def _verify_port(self, port, subnet4=None, subnet6=None, **kwargs):
has_ipv4_ip = False
has_ipv6_ip = False
for fixed_ip in port['fixed_ips']:
ip_address = fixed_ip['ip_address']
if subnet4 and fixed_ip['subnet_id'] == subnet4['id']:
start_ip_address = subnet4['allocation_pools'][0]['start']
end_ip_address = subnet4['allocation_pools'][0]['end']
ip_range = IPRange(start_ip_address, end_ip_address)
self.assertIn(ip_address, ip_range)
has_ipv4_ip = True
if subnet6 and fixed_ip['subnet_id'] == subnet6['id']:
start_ip_address = subnet6['allocation_pools'][0]['start']
end_ip_address = subnet6['allocation_pools'][0]['end']
ip_range = IPRange(start_ip_address, end_ip_address)
self.assertIn(ip_address, ip_range)
has_ipv6_ip = True
if subnet4:
self.assertTrue(
has_ipv4_ip,
"Must have an IPv4 ip in subnet: %s" % subnet4['id'])
if subnet6:
self.assertTrue(
has_ipv6_ip,
"Must have an IPv6 ip in subnet: %s" % subnet6['id'])
self.assertIsNotNone(port['mac_address'])
# verify all other kwargs as attributes (key,value) pairs
for key, value in iteritems(kwargs):
self.assertThat(port, ContainsDict({key: Equals(value)}))
def get_illegal_ranges(cidr_list):
all_cidrs = []
first_network_range = IPRange(
"0.0.0.0", get_first_address_in_network_minus_one(cidr_list[0]))
for network in first_network_range.cidrs():
all_cidrs.append(network.cidr.__str__())
# print(f"netmask -c 0.0.0.0:{get_first_address_in_network_minus_one(CIDR_LIST[0])}")
i = 0
how_long = len(cidr_list) + 1
while i < how_long:
# print(i)
if i is len(cidr_list) - 1:
last_network_range = IPRange(
get_last_address_in_network_plus_one(cidr_list[i]),
'255.255.255.255')
for network in last_network_range.cidrs():
all_cidrs.append(network.cidr.__str__())
i += 2
else:
second_network_range = IPRange(
get_last_address_in_network_plus_one(cidr_list[i]),
get_first_address_in_network_minus_one(cidr_list[i + 1]))
for network in second_network_range.cidrs():
all_cidrs.append(network.cidr.__str__())
i += 1
return all_cidrs
def get_range(self, targets):
if targets is None:
return None
if targets is not None:
try:
target_list = []
for target in targets.split(','):
if '/' in target:
target_list.extend(list(IPNetwork(target)))
elif '-' in target:
start_addr = IPAddress(target.split('-')[0])
try:
end_addr = IPAddress(target.split('-')[1])
ip_range = IPRange(start_addr, end_addr)
except AddrFormatError:
end_addr = list(start_addr.words)
end_addr[-1] = target.split('-')[1]
end_addr = IPAddress('.'.join(map(str, end_addr)))
ip_range = IPRange(start_addr, end_addr)
target_list.extend(list(ip_range))
else:
target_list.append(IPAddress(target))
return target_list
except Exception as e:
sys.exit("[!] Exception caught: {}").format(e)
def dhcp_rand_ip(self):
pool = self.dhcpcfg['ip_pool']
try:
if '/' in pool:
ips = list(IPNetwork(pool))
return str(random.choice(ips))
elif '-' in pool:
start_addr = IPAddress(pool.split('-')[0])
try:
end_addr = IPAddress(pool.split('-')[1])
ips = list(IPRange(start_addr, end_addr))
except AddrFormatError:
end_addr = list(start_addr.words)
end_addr[-1] = pool.split('-')[1]
end_addr = IPAddress('.'.join(map(str, end_addr)))
ips = list(IPRange(start_addr, end_addr))
return str(random.choice(ips))
log.error(
'Specified invalid CIDR/Network range in DHCP pool option')
