def Tnt5048980c(self):
UiLib.bindFunction(self, UiLib.identities_add_simple_user, [
NAUplift_Constants.ADD_USER, NAUplift_Constants.ADD_EMAIL,
NAUplift_Constants.ADD_PASSWORD
])
functs = [self.identities_add_simple_user]
runFunctionsInOrderV2(functs,
self,
RETRIES,
resumeLastSession=True,
killFFWhenFinished=True,
record=record_option)
# PEZ Authentication Flow
s_log.info("---------------- PEZ AUTHENTICATION FLOW -----------")
self.pezlib = Pezlib()
self.pezlib.run_and_verify_pezcmd('/tmp/' + 'UTF8USER_peapms.py',
tls_config=False,
negative_test=False)
# Add Validation Steps
UiLib.bindFunction(self, UiLib.radius_live_logs,
[NAUplift_Constants.ADD_UTF8USER, None])
functs = [self.radius_live_logs]
runFunctionsInOrderV2(functs,
self,
RETRIES,
resumeLastSession=True,
killFFWhenFinished=True,
record=record_option)
def Tnt5211328c(self):
UiLib.bindFunction(self, UiLib.Enable_Peap_Eap_Mschap, [])
functs = [self.Enable_Peap_Eap_Mschap]
runFunctionsInOrderV2(functs,
self,
RETRIES,
resumeLastSession=True,
killFFWhenFinished=True,
record=record_option)
# PEZ Authentication Flow
s_log.info("---------------- PEZ AUTHENTICATION FLOW -----------")
self.pezlib = Pezlib()
self.pezlib.run_and_verify_pezcmd('/tmp/' + 'SIMPLE_USER_peapms.py',
tls_config=False,
negative_test=False)
# Add Validation Steps
UiLib.bindFunction(
self, UiLib.radius_live_logs,
[NAUplift_Constants.AD_SIMPLE_USER + '@' + AD_DOMAIN_NAME, None])
functs = [self.radius_live_logs]
runFunctionsInOrderV2(functs,
self,
RETRIES,
killFFWhenFinished=True,
record=record_option)
def Tnt5281274c(self):
# pez_utils.start_pez_docker_image(docker_image="dockerhub.cisco.com/isepy-release-docker/pez-executer",
# docker_image_version="v4")
UiLib.bindFunction(
self, UiLib.networkDevices_create_with_range_and_two_secret, [
NAUplift_Constants.NETWORK_DEVICE_NAME, self.nad_ip,
NAUplift_Constants.SHARED_SECRET, 'asci', '32'
])
functs = [self.networkDevices_create_with_range_and_two_secret]
runFunctionsInOrderV2(functs,
self,
RETRIES,
resumeLastSession=True,
killFFWhenFinished=True,
record=record_option)
# PEZ Authentication Flow
s_log.info("---------------- PEZ AUTHENTICATION FLOW -----------")
self.pezlib = Pezlib()
self.pezlib.run_and_verify_pezcmd('/tmp/' + 'USER_peapms.py',
tls_config=False,
negative_test=False)
# Add Validation Steps
UiLib.bindFunction(self, UiLib.radius_live_logs,
[NAUplift_Constants.ADD_USER, None])
functs = [self.radius_live_logs]
runFunctionsInOrderV2(functs,
self,
RETRIES,
killFFWhenFinished=True,
record=record_option)
def Tnt5213050c(self):
UiLib.bindFunction(self, UiLib.edit_identity_source_in_default_policy,
["Internal Users", POLICY_SET])
funcs = [self.edit_identity_source_in_default_policy]
runFunctionsInOrderV2(funcs,
self,
RETRIES,
resumeLastSession=True,
killFFWhenFinished=True,
record=record_option)
# PEZ Authentication Flow
s_log.info("---------------- PEZ AUTHENTICATION FLOW -----------")
self.pezlib = Pezlib()
## Run EAP-TLS Authentication
self.pezlib.run_and_verify_pezcmd('/tmp/' + 'USER_peap.py',
tls_config=False,
negative_test=False)
# Add Validation Steps
UiLib.bindFunction(self, UiLib.radius_live_logs,
[NAUplift_Constants.ADD_USER, None])
functs = [self.radius_live_logs]
runFunctionsInOrderV2(functs,
self,
RETRIES,
resumeLastSession=True,
killFFWhenFinished=True,
record=record_option)
def setup(self):
self.nad_ip = cfg.te.get_PEZ().get_ip()
UiLib.check_app_up(cfg.te.get_POSITRON()[0].get_ip())
self.selenium_url = cfg.te.get_WIN_CLIENT().get_internal_selenium()
s_log.info("###### SELENIUM URL ######## {} ".format(
self.selenium_url))
self.iseIP = cfg.te.get_POSITRON()[0].get_ip()
s_log.info("###### ISE IP ######## {} ".format(self.iseIP))
self.iseUrl = "https://" + self.iseIP + "/"
s_log.info("###### ISE URL ######## {} ".format(self.iseUrl))
self.iseUser = cfg.te.get_POSITRON()[0].get_login()
s_log.info("###### ISE User ######## {} ".format(self.iseUser))
self.isePassword = cfg.te.get_POSITRON()[0].get_password()
s_log.info("###### ISE Password ######## {} ".format(self.isePassword))
self.homeDir = automationDir()
# Preconfigure Settings
UiLib.bindFunction(self, UiLib.delete_all_policy_sets, [])
UiLib.bindFunction(self, UiLib.delete_library_conditions_with_prefix,
['Tnt'])
UiLib.bindFunction(self,
UiLib.remove_all_identity_source_from_sequence,
['All_User_ID_Stores', 'default'])
UiLib.bindFunction(self, UiLib.config_certificate_authprofile, [
NAUplift_Constants.CER_NAME, NAUplift_Constants.CER_NAME,
NAUplift_Constants.CER_DESCRIPTION,
NAUplift_Constants.CER_ATTRIBUTE, '[not applicable]',
NAUplift_Constants.MATCH_CLIENT_CERT_ENABLE
])
UiLib.bindFunction(self,
UiLib.trustedCertificates_deleteTrustedCertificate,
[NAUplift_Constants.FRIENDLYNAME_ISE_TRUSTED_CERT])
#
funcs = [
self.delete_all_policy_sets,
self.delete_library_conditions_with_prefix,
