Skip to content

Commit

Permalink
Changes after reviex (Add/Set) + add tests for Add/Set/Remove + add f…
Browse files Browse the repository at this point in the history 
…unction in confirm.ps1)
  • Loading branch information
Cédric Moreau committed Aug 26, 2024
1 parent 04852db commit 06ae610
Show file tree
Hide file tree
Showing 3 changed files with 261 additions and 28 deletions.
31 changes: 31 additions & 0 deletions PowerFGT/Private/Confirm.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -386,3 +386,34 @@ Function Confirm-FGTVpnIpsecPhase2Interface {

$true
}

Function Confirm-FGTWebfilterUrlfilter {

Param (
[Parameter (Mandatory = $true)]
[object]$argument
)

#Check if it looks like a Web Filter URL Filter element

if ( -not ( $argument | get-member -name name -Membertype Properties)) {
throw "Element specified does not contain a name property."
}
if ( -not ( $argument | get-member -name comment -Membertype Properties)) {
throw "Element specified does not contain a comment property."
}
if ( -not ( $argument | get-member -name one-arm-ips-urlfilter -Membertype Properties)) {
throw "Element specified does not contain an one-arm-ips-urlfilter property."
}
if ( -not ( $argument | get-member -name ip-addr-block -Membertype Properties)) {
throw "Element specified does not contain an ip-addr-block property."
}
if ( -not ( $argument | get-member -name ip4-mapped-ip6 -Membertype Properties)) {
throw "Element specified does not contain an ip4-mapped-ip6 property."
}
if ( -not ( $argument | get-member -name entries -Membertype Properties)) {
throw "Element specified does not contain an entries property."
}

$true
}
38 changes: 10 additions & 28 deletions PowerFGT/Public/cmdb/webfilter/urlfilter.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,17 +39,16 @@ function Add-FGTWebfilterUrlfilter {
[Parameter (Mandatory = $false)]
[string]$url_id,
[Parameter (Mandatory = $false)]
[ValidateSet('simple', 'regex', 'wildcard')]
[string]$url_type,
[Parameter (Mandatory = $false)]
[string]$url,
[Parameter (Mandatory = $false)]
[ValidateSet("block", "allow", "monitor")]
[string]$action,
[Parameter (Mandatory = $false)]
[ValidateSet("enable", "disable")]
[string]$status,
[Parameter (Mandatory = $false)]
[string]$exempt,
[Parameter (Mandatory = $false)]
[switch]$skip,
[Parameter(Mandatory = $false)]
[String[]]$vdom,
[Parameter(Mandatory = $false)]
Expand All @@ -62,15 +61,12 @@ function Add-FGTWebfilterUrlfilter {
Process {

$invokeParams = @{ }
if ( $PsBoundParameters.ContainsKey('skip') ) {
$invokeParams.add( 'skip', $skip )
}
if ( $PsBoundParameters.ContainsKey('vdom') ) {
$invokeParams.add( 'vdom', $vdom )
}

if ( Get-FGTWebfilterUrlfilter -connection $connection @invokeParams -name $name ) {
Throw "Already a URL profile object using the same name"
Throw "Already an URL profile object using the same name"
}

$uri = "api/v2/cmdb/webfilter/urlfilter"
Expand Down Expand Up @@ -107,14 +103,7 @@ function Add-FGTWebfilterUrlfilter {
$_entry | add-member -name "status" -membertype NoteProperty -Value $status
}

if ( $PsBoundParameters.ContainsKey('exempt') ) {
$_entry | add-member -name "exempt" -membertype NoteProperty -Value $exempt
}

$_entries = @()
$_entries += $_entry

$urlfilter | add-member -name "entries" -membertype NoteProperty -Value $_entries
$urlfilter | add-member -name "entries" -membertype NoteProperty -Value $_entry

Invoke-FGTRestMethod -method "POST" -body $urlfilter -uri $uri -connection $connection @invokeParams | Out-Null

