def testTranslatePolicyWithEstablished(self):
"""Test for Nsxv.test_TranslatePolicy."""
self.naming.GetNetAddr.side_effect = [[
nacaddr.IP('10.0.0.1'),
nacaddr.IP('10.0.0.2')
],
[
nacaddr.IP('10.0.0.0/8'),
nacaddr.IP('172.16.0.0/12'),
nacaddr.IP('192.168.0.0/16')
]]
self.naming.GetServiceByProto.return_value = ['123']
pol = policy.ParsePolicy(INET_FILTER_WITH_ESTABLISHED, self.naming,
False)
translate_pol = nsxv.Nsxv(pol, EXP_INFO)
nsxv_policies = translate_pol.nsxv_policies
for (_, filter_name, filter_list, terms) in nsxv_policies:
self.assertEqual(filter_name, 'inet')
self.assertEqual(filter_list, ['inet'])
self.assertEqual(len(terms), 1)
self.assertNotIn(
'<sourcePort>123</sourcePort><destinationPort>123',
str(terms[0]))
self.naming.GetNetAddr.assert_has_calls(
[mock.call('NTP_SERVERS'),
mock.call('INTERNAL')])
self.naming.GetServiceByProto.assert_has_calls(
[mock.call('NTP', 'udp')] * 2)
def test_nsxv_policy(self):
pol = policy.ParsePolicy(nsxv_mocktest.POLICY, self.defs)
exp_info = 2
nsx = copy.deepcopy(pol)
fw = nsxv.Nsxv(nsx, exp_info)
output = str(fw)
# parse the xml
root = ET.fromstring(output)
# check section name
section_name = {'id': '1007', 'name': 'Sample NSXV filter'}
self.assertEqual(root.attrib, section_name)
# check name and action
self.assertEqual(root.find('./rule/name').text, 'reject-imap-requests')
self.assertEqual(root.find('./rule/action').text, 'reject')
#check IPV4 destination
exp_destaddr = ['200.1.1.4/31']
for destination in root.findall('./rule/destinations/destination'):
self.assertEqual((destination.find('type').text), 'Ipv4Address')
value = (destination.find('value').text)
if value not in exp_destaddr:
self.fail(
'IPv4Address destination not found in test_nsxv_str()')
#check protocol
protocol = int(root.find('./rule/services/service/protocol').text)
self.assertEqual(protocol, 6)
# check destination port
destination_port = root.find(
'./rule/services/service/destinationPort').text
self.assertEqual(destination_port, '143')
def test_optionkywd():
pol = policy.ParsePolicy(nsxv_mocktest.POLICY_OPTION_KYWD,
self.defs)
exp_info = 2
nsx = copy.deepcopy(pol)
fw = nsxv.Nsxv(nsx, exp_info)
output = str(fw)
def test_TranslatePolicy(self):
""" Test for Nsxv.test_TranslatePolicy """
# exp_info default is 2
exp_info = 2
pol = policy.ParsePolicy(nsxv_mocktest.INET_FILTER, self.defs, False)
translate_pol = nsxv.Nsxv(pol, exp_info)
nsxv_policies = translate_pol.nsxv_policies
for (header, filter_name, filter_list, terms) in nsxv_policies:
self.assertEqual(filter_name, 'inet')
self.assertEqual(filter_list, ['inet'])
self.assertEqual(len(terms), 1)
def testBuildTokens(self):
self.naming.GetNetAddr('NTP_SERVERS').AndReturn([nacaddr.IP('10.0.0.1'),
nacaddr.IP('10.0.0.2')])
self.naming.GetNetAddr('INTERNAL').AndReturn([nacaddr.IP('10.0.0.0/8'),
nacaddr.IP('172.16.0.0/12'),
nacaddr.IP('192.168.0.0/16')])
self.naming.GetServiceByProto.return_value = ['123']
pol1 = nsxv.Nsxv(policy.ParsePolicy(INET_FILTER, self.naming), 2)
st, sst = pol1._BuildTokens()