except AddrFormatError:
log.error(
'Specified invalid CIDR/Network range in DHCP pool option')
def populate_targets(target):
if '-' in target:
ip_range = target.split('-')
try:
hosts = IPRange(ip_range[0], ip_range[1])
except AddrFormatError:
try:
start_ip = IPAddress(ip_range[0])
start_ip_words = list(start_ip.words)
start_ip_words[-1] = ip_range[1]
start_ip_words = [str(v) for v in start_ip_words]
end_ip = IPAddress('.'.join(start_ip_words))
t = IPRange(start_ip, end_ip)
except AddrFormatError:
t = target
else:
try:
t = IPNetwork(target)
except AddrFormatError:
t = target
if type(t) == IPNetwork or type(t) == IPRange:
targets.extend(list(t))
else:
targets.append(t)
def get_range(self, targets):
if targets is None:
return None
try:
target_list = []
for target in targets.split(','):
if '/' in target:
target_list.extend(list(IPNetwork(target)))
elif '-' in target:
start_addr = IPAddress(target.split('-')[0])
try:
end_addr = IPAddress(target.split('-')[1])
ip_range = IPRange(start_addr, end_addr)
except AddrFormatError:
end_addr = list(start_addr.words)
end_addr[-1] = target.split('-')[1]
end_addr = IPAddress('.'.join(map(str, end_addr)))
ip_range = IPRange(start_addr, end_addr)
target_list.extend(list(ip_range))
else:
target_list.append(IPAddress(target))
return target_list
except AddrFormatError:
sys.exit("Specified an invalid IP address/range/network as target")
def test_len_on_ipset_failure_with_large_ipv6_addresses():
s1 = IPSet(IPRange(IPAddress("::0"), IPAddress(_sys_maxint, 6)))
with pytest.raises(IndexError):
len(s1)
s2 = IPSet(IPRange(IPAddress("::0"), IPAddress(_sys_maxint - 1, 6)))
assert len(s2) == _sys_maxint
def test_firewall_rules_only(self):
required_rules = [
IPNetwork('1.0.0.20/10'),
IPNetwork('0.0.0.0'),
IPRange('2.0.0.0', '2.0.0.10')
]
satisfying_resources = [{
'rules': required_rules
}, {
'rules': [required_rules[0], required_rules[1]]
}]
non_satisfying_resources = [{
'rules': [IPNetwork('0.0.0.1')]
}, {
'rules':
required_rules + [IPRange('2.0.0.0', '2.0.0.20')]
}]
mock = FirewallRulesFilterMock({
'only':
['0.0.0.0-0.0.0.0', '1.0.0.20/10', '2.0.0.0-2.0.0.10', '8.8.8.8']
})
mock.validate()
actual = mock.process(satisfying_resources + non_satisfying_resources)
self.assertEqual(satisfying_resources, actual)
def _in_network(value, p_value, exact_match=False):
"""
"""
# 'any' address is an automatic match if we are exact
if exact_match and 'any' in p_value:
return True
addresses = [
IPRange(a.split('-')[0],
a.split('-')[1]) if '-' in a else IPNetwork(a)
for a in value if is_ipv4(a)
]
fqdns = [a for a in value if not is_ipv4(a)]
p_addresses = [
IPRange(a.split('-')[0],
a.split('-')[1]) if '-' in a else IPNetwork(a)
for a in p_value if is_ipv4(a)
]
p_fqdns = [a for a in p_value if not is_ipv4(a)]
# network containment implies exact match... i think?
for a in addresses:
addr_result = any(a == b or a in b for b in p_addresses)
if not addr_result:
return False
# now match the fqdns
if exact_match:
fqdn_result = set(fqdns) == set(p_fqdns)
else:
fqdn_result = set(p_fqdns).issubset(set(fqdns))
return fqdn_result
def get_range(self, targets):
if targets is None:
print "[!] IP address/range was not specified, will intercept only gateway requests and not replies."
