def testVerbatimContains(self): term_one = policy.Term(policy.VarType(23, ('iptables', 'foo'))) term_two = policy.Term(policy.VarType(23, ('iptables', 'bar'))) term_three = policy.Term(policy.VarType(23, ('juniper', 'foo'))) self.assertIn(term_one, term_one) self.assertNotIn(term_two, term_one) self.assertNotIn(term_three, term_one)
def testDestAddrNotInDestAddr(self, mock_naming): mock_naming.GetNetAddr.side_effect = [ [nacaddr.IPv4('192.168.1.1/32')], [nacaddr.IPv4('10.1.1.0/24')]] term_one = policy.Term([policy.VarType(4, 'FOO')]) term_two = policy.Term([policy.VarType(4, 'FOO')]) self.assertNotIn(term_one, term_two)
def testPrecedenceContains(self): # Tests "contains" testing of the precedence field. A term without set # precedence contains one which has them set. p_term = policy.Term([policy.VarType(26, 1)]) no_p_term = policy.Term([]) self.assertIn(p_term, p_term) self.assertIn(no_p_term, no_p_term) self.assertNotIn(no_p_term, p_term) self.assertNotIn(p_term, no_p_term)
def testProtocolExceptContains(self): # Test the protocol-except keyword. pexcept_term = policy.Term([policy.VarType(8, 'tcp')]) pexpect_term_udp = policy.Term([policy.VarType(8, 'udp')]) p_term = policy.Term([policy.VarType(10, 'icmp')]) p_term_tcp = policy.Term([policy.VarType(10, 'tcp')]) self.assertIn(p_term, pexcept_term) self.assertIn(pexcept_term, pexcept_term) self.assertNotIn(p_term_tcp, pexcept_term) self.assertNotIn(pexpect_term_udp, pexcept_term)
def testOptionsContains(self): # Tests "contains" testing of the options field. A term without set options # contains one which has them set. tcp_est_term = policy.Term([policy.VarType(9, 'tcp-established')]) term = policy.Term([]) tcp_udp_est_term = policy.Term([policy.VarType(9, 'tcp-established'), policy.VarType(9, 'established')]) self.assertNotIn(term, tcp_est_term) self.assertNotIn(tcp_est_term, term) self.assertIn(tcp_est_term, tcp_udp_est_term) self.assertNotIn(tcp_udp_est_term, tcp_est_term)
def testIpExcludeContains(self, mock_naming): # This "contains" test kicks the tires on source-address and # source-address-exclude. mock_naming.GetNetAddr.side_effect = [[nacaddr.IPv4('10.0.0.0/8')], [nacaddr.IPv4('10.0.0.0/8')], [nacaddr.IPv4('10.62.0.0/15')]] term_one = policy.Term([policy.VarType(3, 'FOO')]) term_two = policy.Term( [policy.VarType(3, 'FOO'), policy.VarType(11, 'BAR')]) self.assertIn(term_two, term_one) self.assertNotIn(term_one, term_two)
def testAddrNotInAddr(self, mock_naming): mock_naming.GetNetAddr.side_effect = [[nacaddr.IPv4('192.168.1.1/32')], [nacaddr.IPv4('10.1.1.0/24')], [nacaddr.IPv4('10.1.1.0/24')], [nacaddr.IPv4('10.1.1.0/24')]] term = policy.Term([policy.VarType(5, 'FOO')]) addr_term = policy.Term([policy.VarType(5, 'FOO')]) saddr_term = policy.Term([policy.VarType(3, 'FOO')]) daddr_term = policy.Term([policy.VarType(4, 'FOO')]) self.assertNotIn(addr_term, term) self.assertNotIn(saddr_term, term) self.assertNotIn(daddr_term, term)
def testIpDualExcludeContains(self, mock_naming): # One term has (10.0.0.0/8, except 10.10.0.0/24), it should contain a term # that has (10.0.0.0/8 except 10.0.0.0/9. mock_naming.GetNetAddr.side_effect = [ [nacaddr.IPv4('10.0.0.0/8')], [nacaddr.IPv4('10.10.0.0/24')], [nacaddr.IPv4('10.0.0.0/8')], [nacaddr.IPv4('10.0.0.0/9')]] term_one = policy.Term([policy.VarType(3, 'FOO'), policy.VarType(11, 'BAR')]) term_two = policy.Term([policy.VarType(3, 'FOO'), policy.VarType(11, 'BAR')]) self.assertIn(term_two, term_one) self.assertNotIn(term_one, term_two)
def testEmptyIpContains(self, mock_naming): # testTermContains2 differs from testTermContains in that TERM_SUPER_2 # only defines a source addres. it's meant to catch the case where # the containing term has less detail (and is hence, less restrictive) # than the contained term mock_naming.GetNetAddr.side_effect = [[nacaddr.IPv4('10.0.0.0/8')], [nacaddr.IPv4('10.1.1.1/32')]] term_one = policy.Term([policy.VarType(5, 'PROD')]) term_one.AddObject(policy.VarType(2, 'accept')) term_two = policy.Term( [policy.VarType(3, 'SMALLER_PROD'), policy.VarType(7, (22, 22))]) term_two.AddObject(policy.VarType(2, 'accept')) self.assertIn(term_two, term_one) self.assertNotIn(term_one, term_two)
def testIpAndPortContains(self, mock_naming): mock_naming.GetNetAddr.side_effect = [ [nacaddr.IPv4('10.0.0.0/8')], [nacaddr.IPv4('10.1.1.1/32')]] term_one = policy.Term([policy.VarType(3, 'PROD'), policy.VarType(7, (22, 22)), policy.VarType(7, (80, 80)), policy.VarType(10, 'tcp')]) term_one.AddObject(policy.VarType(2, 'accept')) term_two = policy.Term([policy.VarType(3, 'SMALLER_PROD'), policy.VarType(7, (22, 22)), policy.VarType(10, 'tcp')]) term_two.AddObject(policy.VarType(2, 'accept')) self.assertIn(term_two, term_one) self.assertNotIn(term_one, term_two)
