Add some unit tests

Author: remip2

README.md

@@ -118,7 +118,7 @@ Concerning the SSL validation:
 
 Warning: tests require a remote SNS appliance.
 
-`$ APPLIANCE=10.0.0.254 python3 setup.py test`
+`$ PASSWORD=password APPLIANCE=10.0.0.254 python3 setup.py test`
 
 
 To run `snscli` from the source folder without install:

tests/test_auth.py

@@ -0,0 +1,29 @@
+#!/usr/bin/python
+
+import os
+import unittest
+from stormshield.sns.sslclient import SSLClient
+
+APPLIANCE=os.getenv('APPLIANCE', "")
+SERIAL = os.getenv('SERIAL', "")
+PASSWORD = os.getenv('PASSWORD', "")
+
+@unittest.skipIf(APPLIANCE=="", "APPLIANCE env var must be set to the ip/hostname of a running SNS appliance")
+@unittest.skipIf(SERIAL=="", "SERIAL env var must be set to the firewall serial number")
+@unittest.skipIf(PASSWORD=="", "PASSWORD env var must be set to the firewall password")
+class TestAuth(unittest.TestCase):
+    """ Test authentication options """
+
+    def test_sslverifyhost(self):
+        """ Test sslverifyhost option """
+
+        try:
+            client = SSLClient(host=SERIAL, ip=APPLIANCE, user='admin', password=PASSWORD, sslverifyhost=True)
+            self.assertTrue(1==1, "SSLClient connects with sslverifyhost=True")
+        except:
+            self.fail("SSLClient did not connect")
+        
+        response = client.send_command('LIST')
+        self.assertEqual(response.ret, 100)
+
+        client.disconnect()

tests/test_cert.py

@@ -0,0 +1,71 @@
+#!/usr/bin/python
+
+import os
+import unittest
+from stormshield.sns.sslclient import SSLClient
+
+APPLIANCE=os.getenv('APPLIANCE', "")
+FQDN = os.getenv('FQDN', "")
+PASSWORD = os.getenv('PASSWORD', "")
+CABUNDLE = os.getenv('CABUNDLE', "")
+CERT = os.getenv('CERT', "")
+
+@unittest.skipIf(APPLIANCE=="", "APPLIANCE env var must be set to the ip/hostname of a running SNS appliance")
+@unittest.skipIf(FQDN=="", "FQDN env var must be set to the firewall fqdn")
+@unittest.skipIf(PASSWORD=="", "PASSWORD env var must be set to the firewall password")
+@unittest.skipIf(CABUNDLE=="", "CABUNDLE env var must be set to the CA bundle file")
+@unittest.skipIf(CERT=="", "CERT env var must be set to the certificate file")
+class TestCert(unittest.TestCase):
+    """ Test cabundle / certificate authentication options """
+
+    def test_sslverifypeer(self):
+        """ Test sslverifypeer option """
+
+        # by default sslverifypeer is True
+        try:
+            client = SSLClient(host=APPLIANCE, user='admin', password=PASSWORD)
+            self.fail("SSLClient should have failed (untrusted CA)")
+        except Exception as exception:
+            self.assertTrue(1==1, "SSLClient did not connect (untrusted CA)")
+        
+        try:
+            client = SSLClient(host=APPLIANCE, user='admin', password=PASSWORD, sslverifypeer=False)
+            self.assertTrue(1==1, "SSLClient connects with sslverifypeer=True")
+        except Exception as exception:
+            print(exception)
+            self.fail("SSLClient did not connect")
+
+        response = client.send_command('LIST')
+        self.assertEqual(response.ret, 100)
+
+        client.disconnect()
+
+    def test_cabundle(self):
+        """ Test cabundle option """
+
+        try:
+            client = SSLClient(host=FQDN, ip=APPLIANCE, user='admin', password=PASSWORD, sslverifyhost=True, cabundle=CABUNDLE)
+            self.assertTrue(1==1, "SSLClient connects with cabundle")
+        except Exception as exception:
+            print(exception)
+            self.fail("SSLClient did not connect")
+        
+        response = client.send_command('LIST')
+        self.assertEqual(response.ret, 100)
+
+        client.disconnect()
+
+    def test_cert(self):
+        """ Test user certificate authentication  """
+
+        try:
+            client = SSLClient(host=FQDN, ip=APPLIANCE, usercert=CERT, sslverifyhost=True, cabundle=CABUNDLE)
+            self.assertTrue(1==1, "SSLClient connects with cabundle")
+        except Exception as exception:
+            print(exception)
+            self.fail("SSLClient did not connect")
+        
+        response = client.send_command('LIST')
+        self.assertEqual(response.ret, 100)
+
+        client.disconnect()

