Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support of iprange for Address cmdlets #104

Merged
merged 10 commits into from
Jun 8, 2020
Merged

Add support of iprange for Address cmdlets #104

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
39457de
FirewallAddress(IpRange): Add IP Range support for Add-FGTFirewallAdd…
alagoutte May 25, 2020
cbde1ea
FirewallAddress(Tests): Modified Get Tests for add FQDN and IP Range …
alagoutte May 25, 2020
e9d3f57
FirewallAddress(iprange): fix typo and IPAddress need to be display T…
alagoutte May 25, 2020
1106052
FirewallAddress(Tests): Add Tests for Add FGT FirewallAddress type IP…
alagoutte May 25, 2020
24b9406
FirewallAddress(iprange): Add Set IPrange (start and end ip)
alagoutte Jun 4, 2020
36ef72e
FirewallAddress(iprange): fix extra space
alagoutte Jun 4, 2020
68ac84e
FirewallAddress(Tests): Add copy and remove test for IPrange Type
alagoutte Jun 4, 2020
17459a4
FirewallAddress(Tests): Fix typo for 'It' description for IPRange tests
alagoutte Jun 4, 2020
d257329
FirewallAddress: fix description for Add and Get cmdlet
alagoutte Jun 4, 2020
5b8d977
FirewallAddress(iprange): fix typo
alagoutte Jun 4, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
44 changes: 41 additions & 3 deletions PowerFGT/Public/cmdb/firewall/address.ps1
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ function Add-FGTFirewallAddress {
Add a FortiGate Address

.DESCRIPTION
Add a FortiGate Address (ipmask, fqdn)
Add a FortiGate Address (ipmask, iprange, fqdn)

.EXAMPLE
Add-FGTFirewallAddress -Name FGT -ip 192.0.2.0 -mask 255.255.255.0
Expand All @@ -38,6 +38,10 @@ function Add-FGTFirewallAddress {

Add Address object type fqdn with name FortiPower and value fortipower.github.io

.EXAMPLE
Add-FGTFirewallAddress -Name FGT-Range -startip 192.0.2.1 -endip 192.0.2.100

Add Address object type iprange with name FGT-Range with start IP 192.0.2.1 and end ip 192.0.2.100
#>

Param(
Expand All @@ -52,6 +56,10 @@ function Add-FGTFirewallAddress {
[ipaddress]$ip,
[Parameter (Mandatory = $false, ParameterSetName = "ipmask")]
[ipaddress]$mask,
[Parameter (Mandatory = $false, ParameterSetName = "iprange")]
[ipaddress]$startip,
[Parameter (Mandatory = $false, ParameterSetName = "iprange")]
[ipaddress]$endip,
[Parameter (Mandatory = $false)]
[string]$interface,
[Parameter (Mandatory = $false)]
Expand Down Expand Up @@ -93,6 +101,11 @@ function Add-FGTFirewallAddress {
$subnet += $mask.ToString()
$address | add-member -name "subnet" -membertype NoteProperty -Value $subnet
}
"iprange" {
$address | add-member -name "type" -membertype NoteProperty -Value "iprange"
$address | add-member -name "start-ip" -membertype NoteProperty -Value $startip.ToString()
$address | add-member -name "end-ip" -membertype NoteProperty -Value $endip.ToString()
}
"fqdn" {
$address | add-member -name "type" -membertype NoteProperty -Value "fqdn"
$address | add-member -name "fqdn" -membertype NoteProperty -Value $fqdn
Expand Down Expand Up @@ -184,7 +197,7 @@ function Get-FGTFirewallAddress {
Get list of all "address"

.DESCRIPTION
Get list of all "address" (ipmask, fqdn ...)
Get list of all "address" (ipmask, iprange, fqdn...)

