diff --git a/PowerFGT/Public/cmdb/firewall/addressgroup.ps1 b/PowerFGT/Public/cmdb/firewall/addressgroup.ps1 index e87c5ae07..ad0aab435 100644 --- a/PowerFGT/Public/cmdb/firewall/addressgroup.ps1 +++ b/PowerFGT/Public/cmdb/firewall/addressgroup.ps1 @@ -27,6 +27,12 @@ function Add-FGTFirewallAddressGroup { Add-FGTFirewallAddressGroup -name MyAddressGroup -member MyAddress1 -comment "My Address Group" Add Address Group with member MyAddress1 and a comment + + .EXAMPLE + $data = @{ "color" = 23 } + PS C:\>Add-FGTFirewallAddressGroup -name MyAddressGroup -member MyAddress1 -comment "My Address Group".0 -data $data + + Add Address Group with member MyAddress1, a comment and color (23) via -data parameter #> Param( @@ -39,6 +45,8 @@ function Add-FGTFirewallAddressGroup { [string]$comment, [Parameter (Mandatory = $false)] [boolean]$visibility, + [Parameter (Mandatory = $false)] + [hashtable]$data, [Parameter(Mandatory = $false)] [String[]]$vdom, [Parameter(Mandatory = $false)] @@ -93,6 +101,12 @@ function Add-FGTFirewallAddressGroup { } } + if ( $PsBoundParameters.ContainsKey('data') ) { + $data.GetEnumerator() | ForEach-Object { + $addrgrp | Add-member -name $_.key -membertype NoteProperty -Value $_.value + } + } + Invoke-FGTRestMethod -method "POST" -body $addrgrp -uri $uri -connection $connection @invokeParams | Out-Null Get-FGTFirewallAddressGroup -connection $connection @invokeParams -name $name @@ -376,6 +390,12 @@ function Set-FGTFirewallAddressGroup { Change MyFGTAddressGroup to set a new comment and disabled visibility + .EXAMPLE + $data = @{ "color" = 23 } + PS C:\>$MyFGTAddressGroup = Get-FGTFirewallAddressGroup -name MyFGTAddressGroup + PS C:\>$MyFGTAddressGroup | Set-FGTFirewallAddressGroup -data $data + + Change MyFGTAddressGroup to set color (23) using -data #> [CmdletBinding(SupportsShouldProcess, ConfirmImpact = 'medium')] @@ -392,6 +412,8 @@ function Set-FGTFirewallAddressGroup { [string]$comment, [Parameter (Mandatory = $false)] [boolean]$visibility, + [Parameter (Mandatory = $false)] + [hashtable]$data, [Parameter(Mandatory = $false)] [String[]]$vdom, [Parameter(Mandatory = $false)] @@ -448,6 +470,12 @@ function Set-FGTFirewallAddressGroup { } } + if ( $PsBoundParameters.ContainsKey('data') ) { + $data.GetEnumerator() | ForEach-Object { + $_addrgrp | Add-member -name $_.key -membertype NoteProperty -Value $_.value + } + } + if ($PSCmdlet.ShouldProcess($addrgrp.name, 'Configure Firewall Address Group')) { Invoke-FGTRestMethod -method "PUT" -body $_addrgrp -uri $uri -uri_escape $old_name -connection $connection @invokeParams | out-Null diff --git a/PowerFGT/Public/cmdb/firewall/policy.ps1 b/PowerFGT/Public/cmdb/firewall/policy.ps1 index 80a8575bb..786c74d6f 100644 --- a/PowerFGT/Public/cmdb/firewall/policy.ps1 +++ b/PowerFGT/Public/cmdb/firewall/policy.ps1 @@ -63,6 +63,13 @@ function Add-FGTFirewallPolicy { Add-FGTFirewallPolicy -name MyFGTPolicy -srcintf port1 -dstintf port2 -srcaddr all -dstaddr all -policyid 23 Add a MyFGTPolicy with Policy ID equal 23 + + .EXAMPLE + $data = @{ "logtraffic-start" = "enable" } + Add-FGTFirewallPolicy -name MyFGTPolicy -srcintf port1 -dstintf port2 -srcaddr all -dstaddr all -data $data + + Add a MyFGTPolicy with logtraffic-start using -data + #> @@ -100,6 +107,8 @@ function Add-FGTFirewallPolicy { [string[]]$ippool, [Parameter (Mandatory = $false)] [switch]$skip, + [Parameter (Mandatory = $false)] + [hashtable]$data, [Parameter(Mandatory = $false)] [String[]]$vdom, [Parameter(Mandatory = $false)] @@ -233,6 +242,12 @@ function Add-FGTFirewallPolicy { $policy | add-member -name "poolname" -membertype NoteProperty -Value $ippool_array } + if ( $PsBoundParameters.ContainsKey('data') ) { + $data.GetEnumerator() | ForEach-Object { + $policy | Add-member -name $_.key -membertype NoteProperty -Value $_.value + } + } + $post = Invoke-FGTRestMethod -method "POST" -body $policy -uri $uri -connection $connection @invokeParams if ( $PsBoundParameters.ContainsKey('name') ) { diff --git a/PowerFGT/Public/cmdb/firewall/vip.ps1 b/PowerFGT/Public/cmdb/firewall/vip.ps1 index 8e533b2bb..710acb6e2 100644 --- a/PowerFGT/Public/cmdb/firewall/vip.ps1 +++ b/PowerFGT/Public/cmdb/firewall/vip.ps1 @@ -31,13 +31,13 @@ function Add-FGTFirewallVip { .EXAMPLE Add-FGTFirewallVip -name myVIP4-5000-6000 -type static-nat -extip 192.0.2.1 -mappedip 198.51.100.1 -portforward -extport 5000 -mappedport 6000 -protocol udp - Add VIP objet type static-nat (One to One) with name myVIP3 with external IP 192.0.2.1 and mapped IP 198.51.100.1 with Port Forward and UDP Port 5000 mapped to port 6000 + Add VIP objet type static-nat (One to One) with name myVIP4 with external IP 192.0.2.1 and mapped IP 198.51.100.1 with Port Forward and UDP Port 5000 mapped to port 6000 .EXAMPLE $data = @{ "nat-source-vip" = "enable" ; "color" = "23"} PS C> Add-FGTFirewallVip -name myVIP5-data -type static-nat -extip 192.0.2.1 -mappedip 198.51.100.1 -data $data - Change dns-mapping-ttl and color settings using -data parameter + Add VIP objet type static-nat (One to One) with name myVIP5 with nat-source-vip and color settings using -data parameter #> Param( diff --git a/PowerFGT/Public/cmdb/firewall/vipgroup.ps1 b/PowerFGT/Public/cmdb/firewall/vipgroup.ps1 index 25235fcfb..43a56cc3e 100644 --- a/PowerFGT/Public/cmdb/firewall/vipgroup.ps1 +++ b/PowerFGT/Public/cmdb/firewall/vipgroup.ps1 @@ -28,6 +28,12 @@ function Add-FGTFirewallVipGroup { Add-FGTFirewallVipGroup -name MyVipGroup -member MyVip1 -comments "My VIP Group" -interface wan1 Add VIP Group with member MyVip1 and a comments, associated to interface wan1 + + .EXAMPLE + $data = @{ "color" = "23"} + PS C> Add-FGTFirewallVipGroup -name MyVipGroup -member MyVip1 -interface wan1 -data $data + + Add VIP Group with member MyVip1 with color 23 (using -data) #> Param( @@ -40,6 +46,8 @@ function Add-FGTFirewallVipGroup { [Parameter (Mandatory = $false)] [ValidateLength(0, 255)] [string]$comments, + [Parameter (Mandatory = $false)] + [hashtable]$data, [Parameter(Mandatory = $false)] [String[]]$vdom, [Parameter(Mandatory = $false)] @@ -78,6 +86,12 @@ function Add-FGTFirewallVipGroup { #TODO: check if interface is valid (and also if members use the same interface...) $vipgrp | add-member -name "interface" -membertype NoteProperty -Value $interface + if ( $PsBoundParameters.ContainsKey('data') ) { + $data.GetEnumerator() | ForEach-Object { + $vipgrp | Add-member -name $_.key -membertype NoteProperty -Value $_.value + } + } + if ( $PsBoundParameters.ContainsKey('comments') ) { $vipgrp | add-member -name "comments" -membertype NoteProperty -Value $comments } @@ -367,6 +381,12 @@ function Set-FGTFirewallVipGroup { Change MyFGTVipGroup to set a new comments + .EXAMPLE + $data = @{ "color" = "23" } + PS C:\>$MyFGTVipGroup = Get-FGTFirewallVipGroup -name MyFGTVipGroup + PS C:\>$MyFGTVipGroup | Set-FGTFirewallVipGroup -data $data + + Change MyFGTVipGroup to set color (23) with -data parameter #> [CmdletBinding(SupportsShouldProcess, ConfirmImpact = 'medium')] @@ -381,6 +401,8 @@ function Set-FGTFirewallVipGroup { [Parameter (Mandatory = $false)] [ValidateLength(0, 255)] [string]$comments, + [Parameter (Mandatory = $false)] + [hashtable]$data, [Parameter(Mandatory = $false)] [String[]]$vdom, [Parameter(Mandatory = $false)] @@ -422,6 +444,12 @@ function Set-FGTFirewallVipGroup { $_vipgrp | add-member -name "comments" -membertype NoteProperty -Value $comments } + if ( $PsBoundParameters.ContainsKey('data') ) { + $data.GetEnumerator() | ForEach-Object { + $_vipgrp | Add-member -name $_.key -membertype NoteProperty -Value $_.value + } + } + if ($PSCmdlet.ShouldProcess($addrgrp.name, 'Configure Firewall VIP Group')) { Invoke-FGTRestMethod -method "PUT" -body $_vipgrp -uri $uri -uri_escape $old_name -connection $connection @invokeParams | out-Null diff --git a/PowerFGT/Public/cmdb/router/static.ps1 