self.assertEquals(st, SUPPORTED_TOKENS)
self.assertEquals(sst, SUPPORTED_SUB_TOKENS)
def testParseFilterOptionsCase2(self):
pol = nsxv.Nsxv(
policy.ParsePolicy(HEADER_WITH_SECURITYGROUP + INET6_TERM,
self.naming, False), EXP_INFO)
for (header, _, _, _) in pol.nsxv_policies:
filter_options = header.FilterOptions(_PLATFORM)
pol._ParseFilterOptions(filter_options)
self.assertEquals(nsxv.Nsxv._FILTER_OPTIONS_DICT['filter_type'],
'inet6')
self.assertEquals(nsxv.Nsxv._FILTER_OPTIONS_DICT['section_id'], 0)
self.assertEquals(nsxv.Nsxv._FILTER_OPTIONS_DICT['applied_to'],
'securitygroup-Id1')
def testParseFilterOptionsCase1(self):
pol = nsxv.Nsxv(
policy.ParsePolicy(HEADER_WITH_SECTIONID + TERM, self.naming,
False), EXP_INFO)
for (header, _, _, _) in pol.nsxv_policies:
filter_options = header.FilterOptions(_PLATFORM)
pol._ParseFilterOptions(filter_options)
self.assertEquals(nsxv.Nsxv._FILTER_OPTIONS_DICT['filter_type'],
'inet')
self.assertEquals(nsxv.Nsxv._FILTER_OPTIONS_DICT['section_id'],
'1009')
self.assertEquals(nsxv.Nsxv._FILTER_OPTIONS_DICT['applied_to'],
None)
def getXmlRoot(self, data):
pol = policy.ParsePolicy(data, self.naming, False)
target = nsxv.Nsxv(pol, EXP_INFO)
# parse the output and seperate sections and comment
section_tokens = str(target).split('<section')
sections = []
for sec in section_tokens:
section = sec.replace('name=', '<section name=')
sections.append(section)
# parse the xml
root = ET.fromstring(sections[1])
return root
def testTranslatePolicyMixedFilterInetOnly(self):
"""Test for Nsxv.test_TranslatePolicy. Testing Mixed filter with inet."""
self.naming.GetNetAddr.return_value = [nacaddr.IP('10.0.0.0/8')]
self.naming.GetServiceByProto.return_value = ['25']
pol = policy.ParsePolicy(MIXED_FILTER_INET_ONLY, self.naming, False)
translate_pol = nsxv.Nsxv(pol, EXP_INFO)
nsxv_policies = translate_pol.nsxv_policies
for (_, filter_name, filter_list, terms) in nsxv_policies:
self.assertEqual(filter_name, 'mixed')
self.assertEqual(filter_list, ['mixed'])
self.assertEqual(len(terms), 1)
self.assertIn('10.0.0.0/8', str(terms[0]))
self.naming.GetServiceByProto.assert_has_calls(
[mock.call('MAIL_SERVICES', 'tcp')] * 1)
def test_nsxv_nosectiondid(self):
pol = policy.ParsePolicy(nsxv_mocktest.POLICY_NO_SECTION_ID, self.defs)
exp_info = 2
nsx = copy.deepcopy(pol)
fw = nsxv.Nsxv(nsx, exp_info)
output = str(fw)
# parse the xml
root = ET.fromstring(output)
# check section name
section_name = {'name': 'NSXV filter without section id'}
self.assertEqual(root.attrib, section_name)
# check name and action
self.assertEqual(root.find('./rule/name').text, 'accept-icmp')
self.assertEqual(root.find('./rule/action').text, 'allow')
#check protocol
protocol = int(root.find('./rule/services/service/protocol').text)
self.assertEqual(protocol, 1)
def testBuildWarningTokens(self):
self.naming.GetNetAddr.side_effect = [[
nacaddr.IP('10.0.0.1'),
nacaddr.IP('10.0.0.2')
],
[
nacaddr.IP('10.0.0.0/8'),
nacaddr.IP('172.16.0.0/12'),
nacaddr.IP('192.168.0.0/16')
]]
self.naming.GetServiceByProto.return_value = ['123']
