def test_convert_old_acl_group():
rulestr = "( group x )"
access_rules = convert_old_acl(rulestr)
assert len(access_rules) == 1
assert_access_rule_with_flags(access_rules[0],
invert=False,
blocking=False,
group_ids=[99990000])
def test_convert_old_acl_ip_with_netmask():
rulestr = "( ip 1.2.3.0/24 )"
access_rules = convert_old_acl(rulestr)
assert len(access_rules) == 1
assert_access_rule_with_flags(access_rules[0],
invert=False,
blocking=False,
subnets=[IPv4Network("1.2.3.0/24")])
def test_convert_old_acl_and_2not():
rulestr = "( NOT ( group x ) ) AND ( NOT ( group y ) )"
access_rules = convert_old_acl(rulestr)
assert len(access_rules) == 1
assert_access_rule_with_flags(access_rules[0],
invert=True,
blocking=True,
group_ids=[99990000, 99990001])
def test_convert_old_acl_not_group_rule():
rulestr = "NOT ( group hanswurst )"
access_rules = convert_old_acl(rulestr)
assert len(access_rules) == 1
assert_access_rule_with_flags(access_rules[0],
invert=True,
blocking=True,
group_ids=[99990000])
def test_convert_old_acl_group_and_ip():
rulestr = "( group x ) AND ( ip 1.1.1.1 )"
access_rules = convert_old_acl(rulestr)
assert len(access_rules) == 1
assert_access_rule_with_flags(access_rules[0],
invert=False,
blocking=False,
group_ids=[99990000],
subnets=[IPv4Network("1.1.1.1/32")])
def test_convert_old_acl_group_and_iplist(some_iplist):
iplist = some_iplist
rulestr = "( group x ) AND ( iplist {} )".format(iplist.name)
access_rules = convert_old_acl(rulestr)
assert len(access_rules) == 1
assert_access_rule_with_flags(access_rules[0],
invert=False,
blocking=False,
group_ids=[99990000],
subnets=iplist.subnets)
def test_or_not_same_split():
rulestr = "( NOT ( group x ) ) OR ( user y )"
access_rules = convert_old_acl(rulestr)
assert len(access_rules) == 2
assert_access_rule_with_flags(access_rules[1],
invert=True,
blocking=True,
group_ids=[99990001])
assert_access_rule_with_flags(access_rules[0],
invert=False,
blocking=False,
group_ids=[99990000])
def test_or_not_mixed_split_2not():
rulestr = "( NOT ( group x ) OR ( NOT ( ip 1.1.1.1 ) ) )"
access_rules = convert_old_acl(rulestr)
assert len(access_rules) == 2
assert_access_rule_with_flags(access_rules[0],
invert=True,
blocking=True,
group_ids=[99990000])
assert_access_rule_with_flags(access_rules[1],
invert=True,
blocking=True,
subnets=[IPv4Network("1.1.1.1/32")])
def test_convert_old_acl_or_nested_and_not():
rulestr = "( ( user test ) ) OR ( NOT ( group x ) AND ( NOT ( group y ) ) )"
access_rules = convert_old_acl(rulestr)
assert len(access_rules) == 2
assert_access_rule_with_flags(access_rules[0],
invert=True,
blocking=True,
group_ids=[99990001, 99990002])
assert_access_rule_with_flags(access_rules[1],
invert=False,
blocking=False,
group_ids=[99990000])
def test_convert_old_acl_date_later():
rulestr = "( date > 01.01.2015 )"
access_rules = convert_old_acl(rulestr)
assert len(access_rules) == 1
assert_access_rule_with_flags(access_rules[0],
invert=False,
blocking=False,
dateranges=[
DateRange(datetime.date(2015, 1, 1),
datetime.date(9999, 12, 31),
'()')
])
def test_convert_old_acl_date_earlier_inc():
rulestr = "( date <= 01.01.2015 )"
access_rules = convert_old_acl(rulestr)
assert len(access_rules) == 1
assert_access_rule_with_flags(access_rules[0],
invert=False,
blocking=False,
dateranges=[
DateRange(datetime.date(1, 1, 1),
datetime.date(2015, 1, 1),
'(]')
])
def test_convert_old_acl_group_and_date():
rulestr = "( group x ) AND ( date > 01.01.2015 )"
access_rules = convert_old_acl(rulestr)
assert len(access_rules) == 1
assert_access_rule_with_flags(access_rules[0],
invert=False,
blocking=False,
group_ids=[99990000],
dateranges=[
DateRange(datetime.date(2015, 1, 1),
datetime.date(9999, 12, 31),
'()')
])
def test_illegal_or_not_combination_fail(old_acl):
with raises(CannotRepresentRule):
convert_old_acl(old_acl)
def test_or_not_same_split():
rulestr = "( NOT ( group x ) ) OR ( user y )"
access_rules = convert_old_acl(rulestr)
assert len(access_rules) == 2
assert_access_rule_with_flags(access_rules[1], invert=True, blocking=True, group_ids=[99990001])
assert_access_rule_with_flags(access_rules[0], invert=False, blocking=False, group_ids=[99990000])
def test_or_not_mixed_split_2not():
rulestr = "( NOT ( group x ) OR ( NOT ( ip 1.1.1.1 ) ) )"
