def test_returned_proxy_type_no_dep_net(self):
args = dict(topology_type='outbound_explicit')
p = ModuleParameters(params=args)
assert p.topology == 'topology_l3_explicit_proxy'
assert p.proxy_type == 'explicit'
assert p.dep_net is None
def test_returned_proxy_type_and_dep_net(self):
args = dict(topology_type='outbound_l2')
p = ModuleParameters(params=args)
assert p.topology == 'topology_l2_outbound'
assert p.proxy_type == 'transparent'
assert p.dep_net == 'l2_network'
def test_invalid_port_raises(self):
args = dict(port=-1)
p = ModuleParameters(params=args)
with self.assertRaises(F5ModuleError) as res:
assert p.port is None
assert str(res.exception) == 'Valid ports must be in range 0 - 65535.'
def test_invalid_additional_protocols_values_raises(self):
args = dict(additional_protocols=['fail'])
p = ModuleParameters(params=args)
with self.assertRaises(F5ModuleError) as res:
assert p.additional_protocols is None
assert str(res.exception) == "Acceptable values for the 'additional_protocols' parameter are " \
"'ftp', 'imap', 'pop3', and 'smtps'. Received: 'fail'."
def test_invalid_name_raises(self):
args = dict(name='this_is_quite_long_and_will_raise_error')
p = ModuleParameters(params=args)
with self.assertRaises(F5ModuleError) as res:
assert p.name is None
assert str(
res.exception) == 'Maximum allowed name length is 15 characters.'
def test_invalid_mask_raises(self):
args = dict(source='2001:0db8:85a3:0000:0000:8a2e:0370:7334/64')
p = ModuleParameters(params=args)
with self.assertRaises(F5ModuleError) as res:
assert p.source is None
assert str(res.exception
) == 'Address must contain a subnet (CIDR) value <= 32.'
def test_missing_mask_raises(self):
args = dict(source='0.0.0.0%0')
p = ModuleParameters(params=args)
with self.assertRaises(F5ModuleError) as res:
assert p.source is None
assert str(res.exception
) == 'Address must contain a subnet (CIDR) value <= 32.'
def test_additional_protocols_non_tcp_raises(self):
args = dict(protocol='udp', additional_protocols=['ftp', 'pop3'])
p = ModuleParameters(params=args)
with self.assertRaises(F5ModuleError) as res:
assert p.additional_protocols is None
assert str(
res.exception
) == "The 'additional_protocols' parameter can only be used with TCP traffic."
def test_ignore_tcp_settings_client_server(self):
args = dict(topology_type='outbound_explicit',
tcp_settings_client='will_be_ignored_client',
tcp_settings_server='will_be_ignored_server')
p = ModuleParameters(params=args)
assert p.topology == 'topology_l3_explicit_proxy'
assert p.proxy_type == 'explicit'
assert p.tcp_settings_client is None
assert p.tcp_settings_server is None
def test_module_parameters(self):
args = dict(
name='foobar',
topology_type='outbound_l3',
protocol='tcp',
ip_family='ipv4',
source='1.2.3.4/32',
dest='4.3.2.1/32',
port=1234,
tcp_settings_client='/Common/baz',
tcp_settings_server='/Common/bar',
vlans=['/Common/foo1', '/Common/foo2'],
snat='snatpool',
snat_list=['10.10.10.1', '10.10.10.2'],
snat_pool='/Foo/snats',
gateway='iplist',
gateway_list=[dict(ip='2.2.2.2', ratio=2),
dict(ip='3.3.3.3')],
gateway_pool='/Foo/gws',
l7_profile_type='http',
l7_profile='/Bar/baz',
additional_protocols=['ftp', 'imap', 'pop3', 'smtps'],
access_profile='/Foo/access',
profile_scope='named',
profile_scope_value='scope_value',
primary_auth_uri='/fake/uri',
verify_accept='yes',
oscp_auth='this_is_fake',
proxy_ip='1.1.1.1',
proxy_port=4321,
auth_profile='/foo/fake',
dns_resoler='baz_bar',
pools='fake_pool',
logging=dict(sslo='critical',
per_request_policy='warning',
ftp='information',
pop3='notice',
smtps='alert'),
ssl_settings='ssl_fake',
security_policy='policy_fake')
p = ModuleParameters(params=args)
assert p.name == 'sslo_foobar'
assert p.topology == 'topology_l3_outbound'
assert p.protocol == 'tcp'
assert p.ip_family == 'ipv4'
assert p.source == '1.2.3.4%0/32'
assert p.dest == '4.3.2.1%0/32'
assert p.port == 1234
assert p.tcp_settings_client == '/Common/baz'
assert p.tcp_settings_server == '/Common/bar'
assert p.vlans == [{
'name': '/Common/foo1',
'value': '/Common/foo1'
}, {
'name': '/Common/foo2',
'value': '/Common/foo2'
}]
assert p.snat == 'existingSNAT'
assert p.snat_list == [{'ip': '10.10.10.1'}, {'ip': '10.10.10.2'}]
assert p.snat_pool == '/Foo/snats'
assert p.gateway == 'newGatewayPool'
assert p.gateway_list == [{
'ip': '2.2.2.2',
'ratio': 2
}, {
'ip': '3.3.3.3',
'ratio': 1
}]
assert p.gateway_pool == '/Foo/gws'
assert p.l7_profile_type == 'http'
assert p.l7_profile == '/Bar/baz'
assert p.additional_protocols == [{
'name': 'FTP',
'value': 'ftp'
}, {
'name': 'IMAP',
'value': 'imap'
}, {
'name': 'POP3',
'value': 'pop3'
}, {
'name': 'SMTPS',
'value': 'smtps'
}]
assert p.access_profile == '/Foo/access'
assert p.profile_scope == 'named'
assert p.profile_scope_value == 'scope_value'
assert p.primary_auth_uri == '/fake/uri'
assert p.verify_accept is True
assert p.oscp_auth == 'this_is_fake'
assert p.proxy_ip == '1.1.1.1'
assert p.proxy_port == 4321
assert p.auth_profile == '/foo/fake'
assert p.dns_resoler == 'baz_bar'
assert p.pools == 'fake_pool'
assert p.logging == {
'sslo': 'crit',
'per_request_policy': 'warn',
'ftp': 'info',
'pop3': 'notice',
'smtps': 'alert'
}
assert p.ssl_settings == 'ssloT_ssl_fake'
assert p.security_policy == 'ssloP_policy_fake'