The London Perl and Raku Workshop takes place on 26th Oct 2024. If your company depends on Perl, please consider sponsoring and/or attending.
 / 
Device-PaloAlto-Firewall-0.04
River stage zero No dependents
/ Device::PaloAlto::Firewall::Test

NAME

Device::PaloAlto::Firewall::Test- Run a suite of tests against Palo Alto firewalls.

VERSION

version 0.04

SYNOPSIS

This module contains a set of methods that run tests against an Palo Alto firewall. The functions take arguments and return 1 or 0 depending on the current runtime state of the firewall.

These methods should be used in conjunction with the ok() function provided by Test::More.

    use Device::PaloAlto::Firewall
    use Test::More;

SUBROUTINES

interfaces_up

    ok( $fw_test->interfaces_up(interfaces => ['ethernet1/1', 'ethernet./(2|3)']) );

interfaces_up takes an ARRAYREF that contains interface match criteria. Returns 0 if any of the interfaces matched are down. Internally the sub uses a case insensitive regex to create an array of interfaces that match all of the match criteria. Consider the following values of the 'interfaces' parameter:

  • [ ] - will warn that the ARRAYREF is empty, however the sub will return 1 as no interfaces matches are 'down'.

  • ['ethrnt1/1'] - a typo or any criteria that causes no interfaces to be matched will warn, however the sub will return 1 as no interfaces matched are 'down'.

  • ['ethrnt1/1', 'ethernet1/2'] - if 'ethrnt1/1' matches no interfaces, and 'ethernet1/2' does, the return value will depend on whether 'ethernet1/2' is 'up' or 'down'.

interfaces_duplex

    ok( $fw_test->interfaces_duplex(interfaces => ['ethernet1/1', 'ethernet./(2|3)']) );

interfaces_duplex takes an ARRAYREF of interface match criteria. The match criteria can contain regex. See interfaces_up for some of the nuances around the matching.

It returns 1 if all of the interfaces are in a full duplex state. If any are not, it returns 0. If the device is a VM, physical interface state cannot be determined. The function will emit a warning, however it will still return a successful test.

routes_exist

    ok( 
        $fw_test->routes_exist(
            vrouter => 'virt_router_a',
            routes => ['192.0.2.0/30', '192.0.2.128/25']
        )
    );

routes_exist takes an ARRAYREF of routes and searches for these routes in the virtual router specified by vrouter. If all of the exact routes are present in the routing table it returns 1. If any exact routes are not present, it returns 0.

routes is mandatory. vrouter is optional, and is set to 'default' if not specified. An empty ARRAYREF will emit a warning but will still return 1.

bgp_peers_up

    ok( 
        $fw_test->bgp_peers_ip(
            vrouter => 'virt_router_a',
            peer_ips => ['192.0.2.1', '192.0.2.20']
        )
    );

Returns 1 if all of the BGP peers specified in the peer_ips are established. Returns 0 if any of the peers are not in the established state.

vrouter specifies the virtual router that the BGP peers are configured under. If not supplied, the vrouter 'default' will be used.

ntp_synchronised

    ok( $fw_test->ntp_synchronised() );

Returns 0 if the firewall is not synchronised with an NTP peer. Returns 1 if the firewall is synchronised with at least one NTP peer.

ntp_reachable

    ok ( $fw_test->ntp_reachable() );

Returns 1 if all of the configured NTP servers are reachable. Returns 0 if any of the configured NTP servers are not reachable.

AUTHOR

Greg Foletta, <greg at foletta.org>

BUGS

Please report any bugs or feature requests to bug-device-firewall-paloalto-test at rt.cpan.org, or through the web interface at http://rt.cpan.org/NoAuth/ReportBug.html?Queue=Device-PaloAlto-Firewall-Test. I will be notified, and then you'll automatically be notified of progress on your bug as I make changes.

SUPPORT

You can find documentation for this module with the perldoc command.

    perldoc Device::PaloAlto::Firewall::Test

You can also look for information at:

ACKNOWLEDGEMENTS

LICENSE AND COPYRIGHT

Copyright 2016 Greg Foletta.

This program is free software; you can redistribute it and/or modify it under the terms of the the Artistic License (2.0). You may obtain a copy of the full license at:

http://www.perlfoundation.org/artistic_license_2_0

Any use, modification, and distribution of the Standard or Modified Versions is governed by this Artistic License. By using, modifying or distributing the Package, you accept this license. Do not use, modify, or distribute the Package, if you do not accept this license.

If your Modified Version has been derived from a Modified Version made by someone other than you, you are nevertheless required to ensure that your Modified Version complies with the requirements of this license.

This license does not grant you the right to use any trademark, service mark, tradename, or logo of the Copyright Holder.

This license includes the non-exclusive, worldwide, free-of-charge patent license to make, have made, use, offer to sell, sell, import and otherwise transfer the Package with respect to any patent claims licensable by the Copyright Holder that are necessarily infringed by the Package. If you institute patent litigation (including a cross-claim or counterclaim) against any party alleging that the Package constitutes direct or contributory patent infringement, then this Artistic License to you shall terminate on the date that such litigation is filed.

Disclaimer of Warranty: THE PACKAGE IS PROVIDED BY THE COPYRIGHT HOLDER AND CONTRIBUTORS "AS IS' AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES. THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT ARE DISCLAIMED TO THE EXTENT PERMITTED BY YOUR LOCAL LAW. UNLESS REQUIRED BY LAW, NO COPYRIGHT HOLDER OR CONTRIBUTOR WILL BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING IN ANY WAY OUT OF THE USE OF THE PACKAGE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.