return None
try:
target_list = []
for target in targets.split(','):
if '/' in target:
self.range = True
target_list.extend(list(IPNetwork(target)))
elif '-' in target:
start_addr = IPAddress(target.split('-')[0])
try:
end_addr = IPAddress(target.split('-')[1])
ip_range = IPRange(start_addr, end_addr)
except AddrFormatError:
end_addr = list(start_addr.words)
end_addr[-1] = target.split('-')[1]
end_addr = IPAddress('.'.join(map(str, end_addr)))
ip_range = IPRange(start_addr, end_addr)
target_list.extend(list(ip_range))
else:
target_list.append(IPAddress(target))
return target_list
except AddrFormatError:
sys.exit("[!] Select a valid IP address/range as target")
def parse_targets(target):
if '-' in target:
ip_range = target.split('-')
try:
t = IPRange(ip_range[0], ip_range[1])
except AddrFormatError:
try:
start_ip = IPAddress(ip_range[0])
start_ip_words = list(start_ip.words)
start_ip_words[-1] = ip_range[1]
start_ip_words = [str(v) for v in start_ip_words]
end_ip = IPAddress('.'.join(start_ip_words))
t = IPRange(start_ip, end_ip)
except AddrFormatError:
t = target
else:
try:
t = IPNetwork(target)
except AddrFormatError:
t = target
if type(t) == IPNetwork or type(t) == IPRange:
return list(t)
else:
return [t.strip()]
def test_iprange_invalid_len_and_alternative():
range1 = IPRange(IPAddress("::0"), IPAddress(_sys_maxint, 6))
with pytest.raises(IndexError):
len(range1)
range2 = IPRange(IPAddress("::0"), IPAddress(_sys_maxint - 1, 6))
assert len(range2) == _sys_maxint
def test_converting_ipsets_to_ipranges():
assert list(IPSet().iter_ipranges()) == []
assert list(IPSet([IPAddress('10.0.0.1')]).iter_ipranges()) == [
IPRange('10.0.0.1', '10.0.0.1')
]
assert list(
IPSet([IPAddress('10.0.0.1'),
IPAddress('10.0.0.2')
]).iter_ipranges()) == [IPRange('10.0.0.1', '10.0.0.2')]
def test_iprange_cidr_interoperability():
assert IPRange('192.0.2.5', '192.0.2.10').cidrs() == [
IPNetwork('192.0.2.5/32'),
IPNetwork('192.0.2.6/31'),
IPNetwork('192.0.2.8/31'),
IPNetwork('192.0.2.10/32'),
]
assert IPRange('fe80::', 'fe80::ffff:ffff:ffff:ffff').cidrs() == [IPNetwork('fe80::/64')]
def test_full_subnet(self):
# Fill up the test subnets so dynamic allocation fails
# For ipv6 we cannot fill up the subnet as /64 is too big so we make
# a small allocation pool and fill that up
network = self.create_network()
ipv4_subnet = self.create_subnet(network,
cidr=IPNetwork('10.0.0.0/29'),
mask_bits=29)
pool = {'start': 'cafe:babe::2', 'end': 'cafe:babe::6'}
kwargs = {'allocation_pools': [pool]}
ipv6_subnet = self.create_subnet(network,
ip_version=6,
cidr=IPNetwork('cafe:babe::/64'),
mask_bits=64,
**kwargs)
router = self.create_router()
# l2domain verify
l2domain = self.vsd.get_l2domain(by_subnet=ipv4_subnet)
for ip in IPRange('10.0.0.3', '10.0.0.6'):
vmipreservation = self.vsd.vspk.NUVMIPReservation(
ip_type='IPV4', ipv4_address=str(ip))
l2domain.create_child(vmipreservation)
for ip in IPRange('cafe:babe::3', 'cafe:babe::6'):
vmipreservation = self.vsd.vspk.NUVMIPReservation(
ip_type='IPV6', ipv6_address=str(ip))
l2domain.create_child(vmipreservation)
# Assert error occurs
expected_error_message = 'No more IP addresses available on network'
self._create_verify_illegal_ports(
ipv4_subnet,
ipv6_subnet,
network,