Expand Down Expand Up @@ -271,7 +260,7 @@ function Set-FGTWebfilterUrlfilter {
[CmdletBinding(SupportsShouldProcess, ConfirmImpact = 'medium', DefaultParameterSetName = 'default')]
Param(
[Parameter (Mandatory = $true, ValueFromPipeline = $true, Position = 1)]
#[ValidateScript({ Confirm-FGTWebfilterUrlfilter $_ })]
[ValidateScript({ Confirm-FGTWebfilterUrlfilter $_ })]
[psobject]$urlfilter,
[Parameter (Mandatory = $false)]
[ValidateLength(0, 63)]
Expand All @@ -283,21 +272,18 @@ function Set-FGTWebfilterUrlfilter {
[ValidateRange(0, 4294967295)]
[string]$url_id,
[Parameter (Mandatory = $false)]
[ValidateSet("simple","regex","wildcard")]
[ValidateSet("simple", "regex", "wildcard")]
[string]$url_type,
[Parameter (Mandatory = $false)]
[ValidateLength(0, 511)]
[string]$url,
[Parameter (Mandatory = $false)]
[ValidateSet("block","allow","monitor")]
[ValidateSet("block", "allow", "monitor")]
[string]$action,
[Parameter (Mandatory = $false)]
[ValidateSet("enable","disable")]
[ValidateSet("enable", "disable")]
[string]$status,
[Parameter (Mandatory = $false)]
[ValidateSet("av","web-content","activex-java-cookie","dlp","fortiguard","range-block","pass","antiphish","all")]
[string]$exempt,
[Parameter (Mandatory = $false)]
[boolean]$visibility,
[Parameter (Mandatory = $false)]
[String[]]$vdom,
Expand Down Expand Up @@ -351,10 +337,6 @@ function Set-FGTWebfilterUrlfilter {
$_entry | add-member -name "status" -membertype NoteProperty -Value $status
}

if ( $PsBoundParameters.ContainsKey('exempt') ) {
$_entry | add-member -name "exempt" -membertype NoteProperty -Value $exempt
}

$urlfilter.entries += $_entry

$_urlfilter | add-member -name "entries" -membertype NoteProperty -Value $urlfilter.entries
Expand Down Expand Up @@ -411,7 +393,7 @@ function Remove-FGTWebfilterUrlfilter {
[CmdletBinding(SupportsShouldProcess, ConfirmImpact = 'high')]
Param(
[Parameter (Mandatory = $true, ValueFromPipeline = $true, Position = 1)]
#[ValidateScript({ Confirm-FGTWebfilterUrlfilter $_ })]
[ValidateScript({ Confirm-FGTWebfilterUrlfilter $_ })]
[psobject]$url,
[Parameter(Mandatory = $false)]
[String[]]$vdom,
Expand Down
220 changes: 220 additions & 0 deletions Tests/integration/WebfilterUrlfilter.Tests.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -98,11 +98,231 @@ Describe "Add WebFilter UrlFilter" {
$urlfilter.entries.status | Should -Be "enable"
}

It "Add URL Filter $pester_url1 with type simple" {
Add-FGTWebfilterUrlfilter -name $pester_url1 -url_id 1 -url_type simple -url powerfgt.com -action allow -status enable
$urlfilter = Get-FGTWebfilterUrlfilter -name $pester_url1
$urlfilter.name | Should -Be $pester_url1
$urlfilter.comment | Should -BeNullOrEmpty
$urlfilter.entries.id | Should -Be 1
$urlfilter.entries.url | Should -Be "powerfgt.com"
$urlfilter.entries.type | Should -Be "simple"

}

It "Add URL Filter $pester_url1 with type wildcard" {
Add-FGTWebfilterUrlfilter -name $pester_url1 -url_id 1 -url_type wildcard -url "*powerfgt.com" -action allow -status enable
$urlfilter = Get-FGTWebfilterUrlfilter -name $pester_url1
$urlfilter.name | Should -Be $pester_url1
$urlfilter.comment | Should -BeNullOrEmpty
$urlfilter.entries.id | Should -Be 1
$urlfilter.entries.url | Should -Be "*powerfgt.com"
$urlfilter.entries.type | Should -Be "wildcard"
}

