waft.actions.warp_actions.cli_actions module¶
- class waft.actions.warp_actions.cli_actions.CliActions(warp_client_handler: WarpClientHandler)¶
Bases:
ActionsCliActions provides the main API for tests using the waft framework to interact with the WARP CLI.
- admin_override(override_code: str)¶
Submits admin override code
- property admin_override_enabled: int¶
Returns number of seconds remaining on admin override code
- clear_registration()¶
Clear active WARP registration.
- connect()¶
Connect the WARP client and verify connection status.
- current_mode() WarpModes¶
Retrieve the current WARP mode as reported by the CLI settings.
- Returns:
The current mode of the WARP client.
- Return type:
- disconnect(**kwargs)¶
Disconnect the WARP client and verify disconnection status.
- enrich_exception(exc: Exception)¶
Enrich exception with additional context (e.g., current mode).
- Parameters:
exc (Exception) – Exception to be enriched
- get_configs() list[str]¶
List available configs defined in MDM file and return list of names
- get_main_interface_name() str¶
Get the name of the main network interface
- Returns:
The name of the main interface
- Return type:
str
- Raises:
RuntimeError – If the main interface cannot be determined
- get_settings() WarpCLISettings¶
Retrieve the WARP CLI settings list.
- Returns:
The current WARP client settings.
- Return type:
- get_tunnel_interface_name() str¶
Get the WARP tunnel interface name
- Returns:
The tunnel interface name (e.g., “utun4”)
- Return type:
str
- Raises:
RuntimeError – If the warp-cli command fails or tunnel interface not found
- get_tunnel_protocol()¶
Key off of registration Public Key to determine and return WARP protocol
- ip_in_tunnel_list(ip_address: str | IPv4Address | IPv6Address, retry_if: Literal['found', 'not_found'] | None, timeout: int = 30, resolve_domains: bool = False) bool¶
Check to see if a particular ip is in the tunnel list or not within a given timeout :param ip_address: ip address to search list for :param retry_if: Indicates if/when the check should be retried.
If None the current value will be returned immediately.
- Parameters:
timeout – Amount of time in seconds to retry for
resolve_domains – If set to True, domains in the split tunnel list will be resolved to addresses and checked against the given address
Returns: bool - True if IP is in the list for the split tunnel.
- is_connected(retry_for: int = 60, retry_if_connection_status_is: bool = False) bool¶
Verify the WARP client connection status with retries.
- Parameters:
retry_for (int) – How long to retry (in seconds). Defaults to 60. If set to 0 the current connection status is returned immediately
retry_if_connection_status_is (bool) – Condition to retry on. Defaults to False.
- Returns:
True if connected, False otherwise.
- Return type:
bool
- is_registered(retry_for: int = 60, retry_if_registration_status_is: bool = False, organization: str | None = None) bool¶
Verify the WARP client registration status with retries.
- Parameters:
retry_for (int) – How long to retry (in seconds). Defaults to 60.
retry_if_registration_status_is (bool) – Condition to retry on. Defaults to False.
organization (Optional[str]) – The Zero Trust account team/domain name to check against (optional).
- Returns:
True if registered, False otherwise.
- Return type:
bool
- register_and_verify_registration(organization: str | None = None)¶
Register the WARP client and verify registration.
- Parameters:
organization (Optional[str]) – The Zero Trust account team/domain name to register with (optional).
- registration_delete() None¶
Delete the current registration and verify it is removed.
- property registration_info: WARPRegistrationInfo¶
Returns current registration details.
- Raises:
WarpClientRegistrationError – if not registered
WarpClientError – for other CLI errors
- Returns:
WARP registration info
- Return type:
- reset_mode() dict¶
Resets the WARP mode back to the default mode.
