functs = [ self.radius_live_logs, ] runFunctionsInOrderV2(functs, self, retries, record=False, killPreviousFF=False) self.app.quit() self.app.run() # Validation in ISE UiLib.bindFunction(self, UiLib.login_different_ise, [self.iseLoginurl, self.iseUser, self.isePassword]) UiLib.bindFunction(self, UiLib.radius_live_logs, [NAUplift_Constants.ADD_USER, None]) functs = [self.login_different_ise, self.radius_live_logs] runFunctionsInOrderV2(functs, self, retries, record=False, killPreviousFF=False) self.app.quit() self.app.run()