self.remove_all_identity_source_from_sequence,
self.config_certificate_authprofile,
self.trustedCertificates_deleteTrustedCertificate
]
retries = 3
runFunctionsInOrderV2(funcs, self, retries, recordingDir=NAS_FOLDER)
def Tnt5212069c(self):
# PEZ Authentication Flow
s_log.info("---------------- PEZ AUTHENTICATION FLOW -----------")
self.pezlib = Pezlib()
# Run PEAP-GTC Authentication
self.pezlib.run_and_verify_pezcmd('/tmp/' + 'UTF_USER_peap.py',
tls_config=False,
negative_test=False)
# Add Validation Steps
UiLib.bindFunction(self, UiLib.radius_live_logs,
[NAUplift_Constants.AD_UTF_USER, AD_DOMAIN_NAME])
functs = [self.radius_live_logs]
runFunctionsInOrderV2(functs,
self,
RETRIES,
killFFWhenFinished=True,
record=record_option)
def Tnt5753124c(self):
# pez_utils.start_pez_docker_image(docker_image="dockerhub.cisco.com/isepy-release-docker/pez-executer",
# docker_image_version="v4")
UiLib.bindFunction(self, UiLib.config_network_device, [
NAUplift_Constants.NETWORK_DEVICE_NAME, self.nad_ip,
NAUplift_Constants.SHARED_SECRET
])
UiLib.bindFunction(self, UiLib.edit_identity_source_in_default_policy,
[NAUplift_Constants.AD_NAME, POLICY_SET])
UiLib.bindFunction(
self, UiLib.create_authorization_rule_for_simple_condition, [
POLICY_SET, AUTHZ_POLICY_NAME[1], AUTH_COND_NAME[1],
AUTH_PROFILE, None
])
functs = [
self.config_network_device,
self.edit_identity_source_in_default_policy,
self.create_authorization_rule_for_simple_condition
]
runFunctionsInOrderV2(
functs,
self,
RETRIES,
resumeLastSession=True,
killFFWhenFinished=True,
#record=record_option
record=True)
# PEZ Authentication Flow
s_log.info("---------------- PEZ AUTHENTICATION FLOW -----------")
self.pezlib = Pezlib()
# Run PEAP-GTC Authentication
self.pezlib.run_and_verify_pezcmd('/tmp/' + 'SIMPLE_USER_peap.py',
tls_config=False,
negative_test=False)
# Add Validation Steps
UiLib.bindFunction(
self, UiLib.radius_live_logs,
[NAUplift_Constants.AD_SIMPLE_USER + '@' + AD_DOMAIN_NAME, None])
functs = [self.radius_live_logs]
runFunctionsInOrderV2(functs,
self,
RETRIES,
resumeLastSession=True,
killFFWhenFinished=True,
record=record_option,
recordingDir=NAS_FOLDER)
def Tnt5048856c(self):
# # PEZ Authentication Flow
s_log.info("---------------- PEZ AUTHENTICATION FLOW -----------")
self.pezlib = Pezlib()
# Run Peap EAP MSCHAPV2 Authentication
self.pezlib.run_and_verify_pezcmd('/tmp/' +
'user_nxtlgn_pwdcng_peapms.py',
tls_config=False,
negative_test=False)
# Add Validation Steps
UiLib.bindFunction(self, UiLib.radius_live_logs,
["user_nxtlgn_pwdchng", None])
functs = [self.radius_live_logs]
runFunctionsInOrderV2(functs,
self,
RETRIES,
resumeLastSession=True,
killFFWhenFinished=True,
record=record_option)
def Tnt5121851c(self):
# step2:
# Enable domain in the Authentication domain
UiLib.bindFunction(self, UiLib.domain_authentication_enable, [
NAUplift_Constants.AD_SCOPE1, NAUplift_Constants.AD_NAME,
AD_DOMAIN_NAME
])
funcs = [self.domain_authentication_enable]
runFunctionsInOrderV2(funcs,
self,
RETRIES,
resumeLastSession=True,
killFFWhenFinished=True,
record=record_option)
# PEZ Authentication Flow
s_log.info("---------------- PEZ AUTHENTICATION FLOW -----------")
self.pezlib = Pezlib()
# Run EAP-TLS Authentication
self.pezlib.run_and_verify_pezcmd('/tmp/' + 'SIMPLE_USER_peap.py',
tls_config=False,
negative_test=False)
# Add Validation Steps
UiLib.bindFunction(
self, UiLib.radius_live_logs,
[NAUplift_Constants.AD_SIMPLE_USER + "@" + AD_DOMAIN_NAME, None])
functs = [self.radius_live_logs]
runFunctionsInOrderV2(functs,
self,
RETRIES,
resumeLastSession=True,
killFFWhenFinished=True,
record=record_option)
def Tnt5988327c(self):
UiLib.bindFunction(self, UiLib.delete_user_identity,
[NAUplift_Constants.ADD_USER])
# create new identity source sequence
UiLib.bindFunction(self, UiLib.create_identity_source_sequence, [
IDENTITY_SEQUENCE_NAME,
["Internal Users", NAUplift_Constants.AD_NAME]
])
UiLib.bindFunction(
self, UiLib.create_authentication_rule_for_simple_condition, [
POLICY_SET, AUTHENTICATION_POLICY, AUTH_COND_NAME[2],
IDENTITY_SEQUENCE_NAME
])
functs = [
self.delete_user_identity, self.create_identity_source_sequence,
self.create_authentication_rule_for_simple_condition
]
runFunctionsInOrderV2(functs,
self,
RETRIES,
resumeLastSession=True,
killFFWhenFinished=True,
record=record_option)
# PEZ Authentication Flow
s_log.info("---------------- PEZ AUTHENTICATION FLOW -----------")
self.pezlib = Pezlib()
self.pezlib.run_and_verify_pezcmd('/tmp/' + 'USER_peapms.py',
tls_config=False,
negative_test=False)
# Add Validation Steps
UiLib.bindFunction(self, UiLib.radius_live_logs,
[NAUplift_Constants.ADD_USER, None])
functs = [self.radius_live_logs]
runFunctionsInOrderV2(functs,
self,
RETRIES,
killFFWhenFinished=True,
record=record_option)
def Tnt5212325c(self):