It "Add URL Filter $pester_url1 with type regex" {
Add-FGTWebfilterUrlfilter -name $pester_url1 -url_id 1 -url_type regex -url "https?:\/\/(www\.)?[-a-zA-Z0-9@:%._\+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}\b([-a-zA-Z0-9()@:%_\+.~#?&//=]*)" -action allow -status enable
$urlfilter = Get-FGTWebfilterUrlfilter -name $pester_url1
$urlfilter.name | Should -Be $pester_url1
$urlfilter.comment | Should -BeNullOrEmpty
$urlfilter.entries.id | Should -Be 1
$urlfilter.entries.url | Should -Be "https?:\/\/(www\.)?[-a-zA-Z0-9@:%._\+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}\b([-a-zA-Z0-9()@:%_\+.~#?&//=]*)"
$urlfilter.entries.type | Should -Be "regex"
}

It "Add URL Filter $pester_url1 with action allow" {
Add-FGTWebfilterUrlfilter -name $pester_url1 -url_id 1 -url_type simple -url powerfgt.com -action allow -status enable
$urlfilter = Get-FGTWebfilterUrlfilter -name $pester_url1
$urlfilter.name | Should -Be $pester_url1
$urlfilter.comment | Should -BeNullOrEmpty
$urlfilter.entries.id | Should -Be 1
$urlfilter.entries.url | Should -Be "powerfgt.com"
$urlfilter.entries.type | Should -Be "simple"
$urlfilter.entries.action | Should -Be "allow"
}

It "Add URL Filter $pester_url1 with action block" {
Add-FGTWebfilterUrlfilter -name $pester_url1 -url_id 1 -url_type simple -url powerfgt.com -action block -status enable
$urlfilter = Get-FGTWebfilterUrlfilter -name $pester_url1
$urlfilter.name | Should -Be $pester_url1
$urlfilter.comment | Should -BeNullOrEmpty
$urlfilter.entries.id | Should -Be 1
$urlfilter.entries.url | Should -Be "powerfgt.com"
$urlfilter.entries.type | Should -Be "simple"
$urlfilter.entries.action | Should -Be "block"
}

It "Add URL Filter $pester_url1 with action monitor" {
Add-FGTWebfilterUrlfilter -name $pester_url1 -url_id 1 -url_type simple -url powerfgt.com -action monitor -status enable
$urlfilter = Get-FGTWebfilterUrlfilter -name $pester_url1
$urlfilter.name | Should -Be $pester_url1
$urlfilter.comment | Should -BeNullOrEmpty
$urlfilter.entries.id | Should -Be 1
$urlfilter.entries.url | Should -Be "powerfgt.com"
$urlfilter.entries.type | Should -Be "simple"
$urlfilter.entries.action | Should -Be "monitor"
}

It "Add URL Filter $pester_url1 enabled" {
Add-FGTWebfilterUrlfilter -name $pester_url1 -url_id 1 -url_type simple -url powerfgt.com -action allow -status enable
$urlfilter = Get-FGTWebfilterUrlfilter -name $pester_url1
$urlfilter.name | Should -Be $pester_url1
$urlfilter.comment | Should -Be "Added by PowerFGT"
$urlfilter.entries.id | Should -Be 1
$urlfilter.entries.url | Should -Be "powerfgt.com"
$urlfilter.entries.type | Should -Be "simple"
$urlfilter.entries.action | Should -Be "allow"
$urlfilter.entries.status | Should -Be "enable"
}

