def _validate_ip_whitelist_config(conf):
if not isinstance(conf, config_pb2.IPWhitelistConfig):
raise ValueError('Wrong message type: %s' % conf.__class__.__name__)
whitelists = set()
for ip_whitelist in conf.ip_whitelists:
if not model.IP_WHITELIST_NAME_RE.match(ip_whitelist.name):
raise ValueError('Invalid IP whitelist name: %s' %
ip_whitelist.name)
if ip_whitelist.name in whitelists:
raise ValueError('IP whitelist %s is defined twice' %
ip_whitelist.name)
whitelists.add(ip_whitelist.name)
for net in ip_whitelist.subnets:
# Raises ValueError if subnet is not valid.
ipaddr.subnet_from_string(net)
idents = []
for assignment in conf.assignments:
# Raises ValueError if identity is not valid.
ident = model.Identity.from_bytes(assignment.identity)
if assignment.ip_whitelist_name not in whitelists:
raise ValueError('Unknown IP whitelist: %s' %
assignment.ip_whitelist_name)
if ident in idents:
raise ValueError('Identity %s is specified twice' %
assignment.identity)
idents.append(ident)
def test_subnet_from_string_v4(self):
self.assertEqual(ipaddr.Subnet(32, 0x7f000001, 0xffffffff),
ipaddr.subnet_from_string('127.0.0.1'))
self.assertEqual(ipaddr.Subnet(32, 0xfffefdfc, 0xffffffff),
ipaddr.subnet_from_string('255.254.253.252/32'))
self.assertEqual(ipaddr.Subnet(32, 0xfffefd00, 0xffffff00),
ipaddr.subnet_from_string('255.254.253.252/24'))
def test_subnet_from_string_v4(self):
self.assertEqual(
ipaddr.Subnet(32, 0x7f000001, 0xffffffff),
ipaddr.subnet_from_string('127.0.0.1'))
self.assertEqual(
ipaddr.Subnet(32, 0xfffefdfc, 0xffffffff),
ipaddr.subnet_from_string('255.254.253.252/32'))
self.assertEqual(
ipaddr.Subnet(32, 0xfffefd00, 0xffffff00),
ipaddr.subnet_from_string('255.254.253.252/24'))
def test_subnet_from_string_v6(self):
self.assertEqual(
ipaddr.Subnet(128, 1, 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFL), ipaddr.subnet_from_string("0:0:0:0:0:0:0:1")
)
self.assertEqual(
ipaddr.Subnet(128, 0xFFFFFFFEFFFDFFFCFFFBFFFAFFF0FFF9L, 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFL),
ipaddr.subnet_from_string("ffff:fffe:fffd:fffc:fffb:fffa:fff0:fff9/128"),
)
self.assertEqual(
ipaddr.Subnet(128, 0xFFFFFFFEFFFDFFFCFFFBFFFA00000000L, 0xFFFFFFFFFFFFFFFFFFFFFFFF00000000L),
ipaddr.subnet_from_string("ffff:fffe:fffd:fffc:fffb:fffa:fff0:fff9/96"),
)
def test_subnet_from_string_v6(self):
self.assertEqual(
ipaddr.Subnet(128, 1, 0xffffffffffffffffffffffffffffffffL),
ipaddr.subnet_from_string('0:0:0:0:0:0:0:1'))
self.assertEqual(
ipaddr.Subnet(128, 0xfffffffefffdfffcfffbfffafff0fff9L,