expected_exception=exceptions.Conflict,
expected_error_msg=expected_error_message,
dynamic=True)
self.router_attach(router, ipv4_subnet)
self.router_attach(router, ipv6_subnet)
# After router attach nuage:dhcp ports are freed up
vsd_subnet = self.vsd.get_subnet(by_subnet=ipv4_subnet)
vmipreservation = self.vsd.vspk.NUVMIPReservation(
ip_type='IPV4', ipv4_address='10.0.0.2')
vsd_subnet.create_child(vmipreservation)
vmipreservation = self.vsd.vspk.NUVMIPReservation(
ip_type='IPV6', ipv6_address='cafe:babe::2')
vsd_subnet.create_child(vmipreservation)
# Assert error occurs
self._create_verify_illegal_ports(
ipv4_subnet,
ipv6_subnet,
network,
expected_exception=exceptions.Conflict,
expected_error_msg=expected_error_message,
dynamic=True)
def _normalize_rules(self, new_ip_rules):
new_ip_space = []
for rule in new_ip_rules:
if '-' in rule:
parts = rule.split('-')
new_ip_space.append(IPRange(parts[0], parts[1]))
else:
net = IPNetwork(rule)
new_ip_space.append(IPRange(net.first, net.last))
return new_ip_space
def test_ipset_constructor():
assert IPSet(['192.0.2.0']) == IPSet(['192.0.2.0/32'])
assert IPSet([IPAddress('192.0.2.0')]) == IPSet(['192.0.2.0/32'])
assert IPSet([IPNetwork('192.0.2.0')]) == IPSet(['192.0.2.0/32'])
assert IPSet(IPNetwork('1234::/32')) == IPSet(['1234::/32'])
assert IPSet([IPNetwork('192.0.2.0/24')]) == IPSet(['192.0.2.0/24'])
assert IPSet(IPSet(['192.0.2.0/32'])) == IPSet(['192.0.2.0/32'])
assert IPSet(IPRange("10.0.0.0",
"10.0.1.31")) == IPSet(['10.0.0.0/24', '10.0.1.0/27'])
assert IPSet(IPRange('0.0.0.0', '255.255.255.255')) == IPSet(['0.0.0.0/0'])
def test_node_list(self):
node_list = self.serializer.get_common_attrs(self.cluster)['nodes']
# Check right nodes count with right roles
self.assert_roles_flattened(node_list)
# Check common attrs
for node in node_list:
node_db = self.db.query(Node).get(int(node['uid']))
self.assertEquals(node['public_netmask'], '255.255.255.0')
self.assertEquals(node['internal_netmask'], '255.255.255.0')
self.assertEquals(node['storage_netmask'], '255.255.255.0')
self.assertEquals(node['uid'], str(node_db.id))
self.assertEquals(node['name'], 'node-%d' % node_db.id)
self.assertEquals(node['fqdn'],
'node-%d.%s' % (node_db.id, settings.DNS_DOMAIN))
# Check uncommon attrs
node_uids = sorted(set([n['uid'] for n in node_list]))
man_ip = [str(ip) for ip in IPRange('192.168.0.1', '192.168.0.5')]
pub_ip = [str(ip) for ip in IPRange('172.16.0.2', '172.16.0.6')]
sto_ip = [str(ip) for ip in IPRange('192.168.1.1', '192.168.1.5')]
expected_list = [{
'roles': ['controller', 'cinder']
}, {
'roles': ['compute', 'cinder']
}, {
'roles': ['compute']
}, {
'roles': ['mongo']
}, {
'roles': ['cinder']
}]
for i in range(len(expected_list)):
expected_list[i]['attrs'] = {
'uid': node_uids[i],
'internal_address': man_ip[i],
'public_address': pub_ip[i],
'storage_address': sto_ip[i]
}
for expected in expected_list:
attrs = expected['attrs']
for role in expected['roles']:
nodes = self.filter_by_role(node_list, role)
node = self.filter_by_uid(nodes, attrs['uid'])[0]
self.assertEquals(attrs['internal_address'],
node['internal_address'])
self.assertEquals(attrs['public_address'],
node['public_address'])
self.assertEquals(attrs['storage_address'],
node['storage_address'])
def ipv6_addresses(lines):