It "Add URL Filter $pester_url1 disabled" {
Add-FGTWebfilterUrlfilter -name $pester_url1 -url_id 1 -url_type simple -url powerfgt.com -action allow -status disable
$urlfilter = Get-FGTWebfilterUrlfilter -name $pester_url1
$urlfilter.name | Should -Be $pester_url1
$urlfilter.comment | Should -Be "Added by PowerFGT"
$urlfilter.entries.id | Should -Be 1
$urlfilter.entries.url | Should -Be "powerfgt.com"
$urlfilter.entries.type | Should -Be "simple"
$urlfilter.entries.action | Should -Be "allow"
$urlfilter.entries.status | Should -Be "disable"
}

It "Try to Add URL Filter $pester_url1 (but there is already a object with same name)" {
#Add first URL Filter
Add-FGTWebfilterUrlfilter -name $pester_url1 -url_id 1 -url_type simple -url powerfgt.com -action allow -status enable
#Add Second URL Filter with same name
{ Add-FGTWebfilterUrlfilter -name $pester_url1 -url_id 1 -url_type simple -url powerfgt.com -action allow -status enable } | Should -Throw "Already a URL profile object using the same name"
}

It "Try to Add a second URL to Filter $pester_url1 " {
#Add first URL Filter
Add-FGTWebfilterUrlfilter -name $pester_url1 -url_id 1 -url_type simple -url powerfgt.com -action allow -status enable
#Add Second URL
{ Add-FGTWebfilterUrlfilter -name $pester_url1 -url_id 2 -url_type simple -url powerfgt2.com -action allow -status enable } | Should -Not -Throw
}

AfterEach {
Get-FGTWebfilterUrlfilter -name $pester_url1 | Remove-FGTWebfilterUrlfilter -confirm:$false
}

}

Describe "Set WebFilter UrlFilter" {

BeforeAll {
Add-FGTWebfilterUrlfilter -name $pester_url1 -url_id 1 -url_type simple -url powerfgt.com -action allow -status enable
}

It "Change URL Filter $pester_url1 comment" {
Get-FGTWebfilterUrlfilter -name $pester_url1 | Set-FGTWebfilterUrlfilter -comment "Changed by PowerFGT !"
$urlfilter = Get-FGTWebfilterUrlfilter -name $pester_url1
$urlfilter.name | Should -Be $pester_url1
$urlfilter.comment | Should -Be "Changed by PowerFGT !"
$urlfilter.entries.id | Should -Be 1
$urlfilter.entries.url | Should -Be "powerfgt.com"
$urlfilter.entries.type | Should -Be "simple"
$urlfilter.entries.action | Should -Be "allow"
$urlfilter.entries.status | Should -Be "enable"
}

It "Change URL Filter $pester_url1 type to wildcard" {
Get-FGTWebfilterUrlfilter -name $pester_url1 | Set-FGTWebfilterUrlfilter -url_id 1 -url_type wildcard -url "*powerfgt.com"
$urlfilter = Get-FGTWebfilterUrlfilter -name $pester_url1
$urlfilter.name | Should -Be $pester_url1
$urlfilter.entries.id | Should -Be 1
$urlfilter.entries.url | Should -Be "*powerfgt.com"
$urlfilter.entries.type | Should -Be "wildcard"
}

It "Change URL Filter $pester_url1 type to regex" {
Get-FGTWebfilterUrlfilter -name $pester_url1 | Set-FGTWebfilterUrlfilter -url_id 1 -url_type regex -url "https?:\/\/(www\.)?[-a-zA-Z0-9@:%._\+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}\b([-a-zA-Z0-9()@:%_\+.~#?&//=]*)"
$urlfilter = Get-FGTWebfilterUrlfilter -name $pester_url1
$urlfilter.name | Should -Be $pester_url1
$urlfilter.entries.id | Should -Be 1
$urlfilter.entries.url | Should -Be "https?:\/\/(www\.)?[-a-zA-Z0-9@:%._\+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}\b([-a-zA-Z0-9()@:%_\+.~#?&//=]*)"
$urlfilter.entries.type | Should -Be "regex"
}