b/PowerFGT/Public/cmdb/router/static.ps1 index 34c03620a..addf184bb 100644 --- a/PowerFGT/Public/cmdb/router/static.ps1 +++ b/PowerFGT/Public/cmdb/router/static.ps1 @@ -165,6 +165,12 @@ function Add-FGTRouterStatic { Add-FGTRouterStatic -status:$false -dst 198.51.100.0/24 -gateway 192.0.2.254 -device internal1 Add a route with status disabled + + .EXAMPLE + $data = @{ "sdwan" = "enable" } + PS C:\>Add-FGTRouterStatic -dst 198.51.100.0/24 -gateway 192.0.2.254 -device internal1 -data $data + + Add a route with sdwan enable using -data #> [CmdletBinding(DefaultParameterSetName = "default")] @@ -222,6 +228,8 @@ function Add-FGTRouterStatic { [Parameter (Mandatory = $false)] [switch]$bfd = $false, [Parameter (Mandatory = $false)] + [hashtable]$data, + [Parameter (Mandatory = $false)] [switch]$skip, [Parameter(Mandatory = $false)] [String[]]$vdom, @@ -357,6 +365,12 @@ function Add-FGTRouterStatic { } } + if ( $PsBoundParameters.ContainsKey('data') ) { + $data.GetEnumerator() | ForEach-Object { + $static | Add-member -name $_.key -membertype NoteProperty -Value $_.value + } + } + $post = Invoke-FGTRestMethod -method "POST" -body $static -uri $uri -connection $connection @invokeParams #if you don't have seq-num get the number with the POST diff --git a/PowerFGT/Public/cmdb/system/interface.ps1 b/PowerFGT/Public/cmdb/system/interface.ps1 index beecbe8af..2869096a1 100644 --- a/PowerFGT/Public/cmdb/system/interface.ps1 +++ b/PowerFGT/Public/cmdb/system/interface.ps1 @@ -37,6 +37,12 @@ function Add-FGTSystemInterface { Add-FGTSystemInterface -name PowerFGT_lo -loopback -mode static -ip 192.0.2.1 -netmask 255.255.255.255 -allowaccess ping This creates a new interface loopback with IP 192.0.2.1(/32) and allow access to ping + + .EXAMPLE + $data = @{ 'sflow-sampler' = "enable" } + Add-FGTSystemInterface -name PowerFGT -interface port10 -vlan_id 10 -data $data + + This creates a new interface with sflow-sampler enable using -data parameter #> Param( @@ -77,6 +83,8 @@ function Add-FGTSystemInterface { [string]$netmask, [Parameter (Mandatory = $false)] [string]$vdom_interface = "root", + [Parameter (Mandatory = $false)] + [hashtable]$data, [Parameter(Mandatory = $false)] [String[]]$vdom, [Parameter(Mandatory = $false)] @@ -166,6 +174,12 @@ function Add-FGTSystemInterface { $_interface | add-member -name "device-identification" -membertype NoteProperty -Value $device_identification } + if ( $PsBoundParameters.ContainsKey('data') ) { + $data.GetEnumerator() | ForEach-Object { + $_interface | Add-member -name $_.key -membertype NoteProperty -Value $_.value + } + } + $null = Invoke-FGTRestMethod -uri $uri -method 'POST' -body $_interface -connection $connection @invokeParams Get-FGTSystemInterface -name $name -connection $connection @invokeParams @@ -377,6 +391,12 @@ function Set-FGTSystemInterface { Get-FGTSystemInterface -name PowerFGT | Set-FGTSystemInterface -dhcprelayip $null This disables DCHP relay and clears the relay ip addresses + + .EXAMPLE + $data = @{ "sflow-sampler" = "enable" } + PS C:\>Get-FGTSystemInterface -name PowerFGT | Set-FGTSystemInterface -data $data + + Configure sflow-sampler setting using -data parameter on interface PowerFGT #> [CmdletBinding(SupportsShouldProcess, ConfirmImpact = 'medium')] @@ -405,6 +425,8 @@ function Set-FGTSystemInterface { [string]$status, [Parameter (Mandatory = $false)] [string]$device_identification, + [Parameter (Mandatory = $false)] + [hashtable]$data, [Parameter(Mandatory = $false)] [String[]]$vdom, [Parameter(Mandatory = $false)] @@ -477,6 +499,12 @@ function Set-FGTSystemInterface { } } + if ( $PsBoundParameters.ContainsKey('data') ) { + $data.GetEnumerator() | ForEach-Object { + $_interface | Add-member -name $_.key -membertype NoteProperty -Value $_.value + } + } + if ($PSCmdlet.ShouldProcess($interface.name, 'Set interface')) { $null = Invoke-FGTRestMethod -uri $uri -method 'PUT' -body $_interface -connection $connection @invokeParams Get-FGTSystemInterface -name $interface.name -connection $connection @invokeParams diff --git a/PowerFGT/Public/cmdb/system/zone.ps1 b/PowerFGT/Public/cmdb/system/zone.ps1 index b37b72d59..81e6d6cd3 100644 --- a/PowerFGT/Public/cmdb/system/zone.ps1 +++ b/PowerFGT/Public/cmdb/system/zone.ps1 @@ -144,6 +144,8 @@ function Add-FGTSystemZone { [string[]]$interfaces, [Parameter(Mandatory = $false)] [string]$description, + [Parameter (Mandatory = $false)] + [hashtable]$data, [Parameter(Mandatory = $false)] [String[]]$vdom, [Parameter(Mandatory = $false)] @@ -193,6 +195,12 @@ function Add-FGTSystemZone { } } + if ( $PsBoundParameters.ContainsKey('data') ) { + $data.GetEnumerator() | ForEach-Object { + $zone | Add-member -name $_.key -membertype NoteProperty -Value $_.value + } + } + Invoke-FGTRestMethod -uri 'api/v2/cmdb/system/zone' -method 'POST' -body $zone -connection $connection @invokeParams | Out-Null Get-FGTSystemZone -name $name -connection $connection @invokeParams @@ -246,6 +254,8 @@ function Set-FGTSystemZone { [string]$description, [Parameter(Mandatory = $false)] [string[]]$interfaces, + [Parameter (Mandatory = $false)] + [hashtable]$data, [Parameter(Mandatory = $false)] [String[]]$vdom, [Parameter(Mandatory = $false)] @@ -301,6 +311,12 @@ function Set-FGTSystemZone { } } + if ( $PsBoundParameters.ContainsKey('data') ) { + $data.GetEnumerator() | ForEach-Object { + $zone_body | Add-member -name $_.key -membertype NoteProperty -Value $_.value + } + } + if ($PSCmdlet.ShouldProcess($zone.name, 'Set zone')) { Invoke-FGTRestMethod -uri "api/v2/cmdb/system/zone" -uri_escape $zone.name -method 'PUT' -body $zone_body -connection $connection @invokeParams | Out-Null Get-FGTSystemZone -name $name -connection $connection @invokeParams diff --git a/Tests/integration/FirewallAddressGroup.Tests.ps1 b/Tests/integration/FirewallAddressGroup.Tests.ps1 index 11550d4db..ce8992f23 100644 --- a/Tests/integration/FirewallAddressGroup.Tests.ps1 +++ b/Tests/integration/FirewallAddressGroup.Tests.ps1 @@ -157,6 +157,36 @@ Describe "Add Firewall Address Group" { } } + It "Add Address Group $pester_addressgroup1 (with 1 member and data (1 field))" { + $data = @{ "color" = 23 } + Add-FGTFirewallAddressGroup -Name $pester_addressgroup1 -member $pester_address1 -data $data + $addressgroup = Get-FGTFirewallAddressGroup -name $pester_addressgroup1 + $addressgroup.name | Should -Be $pester_addressgroup1 + $addressgroup.uuid | Should -Not -BeNullOrEmpty + ($addressgroup.member).count | Should -Be "1" + $addressgroup.member.name | Should -BeIn $pester_address1 + $addressgroup.comment | Should -BeNullOrEmpty + $addressgroup.color | Should -Be "23" + if ($DefaultFGTConnection.version -lt "6.4.0") { + $addressgroup.visibility | Should -Be $true + } + } + + It "Add Address Group $pester_addressgroup1 (with 1 member and data (2 fields))" { + $data = @{ "color" = 23; "comment" = "Add via PowerFGT and -data" } + Add-FGTFirewallAddressGroup -Name $pester_addressgroup1 -member $pester_address1 -data $data + $addressgroup = Get-FGTFirewallAddressGroup -name $pester_addressgroup1 + $addressgroup.name | Should -Be $pester_addressgroup1 + $addressgroup.uuid | Should -Not -BeNullOrEmpty + ($addressgroup.member).count | Should -Be "1" + $addressgroup.member.name | Should -BeIn $pester_address1 + $addressgroup.comment | Should -Be "Add via PowerFGT and -data" + $addressgroup.color | Should -Be "23" + if ($DefaultFGTConnection.version -lt "6.4.0") { + $addressgroup.visibility | Should -Be $true + } + } + It "Try to Add Address Group $pester_addressgroup1 (but there is already a object with same name)" { #Add first Address Group Add-FGTFirewallAddressGroup -Name $pester_addressgroup1 -member $pester_address1 @@ -302,6 +332,36 @@ Describe "Configure Firewall Address Group" { } } + It "Change -data (1 field)" { + $data = @{ "color" = 23 } + Get-FGTFirewallAddressGroup -name $pester_addressgroup1 | Set-FGTFirewallAddressGroup -data $data + $addressgroup = Get-FGTFirewallAddressGroup -name $pester_addressgroup1 + $addressgroup.name | Should -Be $pester_addressgroup1 + $addressgroup.uuid | Should -Not -BeNullOrEmpty + ($addressgroup.member).count | Should -Be "2" + $addressgroup.member.name | Should -BeIn $pester_address1, $pester_address2 + $addressgroup.comment | Should -Be "Modified by PowerFGT" + if ($DefaultFGTConnection.version -lt "6.4.0") { + $addressgroup.visibility | Should -Be "disable" + } + $addressgroup.color | Should -Be "23" + } + + It "Change -data (2 fields)" { + $data = @{ "color" = 4 ; comment = "Modified by PowerFGT via -data" } + Get-FGTFirewallAddressGroup -name $pester_addressgroup1 | Set-FGTFirewallAddressGroup -data $data + $addressgroup = Get-FGTFirewallAddressGroup -name $pester_addressgroup1 + $addressgroup.name | Should -Be $pester_addressgroup1 + $addressgroup.uuid | Should -Not -BeNullOrEmpty + ($addressgroup.member).count | Should -Be "2" + $addressgroup.member.name | Should -BeIn $pester_address1, $pester_address2 + $addressgroup.comment | Should -Be "Modified by PowerFGT via -data" + if ($DefaultFGTConnection.version -lt "6.4.0") { + $addressgroup.visibility | Should -Be "disable" + } + $addressgroup.color | Should -Be "4" + } + It "Change Name" { Get-FGTFirewallAddressGroup -name $pester_addressgroup1 | Set-FGTFirewallAddressGroup -name "pester_addressgroup1_change" $addressgroup = Get-FGTFirewallAddressGroup -name "pester_addressgroup1_change" @@ -309,7 +369,7 @@ Describe "Configure Firewall Address Group" { $addressgroup.uuid | Should -Not -BeNullOrEmpty ($addressgroup.member).count | Should -Be "2" $addressgroup.member.name | Should -BeIn $pester_address1, $pester_address2 - $addressgroup.comment | Should -Be "Modified by PowerFGT" + $addressgroup.comment | Should -Be "Modified by PowerFGT via -data" if ($DefaultFGTConnection.version -lt "6.4.0") { $addressgroup.visibility | Should -Be "disable" } diff --git a/Tests/integration/FirewallPolicy.Tests.ps1 b/Tests/integration/FirewallPolicy.Tests.ps1 index 4415d66ae..2a580bee7 100644 --- a/Tests/integration/FirewallPolicy.Tests.ps1 +++ b/Tests/integration/FirewallPolicy.Tests.ps1 @@ -536,6 +536,48 @@ Describe "Add Firewall Policy" { $policy.poolname | Should -Be "MyIPPool" } + It "Add Policy $pester_policy1 (with data (1 field))" { + $data = @{ "logtraffic-start" = "enable" } + $p = Add-FGTFirewallPolicy -name $pester_policy1 -srcintf port1 -dstintf port2 -srcaddr all -dstaddr all -data $data + @($p).count | Should -Be "1" + $policy = Get-FGTFirewallPolicy -name $pester_policy1 + $policy.name | Should -Be $pester_policy1 + $policy.uuid | Should -Not -BeNullOrEmpty + $policy.srcintf.name | Should -Be "port1" + $policy.dstintf.name | Should -Be "port2" + $policy.srcaddr.name | Should -Be "all" + $policy.dstaddr.name | Should -Be "all" + $policy.action | Should -Be "accept" + $policy.status | Should -Be "enable" + $policy.service.name | Should -Be "All" + $policy.schedule | Should -Be "always" + $policy.nat | Should -Be "disable" + $policy.logtraffic | Should -Be "utm" + $policy.comments | Should -BeNullOrEmpty + $policy.'logtraffic-start' | Should -Be "enable" + } + + It "Add Policy $pester_policy1 (with data (2 fields))" { + $data = @{ "logtraffic-start" = "enable" ; "comments" = "Add via PowerFGT and -data" } + $p = Add-FGTFirewallPolicy -name $pester_policy1 -srcintf port1 -dstintf port2 -srcaddr all -dstaddr all -data $data + @($p).count | Should -Be "1" + $policy = Get-FGTFirewallPolicy -name $pester_policy1 + $policy.name | Should -Be $pester_policy1 + $policy.uuid | Should -Not -BeNullOrEmpty + $policy.srcintf.name | Should -Be "port1" + $policy.dstintf.name | Should -Be "port2" + $policy.srcaddr.name | Should -Be "all" + $policy.dstaddr.name | Should -Be "all" + $policy.action | Should -Be "accept" + $policy.status | Should -Be "enable" + $policy.service.name | Should -Be "All" + $policy.schedule | Should -Be "always" + $policy.nat | Should -Be "disable" + $policy.logtraffic | Should -Be "utm" + $policy.comments | Should -Be "Add via PowerFGT and -data" + $policy.'logtraffic-start' | Should -Be "enable" + } + It "Try to Add Policy $pester_policy1 (but there is already a object with same name)" { #Add first policy Add-FGTFirewallPolicy -name $pester_policy1 -srcintf port1 -dstintf port2 -srcaddr all -dstaddr all diff --git a/Tests/integration/FirewallVipGroup.Tests.ps1 b/Tests/integration/FirewallVipGroup.Tests.ps1 index b42853158..93f6836d9 100644 --- a/Tests/integration/FirewallVipGroup.Tests.ps1 +++ b/Tests/integration/FirewallVipGroup.Tests.ps1 @@ -135,6 +135,30 @@ Describe "Add Firewall Vip Group" { $vipgroup.comments | Should -BeNullOrEmpty } + It "Add Vip Group $pester_vipgroup1 (with 1 member and data (1 field))" { + $data = @{ "color" = "23" } + Add-FGTFirewallVipGroup -Name $pester_vipgroup1 -member $pester_vip1 -data $data + $vipgroup = Get-FGTFirewallVipGroup -name $pester_vipgroup1 + $vipgroup.name | Should -Be $pester_vipgroup1 + $vipgroup.uuid | Should -Not -BeNullOrEmpty + ($vipgroup.member).count | Should -Be "1" + $vipgroup.member.name | Should -BeIn $pester_vip1 + $vipgroup.comments | Should -BeNullOrEmpty + $vipgroup.color | Should -Be "23" + } + + It "Add Vip Group $pester_vipgroup1 (with 1 member and data (2 fields))" { + $data = @{ "color" = "23" ; comments = "Add via PowerFGT with -data" } + Add-FGTFirewallVipGroup -Name $pester_vipgroup1 -member $pester_vip1 -data $data + $vipgroup = Get-FGTFirewallVipGroup -name $pester_vipgroup1 + $vipgroup.name | Should -Be $pester_vipgroup1 + $vipgroup.uuid | Should -Not -BeNullOrEmpty + ($vipgroup.member).count | Should -Be "1" + $vipgroup.member.name | Should -BeIn $pester_vip1 + $vipgroup.comments | Should -Be "Add via PowerFGT with -data" + $vipgroup.color | Should -Be "23" + } + It "Try to Add Vip Group $pester_vipgroup1 (but there is already a object with same name)" { #Add first Vip Group Add-FGTFirewallVipGroup -Name $pester_vipgroup1 -member $pester_vip1 @@ -249,6 +273,30 @@ Describe "Configure Firewall Vip Group" { $vipgroup.comments | Should -Be "Modified by PowerFGT" } + It "Change -data (1 field)" { + $data = @{ "color" = "23" } + Get-FGTFirewallVipGroup -name $pester_vipgroup1 | Set-FGTFirewallVipGroup -data $data + $vipgroup = Get-FGTFirewallVipGroup -name $pester_vipgroup1 + $vipgroup.name | Should -Be $pester_vipgroup1 + $vipgroup.uuid | Should -Not -BeNullOrEmpty + ($vipgroup.member).count | Should -Be "2" + $vipgroup.member.name | Should -BeIn $pester_vip1, $pester_vip2 + $vipgroup.comments | Should -Be "Modified by PowerFGT" + $vipgroup.color | Should -Be "23" + } + + It "Change -data (2 fields)" { + $data = @{ "color" = "4" ; comments = "Modified by PowerFGT with -data" } + Get-FGTFirewallVipGroup -name $pester_vipgroup1 | Set-FGTFirewallVipGroup -data $data + $vipgroup = Get-FGTFirewallVipGroup -name $pester_vipgroup1 + $vipgroup.name | Should -Be $pester_vipgroup1 + $vipgroup.uuid | Should -Not -BeNullOrEmpty + ($vipgroup.member).count | Should -Be "2" + $vipgroup.member.name | Should -BeIn $pester_vip1, $pester_vip2 + $vipgroup.comments | Should -Be "Modified by PowerFGT with -data" + $vipgroup.color | Should -Be "4" + } + It "Change Name" { Get-FGTFirewallVipGroup -name $pester_vipgroup1 | Set-FGTFirewallVipGroup -name "pester_vipgroup1_change" $vipgroup = Get-FGTFirewallVipGroup -name "pester_vipgroup1_change" @@ -256,7 +304,7 @@ Describe "Configure Firewall Vip Group" { $vipgroup.uuid | Should -Not -BeNullOrEmpty ($vipgroup.member).count | Should -Be "2" $vipgroup.member.name | Should -BeIn $pester_vip1, $pester_vip2 - $vipgroup.comments | Should -Be "Modified by PowerFGT" + $vipgroup.comments | Should -Be "Modified by PowerFGT with -data" } AfterAll { diff --git