pol1 = nsxv.Nsxv(policy.ParsePolicy(INET_FILTER_2, self.naming), 2)
st, sst = pol1._BuildTokens()
self.assertEquals(st, SUPPORTED_TOKENS)
self.assertEquals(sst, SUPPORTED_SUB_TOKENS)
self.naming.GetNetAddr.assert_has_calls(
[mock.call('NTP_SERVERS'),
mock.call('INTERNAL')])
def test_nsxv_str(self):
""" Test for Nsxv._str_ """
# exp_info default is 2
exp_info = 2
pol = policy.ParsePolicy(nsxv_mocktest.MIXED_FILTER, self.defs, False)
target = nsxv.Nsxv(pol, exp_info)
#parse the xml and check the values
root = ET.fromstring(str(target))
# check section name
section_name = {'id': '1009', 'name': 'Sample mixed NSXV filter'}
self.assertEqual(root.attrib, section_name)
# check name and action
self.assertEqual(root.find('./rule/name').text, 'accept-to-honestdns')
self.assertEqual(root.find('./rule/action').text, 'allow')
#check IPV4 and IPV6 destinations
exp_ipv4dest = ['8.8.4.4', '8.8.8.8']
exp_ipv6dest = ['2001:4860:4860::8844', '2001:4860:4860::8888']
for destination in root.findall('./rule/destinations/destination'):
type = destination.find('type').text
value = (destination.find('value').text)
if 'Ipv4Address' in type:
if value not in exp_ipv4dest:
self.fail('IPv4Address not found in test_nsxv_str()')
else:
if value not in exp_ipv6dest:
self.fail('IPv6Address not found in test_nsxv_str()')
#check protocol
protocol = int(root.find('./rule/services/service/protocol').text)
self.assertEqual(protocol, 17)
# check destination port
destination_port = root.find(
'./rule/services/service/destinationPort').text
self.assertEqual(destination_port, '53')
# check notes
notes = root.find('./rule/notes').text
self.assertEqual(notes, 'Allow name resolution using honestdns.')
def testNsxvStrWithSecurityGroup(self):
"""Test for Nsxv._str_."""
pol = policy.ParsePolicy(POLICY_WITH_SECURITY_GROUP, self.naming,
False)
target = nsxv.Nsxv(pol, EXP_INFO)
# parse the output and seperate sections and comment
section_tokens = str(target).split('<section')
sections = []
for sec in section_tokens:
section = sec.replace('id=', '<section id=')
sections.append(section)
# parse the xml
# Checking comment tag
comment = sections[0]
if 'Id' not in comment:
self.fail('Id missing in xml comment in test_nsxv_str()')
if 'Date' not in comment:
self.fail('Date missing in xml comment in test_nsxv_str()')
if 'Revision' not in comment:
self.fail('Revision missing in xml comment in test_nsxv_str()')
root = ET.fromstring(sections[1])
# check section name
section_name = {
'id': '1010',
'name': 'POLICY_WITH_SECURITY_GROUP_NAME'
}
self.assertEqual(root.attrib, section_name)
# check name and action
self.assertEqual(root.find('./rule/name').text, 'accept-icmp')
self.assertEqual(root.find('./rule/action').text, 'allow')
# check protocol
protocol = int(root.find('./rule/services/service/protocol').text)
self.assertEqual(protocol, 1)
# check appliedTo
applied_to = root.find('./rule/appliedToList/appliedTo/value').text
self.assertEqual(applied_to, 'securitygroup-Id')
def testTranslatePolicy(self):
"""Test for Nsxv.test_TranslatePolicy."""