# pez_utils.start_pez_docker_image(docker_image="dockerhub.cisco.com/isepy-release-docker/pez-executer",
# docker_image_version="v4")
# PEZ Authentication Flow
s_log.info("---------------- PEZ AUTHENTICATION FLOW -----------")
self.pezlib = Pezlib()
# Run EAP-TLS Authentication
self.pezlib.run_and_verify_pezcmd('/tmp/' + 'SIMPLE_USER_peap.py',
tls_config=False,
negative_test=False)
# Add Validation Steps
UiLib.bindFunction(
self, UiLib.radius_live_logs,
[NAUplift_Constants.AD_SIMPLE_USER + "@" + AD_DOMAIN_NAME, None])
functs = [self.radius_live_logs]
runFunctionsInOrderV2(functs,
self,
RETRIES,
resumeLastSession=True,
killFFWhenFinished=True,
record=record_option)
def setup(self):
s_log.info('Logging into the ISE')
self.selenium_url = cfg.te.get_WIN_CLIENT().get_internal_selenium()
s_log.info("###### SELENIUM URL ######## {} ".format(
self.selenium_url))
self.iseIP = cfg.te.get_POSITRON()[0].get_ip()
s_log.info("###### ISE IP ######## {} ".format(self.iseIP))
self.iseUrl = "https://" + self.iseIP + "/"
s_log.info("###### ISE URL ######## {} ".format(self.iseUrl))
self.iseUser = cfg.te.get_POSITRON()[0].get_login()
s_log.info("###### ISE User ######## {} ".format(self.iseUser))
self.isePassword = cfg.te.get_POSITRON()[0].get_password()
s_log.info("###### ISE Password ######## {} ".format(self.isePassword))
UiLib.check_app_up(self.iseIP)
self.nad_ip = cfg.te.get_PEZ().get_ip()
self.homeDir = automationDir()
# Preconfigure Settings
UiLib.bindFunction(self, UiLib.delete_all_policy_sets, [])
UiLib.bindFunction(self, UiLib.delete_library_conditions_with_prefix,
['Tnt'])
UiLib.bindFunction(self,
UiLib.remove_all_identity_source_from_sequence,
['All_User_ID_Stores', 'default'])
#
funcs = [
self.delete_all_policy_sets,
self.delete_library_conditions_with_prefix,
self.remove_all_identity_source_from_sequence
]
retries = 3
runFunctionsInOrderV2(funcs, self, retries, recordingDir=NAS_FOLDER)
def Tnt5994926c(self):
UiLib.bindFunction(self, UiLib.Disable_Weak_Ciphers, [])
# Setup for FIPS mode, removing the default protocols
UiLib.bindFunction(self, UiLib.edit_default_allowed_protocols,
[NAUplift_Constants.DEFAULT_POLICY_SET, False])
# Setup the allowed protocols for FIPS mode.
# Enable FIPS mode under Administration->Settings
UiLib.bindFunction(self, UiLib.fips_mode_enabling_and_disabling,
["Enabled"])
funcs = [
self.Disable_Weak_Ciphers, self.edit_default_allowed_protocols,
self.fips_mode_enabling_and_disabling
]
runFunctionsInOrderV2(funcs,
self,
RETRIES,
record=record_option,
killFFWhenFinished=True)
time.sleep(100)
s_log.info("Waited first 100 seconds")
time.sleep(100)
s_log.info("Waited second 100 seconds")
time.sleep(100)
s_log.info("Waited third 100 seconds")
time.sleep(100)
s_log.info("Waited fourth 100 seconds")
time.sleep(100)
s_log.info("Waited fifth 100 seconds")
time.sleep(100)
s_log.info("Waited sixth 100 seconds")
time.sleep(100)
s_log.info("Waited seventh 100 seconds")
time.sleep(100)
s_log.info("Waited eighth 100 seconds")
time.sleep(100)
s_log.info("Waited ninth 100 seconds")
time.sleep(100)
s_log.info("Waited tenth 100 seconds")
time.sleep(100)
s_log.info("Waited eleventh 100 seconds")
# Creating New Protocol
UiLib.bindFunction(self, UiLib.new_allowed_protocol,
["Peap_allowed_protocol"])
UiLib.bindFunction(self, UiLib.edit_default_policy_set,
["Peap_allowed_protocol", POLICY_SET])
funcs = [self.new_allowed_protocol, self.edit_default_policy_set]
runFunctionsInOrderV2(funcs,
self,
RETRIES,
record=record_option,
killFFWhenFinished=True)
# PEZ Authentication Flow
s_log.info("---------------- PEZ AUTHENTICATION FLOW -----------")
self.pezlib = Pezlib()
self.pezlib.run_and_verify_pezcmd('/tmp/' + 'USER_peapms.py',
tls_config=False,
negative_test=False)
# Add Validation Steps
UiLib.bindFunction(self, UiLib.radius_live_logs,
[NAUplift_Constants.ADD_USER, None])
functs = [self.radius_live_logs]
runFunctionsInOrderV2(functs,
self,
RETRIES,
killFFWhenFinished=True,
record=record_option)
def cleanup(self):
time.sleep(5)
# Validation in ISE
UiLib.bindFunction(self, UiLib.login_different_ise,
[self.iseLoginurl, self.iseUser, self.isePassword])
UiLib.bindFunction(self,
UiLib.trustedCertificates_deleteTrustedCertificate,
[NAUplift_Constants.FRIENDLYNAME_ISE_TRUSTED_CERT])
UiLib.bindFunction(self, UiLib.delete_user_identity,
[NAUplift_Constants.ADD_USER])
UiLib.bindFunction(self, UiLib.delete_network_device,
[NAUplift_Constants.NETWORK_DEVICE_NAME])
UiLib.bindFunction(self, UiLib.delete_policy_set, [[POLICY_SET]])
# Delete Library Conditions
UiLib.bindFunction(self, UiLib.delete_multiple_library_condition,
[[AUTH_COND_NAME]])
#
UiLib.bindFunction(self, UiLib.delete_radius_server_sequence,
[NAUplift_Constants.RADIUS_SEQUENCE_NAME])
UiLib.bindFunction(self, UiLib.delete_rad_server,
[NAUplift_Constants.RADIUS_SERVER_NAME])
funcs = [
self.login_different_ise,
self.trustedCertificates_deleteTrustedCertificate,