.EXAMPLE
Get-FGTFirewallAddress
Expand Down Expand Up @@ -326,6 +339,18 @@ function Set-FGTFirewallAddress {

Change MyFGTAddress to set a new fqdn fortipower.github.io

.EXAMPLE
$MyFGTAddress = Get-FGTFirewallAddress -name MyFGTAddress
PS C:\>$MyFGTAddress | Set-FGTFirewallAddress -startip 192.0.2.100

Change MyFGTAddress to set a new startip (iprange) 192.0.2.100

.EXAMPLE
$MyFGTAddress = Get-FGTFirewallAddress -name MyFGTAddress
PS C:\>$MyFGTAddress | Set-FGTFirewallAddress -endip 192.0.2.200

Change MyFGTAddress to set a new endip (iprange) 192.0.2.200

#>

[CmdletBinding(SupportsShouldProcess, ConfirmImpact = 'medium', DefaultParameterSetName = 'default')]
Expand All @@ -341,6 +366,10 @@ function Set-FGTFirewallAddress {
[ipaddress]$ip,
[Parameter (Mandatory = $false, ParameterSetName = "ipmask")]
[ipaddress]$mask,
[Parameter (Mandatory = $false, ParameterSetName = "iprange")]
[ipaddress]$startip,
[Parameter (Mandatory = $false, ParameterSetName = "iprange")]
[ipaddress]$endip,
[Parameter (Mandatory = $false)]
[string]$interface,
[Parameter (Mandatory = $false)]
Expand Down Expand Up @@ -400,6 +429,15 @@ function Set-FGTFirewallAddress {
$_address | add-member -name "subnet" -membertype NoteProperty -Value $subnet
}
}
"iprange" {
if ( $PsBoundParameters.ContainsKey('startip') ) {
$_address | add-member -name "start-ip" -membertype NoteProperty -Value $startip.ToString()
}

if ( $PsBoundParameters.ContainsKey('endip') ) {
$_address | add-member -name "end-ip" -membertype NoteProperty -Value $endip.ToString()
}
}
"fqdn" {
if ( $PsBoundParameters.ContainsKey('fqdn') ) {
$_address | add-member -name "fqdn" -membertype NoteProperty -Value $fqdn
Expand Down Expand Up @@ -490,4 +528,4 @@ function Remove-FGTFirewallAddress {

End {
}
}
}
209 changes: 208 additions & 1 deletion Tests/integration/FirewallAddress.Tests.ps1
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,8 @@ Describe "Get Firewall Address" {
BeforeAll {
$addr = Add-FGTFirewallAddress -Name $pester_address1 -ip 192.0.2.0 -mask 255.255.255.0
$script:uuid = $addr.uuid
Add-FGTFirewallAddress -Name $pester_address2 -ip 192.0.3.0 -mask 255.255.255.0
Add-FGTFirewallAddress -Name $pester_address2 -fqdn fortipower.github.io
Add-FGTFirewallAddress -Name $pester_address3 -startip 192.0.2.1 -endip 192.0.2.100
}

It "Get Address Does not throw an error" {
Expand Down Expand Up @@ -60,6 +61,7 @@ Describe "Get Firewall Address" {
AfterAll {
Get-FGTFirewallAddress -name $pester_address1 | Remove-FGTFirewallAddress -confirm:$false
Get-FGTFirewallAddress -name $pester_address2 | Remove-FGTFirewallAddress -confirm:$false
Get-FGTFirewallAddress -name $pester_address3 | Remove-FGTFirewallAddress -confirm:$false
}

}
Expand Down Expand Up @@ -137,6 +139,73 @@ Describe "Add Firewall Address" {

}

Context "iprange" {

AfterEach {
Get-FGTFirewallAddress -name $pester_address3 | Remove-FGTFirewallAddress -confirm:$false
}

It "Add Address $pester_address3 (type iprange)" {
Add-FGTFirewallAddress -Name $pester_address3 -startip 192.0.2.1 -endip 192.0.2.100
$address = Get-FGTFirewallAddress -name $pester_address3
$address.name | Should -Be $pester_address3
$address.uuid | Should -Not -BeNullOrEmpty
$address.type | Should -Be "iprange"
$address.'start-ip' | Should -Be "192.0.2.1"
$address.'end-ip' | Should -Be "192.0.2.100"
$address.'associated-interface' | Should -BeNullOrEmpty
$address.comment | Should -BeNullOrEmpty
$address.visibility | Should -Be $true
}

It "Add Address $pester_address3 (type iprange and interface)" {
Add-FGTFirewallAddress -Name $pester_address3 -startip 192.0.2.1 -endip 192.0.2.100 -interface port2
$address = Get-FGTFirewallAddress -name $pester_address3
$address.name | Should -Be $pester_address3
$address.uuid | Should -Not -BeNullOrEmpty
$address.type | Should -Be "iprange"
$address.'start-ip' | Should -Be "192.0.2.1"
$address.'end-ip' | Should -Be "192.0.2.100"
$address.'associated-interface' | Should -Be "port2"
$address.comment | Should -BeNullOrEmpty
$address.visibility | Should -Be $true
}