# exp_info default is 2
self.naming.GetNetAddr('NTP_SERVERS').AndReturn([nacaddr.IP('10.0.0.1'),
nacaddr.IP('10.0.0.2')])
self.naming.GetNetAddr('INTERNAL').AndReturn([nacaddr.IP('10.0.0.0/8'),
nacaddr.IP('172.16.0.0/12'),
nacaddr.IP('192.168.0.0/16')])
self.naming.GetServiceByProto.return_value = ['123']
exp_info = 2
pol = policy.ParsePolicy(INET_FILTER, self.naming, False)
translate_pol = nsxv.Nsxv(pol, exp_info)
nsxv_policies = translate_pol.nsxv_policies
for (_, filter_name, filter_list, terms) in nsxv_policies:
self.assertEqual(filter_name, 'inet')
self.assertEqual(filter_list, ['inet'])
self.assertEqual(len(terms), 1)
self.naming.GetServiceByProto.assert_has_calls(
[mock.call('NTP', 'udp')] * 2)
def test_nsxv_incorrectfiltertype(self):
pol = policy.ParsePolicy(nsxv_mocktest.POLICY_INCORRECT_FILTERTYPE,
self.defs)
self.assertRaises(nsxv.UnsupportedNsxvAccessListError,
nsxv.Nsxv(pol, 2))
def testNsxvStr(self):
"""Test for Nsxv._str_."""
# exp_info default is 2
self.naming.GetNetAddr('GOOGLE_DNS').AndReturn([
nacaddr.IP('8.8.4.4'),
nacaddr.IP('8.8.8.8'),
nacaddr.IP('2001:4860:4860::8844'),
nacaddr.IP('2001:4860:4860::8888')])
self.naming.GetServiceByProto.return_value = ['53']
exp_info = 2
pol = policy.ParsePolicy(MIXED_FILTER, self.naming, False)
target = nsxv.Nsxv(pol, exp_info)
# parse the output and seperate sections and comment
section_tokens = str(target).split('<section')
sections = []
for sec in section_tokens:
section = sec.replace('name=', '<section name=')
sections.append(section)
# parse the xml
# Checking comment tag
comment = sections[0]
if 'Id' not in comment:
self.fail('Id missing in xml comment in test_nsxv_str()')
if 'Date' not in comment:
self.fail('Date missing in xml comment in test_nsxv_str()')
if 'Revision' not in comment:
self.fail('Revision missing in xml comment in test_nsxv_str()')
root = ET.fromstring(sections[1])
# check section name
section_name = {'name': 'Sample mixed NSXV filter'}
self.assertEqual(root.attrib, section_name)
# check name and action
self.assertEqual(root.find('./rule/name').text, 'accept-to-honestdns')
self.assertEqual(root.find('./rule/action').text, 'allow')
# check IPV4 and IPV6 destinations
exp_ipv4dest = ['8.8.4.4', '8.8.8.8']
exp_ipv6dest = ['2001:4860:4860::8844', '2001:4860:4860::8888']
for destination in root.findall('./rule/destinations/destination'):
addr_type = destination.find('type').text
value = (destination.find('value').text)
if 'Ipv4Address' in addr_type:
if value not in exp_ipv4dest:
self.fail('IPv4Address not found in test_nsxv_str()')
else:
if value not in exp_ipv6dest:
self.fail('IPv6Address not found in test_nsxv_str()')
# check protocol
protocol = int(root.find('./rule/services/service/protocol').text)
self.assertEqual(protocol, 17)
# check destination port
destination_port = root.find('./rule/services/service/destinationPort').text
self.assertEqual(destination_port, '53')
# check notes
notes = root.find('./rule/notes').text
self.assertEqual(notes, 'Allow name resolution using honestdns.')
self.naming.GetServiceByProto.assert_called_once_with('DNS', 'udp')
def RenderFile(input_file, output_directory, definitions, exp_info,
write_files):
"""Render a single file.