def testFragmentOffset(self): fo_term = policy.Term([]) fo_term.AddObject(policy.VarType(17, "80")) fo_range_term = policy.Term([]) fo_range_term.AddObject(policy.VarType(17, "60-90")) fo_smaller_range_term = policy.Term([]) fo_smaller_range_term.AddObject(policy.VarType(17, "65-82")) term = policy.Term([]) self.assertIn(fo_term, fo_term) self.assertIn(fo_term, fo_range_term) self.assertNotIn(fo_range_term, fo_term) self.assertIn(fo_smaller_range_term, fo_range_term) self.assertNotIn(fo_range_term, fo_smaller_range_term) self.assertNotIn(term, fo_term)
def testGetCost(self, ips, protocols, ports, expected, mock_naming): mock_naming.GetNetAddr.side_effect = ips t = [] for i in ips: t.append(policy.VarType(3, i)) for p in protocols: t.append(policy.VarType(10, p)) for p in ports: t.append(policy.VarType(7, p)) term = policy.Term(t) self.assertEqual(gcp_hf.GetCost(term), expected)
def testPortContains(self): # Test "contains" against port field and that it matches # source/destination/port fields. port_term = policy.Term([policy.VarType(32, (25, 25))]) sport_term = policy.Term([policy.VarType(6, (25, 25))]) dport_term = policy.Term([policy.VarType(7, (25, 25))]) self.assertIn(sport_term, port_term) self.assertIn(dport_term, port_term) self.assertIn(port_term, port_term) alt_port_term = policy.Term([policy.VarType(32, (25, 30))]) sport_term = policy.Term([policy.VarType(6, (25, 30))]) dport_term = policy.Term([policy.VarType(7, (25, 30))]) self.assertNotIn(alt_port_term, port_term) self.assertNotIn(sport_term, port_term) self.assertNotIn(dport_term, port_term)
def testDestinationPortNotInDestinationPort(self): term_one = policy.Term([policy.VarType(7, (22, 22))]) term_two = policy.Term([policy.VarType(7, (23, 23))]) self.assertNotIn(term_one, term_two)
def testSourcePortNotInSourcePort(self): term_one = policy.Term([policy.VarType(6, (22, 22))]) term_two = policy.Term([policy.VarType(6, (23, 23))]) self.assertNotIn(term_one, term_two)
def testDestinationPrefixContains(self): term_one = policy.Term([policy.VarType(20, "foo")]) term_two = policy.Term([policy.VarType(20, "bar")]) self.assertIn(term_one, term_one)
def testProtocolNotInEmptyTerm(self): term_one = policy.Term([policy.VarType(10, 'tcp')]) term_two = policy.Term([]) self.assertNotIn(term_two, term_one)
def testProtocolNotInProtoExcept(self): term_one = policy.Term([policy.VarType(8, 'tcp')]) term_two = policy.Term([policy.VarType(10, 'udp')]) self.assertNotIn(term_one, term_two)
def testProtocolTermNotInAnotherTermContains(self): term_one = policy.Term([policy.VarType(10, 'tcp')]) term_two = policy.Term([policy.VarType(10, 'udp')]) self.assertNotIn(term_one, term_two)
def testForwardingClassExceptNotIn(self): term_one = policy.Term([policy.VarType(52, "foo")]) term_two = policy.Term([policy.VarType(52, "bar")]) term_three = policy.Term([]) self.assertNotIn(term_one, term_two) self.assertNotIn(term_three, term_one)
def testSourcePrefixExceptNotInSourcePrefixExcept(self): term_one = policy.Term([policy.VarType(50, "foo")]) term_two = policy.Term([policy.VarType(50, "bar")]) self.assertNotIn(term_one, term_two)
def testDestinationPrefixExceptNotInDestinationPrefixExcept(self): term_one = policy.Term([policy.VarType(51, "foo")]) term_two = policy.Term([policy.VarType(51, "bar")]) self.assertNotIn(term_one, term_two)
def testSourceTagContains(self): term_one = policy.Term([policy.VarType(44, "foo")]) self.assertIn(term_one, term_one)
def testSourceTagNotInSourceTag(self): term_one = policy.Term([policy.VarType(44, "foo")]) term_two = policy.Term([policy.VarType(44, "bar")]) self.assertNotIn(term_one, term_two)
def testForwardingClassContains(self): term_one = policy.Term([policy.VarType(43, "foo")]) term_two = policy.Term([policy.VarType(43, "bar"), policy.VarType(43, "foo")]) self.assertIn(term_one, term_one) self.assertIn(term_one, term_two)
def testNextIPNotIn(self, mock_naming): mock_naming.GetNetAddr.side_effect = [ [nacaddr.IPv4('192.168.1.1/32')]] term_one = policy.Term([policy.VarType(46, "FOO")]) term_two = policy.Term([]) self.assertNotIn(term_two, term_one)
def testSourcePrefixExceptContains(self): term_one = policy.Term([policy.VarType(50, "foo")]) self.assertIn(term_one, term_one)
def testForwardingClassExceptContains(self): term_one = policy.Term([policy.VarType(52, "foo")]) self.assertIn(term_one, term_one)