access_rules = convert_old_acl(rulestr)
assert len(access_rules) == 2
assert_access_rule_with_flags(access_rules[0], invert=True, blocking=True, group_ids=[99990000])
assert_access_rule_with_flags(access_rules[1], invert=True, blocking=True, subnets=[IPv4Network("1.1.1.1/32")])
def test_convert_old_acl_or_nested_and_not():
rulestr = "( ( user test ) ) OR ( NOT ( group x ) AND ( NOT ( group y ) ) )"
access_rules = convert_old_acl(rulestr)
assert len(access_rules) == 2
assert_access_rule_with_flags(access_rules[0], invert=True, blocking=True, group_ids=[99990001, 99990002])
assert_access_rule_with_flags(access_rules[1], invert=False, blocking=False, group_ids=[99990000])
def test_convert_old_acl_illegal_and_combinations_fail(rulestr):
with raises(CannotRepresentRule):
convert_old_acl(rulestr)
def test_illegal_or_not_combination_fail(old_acl):
with raises(CannotRepresentRule):
convert_old_acl(old_acl)
def test_illegal_not_no_literal_fail(old_acl):
with raises(CannotRepresentRule):
convert_old_acl(old_acl)
def test_convert_old_acl_group_and_date():
rulestr = "( group x ) AND ( date > 01.01.2015 )"
access_rules = convert_old_acl(rulestr)
assert len(access_rules) == 1
assert_access_rule_with_flags(access_rules[0], invert=False, blocking=False, group_ids=[99990000],
dateranges=[DateRange(datetime.date(2015, 1, 1), datetime.date(9999, 12, 31), '()')])
def test_convert_old_acl_date_earlier_inc():
rulestr = "( date <= 01.01.2015 )"
access_rules = convert_old_acl(rulestr)
assert len(access_rules) == 1
assert_access_rule_with_flags(access_rules[0], invert=False, blocking=False,
dateranges=[DateRange(datetime.date(1, 1, 1), datetime.date(2015, 1, 1), '(]')])
def test_convert_old_acl_group():
rulestr = "( group x )"
access_rules = convert_old_acl(rulestr)
assert len(access_rules) == 1
assert_access_rule_with_flags(access_rules[0], invert=False, blocking=False, group_ids=[99990000])
def test_convert_old_acl_illegal_and_combinations_fail(rulestr):
with raises(CannotRepresentRule):
convert_old_acl(rulestr)
def test_illegal_not_no_literal_fail(old_acl):
with raises(CannotRepresentRule):
convert_old_acl(old_acl)
def test_convert_old_acl_nobody_rule():
rulestr = "NOT ( true )"
access_rules = convert_old_acl(rulestr)
assert len(access_rules) == 1
assert_access_rule_with_flags(access_rules[0], invert=True, blocking=True)
def test_convert_old_acl_group_and_iplist(some_iplist):
iplist = some_iplist
rulestr = "( group x ) AND ( iplist {} )".format(iplist.name)
access_rules = convert_old_acl(rulestr)
assert len(access_rules) == 1
assert_access_rule_with_flags(access_rules[0], invert=False, blocking=False, group_ids=[99990000], subnets=iplist.subnets)
def test_convert_old_acl_not_group_rule():
rulestr = "NOT ( group hanswurst )"
access_rules = convert_old_acl(rulestr)
assert len(access_rules) == 1
assert_access_rule_with_flags(access_rules[0], invert=True, blocking=True, group_ids=[99990000])
def test_convert_old_acl_group_and_ip():
rulestr = "( group x ) AND ( ip 1.1.1.1 )"
access_rules = convert_old_acl(rulestr)
assert len(access_rules) == 1
assert_access_rule_with_flags(access_rules[0], invert=False, blocking=False, group_ids=[99990000],
subnets=[IPv4Network("1.1.1.1/32")])
def test_convert_old_acl_and_2not():
rulestr = "( NOT ( group x ) ) AND ( NOT ( group y ) )"
access_rules = convert_old_acl(rulestr)
assert len(access_rules) == 1
assert_access_rule_with_flags(access_rules[0], invert=True, blocking=True, group_ids=[99990000, 99990001])
def test_convert_old_acl_nobody_rule():
rulestr = "NOT ( true )"
access_rules = convert_old_acl(rulestr)
assert len(access_rules) == 1
assert_access_rule_with_flags(access_rules[0], invert=True, blocking=True)
def test_convert_old_acl_ip():
rulestr = "( ip 1.2.3.4 )"
access_rules = convert_old_acl(rulestr)
assert len(access_rules) == 1
assert_access_rule_with_flags(access_rules[0], invert=False, blocking=False, subnets=[IPv4Network("1.2.3.4/32")])
def test_convert_old_acl_date_later():
rulestr = "( date > 01.01.2015 )"
access_rules = convert_old_acl(rulestr)
assert len(access_rules) == 1
assert_access_rule_with_flags(access_rules[0], invert=False, blocking=False,
dateranges=[DateRange(datetime.date(2015, 1, 1), datetime.date(9999, 12, 31), '()')])