Args:
input_file: the name of the input policy file.
output_directory: the directory in which we place the rendered file.
definitions: the definitions from naming.Naming().
exp_info: print a info message when a term is set to expire
in that many weeks.
write_files: a list of file tuples, (output_file, acl_text), to write
"""
logging.debug('rendering file: %s into %s', input_file, output_directory)
pol = None
jcl = False
acl = False
asacl = False
aacl = False
bacl = False
eacl = False
gcefw = False
ips = False
ipt = False
spd = False
nsx = False
pcap_accept = False
pcap_deny = False
pf = False
srx = False
jsl = False
nft = False
win_afw = False
xacl = False
paloalto = False
try:
conf = open(input_file).read()
logging.debug('opened and read %s', input_file)
except IOError as e:
logging.warn('bad file: \n%s', e)
raise
try:
pol = policy.ParsePolicy(conf,
definitions,
optimize=FLAGS.optimize,
base_dir=FLAGS.base_directory,
shade_check=FLAGS.shade_check)
except policy.ShadingError as e:
logging.warn('shading errors for %s:\n%s', input_file, e)
return
except (policy.Error, naming.Error):
raise ACLParserError(
'Error parsing policy file %s:\n%s%s' %
(input_file, sys.exc_info()[0], sys.exc_info()[1]))
platforms = set()
for header in pol.headers:
platforms.update(header.platforms)
if 'juniper' in platforms:
jcl = copy.deepcopy(pol)
if 'cisco' in platforms:
acl = copy.deepcopy(pol)
if 'ciscoasa' in platforms:
asacl = copy.deepcopy(pol)
if 'brocade' in platforms:
bacl = copy.deepcopy(pol)
if 'arista' in platforms:
eacl = copy.deepcopy(pol)
if 'aruba' in platforms:
aacl = copy.deepcopy(pol)
if 'ipset' in platforms:
ips = copy.deepcopy(pol)
if 'iptables' in platforms:
ipt = copy.deepcopy(pol)
if 'nsxv' in platforms:
nsx = copy.deepcopy(pol)
if 'packetfilter' in platforms:
pf = copy.deepcopy(pol)
if 'pcap' in platforms:
pcap_accept = copy.deepcopy(pol)
pcap_deny = copy.deepcopy(pol)
if 'speedway' in platforms:
spd = copy.deepcopy(pol)
if 'srx' in platforms:
srx = copy.deepcopy(pol)
if 'srxlo' in platforms:
jsl = copy.deepcopy(pol)
if 'windows_advfirewall' in platforms:
win_afw = copy.deepcopy(pol)
if 'ciscoxr' in platforms:
xacl = copy.deepcopy(pol)
if 'nftables' in platforms:
nft = copy.deepcopy(pol)
if 'gce' in platforms:
gcefw = copy.deepcopy(pol)
if 'paloalto' in platforms:
paloalto = copy.deepcopy(pol)
if not output_directory.endswith('/'):
output_directory += '/'
try:
if jcl:
acl_obj = juniper.Juniper(jcl, exp_info)
RenderACL(str(acl_obj), acl_obj.SUFFIX, output_directory,
input_file, write_files)
if srx:
acl_obj = junipersrx.JuniperSRX(srx, exp_info)
RenderACL(str(acl_obj), acl_obj.SUFFIX, output_directory,
input_file, write_files)
if acl:
acl_obj = cisco.Cisco(acl, exp_info)
RenderACL(str(acl_obj), acl_obj.SUFFIX, output_directory,
input_file, write_files)
if asacl:
acl_obj = ciscoasa.CiscoASA(acl, exp_info)
RenderACL(str(acl_obj), acl_obj.SUFFIX, output_directory,
input_file, write_files)
if aacl:
acl_obj = aruba.Aruba(aacl, exp_info)
RenderACL(str(acl_obj), acl_obj.SUFFIX, output_directory,
input_file, write_files)
if bacl:
acl_obj = brocade.Brocade(bacl, exp_info)
RenderACL(str(acl_obj), acl_obj.SUFFIX, output_directory,
input_file, write_files)
if eacl:
acl_obj = arista.Arista(eacl, exp_info)
RenderACL(str(acl_obj), acl_obj.SUFFIX, output_directory,
input_file, write_files)
if ips:
acl_obj = ipset.Ipset(ips, exp_info)
RenderACL(str(acl_obj), acl_obj.SUFFIX, output_directory,
input_file, write_files)
if ipt:
acl_obj = iptables.Iptables(ipt, exp_info)
RenderACL(str(acl_obj), acl_obj.SUFFIX, output_directory,
input_file, write_files)
if nsx:
acl_obj = nsxv.Nsxv(nsx, exp_info)
RenderACL(str(acl_obj), acl_obj.SUFFIX, output_directory,
input_file, write_files)
if spd:
acl_obj = speedway.Speedway(spd, exp_info)
RenderACL(str(acl_obj), acl_obj.SUFFIX, output_directory,
input_file, write_files)
if pcap_accept:
acl_obj = pcap.PcapFilter(pcap_accept, exp_info)
RenderACL(str(acl_obj), '-accept' + acl_obj.SUFFIX,
output_directory, input_file, write_files)
if pcap_deny:
acl_obj = pcap.PcapFilter(pcap_deny, exp_info, invert=True)
RenderACL(str(acl_obj), '-deny' + acl_obj.SUFFIX, output_directory,
input_file, write_files)
if pf:
acl_obj = packetfilter.PacketFilter(pf, exp_info)
RenderACL(str(acl_obj), acl_obj.SUFFIX, output_directory,
input_file, write_files)
if win_afw:
acl_obj = windows_advfirewall.WindowsAdvFirewall(win_afw, exp_info)
RenderACL(str(acl_obj), acl_obj.SUFFIX, output_directory,
input_file, write_files)
if jsl:
acl_obj = srxlo.SRXlo(jsl, exp_info)
RenderACL(str(acl_obj), acl_obj.SUFFIX, output_directory,
input_file, write_files)
if xacl:
acl_obj = ciscoxr.CiscoXR(xacl, exp_info)
RenderACL(str(acl_obj), acl_obj.SUFFIX, output_directory,
input_file, write_files)
if nft:
acl_obj = nftables.Nftables(nft, exp_info)
RenderACL(str(acl_obj), acl_obj.SUFFIX, output_directory,
input_file, write_files)
if gcefw:
acl_obj = gce.GCE(gcefw, exp_info)
RenderACL(str(acl_obj), acl_obj.SUFFIX, output_directory,
input_file, write_files)
if paloalto:
acl_obj = paloaltofw.PaloAltoFW(paloalto, exp_info)
RenderACL(str(acl_obj), acl_obj.SUFFIX, output_directory,
input_file, write_files)
# TODO(robankeny) add additional errors.
except (juniper.Error, junipersrx.Error, cisco.Error, ipset.Error,
iptables.Error, speedway.Error, pcap.Error, aclgenerator.Error,
aruba.Error, nftables.Error, gce.Error):
raise ACLGeneratorError(
'Error generating target ACL for %s:\n%s%s' %
(input_file, sys.exc_info()[0], sys.exc_info()[1]))
def render_filters(source_file, definitions_obj, shade_check, exp_info):
count = 0
[(eacl, aacl, bacl, jfw, jcl, acl, asa, xacl, ipt, ips, pf, spd, spk, srx,
dem, gcefw, nsx)] = [(False, False, False, False, False, False, False, False, False,
False, False, False, False, False, False, False, False)]
pol = policy.ParsePolicy(open(source_file).read(), definitions_obj,
shade_check=shade_check)
for header in pol.headers:
if 'arista' in header.platforms:
eacl = copy.deepcopy(pol)
if 'aruba' in header.platforms:
aacl = copy.deepcopy(pol)
if 'brocade' in header.platforms:
bacl = copy.deepcopy(pol)
if 'juniper' in header.platforms:
jcl = copy.deepcopy(pol)
if 'juniperfw' in header.platforms:
jfw = copy.deepcopy(pol)
if 'cisco' in header.platforms:
acl = copy.deepcopy(pol)
if 'ciscoasa' in header.platforms:
asa = copy.deepcopy(pol)
if 'ciscoxr' in header.platforms:
xacl = copy.deepcopy(pol)
if 'gce' in header.platforms:
gcefw = copy.deepcopy(pol)
if 'iptables' in header.platforms:
ipt = copy.deepcopy(pol)
if 'ipset' in header.platforms:
ips = copy.deepcopy(pol)
if 'packetfilter' in header.platforms:
pf = copy.deepcopy(pol)
if 'speedway' in header.platforms:
spd = copy.deepcopy(pol)