It "Add Address $pester_address3 (type iprange and comment)" {
Add-FGTFirewallAddress -Name $pester_address3 -startip 192.0.2.1 -endip 192.0.2.100 -comment "Add via PowerFGT"
$address = Get-FGTFirewallAddress -name $pester_address3
$address.name | Should -Be $pester_address3
$address.uuid | Should -Not -BeNullOrEmpty
$address.type | Should -Be "iprange"
$address.'start-ip' | Should -Be "192.0.2.1"
$address.'end-ip' | Should -Be "192.0.2.100"
$address.'associated-interface' | Should -BeNullOrEmpty
$address.comment | Should -Be "Add via PowerFGT"
$address.visibility | Should -Be $true
}

It "Add Address $pester_address3 (type iprange and visiblity disable)" {
Add-FGTFirewallAddress -Name $pester_address3 -startip 192.0.2.1 -endip 192.0.2.100 -visibility:$false
$address = Get-FGTFirewallAddress -name $pester_address3
$address.name | Should -Be $pester_address3
$address.uuid | Should -Not -BeNullOrEmpty
$address.type | Should -Be "iprange"
$address.'start-ip' | Should -Be "192.0.2.1"
$address.'end-ip' | Should -Be "192.0.2.100"
$address.'associated-interface' | Should -BeNullOrEmpty
$address.comment | Should -BeNullOrEmpty
$address.visibility | Should -Be "disable"
}

It "Try to Add Address $pester_address3 (but there is already a object with same name)" {
#Add first address
Add-FGTFirewallAddress -Name $pester_address3 -startip 192.0.2.1 -endip 192.0.2.100
#Add Second address with same name
{ Add-FGTFirewallAddress -Name $pester_address3 -startip 192.0.2.1 -endip 192.0.2.100 } | Should -Throw "Already an address object using the same name"
}

}

Context "fqdn" {

AfterEach {
Expand Down Expand Up @@ -302,6 +371,101 @@ Describe "Configure Firewall Address" {

}

Context "iprange" {

BeforeAll {
$address = Add-FGTFirewallAddress -Name $pester_address3 -startip 192.0.2.1 -endip 192.0.2.100
$script:uuid = $address.uuid
}

It "Change Start IP" {
Get-FGTFirewallAddress -name $pester_address3 | Set-FGTFirewallAddress -startip 192.0.2.99
$address = Get-FGTFirewallAddress -name $pester_address3
$address.name | Should -Be $pester_address3
$address.uuid | Should -Not -BeNullOrEmpty
$address.type | Should -Be "iprange"
$address.'start-ip' | Should -Be "192.0.2.99"
$address.'end-ip' | Should -Be "192.0.2.100"
$address.'associated-interface' | Should -BeNullOrEmpty
$address.comment | Should -BeNullOrEmpty
$address.visibility | Should -Be $true
}

It "Change End IP" {
Get-FGTFirewallAddress -name $pester_address3 | Set-FGTFirewallAddress -endip 192.0.2.199
$address = Get-FGTFirewallAddress -name $pester_address3
$address.name | Should -Be $pester_address3
$address.uuid | Should -Not -BeNullOrEmpty
$address.type | Should -Be "iprange"
$address.'start-ip' | Should -Be "192.0.2.99"
$address.'end-ip' | Should -Be "192.0.2.199"
$address.'associated-interface' | Should -BeNullOrEmpty
$address.comment | Should -BeNullOrEmpty
$address.visibility | Should -Be $true
}

It "Change (Associated) Interface" {
Get-FGTFirewallAddress -name $pester_address3 | Set-FGTFirewallAddress -interface port2
$address = Get-FGTFirewallAddress -name $pester_address3
$address.name | Should -Be $pester_address3
$address.uuid | Should -Not -BeNullOrEmpty
$address.type | Should -Be "iprange"
$address.'start-ip' | Should -Be "192.0.2.99"
$address.'end-ip' | Should -Be "192.0.2.199"
$address.'associated-interface' | Should -Be "port2"
$address.comment | Should -BeNullOrEmpty
$address.visibility | Should -Be $true
}