It "Change URL Filter $pester_url1 type to simple" {
Get-FGTWebfilterUrlfilter -name $pester_url1 | Set-FGTWebfilterUrlfilter -url_id 1 -url_type simple -url powerfgt.com
$urlfilter = Get-FGTWebfilterUrlfilter -name $pester_url1
$urlfilter.name | Should -Be $pester_url1
$urlfilter.entries.id | Should -Be 1
$urlfilter.entries.url | Should -Be "powerfgt.com"
$urlfilter.entries.type | Should -Be "simple"
}

It "Change URL Filter $pester_url1 to action block" {
Get-FGTWebfilterUrlfilter -name $pester_url1 | Set-FGTWebfilterUrlfilter -url_id 1 -action block
$urlfilter = Get-FGTWebfilterUrlfilter -name $pester_url1
$urlfilter.name | Should -Be $pester_url1
$urlfilter.entries.id | Should -Be 1
$urlfilter.entries.action | Should -Be "block"
}

It "Change URL Filter $pester_url1 to action allow" {
Get-FGTWebfilterUrlfilter -name $pester_url1 | Set-FGTWebfilterUrlfilter -url_id 1 -action allow
$urlfilter = Get-FGTWebfilterUrlfilter -name $pester_url1
$urlfilter.name | Should -Be $pester_url1
$urlfilter.entries.id | Should -Be 1
$urlfilter.entries.action | Should -Be "allow"
}

It "Change URL Filter $pester_url1 to action monitor" {
Get-FGTWebfilterUrlfilter -name $pester_url1 | Set-FGTWebfilterUrlfilter -url_id 1 -action monitor
$urlfilter = Get-FGTWebfilterUrlfilter -name $pester_url1
$urlfilter.name | Should -Be $pester_url1
$urlfilter.entries.id | Should -Be 1
$urlfilter.entries.action | Should -Be "monitor"
}

It "Add URL Filter $pester_url1 to status disabled" {
Get-FGTWebfilterUrlfilter -name $pester_url1 | Set-FGTWebfilterUrlfilter -url_id 1 -status disable
$urlfilter = Get-FGTWebfilterUrlfilter -name $pester_url1
$urlfilter.name | Should -Be $pester_url1
$urlfilter.entries.id | Should -Be 1
$urlfilter.entries.status | Should -Be "disable"
}

It "Change URL Filter $pester_url1 to status enabled" {
Get-FGTWebfilterUrlfilter -name $pester_url1 | Set-FGTWebfilterUrlfilter -url_id 1 -status enable
$urlfilter = Get-FGTWebfilterUrlfilter -name $pester_url1
$urlfilter.name | Should -Be $pester_url1
$urlfilter.entries.id | Should -Be 1
$urlfilter.entries.status | Should -Be "enable"
}

It "Change URL Filter $pester_url1 URL" {
Get-FGTWebfilterUrlfilter -name $pester_url1 | Set-FGTWebfilterUrlfilter -url_id 1 -url powerfgt2.com
$urlfilter = Get-FGTWebfilterUrlfilter -name $pester_url1
$urlfilter.name | Should -Be $pester_url1
$urlfilter.entries.id | Should -Be 1
$urlfilter.entries.url | Should -Be "powerfgt2.com"
$urlfilter.entries.type | Should -Be "simple"
}

AfterEach {
Get-FGTWebfilterUrlfilter -name $pester_url1 | Remove-FGTWebfilterUrlfilter -confirm:$false
}

}

Describe "Remove Web Filter Url Filter" {

BeforeAll {
Add-FGTWebfilterUrlfilter -name $pester_url1 -url_id 1 -url_type simple -url powerfgt.com -action allow -status enable
}

It "Remove WebFilterURLFilter $pester_url1 by pipeline" {
$url = Get-FGTWebfilterUrlfilter -name $pester_url1
$url | Remove-FGTFirewallAddress -confirm:$false
$url = Get-FGTWebfilterUrlfilter -name $pester_url1
$url | Should -Be $NULL
}

}

}

AfterAll {
Disconnect-FGT -confirm:$false
}

0 comments on commit 06ae610

Please sign in to comment.