self.delete_user_identity, self.delete_network_device,
self.delete_policy_set, self.delete_multiple_library_condition,
self.delete_radius_server_sequence, self.delete_rad_server
]
retries = 3
runFunctionsInOrderV2(funcs,
self,
retries,
record=False,
killPreviousFF=False)
time.sleep(5)
self.app.quit()
self.app.run()
# Confiuration to Radius Server
# LOGIN to Ise
UiLib.bindFunction(self, UiLib.login_different_ise, [
self.iseUrl_radserver, self.iseUser_radserver,
self.isePassword_radserver
])
UiLib.bindFunction(self,
UiLib.trustedCertificates_deleteTrustedCertificate,
[NAUplift_Constants.FRIENDLYNAME_ISE_TRUSTED_CERT])
UiLib.bindFunction(self, UiLib.delete_user_identity,
[NAUplift_Constants.ADD_USER])
UiLib.bindFunction(self, UiLib.delete_network_device,
[NAUplift_Constants.NETWORK_DEVICE_NAME])
funcs = [
self.login_different_ise,
self.trustedCertificates_deleteTrustedCertificate,
self.delete_user_identity, self.delete_network_device
]
retries = 3
runFunctionsInOrderV2(funcs,
self,
retries,
record=False,
killPreviousFF=False)
time.sleep(5)
self.app.quit()
def cleanup(self):
# Deleting PolicySet
# Deleting Policy
UiLib.bindFunction(self, UiLib.delete_policy_set, [[POLICY_SET]])
# Delete Library Conditions
UiLib.bindFunction(self, UiLib.delete_multiple_library_condition,
[[POLICY_SET_COND_NAME, AUTHZ_COND_NAME]])
# removing ad in the identity sequence stores
UiLib.bindFunction(self, UiLib.removing_id_source,
[NAUplift_Constants.AD_NAME])
# Deleting AD
UiLib.bindFunction(
self, UiLib.delete_ad_in_scope,
[NAUplift_Constants.AD_SCOPE1, NAUplift_Constants.AD_NAME])
# Delete Scope
UiLib.bindFunction(self, UiLib.delete_scope,
[NAUplift_Constants.AD_SCOPE1])
# Exit from Scope
UiLib.bindFunction(self, UiLib.exit_scope_mode, [])
#
funcs = [
self.delete_policy_set, self.delete_multiple_library_condition,
self.removing_id_source, self.delete_ad_in_scope,
self.delete_scope, self.exit_scope_mode
]
runFunctionsInOrderV2(funcs,
self,
retries,
recordingDir=NAS_FOLDER,
killFFWhenFinished=True)
def set_peap_eap_tests_common_settting(obj):
AD_USERNAME = '******'
AD_USER_PASSWORD = '******'
AD_USER_ATTRS = '-upn [email protected] -memberof "cn=Administrators,cn=Builtin,dc=demo,dc=local"'
ad2016.add_user_with_attr(userToAdd=AD_USERNAME,
userPwd=AD_USER_PASSWORD,
domain=AD_DOMAIN_NAME,
attributeDetails=AD_USER_ATTRS)
AD_SPL_ATR = '-memberof "cn=Administrators,cn=Builtin,dc=demo,dc=local" -mustchpwd yes'
ad2016.add_user_with_attr(userToAdd=NAUplift_Constants.AD_VAR_LEN_USER,
userPwd=NAUplift_Constants.AD_VAR_LEN_PWD,
domain=AD_DOMAIN_NAME,
attributeDetails=AD_SPL_ATR)
ad2016.add_utf_user(
userToAdd=NAUplift_Constants.AD_UTF_USER,
userPassword=NAUplift_Constants.AD_USER_PASSWORD,
domain=AD_DOMAIN_NAME,
attributeDetails=
'-memberof "cn=Administrators,cn=Builtin,dc=demo,dc=local"')
UiLib.bindFunction(obj, UiLib.securitySetting_setCheckbox, ['SHA1', True])
# ---Active Directory:
# Connect\join to AD server:
# Navigate to Administration > Identity Management > External Identity Sources > AD
# Enter the AD Name and Identity Store Name, and click Join.
# Enter the credentials of the AD account that can add and make changes to computer objects, and click Save Configuration.
#Retrieve groups and attributes
UiLib.bindFunction(obj, UiLib.create_active_directory_with_any_mode, [
NAUplift_Constants.AD_NAME, AD_DOMAIN_NAME, AD_ADMIN_USERNAME,
AD_ADMIN_PASSWORD, True, NAUplift_Constants.AD_SCOPE1, SELECT_GROUP_AD,
AD_ATTRIBUTES, NAUplift_Constants.ADD_USER
])
UiLib.bindFunction(obj, UiLib.identities_add_simple_user, [
NAUplift_Constants.ADD_USER_SPECIAL, NAUplift_Constants.ADD_EMAIL,
NAUplift_Constants.ADD_PASSWORD
])
UiLib.bindFunction(obj, UiLib.disable_lower_upper_in_pswdpolicy, [])
# Configure an Internal User "UTF8-user-name" where the username is in UTF-8 characters
UiLib.bindFunction(obj, UiLib.identities_add_simple_user, [
NAUplift_Constants.ADD_UTF8USER, NAUplift_Constants.ADD_EMAIL,
NAUplift_Constants.ADD_PASSWORD
])
UiLib.bindFunction(obj, UiLib.enable_inner_checkbox_password_policy, [])
# Step3: enable Peap GTC in allowed protocols
UiLib.bindFunction(obj, UiLib.enable_peap_gtc_in_allowed_protocol, [])
UiLib.bindFunction(obj, UiLib.config_network_device, [
NAUplift_Constants.NETWORK_DEVICE_NAME, obj.nad_ip,
NAUplift_Constants.SHARED_SECRET
])
funcs = [
obj.securitySetting_setCheckbox,
obj.create_active_directory_with_any_mode,
obj.identities_add_simple_user, obj.disable_lower_upper_in_pswdpolicy,
obj.identities_add_simple_user,
obj.enable_inner_checkbox_password_policy,
obj.enable_peap_gtc_in_allowed_protocol, obj.config_network_device
]
runFunctionsInOrderV2(funcs,
obj,
RETRIES,
resumeLastSession=True,
killFFWhenFinished=True,
record=record_option)
internal_user = [NAUplift_Constants.ADD_USER, "user_nxtlgn_pwdchng"]
for index in range(len(internal_user)):
