Example #1
0
 def testVerbatimContains(self):
     term_one = policy.Term(policy.VarType(23, ('iptables', 'foo')))
     term_two = policy.Term(policy.VarType(23, ('iptables', 'bar')))
     term_three = policy.Term(policy.VarType(23, ('juniper', 'foo')))
     self.assertIn(term_one, term_one)
     self.assertNotIn(term_two, term_one)
     self.assertNotIn(term_three, term_one)
Example #2
0
 def testDestAddrNotInDestAddr(self, mock_naming):
   mock_naming.GetNetAddr.side_effect = [
       [nacaddr.IPv4('192.168.1.1/32')],
       [nacaddr.IPv4('10.1.1.0/24')]]
   term_one = policy.Term([policy.VarType(4, 'FOO')])
   term_two = policy.Term([policy.VarType(4, 'FOO')])
   self.assertNotIn(term_one, term_two)
Example #3
0
 def testPrecedenceContains(self):
     # Tests "contains" testing of the precedence field. A term without set
     # precedence contains one which has them set.
     p_term = policy.Term([policy.VarType(26, 1)])
     no_p_term = policy.Term([])
     self.assertIn(p_term, p_term)
     self.assertIn(no_p_term, no_p_term)
     self.assertNotIn(no_p_term, p_term)
     self.assertNotIn(p_term, no_p_term)
Example #4
0
 def testProtocolExceptContains(self):
     # Test the protocol-except keyword.
     pexcept_term = policy.Term([policy.VarType(8, 'tcp')])
     pexpect_term_udp = policy.Term([policy.VarType(8, 'udp')])
     p_term = policy.Term([policy.VarType(10, 'icmp')])
     p_term_tcp = policy.Term([policy.VarType(10, 'tcp')])
     self.assertIn(p_term, pexcept_term)
     self.assertIn(pexcept_term, pexcept_term)
     self.assertNotIn(p_term_tcp, pexcept_term)
     self.assertNotIn(pexpect_term_udp, pexcept_term)
Example #5
0
 def testOptionsContains(self):
   # Tests "contains" testing of the options field. A term without set options
   # contains one which has them set.
   tcp_est_term = policy.Term([policy.VarType(9, 'tcp-established')])
   term = policy.Term([])
   tcp_udp_est_term = policy.Term([policy.VarType(9, 'tcp-established'),
                                   policy.VarType(9, 'established')])
   self.assertNotIn(term, tcp_est_term)
   self.assertNotIn(tcp_est_term, term)
   self.assertIn(tcp_est_term, tcp_udp_est_term)
   self.assertNotIn(tcp_udp_est_term, tcp_est_term)
Example #6
0
 def testIpExcludeContains(self, mock_naming):
     # This "contains" test kicks the tires on source-address and
     # source-address-exclude.
     mock_naming.GetNetAddr.side_effect = [[nacaddr.IPv4('10.0.0.0/8')],
                                           [nacaddr.IPv4('10.0.0.0/8')],
                                           [nacaddr.IPv4('10.62.0.0/15')]]
     term_one = policy.Term([policy.VarType(3, 'FOO')])
     term_two = policy.Term(
         [policy.VarType(3, 'FOO'),
          policy.VarType(11, 'BAR')])
     self.assertIn(term_two, term_one)
     self.assertNotIn(term_one, term_two)
Example #7
0
 def testAddrNotInAddr(self, mock_naming):
     mock_naming.GetNetAddr.side_effect = [[nacaddr.IPv4('192.168.1.1/32')],
                                           [nacaddr.IPv4('10.1.1.0/24')],
                                           [nacaddr.IPv4('10.1.1.0/24')],
                                           [nacaddr.IPv4('10.1.1.0/24')]]
     term = policy.Term([policy.VarType(5, 'FOO')])
     addr_term = policy.Term([policy.VarType(5, 'FOO')])
     saddr_term = policy.Term([policy.VarType(3, 'FOO')])
     daddr_term = policy.Term([policy.VarType(4, 'FOO')])
     self.assertNotIn(addr_term, term)
     self.assertNotIn(saddr_term, term)
     self.assertNotIn(daddr_term, term)
Example #8
0
 def testIpDualExcludeContains(self, mock_naming):