- rotate_keys_to_update(allow_unregistered: bool = False)¶
Rotate keys to update information from API
- Parameters:
allow_unregistered – Don’t raise an exception if client is unregistered
- Raises:
AssertionError – If client is unregistered
- run_disconnect(**kwargs)¶
Runs warp-cli disconnect command
- set_mode(mode: WarpModes) dict¶
Set the WARP mode, confirming that the value is valid in the current context.
- Parameters:
mode (WarpModes) – The desired mode to set.
- set_mode_and_verify(mode: WarpModes)¶
Set the WARP mode and verify that the updated value is reflected in the client settings.
- Parameters:
mode (WarpModes) – The desired mode to set.
- set_warp_protocol(protocol: WarpProtocols, timeout: int = 30)¶
Set WARP tunnel protocol to the given value :param protocol: Protocol to set for WARP tunnel :param timeout: Number of seconds to wait for tunnel protocol to match set value
- start_pcap(interface: Iterable[str] | None = None, force_stop_pcap: bool = True, time_limit: int | None = None, size_limit: int | None = None, packet_size: int | None = None)¶
Start pcap, if pcap is running stop pcap first
- Parameters:
interface – Interface for which to capture traffic
force_stop_pcap – Stop pcap if it is already running
time_limit – Time limit for pcap capture in min (default 5min)
size_limit – Size limit for pcap capture in mb (default 5mb)
packet_size – Packet size for pcap capture in bytes (default 160b)
- stop_pcap_and_copy_file(local_pcap_name: str) Path¶
Stop pcap and copy the most recently captured file in the directory to the test runner
- Parameters:
local_pcap_name – Name of file to save capture to
- tunnel_add_ip(ip_address: str | IPv4Address | IPv6Address) None¶
Add an ip address to the tunnel list and verify its in the list and that the client is connected.
- Parameters:
ip_address – Ip address to add
Returns: None
- tunnel_add_ip_list(list_of_ips: list[str | IPv4Address | IPv6Address]) None¶
Add a list of ip addresses to tunnel :param list_of_ips: List including ip addresses
Returns: None
- tunnel_remove_ip(ip_address: str | IPv4Address | IPv6Address) None¶
Remove an ip from the tunnel list, verify it’s not in the list, and verify that the client is connected.
- Parameters:
ip_address – ip address to remove
Returns: None
- tunnel_remove_ip_list(list_of_ips: list[str | IPv4Address | IPv6Address]) None¶
Add a list of ip addresses to tunnel :param list_of_ips: List including ip addresses
Returns: None
- verify_disconnected(err_msg: str, duration: int = 60)¶
Verify the WARP client remains disconnected for the duration.
- Parameters:
err_msg (str) – Error message if connection state changes
duration (int) – How long to retry (in seconds). Defaults to 60. If set to 0 the connection status is asserted immediately.
- verify_registration(organization: str | None = None, account_id: str | None = None, retry_for: int = 60) None¶
Verify that the WARP client is registered with a particular organization.
- Parameters:
organization (str) – The Zero Trust account team/domain name expected for the registration.
account_id – Account ID to verify for the registration.
retry_for (int) – The time to retry checking the registration status (in seconds).
- wait_connected(timeout: int = 30, complete: bool = True)¶
Wait until WARP status reports as connected.
- Parameters:
timeout – Timeout in seconds to wait for warp-cli status to report connected
complete – True to wait for the connection to complete (default). False to wait for the connection to initiate.
- wait_for_mode(mode: WarpModes, timeout: int = 180)¶
Wait for a given amount of time for mode to switch to the specified value and otherwise raise an exception
- wait_for_setting(setting_name: str, value: Any, timeout: int = 120)¶
Wait for WARP setting to match given value
- Parameters:
setting_name – Name of setting to check for value
value – Value to wait for setting to match
timeout – Max amount of time to wait for setting to match given value
- wait_for_statuses(statuses: list[WarpStatus], timeout: int = 30)¶
Wait until WARP status reports one of the values given.
- Parameters:
statuses – List of strings of warp-cli statuses to wait for
timeout – Timeout in seconds to wait for warp-cli status to report connected