# enable "change password" next logging.
UiLib.bindFunction(
obj, UiLib.create_user_with_passwdchange_in_next_login, [
internal_user[index], NAUplift_Constants.ADD_EMAIL,
NAUplift_Constants.ADD_PASSWORD, True
])
funcs = [obj.create_user_with_passwdchange_in_next_login]
runFunctionsInOrderV2(funcs,
obj,
RETRIES,
resumeLastSession=True,
killFFWhenFinished=True,
record=record_option)
for index in range(len(AUTH_COND_NAME)):
UiLib.bindFunction(obj, UiLib.create_simple_library_condition, [
AUTH_COND_NAME[index], DICT_NAME[index], ATTRIBUTE[index],
'EQUALS', ATTRIBUTE_VALUE[index]
])
funcs = [obj.create_simple_library_condition]
runFunctionsInOrderV2(funcs,
obj,
RETRIES,
resumeLastSession=True,
killFFWhenFinished=True,
record=record_option)
UiLib.bindFunction(obj, UiLib.create_policy_set,
[POLICY_SET, AUTH_COND_NAME[0], POLICY_SET_PROTOCOL])
UiLib.bindFunction(obj, UiLib.edit_identity_source_in_default_policy,
[NAUplift_Constants.AD_NAME, POLICY_SET])
UiLib.bindFunction(obj,
UiLib.create_authorization_rule_for_simple_condition, [
POLICY_SET, AUTHZ_POLICY_NAME[0], AUTH_COND_NAME[0],
AUTH_PROFILE, None
])
funcs = [
obj.create_policy_set, obj.edit_identity_source_in_default_policy,
obj.create_authorization_rule_for_simple_condition
]
runFunctionsInOrderV2(funcs,
obj,
RETRIES,
resumeLastSession=True,
killFFWhenFinished=True,
record=record_option)
def setup(self):
s_log.info('Logging into the ISE')
try:
self.selenium_url = cfg.te.get_WIN_CLIENT().get_internal_selenium()
s_log.info("###### SELENIUM URL ######## {} ".format(
self.selenium_url))
self.iseIP = cfg.te.get_POSITRON()[0].get_ip()
s_log.info("###### ISE IP ######## {} ".format(self.iseIP))
self.iseLoginurl = "https://" + self.iseIP + "/"
s_log.info("###### ISE URL ######## {} ".format(self.iseLoginurl))
self.iseUser = cfg.te.get_POSITRON()[0].get_login()
s_log.info("###### ISE User ######## {} ".format(self.iseUser))
self.isePassword = cfg.te.get_POSITRON()[0].get_password()
s_log.info("###### ISE Password ######## {} ".format(
self.isePassword))
# RAD SERVER DETAILS
self.iseIP_radserver = cfg.te.get_POSITRON()[1].get_ip()
s_log.info("###### Radius IP ######## {} ".format(
self.iseIP_radserver))
self.iseUrl_radserver = "https://" + self.iseIP_radserver + "/"
s_log.info("###### Radius URL ######## {} ".format(
self.iseUrl_radserver))
self.iseUser_radserver = cfg.te.get_POSITRON()[1].get_login()
s_log.info("###### Radius User ######## {} ".format(self.iseUser))
self.isePassword_radserver = cfg.te.get_POSITRON()[1].get_password(
)
s_log.info("###### Radius Password ######## {} ".format(
self.isePassword))
UiLib.check_app_up(cfg.te.get_POSITRON()[0].get_ip())
self.homeDir = automationDir()
self.uilib = UiLib(self,
seleniumUrl=self.selenium_url,
iseUrl=self.iseLoginurl,
logger=s_log,
iseUser=self.iseUser,
isePass=self.isePassword)
self.app = self.uilib.login_into_ise()
UiLib.bindFunction(self, UiLib.delete_network_device,
[NAUplift_Constants.NETWORK_DEVICE_NAME])
UiLib.bindFunction(self, UiLib.delete_all_policy_sets, [])
# Delete Library Conditions
UiLib.bindFunction(self,
UiLib.delete_library_conditions_with_prefix,
['Tnt'])
UiLib.bindFunction(self, UiLib.delete_user_identity,
[NAUplift_Constants.ADD_USER])
UiLib.bindFunction(self, UiLib.delete_radius_server_sequence,
[NAUplift_Constants.RADIUS_SEQUENCE_NAME])
UiLib.bindFunction(self, UiLib.delete_rad_server,
[NAUplift_Constants.RADIUS_SERVER_NAME])
UiLib.bindFunction(self,
UiLib.remove_all_identity_source_from_sequence,
['All_User_ID_Stores', 'default'])
UiLib.bindFunction(
self, UiLib.trustedCertificates_deleteTrustedCertificate,
[NAUplift_Constants.FRIENDLYNAME_ISE_TRUSTED_CERT])
funcs = [
self.delete_network_device, self.delete_all_policy_sets,
self.delete_library_conditions_with_prefix,
self.delete_user_identity, self.delete_radius_server_sequence,
self.delete_rad_server,
self.remove_all_identity_source_from_sequence,
self.trustedCertificates_deleteTrustedCertificate
]
retries = 3
runFunctionsInOrderV2(funcs,
self,
retries,
record=False,
killPreviousFF=False)
time.sleep(5)
self.app.quit()
self.app.run()
UiLib.bindFunction(self, UiLib.login_different_ise, [
self.iseUrl_radserver, self.iseUser_radserver,
self.isePassword_radserver
])
UiLib.bindFunction(self, UiLib.delete_all_policy_sets, [])
UiLib.bindFunction(self,
UiLib.delete_library_conditions_with_prefix,
['Tnt'])
UiLib.bindFunction(self, UiLib.delete_user_identity,
[NAUplift_Constants.ADD_USER])
UiLib.bindFunction(self, UiLib.delete_network_device,
[NAUplift_Constants.NETWORK_DEVICE_NAME])