a/Tests/integration/RouterStatic.Tests.ps1 b/Tests/integration/RouterStatic.Tests.ps1 index dd4ae3884..445da7857 100644 --- a/Tests/integration/RouterStatic.Tests.ps1 +++ b/Tests/integration/RouterStatic.Tests.ps1 @@ -468,6 +468,66 @@ Describe "Add Static Route" { $route.bfd | Should -Be "enable" } + It "Add Static Route to 192.2.0.0/24 with -data (1 field)" { + $data = @{ "weight" = "15" } + $r = Add-FGTRouterStatic -dst 192.2.0.0/24 -gateway 198.51.100.254 -device $pester_port2 -data $data + @($r).count | Should -Be "1" + $route = Get-FGTRouterStatic -gateway 198.51.100.254 + $route.'seq-num' | Should -Not -BeNullOrEmpty + $route.status | Should -Be "enable" + $route.dst | Should -Be "192.2.0.0 255.255.255.0" + $route.src | Should -Be "0.0.0.0 0.0.0.0" + $route.gateway | Should -Be "198.51.100.254" + $route.distance | Should -Be 10 + $route.weight | Should -Be 15 + if ($DefaultFGTConnection.version -lt "7.0.0") { + $route.priority | Should -Be 0 + } + else { + $route.priority | Should -Be 1 + } + $route.device | Should -Be "$pester_port2" + $route.comment | Should -Be "" + $route.blackhole | Should -Be "disable" + $route.'dynamic-gateway' | Should -Be "disable" + $route.dstaddr | Should -Be "" + $route.'internet-service' | Should -Be "0" + $route.'internet-service-custom' | Should -Be "" + $route.'link-monitor-exempt' | Should -Be "disable" + $route.vrf | Should -Be "0" + $route.bfd | Should -Be "disable" + } + + It "Add Static Route to 192.2.0.0/24 with -data (2 fields)" { + $data = @{ "weight" = "15" ; "bfd" = "enable" } + $r = Add-FGTRouterStatic -dst 192.2.0.0/24 -gateway 198.51.100.254 -device $pester_port2 -data $data + @($r).count | Should -Be "1" + $route = Get-FGTRouterStatic -gateway 198.51.100.254 + $route.'seq-num' | Should -Not -BeNullOrEmpty + $route.status | Should -Be "enable" + $route.dst | Should -Be "192.2.0.0 255.255.255.0" + $route.src | Should -Be "0.0.0.0 0.0.0.0" + $route.gateway | Should -Be "198.51.100.254" + $route.distance | Should -Be 10 + $route.weight | Should -Be 15 + if ($DefaultFGTConnection.version -lt "7.0.0") { + $route.priority | Should -Be 0 + } + else { + $route.priority | Should -Be 1 + } + $route.device | Should -Be "$pester_port2" + $route.comment | Should -Be "" + $route.blackhole | Should -Be "disable" + $route.'dynamic-gateway' | Should -Be "disable" + $route.dstaddr | Should -Be "" + $route.'internet-service' | Should -Be "0" + $route.'internet-service-custom' | Should -Be "" + $route.'link-monitor-exempt' | Should -Be "disable" + $route.vrf | Should -Be "0" + $route.bfd | Should -Be "enable" + } + <# Need to add vrf to Add-FTGInterfaces It "Add Static Route to 192.2.0.0/24 with vrf" { $r = Add-FGTRouterStatic -dst 192.2.0.0/24 -gateway 198.51.100.254 -device $pester_port2 -vrf 1 diff --git a/Tests/integration/SystemInterface.Tests.ps1 b/Tests/integration/SystemInterface.Tests.ps1 index 29ff0bdde..2bc015f14 100644 --- a/Tests/integration/SystemInterface.Tests.ps1 +++ b/Tests/integration/SystemInterface.Tests.ps1 @@ -649,6 +649,75 @@ Describe "Add System Interface" -ForEach $type { $interface.ip | Should -Be "192.0.2.1 255.255.255.0" } + It "Add System Interface (with -data (1 field))" { + $data = @{ "alias" = "int_PowerFGT" } + $p = $_.param + Add-FGTSystemInterface -name $pester_int1 @p -data $data + $interface = Get-FGTSystemInterface -name $pester_int1 + $interface.name | Should -Be $pester_int1 + switch ($_.type) { + "vlan" { + $interface.type | Should -Be "vlan" + $interface.vlanid | Should -Be $pester_vlanid1 + $interface.interface | Should -Be $pester_port1 + } + "aggregate_lacp" { + $interface.type | Should -Be "aggregate" + $interface.member.'interface-name' | Should -BeIn $pester_port1, $pester_port2 + } + "aggregate_static" { + if (($fgt_version -ge "6.2.0")) { + $interface.type | Should -Be "redundant" + } + else { + $interface.type | Should -Be "aggregate" + } + $interface.member.'interface-name' | Should -BeIn $pester_port1, $pester_port2 + } + "loopback" { + $interface.type | Should -Be "loopback" + } + } + $interface.role | Should -Be "lan" + $interface.mode | Should -Be "static" + $interface.alias | Should -Be "int_PowerFGT" + } + + It "Add System Interface (with -data (2 fields))" { + $data = @{ "alias" = "int_PowerFGT"; description = "Add via PowerFGT using -data" } + $p = $_.param + Add-FGTSystemInterface -name $pester_int1 @p -data $data + $interface = Get-FGTSystemInterface -name $pester_int1 + $interface.name | Should -Be $pester_int1 + switch ($_.type) { + "vlan" { + $interface.type | Should -Be "vlan" + $interface.vlanid | Should -Be $pester_vlanid1 + $interface.interface | Should -Be $pester_port1 + } + "aggregate_lacp" { + $interface.type | Should -Be "aggregate" + $interface.member.'interface-name' | Should -BeIn $pester_port1, $pester_port2 + } + "aggregate_static" { + if (($fgt_version -ge "6.2.0")) { + $interface.type | Should -Be "redundant" + } + else { + $interface.type | Should -Be "aggregate" + } + $interface.member.'interface-name' | Should -BeIn $pester_port1, $pester_port2 + } + "loopback" { + $interface.type | Should -Be "loopback" + } + } + $interface.role | Should -Be "lan" + $interface.mode | Should -Be "static" + $interface.alias | Should -Be "int_PowerFGT" + $interface.description | Should -Be "Add via PowerFGT using -data" + } + It "Add Vlan System Interface (on aggregate $($_.type) interface)" -Skip:($_.type -eq "loopback" -or $_.type -eq "vlan") { $p = $_.param Add-FGTSystemInterface -name $pester_int1 @p @@ -802,6 +871,21 @@ Describe "Set System Interface" -ForEach $type { $interface.'dhcp-relay-service' | Should -Be "disable" } + It "Set System Interface using -data (1 field)" { + $data = @{ "alias" = "int_PowerFGT" } + Get-FGTSystemInterface -name $pester_int1 | Set-FGTSystemInterface -data $data + $interface = Get-FGTSystemInterface -name $pester_int1 + $interface.alias | Should -Be "int_PowerFGT" + } + + It "Set System Interface using -data (2 fields)" { + $data = @{ "alias" = "int_PowerFGT" ; description = "Modified via PowerFGT using -data" } + Get-FGTSystemInterface -name $pester_int1 | Set-FGTSystemInterface -data $data + $interface = Get-FGTSystemInterface -name $pester_int1 + $interface.alias | Should -Be "int_PowerFGT" + $interface.description | Should -Be "Modified via PowerFGT using -data" + } + AfterAll { Get-FGTSystemInterface -name $pester_int1 | Remove-FGTSystemInterface -Confirm:$false } diff --git a/Tests/integration/SystemZone.Tests.ps1 b/Tests/integration/SystemZone.Tests.ps1 index 2fab5414a..596db0694 100644 --- a/Tests/integration/SystemZone.Tests.ps1 +++ b/Tests/integration/SystemZone.Tests.ps1 @@ -125,6 +125,16 @@ Describe "Add zone" { $zone.interface."interface-name" | Should -BeIn $pester_port1, $pester_port2 } + It "Add zone $pester_zone1 with -data" { + $data = @{ 'intrazone' = "allow" } + Add-FGTSystemZone -name $pester_zone1 -interfaces $pester_port1 -data $data + $zone = Get-FGTSystemZone -name $pester_zone1 + $zone.name | Should -Be $pester_zone1 + $zone.intrazone | Should -Be "allow" + $zone.interface.count | Should -Be 1 + $zone.interface."interface-name" | Should -BeIn $pester_port1 + } + It "Try to add zone $pester_zone1 (but there is already an object with same name)" { #Add first zone Add-FGTSystemZone -name $pester_zone1 -interfaces $pester_port1 @@ -174,6 +184,13 @@ Describe "Set zone" { $zone.interface."interface-name" | Should -BeIn $pester_port3, $pester_port4 } + It "Change with -data " { + $data = @{ 'intrazone' = "allow" } + Get-FGTSystemZone -name $pester_zone1 | Set-FGTSystemZone -data $data + $zone = Get-FGTSystemZone -name $pester_zone1 + $zone.intrazone | Should -Be "allow" + } + It "Remove interfaces" -Skip:$VersionIs64 { Get-FGTSystemZone -name $pester_zone1 | Set-FGTSystemZone -interfaces none $zone = Get-FGTSystemZone -name $pester_zone1