0xffffffffffffffffffffffffffffffffL),
ipaddr.subnet_from_string(
'ffff:fffe:fffd:fffc:fffb:fffa:fff0:fff9/128'))
self.assertEqual(
ipaddr.Subnet(128, 0xfffffffefffdfffcfffbfffa00000000L,
0xffffffffffffffffffffffff00000000L),
ipaddr.subnet_from_string(
'ffff:fffe:fffd:fffc:fffb:fffa:fff0:fff9/96'))
def test_subnet_from_string_bad(self):
with self.assertRaises(ValueError):
ipaddr.subnet_from_string('256.0.0.1')
with self.assertRaises(ValueError):
ipaddr.subnet_from_string('127.0.0.1/abc')
with self.assertRaises(ValueError):
ipaddr.subnet_from_string('256.0.0.1/32')
with self.assertRaises(ValueError):
ipaddr.subnet_from_string('127.0.0.1/33')
def test_subnet_from_string_bad(self):
with self.assertRaises(ValueError):
ipaddr.subnet_from_string("256.0.0.1")
with self.assertRaises(ValueError):
ipaddr.subnet_from_string("127.0.0.1/abc")
with self.assertRaises(ValueError):
ipaddr.subnet_from_string("256.0.0.1/32")
with self.assertRaises(ValueError):
ipaddr.subnet_from_string("127.0.0.1/33")
def test_subnet_from_string_bad(self):
with self.assertRaises(ValueError):
ipaddr.subnet_from_string('256.0.0.1')
with self.assertRaises(ValueError):
ipaddr.subnet_from_string('127.0.0.1/abc')
with self.assertRaises(ValueError):
ipaddr.subnet_from_string('256.0.0.1/32')
with self.assertRaises(ValueError):
ipaddr.subnet_from_string('127.0.0.1/33')
def test_subnet_from_string_v6(self):
self.assertEqual(
ipaddr.Subnet(128, 1, 0xffffffffffffffffffffffffffffffffL),
ipaddr.subnet_from_string('0:0:0:0:0:0:0:1'))
self.assertEqual(
ipaddr.Subnet(
128,
0xfffffffefffdfffcfffbfffafff0fff9L,
0xffffffffffffffffffffffffffffffffL),
ipaddr.subnet_from_string(
'ffff:fffe:fffd:fffc:fffb:fffa:fff0:fff9/128'))
self.assertEqual(
ipaddr.Subnet(
128,
0xfffffffefffdfffcfffbfffa00000000L,
0xffffffffffffffffffffffff00000000L),
ipaddr.subnet_from_string('ffff:fffe:fffd:fffc:fffb:fffa:fff0:fff9/96'))
def _validate_ip_whitelist_config(conf):
if not isinstance(conf, config_pb2.IPWhitelistConfig):
raise ValueError('Wrong message type: %s' % conf.__class__.__name__)
whitelists = set()
for ip_whitelist in conf.ip_whitelists:
if not model.IP_WHITELIST_NAME_RE.match(ip_whitelist.name):
raise ValueError('Invalid IP whitelist name: %s' % ip_whitelist.name)
if ip_whitelist.name in whitelists:
raise ValueError('IP whitelist %s is defined twice' % ip_whitelist.name)
whitelists.add(ip_whitelist.name)
for net in ip_whitelist.subnets:
# Raises ValueError if subnet is not valid.
ipaddr.subnet_from_string(net)
idents = []
for assignment in conf.assignments:
# Raises ValueError if identity is not valid.
ident = model.Identity.from_bytes(assignment.identity)
if assignment.ip_whitelist_name not in whitelists:
raise ValueError(
'Unknown IP whitelist: %s' % assignment.ip_whitelist_name)
if ident in idents:
raise ValueError('Identity %s is specified twice' % assignment.identity)
idents.append(ident)
def test_is_in_subnet(self):
call = lambda ip, subnet: (ipaddr.is_in_subnet(ipaddr.ip_from_string(ip), ipaddr.subnet_from_string(subnet)))
self.assertTrue(call("127.0.0.1", "127.0.0.1/32"))
self.assertTrue(call("192.168.0.25", "192.168.0.0/24"))
self.assertFalse(call("192.168.0.25", "192.168.1.0/24"))
self.assertFalse(call("192.168.0.25", "192.168.0.0/31"))
self.assertTrue(call("255.255.255.255", "0.0.0.0/0"))
self.assertTrue(call("0:0:0:0:0:0:0:1", "0:0:0:0:0:0:0:1/128"))
self.assertTrue(call("ffff:fffe:fffd:fffc:fffb:fffa:fff0:1234", "ffff:fffe:fffd:fffc:fffb:fffa:fff0:0/112"))
self.assertFalse(call("ffff:fffe:fffd:fffc:fffb:fffa:fff1:1234", "ffff:fffe:fffd:fffc:fffb:fffa:fff0:0/112"))
self.assertFalse(call("ffff:fffe:fffd:fffc:fffb:fffa:fff0:2", "ffff:fffe:fffd:fffc:fffb:fffa:fff0:0/127"))
self.assertFalse(call("0:0:0:0:0:0:0:0", "0.0.0.0/32"))
def test_is_in_subnet(self):
call = lambda ip, subnet: (ipaddr.is_in_subnet(
ipaddr.ip_from_string(ip), ipaddr.subnet_from_string(subnet)))
self.assertTrue(call('127.0.0.1', '127.0.0.1/32'))
self.assertTrue(call('192.168.0.25', '192.168.0.0/24'))
self.assertFalse(call('192.168.0.25', '192.168.1.0/24'))
self.assertFalse(call('192.168.0.25', '192.168.0.0/31'))
self.assertTrue(call('255.255.255.255', '0.0.0.0/0'))
self.assertTrue(call('0:0:0:0:0:0:0:1', '0:0:0:0:0:0:0:1/128'))
self.assertTrue(
call('ffff:fffe:fffd:fffc:fffb:fffa:fff0:1234',
'ffff:fffe:fffd:fffc:fffb:fffa:fff0:0/112'))
self.assertFalse(
call('ffff:fffe:fffd:fffc:fffb:fffa:fff1:1234',
'ffff:fffe:fffd:fffc:fffb:fffa:fff0:0/112'))
self.assertFalse(
call('ffff:fffe:fffd:fffc:fffb:fffa:fff0:2',
'ffff:fffe:fffd:fffc:fffb:fffa:fff0:0/127'))
self.assertFalse(call('0:0:0:0:0:0:0:0', '0.0.0.0/32'))
def test_is_in_subnet(self):
call = lambda ip, subnet: (
ipaddr.is_in_subnet(
ipaddr.ip_from_string(ip),
ipaddr.subnet_from_string(subnet)))
self.assertTrue(call('127.0.0.1', '127.0.0.1/32'))
self.assertTrue(call('192.168.0.25', '192.168.0.0/24'))
self.assertFalse(call('192.168.0.25', '192.168.1.0/24'))
self.assertFalse(call('192.168.0.25', '192.168.0.0/31'))
self.assertTrue(call('255.255.255.255', '0.0.0.0/0'))
self.assertTrue(call('0:0:0:0:0:0:0:1', '0:0:0:0:0:0:0:1/128'))
self.assertTrue(call(
'ffff:fffe:fffd:fffc:fffb:fffa:fff0:1234',
'ffff:fffe:fffd:fffc:fffb:fffa:fff0:0/112'))
self.assertFalse(call(
'ffff:fffe:fffd:fffc:fffb:fffa:fff1:1234',
'ffff:fffe:fffd:fffc:fffb:fffa:fff0:0/112'))
self.assertFalse(call(
'ffff:fffe:fffd:fffc:fffb:fffa:fff0:2',
'ffff:fffe:fffd:fffc:fffb:fffa:fff0:0/127'))
self.assertFalse(call('0:0:0:0:0:0:0:0', '0.0.0.0/32'))
def test_subnet_from_string_v4(self):
self.assertEqual(ipaddr.Subnet(32, 0x7F000001, 0xFFFFFFFF), ipaddr.subnet_from_string("127.0.0.1"))
self.assertEqual(ipaddr.Subnet(32, 0xFFFEFDFC, 0xFFFFFFFF), ipaddr.subnet_from_string("255.254.253.252/32"))
self.assertEqual(ipaddr.Subnet(32, 0xFFFEFD00, 0xFFFFFF00), ipaddr.subnet_from_string("255.254.253.252/24"))