diff --git a/PowerFGT/Public/cmdb/firewall/address.ps1 b/PowerFGT/Public/cmdb/firewall/address.ps1 index 20ee41a41..c40777bac 100644 --- a/PowerFGT/Public/cmdb/firewall/address.ps1 +++ b/PowerFGT/Public/cmdb/firewall/address.ps1 @@ -11,7 +11,7 @@ function Add-FGTFirewallAddress { Add a FortiGate Address .DESCRIPTION - Add a FortiGate Address (ipmask, fqdn) + Add a FortiGate Address (ipmask, iprange, fqdn) .EXAMPLE Add-FGTFirewallAddress -Name FGT -ip 192.0.2.0 -mask 255.255.255.0 @@ -38,6 +38,10 @@ function Add-FGTFirewallAddress { Add Address object type fqdn with name FortiPower and value fortipower.github.io + .EXAMPLE + Add-FGTFirewallAddress -Name FGT-Range -startip 192.0.2.1 -endip 192.0.2.100 + + Add Address object type iprange with name FGT-Range with start IP 192.0.2.1 and end ip 192.0.2.100 #> Param( @@ -52,6 +56,10 @@ function Add-FGTFirewallAddress { [ipaddress]$ip, [Parameter (Mandatory = $false, ParameterSetName = "ipmask")] [ipaddress]$mask, + [Parameter (Mandatory = $false, ParameterSetName = "iprange")] + [ipaddress]$startip, + [Parameter (Mandatory = $false, ParameterSetName = "iprange")] + [ipaddress]$endip, [Parameter (Mandatory = $false)] [string]$interface, [Parameter (Mandatory = $false)] @@ -93,6 +101,11 @@ function Add-FGTFirewallAddress { $subnet += $mask.ToString() $address | add-member -name "subnet" -membertype NoteProperty -Value $subnet } + "iprange" { + $address | add-member -name "type" -membertype NoteProperty -Value "iprange" + $address | add-member -name "start-ip" -membertype NoteProperty -Value $startip.ToString() + $address | add-member -name "end-ip" -membertype NoteProperty -Value $endip.ToString() + } "fqdn" { $address | add-member -name "type" -membertype NoteProperty -Value "fqdn" $address | add-member -name "fqdn" -membertype NoteProperty -Value $fqdn @@ -184,7 +197,7 @@ function Get-FGTFirewallAddress { Get list of all "address" .DESCRIPTION - Get list of all "address" (ipmask, fqdn ...) + Get list of all "address" (ipmask, iprange, fqdn...) .EXAMPLE Get-FGTFirewallAddress @@ -326,6 +339,18 @@ function Set-FGTFirewallAddress { Change MyFGTAddress to set a new fqdn fortipower.github.io + .EXAMPLE + $MyFGTAddress = Get-FGTFirewallAddress -name MyFGTAddress + PS C:\>$MyFGTAddress | Set-FGTFirewallAddress -startip 192.0.2.100 + + Change MyFGTAddress to set a new startip (iprange) 192.0.2.100 + + .EXAMPLE + $MyFGTAddress = Get-FGTFirewallAddress -name MyFGTAddress + PS C:\>$MyFGTAddress | Set-FGTFirewallAddress -endip 192.0.2.200 + + Change MyFGTAddress to set a new endip (iprange) 192.0.2.200 + #> [CmdletBinding(SupportsShouldProcess, ConfirmImpact = 'medium', DefaultParameterSetName = 'default')] @@ -341,6 +366,10 @@ function Set-FGTFirewallAddress { [ipaddress]$ip, [Parameter (Mandatory = $false, ParameterSetName = "ipmask")] [ipaddress]$mask, + [Parameter (Mandatory = $false, ParameterSetName = "iprange")] + [ipaddress]$startip, + [Parameter (Mandatory = $false, ParameterSetName = "iprange")] + [ipaddress]$endip, [Parameter (Mandatory = $false)] [string]$interface, [Parameter (Mandatory = $false)] @@ -400,6 +429,15 @@ function Set-FGTFirewallAddress { $_address | add-member -name "subnet" -membertype NoteProperty -Value $subnet } } + "iprange" { + if ( $PsBoundParameters.ContainsKey('startip') ) { + $_address | add-member -name "start-ip" -membertype NoteProperty -Value $startip.ToString() + } + + if ( $PsBoundParameters.ContainsKey('endip') ) { + $_address | add-member -name "end-ip" -membertype NoteProperty -Value $endip.ToString() + } + } "fqdn" { if ( $PsBoundParameters.ContainsKey('fqdn') ) { $_address | add-member -name "fqdn" -membertype NoteProperty -Value $fqdn @@ -490,4 +528,4 @@ function Remove-FGTFirewallAddress { End { } -} \ No newline at end of file +} diff --git a/Tests/integration/FirewallAddress.Tests.ps1 b/Tests/integration/FirewallAddress.Tests.ps1 index 4a00be1e6..99c196b0f 100644 --- a/Tests/integration/FirewallAddress.Tests.ps1 +++ b/Tests/integration/FirewallAddress.Tests.ps1 @@ -12,7 +12,8 @@ Describe "Get Firewall Address" { BeforeAll { $addr = Add-FGTFirewallAddress -Name $pester_address1 -ip 192.0.2.0 -mask 255.255.255.0 $script:uuid = $addr.uuid - Add-FGTFirewallAddress -Name $pester_address2 -ip 192.0.3.0 -mask 255.255.255.0 + Add-FGTFirewallAddress -Name $pester_address2 -fqdn fortipower.github.io + Add-FGTFirewallAddress -Name $pester_address3 -startip 192.0.2.1 -endip 192.0.2.100 } It "Get Address Does not throw an error" { @@ -60,6 +61,7 @@ Describe "Get Firewall Address" { AfterAll { Get-FGTFirewallAddress -name $pester_address1 | Remove-FGTFirewallAddress -confirm:$false Get-FGTFirewallAddress -name $pester_address2 | Remove-FGTFirewallAddress -confirm:$false + Get-FGTFirewallAddress -name $pester_address3 | Remove-FGTFirewallAddress -confirm:$false } } @@ -137,6 +139,73 @@ Describe "Add Firewall Address" { } + Context "iprange" { + + AfterEach { + Get-FGTFirewallAddress -name $pester_address3 | Remove-FGTFirewallAddress -confirm:$false + } + + It "Add Address $pester_address3 (type iprange)" { + Add-FGTFirewallAddress -Name $pester_address3 -startip 192.0.2.1 -endip 192.0.2.100 + $address = Get-FGTFirewallAddress -name $pester_address3 + $address.name | Should -Be $pester_address3 + $address.uuid | Should -Not -BeNullOrEmpty + $address.type | Should -Be "iprange" + $address.'start-ip' | Should -Be "192.0.2.1" + $address.'end-ip' | Should -Be "192.0.2.100" + $address.'associated-interface' | Should -BeNullOrEmpty + $address.comment | Should -BeNullOrEmpty + $address.visibility | Should -Be $true + } + + It "Add Address $pester_address3 (type iprange and interface)" { + Add-FGTFirewallAddress -Name $pester_address3 -startip 192.0.2.1 -endip 192.0.2.100 -interface port2 + $address = Get-FGTFirewallAddress -name $pester_address3 + $address.name | Should -Be $pester_address3 + $address.uuid | Should -Not -BeNullOrEmpty + $address.type | Should -Be "iprange" + $address.'start-ip' | Should -Be "192.0.2.1" + $address.'end-ip' | Should -Be "192.0.2.100" + $address.'associated-interface' | Should -Be "port2" + $address.comment | Should -BeNullOrEmpty + $address.visibility | Should -Be $true + } + + It "Add Address $pester_address3 (type iprange and comment)" { + Add-FGTFirewallAddress -Name $pester_address3 -startip 192.0.2.1 -endip 192.0.2.100 -comment "Add via PowerFGT" + $address = Get-FGTFirewallAddress -name $pester_address3 + $address.name | Should -Be $pester_address3 + $address.uuid | Should -Not -BeNullOrEmpty + $address.type | Should -Be "iprange" + $address.'start-ip' | Should -Be "192.0.2.1" + $address.'end-ip' | Should -Be "192.0.2.100" + $address.'associated-interface' | Should -BeNullOrEmpty + $address.comment | Should -Be "Add via PowerFGT" + $address.visibility | Should -Be $true + } + + It "Add Address $pester_address3 (type iprange and visiblity disable)" { + Add-FGTFirewallAddress -Name $pester_address3 -startip 192.0.2.1 -endip 192.0.2.100 -visibility:$false + $address = Get-FGTFirewallAddress -name $pester_address3 + $address.name | Should -Be $pester_address3 + $address.uuid | Should -Not -BeNullOrEmpty + $address.type | Should -Be "iprange" + $address.'start-ip' | Should -Be "192.0.2.1" + $address.'end-ip' | Should -Be "192.0.2.100" + $address.'associated-interface' | Should -BeNullOrEmpty + $address.comment | Should -BeNullOrEmpty + $address.visibility | Should -Be "disable" + } + + It "Try to Add Address $pester_address3 (but there is already a object with same name)" { + #Add first address + Add-FGTFirewallAddress -Name $pester_address3 -startip 192.0.2.1 -endip 192.0.2.100 + #Add Second address with same name + { Add-FGTFirewallAddress -Name $pester_address3 -startip 192.0.2.1 -endip 192.0.2.100 } | Should -Throw "Already an address object using the same name" + } + + } + Context "fqdn" { AfterEach { @@ -302,6 +371,101 @@ Describe "Configure Firewall Address" { } + Context "iprange" { + + BeforeAll { + $address = Add-FGTFirewallAddress -Name $pester_address3 -startip 192.0.2.1 -endip 192.0.2.100 + $script:uuid = $address.uuid + } + + It "Change Start IP" { + Get-FGTFirewallAddress -name $pester_address3 | Set-FGTFirewallAddress -startip 192.0.2.99 + $address = Get-FGTFirewallAddress -name $pester_address3 + $address.name | Should -Be $pester_address3 + $address.uuid | Should -Not -BeNullOrEmpty + $address.type | Should -Be "iprange" + $address.'start-ip' | Should -Be "192.0.2.99" + $address.'end-ip' | Should -Be "192.0.2.100" + $address.'associated-interface' | Should -BeNullOrEmpty + $address.comment | Should -BeNullOrEmpty + $address.visibility | Should -Be $true + } + + It "Change End IP" { + Get-FGTFirewallAddress -name $pester_address3 | Set-FGTFirewallAddress -endip 192.0.2.199 + $address = Get-FGTFirewallAddress -name $pester_address3 + $address.name | Should -Be $pester_address3 + $address.uuid | Should -Not -BeNullOrEmpty + $address.type | Should -Be "iprange" + $address.'start-ip' | Should -Be "192.0.2.99" + $address.'end-ip' | Should -Be "192.0.2.199" + $address.'associated-interface' | Should -BeNullOrEmpty + $address.comment | Should -BeNullOrEmpty + $address.visibility | Should -Be $true + } + + It "Change (Associated) Interface" { + Get-FGTFirewallAddress -name $pester_address3 | Set-FGTFirewallAddress -interface port2 + $address = Get-FGTFirewallAddress -name $pester_address3 + $address.name | Should -Be $pester_address3 + $address.uuid | Should -Not -BeNullOrEmpty + $address.type | Should -Be "iprange" + $address.'start-ip' | Should -Be "192.0.2.99" + $address.'end-ip' | Should -Be "192.0.2.199" + $address.'associated-interface' | Should -Be "port2" + $address.comment | Should -BeNullOrEmpty + $address.visibility | Should -Be $true + } + + It "Change comment" { + Get-FGTFirewallAddress -name $pester_address3 | Set-FGTFirewallAddress -comment "Modified by PowerFGT" + $address = Get-FGTFirewallAddress -name $pester_address3 + $address.name | Should -Be $pester_address3 + $address.uuid | Should -Not -BeNullOrEmpty + $address.type | Should -Be "iprange" + $address.'start-ip' | Should -Be "192.0.2.99" + $address.'end-ip' | Should -Be "192.0.2.199" + $address.'associated-interface' | Should -Be "port2" + $address.comment | Should -Be "Modified by PowerFGT" + $address.visibility | Should -Be $true + } + + It "Change visiblity" { + Get-FGTFirewallAddress -name $pester_address3 | Set-FGTFirewallAddress -visibility:$false + $address = Get-FGTFirewallAddress -name $pester_address3 + $address.name | Should -Be $pester_address3 + $address.uuid | Should -Not -BeNullOrEmpty + $address.type | Should -Be "iprange" + $address.'start-ip' | Should -Be "192.0.2.99" + $address.'end-ip' | Should -Be "192.0.2.199" + $address.'associated-interface' | Should -Be "port2" + $address.comment | Should -Be "Modified by PowerFGT" + $address.visibility | Should -Be "disable" + } + + It "Try to Configure Address $pester_address3 (but it is wrong type...)" { + { Get-FGTFirewallAddress -name $pester_address3 | Set-FGTFirewallAddress -fqdn "fortipower.github.io" } | Should -Throw "Address type (iprange) need to be on the same type (fqdn)" + } + + It "Change Name" { + Get-FGTFirewallAddress -name $pester_address3 | Set-FGTFirewallAddress -name "pester_address_change" + $address = Get-FGTFirewallAddress -name "pester_address_change" + $address.name | Should -Be "pester_address_change" + $address.uuid | Should -Not -BeNullOrEmpty + $address.type | Should -Be "iprange" + $address.'start-ip' | Should -Be "192.0.2.99" + $address.'end-ip' | Should -Be "192.0.2.199" + $address.'associated-interface' | Should -Be "port2" + $address.comment | Should -Be "Modified by PowerFGT" + $address.visibility | Should -Be "disable" + } + + AfterAll { + Get-FGTFirewallAddress -uuid $script:uuid | Remove-FGTFirewallAddress -confirm:$false + } + + } + Context "fqdn" { BeforeAll { @@ -412,6 +576,34 @@ Describe "Copy Firewall Address" { } + Context "iprange" { + + BeforeAll { + Add-FGTFirewallAddress -Name $pester_address3 -startip 192.0.2.1 -endip 192.0.2.100 + } + + It "Copy Firewall Address ($pester_address3 => copy_pester_address3)" { + Get-FGTFirewallAddress -name $pester_address3 | Copy-FGTFirewallAddress -name copy_pester_address3 + $address = Get-FGTFirewallAddress -name copy_pester_address3 + $address.name | Should -Be copy_pester_address3 + $address.uuid | Should -Not -BeNullOrEmpty + $address.type | Should -Be "iprange" + $address.'start-ip' | Should -Be "192.0.2.1" + $address.'end-ip' | Should -Be "192.0.2.100" + $address.'associated-interface' | Should -BeNullOrEmpty + $address.comment | Should -BeNullOrEmpty + $address.visibility | Should -Be $true + } + + AfterAll { + #Remove copy_pester_address3 + Get-FGTFirewallAddress -name copy_pester_address3 | Remove-FGTFirewallAddress -confirm:$false + #Remove $pester_address3 + Get-FGTFirewallAddress -name $pester_address3 | Remove-FGTFirewallAddress -confirm:$false + } + + } + Context "fqdn" { BeforeAll { @@ -458,6 +650,21 @@ Describe "Remove Firewall Address" { } + Context "iprange" { + + BeforeEach { + Add-FGTFirewallAddress -Name $pester_address3 -startip 192.0.2.1 -endip 192.0.2.100 + } + + It "Remove Address $pester_address3 by pipeline" { + $address = Get-FGTFirewallAddress -name $pester_address3 + $address | Remove-FGTFirewallAddress -confirm:$false + $address = Get-FGTFirewallAddress -name $pester_address3 + $address | Should -Be $NULL + } + + } + Context "fqdn" { BeforeEach {