def test_netixlan_diff(self):
netix1 = NetworkIXLan.objects.create(network=self.net,
ixlan=self.ixlan,
status="ok",
ipaddr4="195.69.146.250",
ipaddr6="2001:7f8:1::a500:2906:1",
asn=self.net.asn,
speed=1000,
is_rs_peer=True)
netix2 = NetworkIXLan(network=self.net_2,
status="ok",
ipaddr4="195.69.146.250",
ipaddr6="2001:7f8:1::a500:2906:2",
asn=self.net_2.asn,
speed=10000,
is_rs_peer=False)
result = self.ixlan.add_netixlan(netix2, save=False, save_others=False)
self.assertEqual(
sorted(result["changed"]),
['asn', 'ipaddr6', 'is_rs_peer', 'network_id', 'speed'])
netix2.ipaddr4 = "195.69.146.251"
netix2.ipaddr6 = netix1.ipaddr6
result = self.ixlan.add_netixlan(netix2, save=False, save_others=False)
self.assertEqual(
sorted(result["changed"]),
['asn', 'ipaddr4', 'is_rs_peer', 'network_id', 'speed'])
def parse_vlans(self, vlan_list, network, member, connection, speed):
"""
Parse the 'vlan_list' section of the ixf_schema
Arguments:
- vlan_list <list>
- network <Network>: pdb network instance
- member <dict>: row from ixf member_list
- connection <dict>: row from ixf connection_list
- speed <int>: interface speed
"""
asn = member["asnum"]
for lan in vlan_list:
ipv4_valid = False
ipv6_valid = False
ipv4 = lan.get("ipv4", {})
ipv6 = lan.get("ipv6", {})
# vlan entry has no ipaddresses set, log and ignore
if not ipv4 and not ipv6:
self.log_error(_("Could not find ipv4 or 6 address in " \
"vlan_list entry for vlan_id {} (AS{})").format(
lan.get("vlan_id"), asn))
continue
ipv4_addr = ipv4.get("address")
ipv6_addr = ipv6.get("address")
# parse and validate the ipaddresses attached to the vlan
# append the ipaddresses to self.ipaddresses so we can
# later check them to see which netixlans need to be
# dropped during `process_deletions`
try:
if ipv4_addr:
self.ipaddresses.append("{}-{}".format(
asn, ipaddress.ip_address(unicode(ipv4_addr))))
if ipv6_addr:
self.ipaddresses.append("{}-{}".format(
asn, ipaddress.ip_address(unicode(ipv6_addr))))
except (ipaddress.AddressValueError, ValueError) as exc:
self.log_error(
_("Ip address error '{}' in vlan_list entry for vlan_id {}"
).format(exc, lan.get("vlan_id")))
continue
netixlan_info = NetworkIXLan(
ixlan=self.ixlan,
network=network,
ipaddr4=ipv4_addr,
ipaddr6=ipv6_addr,
speed=speed,
asn=asn,
is_rs_peer=(ipv4.get("routeserver", False) or \
ipv6.get("routeserver", False))
)
if not self.save and (not self.ixlan.test_ipv4_address(ipv4_addr) or not \
self.ixlan.test_ipv6_address(ipv6_addr)):
#for the preview we don't care at all about new ip addresses
#not at the ixlan if they dont match the prefix
continue
# if connection state is inactive we won't create or update
if connection.get("state", "active") == "inactive":
self.log_peer(asn, "noop",
_("Connection is currently marked as inactive"),
netixlan_info)
continue
# after this point we either add or modify the netixlan, so
# now is a good time to check if the related network allows
# such updates, bail if not
if not network.allow_ixp_update:
self.log_peer(asn, "noop",
_("Network has disabled ixp updates"),
netixlan_info)
continue
# add / modify the netixlan
result = self.ixlan.add_netixlan(netixlan_info,
save=self.save,
save_others=self.save)
if result["netixlan"] and result["changed"]:
self.netixlans.append(result["netixlan"])
if result["created"]:
action = "add"
reason = _("New ip-address")
else:
action = "modify"
reason = _("Fields changed: {}").format(", ".join(
result.get("changed")))
self.log_peer(asn, action, reason, result["netixlan"])
elif result["netixlan"]:
self.log_peer(asn, "noop", _("No changes"), result["netixlan"])
elif result["log"]:
self.log_peer(asn, "ignore", "\n".join(result["log"]),
netixlan_info)
def test_bypass_validation():
User = get_user_model()
superuser = User.objects.create_user(
username="******",
password="******",
email="su@localhost",
is_superuser=True,
)
user = User.objects.create_user(username="******",
password="******",
email="user@localhost")
factory = RequestFactory()
org = Organization.objects.create(name="Test org", status="ok")
ix = InternetExchange.objects.create(
name="Text exchange",
status="ok",
org=org,
country="US",
city="Some city",
region_continent="North America",
media="Ethernet",
)
net = Network.objects.create(name="Text network",
asn=12345,
status="ok",
org=org)
# super user should bypass validation
request = factory.get("/")
request.user = superuser
with current_request(request):
validate_address_space("37.77.32.0/20")
validate_address_space("131.72.77.240/28")
validate_address_space("2403:c240::/32")
validate_address_space("2001:504:0:2::/64")
validate_info_prefixes4(500001)
validate_info_prefixes6(500001)
NetworkIXLan(speed=1, network=net, ixlan=ix.ixlan).clean()
NetworkIXLan(speed=1000, network=net, ixlan=ix.ixlan).clean()
validate_irr_as_set("ripe::as-foo:as123:as345:as678")
# user should NOT bypass validation
request = factory.get("/")
request.user = user
with current_request(request):
with pytest.raises(ValidationError):
validate_address_space("37.77.32.0/20")
with pytest.raises(ValidationError):
validate_address_space("131.72.77.240/28")
with pytest.raises(ValidationError):
validate_address_space("2403:c240::/32")
with pytest.raises(ValidationError):
validate_address_space("2001:504:0:2::/64")
with pytest.raises(ValidationError):
validate_info_prefixes4(500001)
with pytest.raises(ValidationError):
validate_info_prefixes6(500001)
with pytest.raises(ValidationError):
NetworkIXLan(speed=1, network=net, ixlan=ix.ixlan).clean()
with pytest.raises(ValidationError):
NetworkIXLan(speed=1000, network=net, ixlan=ix.ixlan).clean()
with pytest.raises(ValidationError):
validate_irr_as_set("ripe::as-foo:as123:as345:as678")