UiLib.bindFunction(
self, UiLib.trustedCertificates_deleteTrustedCertificate,
[NAUplift_Constants.FRIENDLYNAME_ISE_TRUSTED_CERT])
funcs = [
self.login_different_ise, self.delete_all_policy_sets,
self.delete_library_conditions_with_prefix,
self.delete_user_identity, self.delete_network_device,
self.trustedCertificates_deleteTrustedCertificate
]
retries = 3
runFunctionsInOrderV2(funcs,
self,
retries,
record=False,
killPreviousFF=False)
time.sleep(5)
self.app.quit()
self.app.run()
self.app = self.uilib.login_into_ise()
except Exception as E:
s_log.error("Failed to Login to ISE - {}".format(E))
assert False
def cleanup(self):
pass
UiLib.bindFunction(self, UiLib.trustedCertificates_deleteTrustedCertificate,
[NAUplift_Constants.FRIENDLYNAME_ISE_TRUSTED_CERT])
UiLib.bindFunction(self, UiLib.config_certificate_authprofile,
[NAUplift_Constants.CER_NAME, NAUplift_Constants.CER_NAME,
NAUplift_Constants.CER_DESCRIPTION,
NAUplift_Constants.CER_ATTRIBUTE, '[not applicable]',
NAUplift_Constants.MATCH_CLIENT_CERT_ENABLE])
UiLib.bindFunction(self, UiLib.delete_policy_set, [[POLICY_SET]])
# Delete Library Conditions
UiLib.bindFunction(self, UiLib.delete_multiple_library_condition,
[CONDITIONS])
UiLib.bindFunction(self, UiLib.delete_network_device,
[NAUplift_Constants.NETWORK_DEVICE_NAME])
funcs = [self.trustedCertificates_deleteTrustedCertificate,
self.config_certificate_authprofile,
self.delete_policy_set,
self.delete_multiple_library_condition,
self.delete_network_device
]
retries = 3
runFunctionsInOrderV2(funcs, self, retries, record=False, killPreviousFF=False)
UiLib.bindFunction(self, UiLib.delete_multiple_library_condition,
[AUTH_CONDITIONS])
UiLib.bindFunction(self, UiLib.deleting_ad, [NAUplift_Constants.AD_NAME])
funcs = [self.delete_multiple_library_condition,
self.deleting_ad
]
retries = 3
runFunctionsInOrderV2(funcs, self, retries, record=False, killPreviousFF=False)
def Tnt5121584c(self):
# Constants from CLOUD file
AD_DOMAIN_NAME = cfg.suite.get_AD()[0].get_hostname()
AD_ADMIN_USERNAME = cfg.suite.get_AD()[0].get_login()
AD_ADMIN_PASSWORD = cfg.suite.get_AD()[0].get_password()
GROUP_AD = AD_DOMAIN_NAME + "/Builtin/Administrators"
# Enabling Scope mode and creating AD, joining in the group.
UiLib.bindFunction(self, UiLib.create_active_directory_with_any_mode, [
NAUplift_Constants.AD_NAME, AD_DOMAIN_NAME, AD_ADMIN_USERNAME,
AD_ADMIN_PASSWORD, True, NAUplift_Constants.AD_SCOPE1, GROUP_AD,
NAUplift_Constants.INFO, AD_ADMIN_USERNAME
])
# Adding ad in the identity sequence stores
UiLib.bindFunction(self, UiLib.adding_id_source,
[NAUplift_Constants.AD_NAME])
UiLib.bindFunction(self, UiLib.edit_identity_source_in_default_policy,
[NAUplift_Constants.AD_SCOPE1, POLICY_SET])
UiLib.bindFunction(self, UiLib.config_network_device, [
NAUplift_Constants.NETWORK_DEVICE_NAME, self.nad_ip,
NAUplift_Constants.SHARED_SECRET
])
UiLib.bindFunction(self, UiLib.create_simple_library_condition, [
POLICY_SET_COND_NAME, 'Network Access', 'Protocol', 'Equals',
'RADIUS'
])
UiLib.bindFunction(
self, UiLib.create_policy_set,
[POLICY_SET, POLICY_SET_COND_NAME, POLICY_SET_PROTOCOL])
funcs = [
self.create_active_directory_with_any_mode,
self.adding_id_source,
self.config_network_device,
self.create_simple_library_condition,
self.create_policy_set,
self.edit_identity_source_in_default_policy,
]
runFunctionsInOrderV2(funcs,
self,
retries,
resumeLastSession=True,
recordingDir=NAS_FOLDER)
UiLib.bindFunction(self, UiLib.create_simple_library_condition, [
AUTHZ_COND_NAME, NAUplift_Constants.AD_NAME,
NAUplift_Constants.INFO, 'Equals',
NAUplift_Constants.SPL_CHARACTERS
])
UiLib.bindFunction(
self, UiLib.create_authorization_rule_for_simple_condition, [
POLICY_SET, 'Authz_rule_1', AUTHZ_COND_NAME, 'PermitAccess',
None
])
funcs = [
self.create_simple_library_condition,
self.create_authorization_rule_for_simple_condition
]
runFunctionsInOrderV2(funcs,
self,
retries,
resumeLastSession=True,
recordingDir=NAS_FOLDER,
killFFWhenFinished=True)
# Pez authorization
s_log.info("---------------- PEZ AUTHENTICATION FLOW -----------")
pez = Pezlib()
status = []
try:
s_log.info("Running for {}".format(AD_ADMIN_USERNAME))
pez.run_pap_via_pez(1, NAUplift_Constants.strPath, self.iseIP,
AD_ADMIN_USERNAME, AD_ADMIN_PASSWORD,
NAUplift_Constants.SHARED_SECRET,
"10.0.10.151", "00:05:02:00:00:01")
status.append(True)
except Exception as e:
status.append(False)
s_log.error(e)
if not all(status):
self.failed(
"Authentication failed or username is not as expected. Please check the logs above."