   # One term has (10.0.0.0/8, except 10.10.0.0/24), it should contain a term
   # that has (10.0.0.0/8 except 10.0.0.0/9.
   mock_naming.GetNetAddr.side_effect = [
       [nacaddr.IPv4('10.0.0.0/8')],
       [nacaddr.IPv4('10.10.0.0/24')],
       [nacaddr.IPv4('10.0.0.0/8')],
       [nacaddr.IPv4('10.0.0.0/9')]]
   term_one = policy.Term([policy.VarType(3, 'FOO'),
                           policy.VarType(11, 'BAR')])
   term_two = policy.Term([policy.VarType(3, 'FOO'),
                           policy.VarType(11, 'BAR')])
   self.assertIn(term_two, term_one)
   self.assertNotIn(term_one, term_two)
Example #9
0
 def testEmptyIpContains(self, mock_naming):
     # testTermContains2 differs from testTermContains in that TERM_SUPER_2
     # only defines a source addres. it's meant to catch the case where
     # the containing term has less detail (and is hence, less restrictive)
     # than the contained term
     mock_naming.GetNetAddr.side_effect = [[nacaddr.IPv4('10.0.0.0/8')],
                                           [nacaddr.IPv4('10.1.1.1/32')]]
     term_one = policy.Term([policy.VarType(5, 'PROD')])
     term_one.AddObject(policy.VarType(2, 'accept'))
     term_two = policy.Term(
         [policy.VarType(3, 'SMALLER_PROD'),
          policy.VarType(7, (22, 22))])
     term_two.AddObject(policy.VarType(2, 'accept'))
     self.assertIn(term_two, term_one)
     self.assertNotIn(term_one, term_two)
Example #10
0
 def testIpAndPortContains(self, mock_naming):
   mock_naming.GetNetAddr.side_effect = [
       [nacaddr.IPv4('10.0.0.0/8')],
       [nacaddr.IPv4('10.1.1.1/32')]]
   term_one = policy.Term([policy.VarType(3, 'PROD'),
                           policy.VarType(7, (22, 22)),
                           policy.VarType(7, (80, 80)),
                           policy.VarType(10, 'tcp')])
   term_one.AddObject(policy.VarType(2, 'accept'))
   term_two = policy.Term([policy.VarType(3, 'SMALLER_PROD'),
                           policy.VarType(7, (22, 22)),
                           policy.VarType(10, 'tcp')])
   term_two.AddObject(policy.VarType(2, 'accept'))
   self.assertIn(term_two, term_one)
   self.assertNotIn(term_one, term_two)
Example #11
0
  def testFragmentOffset(self):
    fo_term = policy.Term([])
    fo_term.AddObject(policy.VarType(17, "80"))
    fo_range_term = policy.Term([])
    fo_range_term.AddObject(policy.VarType(17, "60-90"))
    fo_smaller_range_term = policy.Term([])
    fo_smaller_range_term.AddObject(policy.VarType(17, "65-82"))
    term = policy.Term([])


    self.assertIn(fo_term, fo_term)
    self.assertIn(fo_term, fo_range_term)
    self.assertNotIn(fo_range_term, fo_term)
    self.assertIn(fo_smaller_range_term, fo_range_term)
    self.assertNotIn(fo_range_term, fo_smaller_range_term)
    self.assertNotIn(term, fo_term)
Example #12
0
  def testGetCost(self, ips, protocols, ports, expected, mock_naming):
    mock_naming.GetNetAddr.side_effect = ips
    t = []
    for i in ips:
      t.append(policy.VarType(3, i))
    for p in protocols:
      t.append(policy.VarType(10, p))
    for p in ports:
      t.append(policy.VarType(7, p))
    term = policy.Term(t)

    self.assertEqual(gcp_hf.GetCost(term), expected)
Example #13
0
 def testPortContains(self):