# SRX needs to be un-optimized for correct building of the address book
# entries.
if 'srx' in header.platforms:
unoptimized_pol = policy.ParsePolicy(open(source_file).read(),
definitions_obj, optimize=False)
srx = copy.deepcopy(unoptimized_pol)
if 'demo' in header.platforms:
dem = copy.deepcopy(pol)
if 'nsxv' in header.platforms:
nsx = copy.deepcopy(pol)
if eacl:
fw = arista.Arista(eacl, exp_info)
do_output_filter(str(fw), filter_name(source_file, fw._SUFFIX))
count += 1
if aacl:
fw = aruba.Aruba(aacl, exp_info)
do_output_filter(str(fw), filter_name(source_file, fw._SUFFIX))
count += 1
if bacl:
fw = brocade.Brocade(bacl, exp_info)
do_output_filter(str(fw), filter_name(source_file, fw._SUFFIX))
count += 1
if jcl:
fw = juniper.Juniper(jcl, exp_info)
do_output_filter(str(fw), filter_name(source_file, fw._SUFFIX))
count += 1
if jfw:
fw = juniperfw.Juniper(jfw, exp_info)
do_output_filter(str(fw), filter_name(source_file, fw._SUFFIX))
count += 1
if acl:
fw = cisco.Cisco(acl, exp_info)
do_output_filter(str(fw), filter_name(source_file, fw._SUFFIX))
count += 1
if asa:
fw = ciscoasa.CiscoASA(asa, exp_info)
do_output_filter(str(fw), filter_name(source_file, fw._SUFFIX))
count += 1
if xacl:
fw = ciscoxr.CiscoXR(xacl, exp_info)
do_output_filter(str(fw), filter_name(source_file, fw._SUFFIX))
count += 1
if ipt:
fw = iptables.Iptables(ipt, exp_info)
do_output_filter(str(fw), filter_name(source_file, fw._SUFFIX))
count += 1
if ips:
fw = ipset.Ipset(ips, exp_info)
do_output_filter(str(fw), filter_name(source_file, fw._SUFFIX))
count += 1
if pf:
fw = packetfilter.PacketFilter(pf, exp_info)
do_output_filter(str(fw), filter_name(source_file, fw._SUFFIX))
count += 1
if spd:
fw = speedway.Speedway(spd, exp_info)
do_output_filter(str(fw), filter_name(source_file, fw._SUFFIX))
count += 1
if srx:
fw = junipersrx.JuniperSRX(srx, exp_info)
do_output_filter(str(fw), filter_name(source_file, fw._SUFFIX))
count += 1
if dem:
fw = demo.Demo(dem, exp_info)
do_output_filter(str(fw), filter_name(source_file, fw._SUFFIX))
count += 1
if gcefw:
fw = gce.GCE(gcefw, exp_info)
do_output_filter(str(fw), filter_name(source_file, fw._SUFFIX))
count += 1
if nsx:
fw = nsxv.Nsxv(nsx, exp_info)
do_output_filter(str(fw), filter_name(source_file, fw._SUFFIX))
count += 1
return count
def test_incorrectfiltertype():
pol = policy.ParsePolicy(nsxv_mocktest.POLICY_INCORRECT_FILTERTYPE,
self.defs)
exp_info = 2
nsx = copy.deepcopy(pol)
fw = nsxv.Nsxv(nsx, exp_info)
def test_nsxv_optionkywd(self):
pol = policy.ParsePolicy(nsxv_mocktest.POLICY_OPTION_KYWD, self.defs)
self.assertRaises(nsxv.NsxvAclTermError, str(nsxv.Nsxv(pol, 2)))