)
def Tnt5205712c(self):
AD_DOMAIN_NAME = "demo.local" #cfg.suite.get_AD()[0].get_hostname()
AD_ADMIN_USERNAME = cfg.suite.get_AD()[0].get_login()
AD_ADMIN_PASSWORD = cfg.suite.get_AD()[0].get_password()
attribute_check_map = {'sAMAccountName': NAUplift_Constants.ADD_USER,
'userPrincipalName': NAUplift_Constants.ADD_USER + '@' + AD_DOMAIN_NAME}
AD_USERNAME = '******'
AD_USER_PASSWORD = '******'
AD_USER_ATTRS = '-samid testsuite1 -upn [email protected] -memberof "cn=Administrators,cn=Builtin,dc=demo,dc=local"'
AD2016.add_user_with_attr(userToAdd=AD_USERNAME,
userPwd=AD_USER_PASSWORD,
domain=AD_DOMAIN_NAME,
attributeDetails=AD_USER_ATTRS)
cert_path= NAUplift_Constants.strPath + "tests/suites/network_access/uplift_test/test_data/eap_tls_cert/" + \
NAUplift_Constants.ISE_TRUSTED_CERT
cert=NAUplift_Constants.ClientSystemCerts
AD2016.add_cert_to_user(certname=NAUplift_Constants.ClientSystemCerts,
certpath=cert_path,
user=AD_USERNAME,
certificatePath="C:\\Users\\Administrator\\{}".format(cert))
UiLib.bindFunction(self, UiLib.securitySetting_setCheckbox, ['SHA1', True])
UiLib.bindFunction(self, UiLib.create_active_directory_with_any_mode,
[NAUplift_Constants.AD_NAME,
AD_DOMAIN_NAME,
AD_ADMIN_USERNAME,
AD_ADMIN_PASSWORD,
False,
None,
None,
AD_ATTRIBUTES,
NAUplift_Constants.ADD_USER # NAUplift_Constants.AD_SHORT_USER
])
self.certificate_file = NAUplift_Constants.strPath + "resources/CommonCriteria/" + \
NAUplift_Constants.ISE_TRUSTED_CERT
s_log.info("CERTIFICATE FILE PATH: {}".format(self.certificate_file))
UiLib.bindFunction(self, UiLib.trustedCertificates_setTrustedCert,
[self.certificate_file,
NAUplift_Constants.FRIENDLYNAME_ISE_TRUSTED_CERT])
UiLib.bindFunction(self, UiLib.config_network_device, [NAUplift_Constants.NETWORK_DEVICE_NAME,
self.nad_ip,
NAUplift_Constants.SHARED_SECRET])
funcs = [self.securitySetting_setCheckbox,
self.create_active_directory_with_any_mode,
self.trustedCertificates_setTrustedCert,
self.config_network_device,
]
retries = 3
runFunctionsInOrderV2(funcs, self, retries,recordingDir=NAS_FOLDER)
UiLib.bindFunction(self, UiLib.create_simple_library_condition, [CONDITIONS[0],
'Network Access',
'Protocol',
'EQUALS',
'RADIUS'])
UiLib.bindFunction(self, UiLib.create_policy_set, [POLICY_SET, CONDITIONS[0], POLICY_SET_PROTOCOL])
funcs = [self.create_simple_library_condition,
self.create_policy_set
]
retries = 3
runFunctionsInOrderV2(funcs, self, retries, record=False, killPreviousFF=False)
UiLib.bindFunction(self, UiLib.create_library_condition, [NAUplift_Constants.AD_NAME,
AD_ATTRIBUTES,
ATTRIBUTE_VALUE,
AUTH_CONDITIONS,
CONDITIONS[1]])
# Configuring the policy in authorization policy
UiLib.bindFunction(self, UiLib.create_authorization_rule_for_simple_condition,
[POLICY_SET,AUTHORIZATION_RULE_NAME,
CONDITIONS[1],
AUTHORIZATION_POLICY_PROFILE,
SECURITY_GROUP])
UiLib.bindFunction(self, UiLib.config_certificate_authprofile,
[NAUplift_Constants.CER_NAME,
NAUplift_Constants.CER_NAME,
NAUplift_Constants.CER_DESCRIPTION,
NAUplift_Constants.CER_ATTRIBUTE,
NAUplift_Constants.AD_NAME,
NAUplift_Constants.MATCH_CLIENT_CERT_ENABLE])
funcs = [self.create_library_condition,
self.create_authorization_rule_for_simple_condition,
self.config_certificate_authprofile
]
retries = 3
runFunctionsInOrderV2(funcs, self, retries, record=False, killPreviousFF=False)
# PEZ Authentication Flow
s_log.info("---------------- PEZ AUTHENTICATION FLOW -----------")
self.pezlib = Pezlib()
# Copy Certificates to PEZ
self.pezlib.copy_cert_pez(root_path=NAUplift_Constants.strPath,
ise_trusted_cert=NAUplift_Constants.ISE_TRUSTED_CERT,
client_certificate=NAUplift_Constants.ClientSystemCerts,
client_key=NAUplift_Constants.ClientSystemKeys)
# # Run EAP-TLS Authentication
self.pezlib.run_eap_tls(root_path=NAUplift_Constants.strPath,
ise_trust_cert=NAUplift_Constants.ISE_TRUSTED_CERT,
client_sys_cert=NAUplift_Constants.ClientSystemCerts,
client_sys_key=NAUplift_Constants.ClientSystemKeys,
internal_user=NAUplift_Constants.ADD_USER,
ise_ip=self.iseIP)
# self.app.run()
# self.app = self.uilib.login_into_ise()
# Add Validation Steps
UiLib.bindFunction(self, UiLib.compare_attributes_from_live_logs, [attribute_check_map])
retries = 3
functs = [self.compare_attributes_from_live_logs]
runFunctionsInOrderV2(functs, self, retries, record=False, killPreviousFF=False)
def Tnt5212445c(self):