tests/test_file.py

@@ -8,18 +8,16 @@
 import unittest
 from stormshield.sns.sslclient import SSLClient
 
-# APPLIANCE env var must be set to the ip/hostname of a running SNS appliance
-if 'APPLIANCE' not in os.environ:
-    APPLIANCE=""
-else:
-    APPLIANCE=os.environ['APPLIANCE']
+APPLIANCE=os.getenv('APPLIANCE', "")
+PASSWORD = os.getenv('PASSWORD', "")
 
 @unittest.skipIf(APPLIANCE=="", "APPLIANCE env var must be set to the ip/hostname of a running SNS appliance")
+@unittest.skipIf(PASSWORD=="", "PASSWORD env var must be set to the firewall password")
 class TestFormatIni(unittest.TestCase):
     """ Test file upload & download """
 
     def setUp(self):
-        self.client = SSLClient(host=APPLIANCE, user='admin', password='adminadmin', sslverifyhost=False)
+        self.client = SSLClient(host=APPLIANCE, user='admin', password=PASSWORD, sslverifyhost=False)
 
         self.tmpdir = tempfile.TemporaryDirectory()
         self.upload = os.path.join(self.tmpdir.name, 'upload')
@@ -30,7 +28,7 @@ def tearDown(self):
         self.tmpdir.cleanup()
 
     def test_upload_download(self):
-        """ upload / download """
+        """ Test file upload and download """
 
         #generate a random file
         content = "".join( [random.choice(string.ascii_letters) for i in range(15)] )

tests/test_format_ini.py

@@ -6,18 +6,16 @@
 
 from stormshield.sns.sslclient import SSLClient
 
-# APPLIANCE env var must be set to the ip/hostname of a running SNS appliance
-if 'APPLIANCE' not in os.environ:
-    APPLIANCE=""
-else:
-    APPLIANCE=os.environ['APPLIANCE']
+APPLIANCE=os.getenv('APPLIANCE', "")
+PASSWORD = os.getenv('PASSWORD', "")
 
 @unittest.skipIf(APPLIANCE=="", "APPLIANCE env var must be set to the ip/hostname of a running SNS appliance")
+@unittest.skipIf(PASSWORD=="", "PASSWORD env var must be set to the firewall password")
 class TestFormatIni(unittest.TestCase):
     """ Test INI format """
 
     def setUp(self):
-        self.client = SSLClient(host=APPLIANCE, user='admin', password='adminadmin', sslverifyhost=False)
+        self.client = SSLClient(host=APPLIANCE, user='admin', password=PASSWORD, sslverifyhost=False)
 
         self.maxDiff = 5000
 
@@ -57,7 +55,7 @@ def test_section(self):
 
         expected = """101 code=00a01000 msg="Begin" format="section"
 [Global]
-State=1
+State=0
 RiskHalfLife=21600
 RiskTTL=86400
 [Alarm]
@@ -103,7 +101,8 @@ def test_list(self):
 
         expected = """101 code=00a01000 msg="Begin" format="list"
 [Result]
-any
+labo_network
+Network_internals
 100 code=00a00100 msg="Ok\""""
 
         response = self.client.send_command('CONFIG WEBADMIN ACCESS SHOW')