""" Checks if line contains IPv6 Addresses """
# IPv6 - this doesn't handle %interface formats
ip6_regex = ("(([0-9a-fA-F]{1,4}:){7,7}([0-9a-fA-F]{1,4})|"
"([0-9a-fA-F]{1,4}:){1,7}:|"
"([0-9a-fA-F]{1,4}:){1,6}(:[0-9a-fA-F]{1,4})|"
"([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|"
"([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|"
"([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|"
"([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|"
"([0-9a-fA-F]{1,4}:){1,1}(:[0-9a-fA-F]{1,4}){1,6}|"
":(:[0-9a-fA-F]{1,4}){1,7})|([0-9a-fA-F]{1,4}:){1,4}:"
r"((25[0-5]|(2[0-4]|1?[0-9])?[0-9])\.){3,3}"
"(25[0-5]|(2[0-4]|1?[0-9])?[0-9])")
ip6_cidr = "(12[0-8]|(1[01]|[0-9])?[0-9])"
ip6_match = "^{}(/{})?$".format(ip6_regex, ip6_cidr)
ip6_range = r"^{}\s*-\s*{}$".format(ip6_regex, ip6_regex)
# Compile regexes increases speed
match_ip6_cidr = re.compile(ip6_match)
match_ip6_range = re.compile(ip6_range)
ip_set = IPSet()
remaining = []
for line in lines:
line = line.strip()
try:
if match_ip6_cidr.match(line):
logging.info('IPv6 match: %s', line)
ip_set.add(line)
elif match_ip6_range.match(line):
logging.info('IPv6 range: %s', line)
start, finish = line.split("-")
start = IPAddress(start.strip())
finish = IPAddress(finish.strip())
if start < finish:
ip_set.add(IPRange(start, finish))
else:
logging.warning(
'IPv4 range: %s (beginning of range '
'larger than end of range', line)
ip_set.add(IPRange(finish, start))
else:
logging.info('Unmatched: %s', line)
remaining.append(line)
except (RuntimeError, TypeError, NameError):
logging.debug('Invalid IPv6 addresses: %s', line)
remaining.append(line)
return ip_set, remaining
def target_splitter(target_networks):
scope_list = []
for network in target_networks.split(","):
# check to see if a subdomain/vhost was specified (if it has a letter, its not an IP address)
if re.search('[a-zA-Z]', network):
scope_list.append(network)
break
# Simple check to see if there is a range included.
if "-" in str(network):
#print("range found")
iprange = network.split("-")
# Convert the first part of the range to an IPAddress object
rangestart = (IPAddress(iprange[0]))
# rangeend = (IPAddress(iprange[1]))
# Hold off on converting the second part. We first need to check if
# it is a real IP or just the last octet (i.e., 192.168.0.100-110)
rangeend = iprange[1]
# If there is a period in the second part, we can just cast to IPAddress now
if "." in rangeend:
rangeend = IPAddress(rangeend)
net_range = IPRange(rangestart, rangeend)
# scope_list is a list of all of the IP addresses, networks, and ranges that are in scope
for individual_ip in list(net_range):
scope_list.append(individual_ip)
#print(individual_ip)
else:
try:
# If there is no period, that means we just have the last octet for the second half.
# So this part copies the first three octects from the first half range and prepends
# it to the single octet given for the second part.
startpart = str(rangestart).rsplit('.', 1)[0]
rangeend = IPAddress(startpart+"." + rangeend)
net_range = IPRange(rangestart, rangeend)
# scope_list is a list of all of the IP addresses, networks, and ranges that are in scope
for individual_ip in list(net_range):
scope_list.append(individual_ip)
#print(individual_ip)
except:
# Putting this try/except here because i have a feeling that at some point we will see
# something like 192.168.0.0-192.168.200.255 or something like that. Not handling that
# right now.
print("error")
else:
# If there is no "-" in the line, we can deal with it as a simple network or IPAddress. Luckily
# IPNetwork automatically converts an IP without a CIDR into /32 CIDR, and it works just like
# an IP address
net = IPNetwork(network)
for individual_ip in list(net):
scope_list.append(individual_ip)
#print(individual_ip)
return scope_list
def test_get_targets_omp_7(self):
target_xml = get_root_element(
get_fixture_location(__file__, "target_omp_7.xml"))
target2_xml = get_root_element(
get_fixture_location(__file__, "target2_omp_7.xml"))
target3_xml = get_root_element(
get_fixture_location(__file__, "target3_omp_7.xml"))
with open(
get_fixture_location(__file__, "report_with_target_omp_7.xml"),
'r') as xml:
with patch.object(self.uut,
"_get_target_definition",
return_value=target_xml) as target_def:
target = self.uut.get_targets(xml)
self.assertEqual(target, IPSet(IPNetwork("192.168.1.0/24")))
target_def.assert_called_once_with(
"e39cf6fa-1932-42c5-89d4-b66f469c615b")
with open(
get_fixture_location(__file__, "report_with_target_omp_7.xml"),
'r') as xml:
with patch.object(self.uut,
"_get_target_definition",
return_value=target2_xml) as target_def:
ip_set = IPSet(
IPRange(start="192.168.1.1", end="192.168.1.200"))
target = self.uut.get_targets(xml)
self.assertEqual(target, ip_set)
target_def.assert_called_once_with(
"e39cf6fa-1932-42c5-89d4-b66f469c615b")
with open(
get_fixture_location(__file__, "report_with_target_omp_7.xml"),
'r') as xml:
with patch.object(self.uut,
"_get_target_definition",
return_value=target3_xml) as target_def:
ip_set = IPSet()
ip_set.add(IPAddress("10.31.2.30"))
ip_set.add(IPAddress("10.31.2.23"))
ip_set.add(IPAddress("10.31.2.7"))
ip_set.add(IPAddress("10.31.2.31"))
ip_set.add(IPAddress("10.31.2.11"))
ip_set.add(IPAddress("10.31.2.21"))
ip_set.add(IPRange(start="10.31.2.34", end="10.31.2.35"))
ip_set.add(IPAddress("10.31.2.20"))
ip_set.add(IPAddress("10.31.2.32"))
target = self.uut.get_targets(xml)
self.assertEqual(target, ip_set)
target_def.assert_called_once_with(
"e39cf6fa-1932-42c5-89d4-b66f469c615b")
def __init__(self, **kwargs):
self.mode = kwargs['model']
self.number = kwargs['number']
self.function = kwargs['function']
self.save_file = kwargs['write']
self.verbose = kwargs['verbose']
self.write = kwargs['write']
# Convert ip_range into a list ip addrs in string
ip_range = kwargs['ip_range'].split('-')
netaddr_ip_range = IPRange(ip_range[0], ip_range[0]) \
if len(ip_range) == 1 else IPRange(ip_range[0], ip_range[1])
self.ip_range = [str(ip) for ip in netaddr_ip_range]
def test_ipset_member_insertion_and_deletion():
s1 = IPSet()
s1.add('192.0.2.0')
assert s1 == IPSet(['192.0.2.0/32'])
s1.remove('192.0.2.0')
assert s1 == IPSet([])
s1.add(IPRange("10.0.0.0", "10.0.0.255"))
assert s1 == IPSet(['10.0.0.0/24'])
s1.remove(IPRange("10.0.0.128", "10.10.10.10"))
assert s1 == IPSet(['10.0.0.0/25'])
def test_ip_range_intersection(self):
nm = NetworkManager()
self.assertEqual(
nm.is_range_in_cidr(IPRange('192.168.0.0', '192.168.255.255'),
IPNetwork('192.168.1.0/24')), True)
self.assertEqual(
nm.is_range_in_cidr(IPRange('164.174.47.1', '191.0.0.0'),
IPNetwork('192.168.1.0/24')), False)
self.assertEqual(
nm.is_range_in_cidr(IPRange('192.168.0.0', '192.168.255.255'),
IPRange('164.174.47.1', '191.0.0.0')), False)
self.assertEqual(
nm.is_range_in_cidr(IPNetwork('192.168.1.0/8'),
IPNetwork('192.168.1.0/24')), True)
def test_iprange_pickling_v4():
iprange = IPRange('192.0.2.1', '192.0.2.254')
