def test_masquerade(): """ Masquerade differs from normal rules, check that separately """ properties = { "type": "masquerade", "protocol": "all", "outbound-interface": "eth0" } rule = NATRule(1000, ".", **properties) assert rule.validate(), "Masquerade rule valid"
def test_validate(monkeypatch): """ . """ # pylint: disable=unused-argument @counter_wrapper def fake_validate_false(self) -> bool: """ . """ return False @counter_wrapper def fake_validate_true(self) -> bool: """ . """ return True monkeypatch.setattr( secondary_configs, "get_port_groups", lambda config_path: [PortGroup("group1"), PortGroup("group2")], ) monkeypatch.setattr(Validatable, "validate", fake_validate_false) rule = NATRule(10, ".") assert not rule.validate(), "Validation fails if parent fails" assert fake_validate_false.counter == 1, "Parent validation called" monkeypatch.setattr(Validatable, "validate", fake_validate_true) rule = NATRule(10, ".") assert not rule.validate(), "Validation fails without inside address" assert fake_validate_true.counter == 1, "Parent validation called" assert rule.validation_errors() == ["NAT rule 10 does not have type" ], "Validation errors set" properties = { "source": { "port": "group1" }, "destination": { "port": "group2" }, } rule = NATRule(10, ".", **properties) assert not rule.validate(), "Missing type invalid" assert rule.validation_errors() == ["NAT rule 10 does not have type" ], "Errors set" properties["type"] = "source" rule = NATRule(10, ".", **properties) assert not rule.validate(), "Missing type invalid" assert rule.validation_errors() == [ "NAT rule 10 does not have inside address" ], "Errors set" properties["inside-address"] = ({"address": "192.168.0.2"}, ) rule = NATRule(10, ".", **properties) assert rule.validate(), "Rule is valid if groups are valid" rule = NATRule(10, ".", **properties) properties["source"]["port"] = "group3" properties["destination"]["port"] = "group4" assert not rule.validate(), "Rule is invalid with nonexistent groups" assert rule.validation_errors() == [ "NAT rule 10 has nonexistent source port group group3", "NAT rule 10 has nonexistent destination port group group4", ], "Errors added"