     # Test "contains" against port field and that it matches
     # source/destination/port fields.
     port_term = policy.Term([policy.VarType(32, (25, 25))])
     sport_term = policy.Term([policy.VarType(6, (25, 25))])
     dport_term = policy.Term([policy.VarType(7, (25, 25))])
     self.assertIn(sport_term, port_term)
     self.assertIn(dport_term, port_term)
     self.assertIn(port_term, port_term)
     alt_port_term = policy.Term([policy.VarType(32, (25, 30))])
     sport_term = policy.Term([policy.VarType(6, (25, 30))])
     dport_term = policy.Term([policy.VarType(7, (25, 30))])
     self.assertNotIn(alt_port_term, port_term)
     self.assertNotIn(sport_term, port_term)
     self.assertNotIn(dport_term, port_term)
Example #14
0
 def testDestinationPortNotInDestinationPort(self):
     term_one = policy.Term([policy.VarType(7, (22, 22))])
     term_two = policy.Term([policy.VarType(7, (23, 23))])
     self.assertNotIn(term_one, term_two)
Example #15
0
 def testSourcePortNotInSourcePort(self):
     term_one = policy.Term([policy.VarType(6, (22, 22))])
     term_two = policy.Term([policy.VarType(6, (23, 23))])
     self.assertNotIn(term_one, term_two)
Example #16
0
 def testDestinationPrefixContains(self):
   term_one = policy.Term([policy.VarType(20, "foo")])
   term_two = policy.Term([policy.VarType(20, "bar")])
   self.assertIn(term_one, term_one)
Example #17
0
 def testProtocolNotInEmptyTerm(self):
     term_one = policy.Term([policy.VarType(10, 'tcp')])
     term_two = policy.Term([])
     self.assertNotIn(term_two, term_one)
Example #18
0
 def testProtocolNotInProtoExcept(self):
     term_one = policy.Term([policy.VarType(8, 'tcp')])
     term_two = policy.Term([policy.VarType(10, 'udp')])
     self.assertNotIn(term_one, term_two)
Example #19
0
 def testProtocolTermNotInAnotherTermContains(self):
     term_one = policy.Term([policy.VarType(10, 'tcp')])
     term_two = policy.Term([policy.VarType(10, 'udp')])
     self.assertNotIn(term_one, term_two)
Example #20
0
 def testForwardingClassExceptNotIn(self):
   term_one = policy.Term([policy.VarType(52, "foo")])
   term_two = policy.Term([policy.VarType(52, "bar")])
   term_three = policy.Term([])
   self.assertNotIn(term_one, term_two)
   self.assertNotIn(term_three, term_one)
Example #21
0
 def testSourcePrefixExceptNotInSourcePrefixExcept(self):
   term_one = policy.Term([policy.VarType(50, "foo")])
   term_two = policy.Term([policy.VarType(50, "bar")])
   self.assertNotIn(term_one, term_two)
Example #22
0
 def testDestinationPrefixExceptNotInDestinationPrefixExcept(self):
   term_one = policy.Term([policy.VarType(51, "foo")])
   term_two = policy.Term([policy.VarType(51, "bar")])
   self.assertNotIn(term_one, term_two)
Example #23
0
 def testSourceTagContains(self):
   term_one = policy.Term([policy.VarType(44, "foo")])
   self.assertIn(term_one, term_one)
Example #24
0
 def testSourceTagNotInSourceTag(self):
   term_one = policy.Term([policy.VarType(44, "foo")])
   term_two = policy.Term([policy.VarType(44, "bar")])
   self.assertNotIn(term_one, term_two)
Example #25
0
 def testForwardingClassContains(self):
   term_one = policy.Term([policy.VarType(43, "foo")])
   term_two = policy.Term([policy.VarType(43, "bar"), policy.VarType(43, "foo")])
   self.assertIn(term_one, term_one)
   self.assertIn(term_one, term_two)
Example #26
0
 def testNextIPNotIn(self, mock_naming):
   mock_naming.GetNetAddr.side_effect = [
       [nacaddr.IPv4('192.168.1.1/32')]]
   term_one = policy.Term([policy.VarType(46, "FOO")])
   term_two = policy.Term([])
   self.assertNotIn(term_two, term_one)
Example #27
0
 def testSourcePrefixExceptContains(self):
   term_one = policy.Term([policy.VarType(50, "foo")])
   self.assertIn(term_one, term_one)
Example #28
0
 def testForwardingClassExceptContains(self):
   term_one = policy.Term([policy.VarType(52, "foo")])
   self.assertIn(term_one, term_one)