assert iprange == IPRange('192.0.2.1', '192.0.2.254')
assert iprange.first == 3221225985
assert iprange.last == 3221226238
assert iprange.version == 4
buf = pickle.dumps(iprange)
iprange2 = pickle.loads(buf)
assert iprange2 == iprange
assert id(iprange2) != id(iprange)
assert iprange2.first == 3221225985
assert iprange2.last == 3221226238
assert iprange2.version == 4
def test_firewall_rules_include_empty(self):
satisfying_resources = [
{'rules': [IPRange('2.0.0.0', '2.0.0.20')]},
{'rules': [IPNetwork('0.0.0.1')]},
# repeat
{'rules': [IPRange('2.0.0.0', '2.0.0.20')]},
{'rules': [IPNetwork('0.0.0.1')]},
]
mock = FirewallRulesFilterMock({'include': []}, Mock())
mock.validate()
actual = mock.process(satisfying_resources)
self.assertEqual(satisfying_resources, actual)
def test_iprange():
range1 = IPRange('192.0.2.1', '192.0.2.15')
assert range1 == IPRange('192.0.2.1', '192.0.2.15')
assert range1.cidrs() == [
IPNetwork('192.0.2.1/32'),
IPNetwork('192.0.2.2/31'),
IPNetwork('192.0.2.4/30'),
IPNetwork('192.0.2.8/29'),
]
assert IPRange('192.0.2.0', '192.0.2.255') == IPNetwork('192.0.2.0/24')
range2 = IPRange('192.0.2.1', '192.0.2.15')
addrs = list(range2)
assert addrs == [
IPAddress('192.0.2.1'),
IPAddress('192.0.2.2'),
IPAddress('192.0.2.3'),
IPAddress('192.0.2.4'),
IPAddress('192.0.2.5'),
IPAddress('192.0.2.6'),
IPAddress('192.0.2.7'),
IPAddress('192.0.2.8'),
IPAddress('192.0.2.9'),
IPAddress('192.0.2.10'),
IPAddress('192.0.2.11'),
IPAddress('192.0.2.12'),
IPAddress('192.0.2.13'),
IPAddress('192.0.2.14'),
IPAddress('192.0.2.15'),
]
assert range2 != addrs
assert list(range2) == addrs
subnets = range2.cidrs()
assert subnets == [
IPNetwork('192.0.2.1/32'),
IPNetwork('192.0.2.2/31'),
IPNetwork('192.0.2.4/30'),
IPNetwork('192.0.2.8/29')
]
assert range2 != subnets
assert range2.cidrs() == subnets
def assignIPs(_upper_ref,
_from_key,
lower_refs,
to_key,
ip_start='192.168.0.1',
ip_end='192.168.0.254',
**_kwargs):
'''assign ips to hosts.'''
if not ip_start or not ip_end:
return {}
host_ips = {}
unassigned_hosts = []
ips = IPSet(IPRange(ip_start, ip_end))
for lower_key, lower_ref in lower_refs.items():
ip_addr = lower_ref.get(to_key, '')
if ip_addr:
host_ips[lower_key] = ip_addr
ips.remove(ip_addr)
else:
unassigned_hosts.append(lower_key)
for ip_addr in ips:
if not unassigned_hosts:
break
host = unassigned_hosts.pop(0)
host_ips[host] = str(ip_addr)
logging.debug('assign %s: %s', to_key, host_ips)
return host_ips
def check_param(getopt_obj):
"""
@type getopt_obj:Getopt_scanner
"""
try:
int(getopt_obj.thread_number)
except:
raise InputError("并发参数错误")
if getopt_obj.scan_mode != "ping" and getopt_obj.scan_mode != "tcp":
raise InputError("检测参数错误")
ip_list = []
ip_str = getopt_obj.ipaddr_str
if ip_str.find("-") != -1:
startip = ip_str.split("-")[0]
endip = ip_str.split("-")[1]
if not (check_ip(startip) and check_ip(endip)):
raise InputError("ip地址参数错误1")
iprange_cidrs = IPRange(startip, endip)
for net_cidr in iprange_cidrs.cidrs():
for ip in net_cidr.iter_hosts():
ip_list.append(str(ip))
elif ip_str.find("/") != -1:
try:
for ip in IPNetwork(ip_str):
ip_list.append(str(ip))
except:
raise InputError("ip地址参数错误2")
else:
if not check_ip(ip_str):
raise InputError("ip地址参数错误3")
ip_list.append(ip_str)
getopt_obj.ipaddr_list = ip_list
def ip_range_within_network(ip_range, network):
"""Check that the whole of a given IP range is within a given network."""
# Make sure that ip_range is an IPRange and not an IPNetwork,
# otherwise this won't work.
if isinstance(ip_range, IPNetwork):
ip_range = IPRange(IPAddress(network.first), IPAddress(network.last))
return all([intersect_iprange(cidr, network) for cidr in ip_range.cidrs()])