# Step 1:
# - Configure Radius Server
UiLib.bindFunction(self, UiLib.rad_server, [
NAUplift_Constants.RADIUS_SERVER_NAME, self.iseIP_radserver,
NAUplift_Constants.SHARED_SECRET
])
# Step 2:
# - Configure Radius Server Sequence
UiLib.bindFunction(self, UiLib.configure_radius_server_sequence, [
NAUplift_Constants.RADIUS_SEQUENCE_NAME,
[NAUplift_Constants.RADIUS_SERVER_NAME]
])
# # Step 3:
# # - Configure Authentication Proxy - Forward all
# UiLib.bindFunction(self, UiLib.edit_default_policy_set,
# [NAUplift_Constants.RADIUS_SEQUENCE_NAME])
UiLib.bindFunction(
self, UiLib.create_simple_library_condition,
[AUTH_COND_NAME, 'Network Access', 'Protocol', 'EQUALS', 'RADIUS'])
# Step 6:
# create new policy set
UiLib.bindFunction(self, UiLib.create_policy_set, [
POLICY_SET, AUTH_COND_NAME, NAUplift_Constants.RADIUS_SEQUENCE_NAME
])
nad_ip = cfg.te.get_PEZ().get_ip()
UiLib.bindFunction(self, UiLib.config_network_device, [
NAUplift_Constants.NETWORK_DEVICE_NAME, nad_ip,
NAUplift_Constants.SHARED_SECRET
])
# Step 4
# Add Internal User
UiLib.bindFunction(self, UiLib.identities_add_simple_user, [
NAUplift_Constants.ADD_USER, NAUplift_Constants.ADD_EMAIL,
NAUplift_Constants.ADD_NEWPASSWORD
])
self.certificate_file = NAUplift_Constants.strPath + "resources/CommonCriteria/" + \
NAUplift_Constants.ISE_TRUSTED_CERT
s_log.info("CERTIFICATE FILE PATH: {}".format(self.certificate_file))
# step 7:
# import root certificate on ISE:
# Navigate to System > Certificate Operations > Trust Certificates,
# import root certificate
UiLib.bindFunction(self, UiLib.trustedCertificates_setTrustedCert, [
self.certificate_file,
NAUplift_Constants.FRIENDLYNAME_ISE_TRUSTED_CERT
])
retries = 3
funcs = [
self.rad_server,
self.configure_radius_server_sequence,
self.create_simple_library_condition,
self.create_policy_set,
self.config_network_device,
self.identities_add_simple_user,
self.trustedCertificates_setTrustedCert,
]
runFunctionsInOrderV2(funcs,
self,
retries,
record=False,
killPreviousFF=False)
self.app.quit()
self.app.run()
# Configuration of RADIUS SERVER
UiLib.bindFunction(self, UiLib.login_different_ise, [
self.iseUrl_radserver, self.iseUser_radserver,
self.isePassword_radserver
])
# Step 09: Add user in RADIUS SERVER
UiLib.bindFunction(self, UiLib.identities_add_simple_user, [
NAUplift_Constants.ADD_USER, NAUplift_Constants.ADD_EMAIL,
NAUplift_Constants.ADD_NEWPASSWORD
])
UiLib.bindFunction(self, UiLib.config_network_device, [
NAUplift_Constants.NETWORK_DEVICE_NAME, self.iseIP,
NAUplift_Constants.SHARED_SECRET
])
# step 11:
# import root certificate on ISE to Radius Server:
# Navigate to System > Certificate Operations > Trust Certificates, import root certificate
UiLib.bindFunction(self, UiLib.trustedCertificates_setTrustedCert, [
self.certificate_file,
NAUplift_Constants.FRIENDLYNAME_ISE_TRUSTED_CERT
])
funcs = [
self.login_different_ise,
self.identities_add_simple_user,
self.config_network_device,
self.trustedCertificates_setTrustedCert,
]
runFunctionsInOrderV2(funcs,
self,
retries,
record=False,
killPreviousFF=False)
# PEZ Authentication Flow
s_log.info("---------------- PEZ AUTHENTICATION FLOW -----------")
self.pezlib = Pezlib()
# Copy Certificates to PEZ
self.pezlib.copy_cert_pez(
root_path=NAUplift_Constants.strPath,
ise_trusted_cert=NAUplift_Constants.ISE_TRUSTED_CERT,
client_certificate=NAUplift_Constants.ClientSystemCerts,
client_key=NAUplift_Constants.ClientSystemKeys)
# Run EAP-TLS Authentication
self.pezlib.run_eap_tls(
root_path=NAUplift_Constants.strPath,
ise_trust_cert=NAUplift_Constants.ISE_TRUSTED_CERT,
client_sys_cert=NAUplift_Constants.ClientSystemCerts,
client_sys_key=NAUplift_Constants.ClientSystemKeys,
ise_ip=self.iseIP)
# Validation Steps in Radius Server
UiLib.bindFunction(self, UiLib.radius_live_logs,
[NAUplift_Constants.ADD_USER, None])
functs = [
self.radius_live_logs,
]
runFunctionsInOrderV2(functs,
self,
retries,
record=False,
killPreviousFF=False)
self.app.quit()
self.app.run()
# Validation in ISE
UiLib.bindFunction(self, UiLib.login_different_ise,
[self.iseLoginurl, self.iseUser, self.isePassword])
UiLib.bindFunction(self, UiLib.radius_live_logs,
[NAUplift_Constants.ADD_USER, None])
functs = [self.login_different_ise, self.radius_live_logs]
runFunctionsInOrderV2(functs,
self,
retries,
record=False,
killPreviousFF=False)
self.app.quit()
self.app.run()