It "Change comment" {
Get-FGTFirewallAddress -name $pester_address3 | Set-FGTFirewallAddress -comment "Modified by PowerFGT"
$address = Get-FGTFirewallAddress -name $pester_address3
$address.name | Should -Be $pester_address3
$address.uuid | Should -Not -BeNullOrEmpty
$address.type | Should -Be "iprange"
$address.'start-ip' | Should -Be "192.0.2.99"
$address.'end-ip' | Should -Be "192.0.2.199"
$address.'associated-interface' | Should -Be "port2"
$address.comment | Should -Be "Modified by PowerFGT"
$address.visibility | Should -Be $true
}

It "Change visiblity" {
Get-FGTFirewallAddress -name $pester_address3 | Set-FGTFirewallAddress -visibility:$false
$address = Get-FGTFirewallAddress -name $pester_address3
$address.name | Should -Be $pester_address3
$address.uuid | Should -Not -BeNullOrEmpty
$address.type | Should -Be "iprange"
$address.'start-ip' | Should -Be "192.0.2.99"
$address.'end-ip' | Should -Be "192.0.2.199"
$address.'associated-interface' | Should -Be "port2"
$address.comment | Should -Be "Modified by PowerFGT"
$address.visibility | Should -Be "disable"
}

It "Try to Configure Address $pester_address3 (but it is wrong type...)" {
{ Get-FGTFirewallAddress -name $pester_address3 | Set-FGTFirewallAddress -fqdn "fortipower.github.io" } | Should -Throw "Address type (iprange) need to be on the same type (fqdn)"
}

It "Change Name" {
Get-FGTFirewallAddress -name $pester_address3 | Set-FGTFirewallAddress -name "pester_address_change"
$address = Get-FGTFirewallAddress -name "pester_address_change"
$address.name | Should -Be "pester_address_change"
$address.uuid | Should -Not -BeNullOrEmpty
$address.type | Should -Be "iprange"
$address.'start-ip' | Should -Be "192.0.2.99"
$address.'end-ip' | Should -Be "192.0.2.199"
$address.'associated-interface' | Should -Be "port2"
$address.comment | Should -Be "Modified by PowerFGT"
$address.visibility | Should -Be "disable"
}

AfterAll {
Get-FGTFirewallAddress -uuid $script:uuid | Remove-FGTFirewallAddress -confirm:$false
}

}

Context "fqdn" {

BeforeAll {
Expand Down Expand Up @@ -412,6 +576,34 @@ Describe "Copy Firewall Address" {

}

Context "iprange" {

BeforeAll {
Add-FGTFirewallAddress -Name $pester_address3 -startip 192.0.2.1 -endip 192.0.2.100
}

It "Copy Firewall Address ($pester_address3 => copy_pester_address3)" {
Get-FGTFirewallAddress -name $pester_address3 | Copy-FGTFirewallAddress -name copy_pester_address3
$address = Get-FGTFirewallAddress -name copy_pester_address3
$address.name | Should -Be copy_pester_address3
$address.uuid | Should -Not -BeNullOrEmpty
$address.type | Should -Be "iprange"
$address.'start-ip' | Should -Be "192.0.2.1"
$address.'end-ip' | Should -Be "192.0.2.100"
$address.'associated-interface' | Should -BeNullOrEmpty
$address.comment | Should -BeNullOrEmpty
$address.visibility | Should -Be $true
}

AfterAll {
#Remove copy_pester_address3
Get-FGTFirewallAddress -name copy_pester_address3 | Remove-FGTFirewallAddress -confirm:$false
#Remove $pester_address3
Get-FGTFirewallAddress -name $pester_address3 | Remove-FGTFirewallAddress -confirm:$false
}

}

Context "fqdn" {

BeforeAll {
Expand Down Expand Up @@ -458,6 +650,21 @@ Describe "Remove Firewall Address" {

}

Context "iprange" {

BeforeEach {
Add-FGTFirewallAddress -Name $pester_address3 -startip 192.0.2.1 -endip 192.0.2.100
}

It "Remove Address $pester_address3 by pipeline" {
$address = Get-FGTFirewallAddress -name $pester_address3
$address | Remove-FGTFirewallAddress -confirm:$false
$address = Get-FGTFirewallAddress -name $pester_address3
$address | Should -Be $NULL
}

}

Context "fqdn" {

BeforeEach {
Expand Down