def testConfigHelper(self): config = juniper.Config() config.Append('test {') config.Append('blah {') config.Append('foo;') config.Append('bar;') config.Append('}') # close blah{} config.Append(' Mr. T Pities the fool!', verbatim=True) # haven't closed everything yet self.assertRaises(juniper.JuniperIndentationError, lambda: str(config)) config.Append('}') # close test{} self.assertMultiLineEqual(str(config), 'test {\n' ' blah {\n' ' foo;\n' ' bar;\n' ' }\n' ' Mr. T Pities the fool!\n' '}') # one too many '}' self.assertRaises(juniper.JuniperIndentationError, lambda: config.Append('}'))
def __str__(self): target = juniper.Config() for (header, filter_name, filter_direction, terms) in self.junipermsmpc_policies: target.Append('groups {') target.Append('replace:') target.Append('/*') # we want the acl to contain id and date tags, but p4 will expand # the tags here when we submit the generator, so we have to trick # p4 into not knowing these words. like taking c-a-n-d-y from a # baby. for line in aclgenerator.AddRepositoryTags('** '): target.Append(line) target.Append('**') for comment in header.comment: for line in comment.split('\n'): target.Append('** ' + line) target.Append('*/') target.Append('%s {' % filter_name) target.Append('services {') target.Append('stateful-firewall {') target.Append('rule %s {' % filter_name) target.Append('match-direction %s;' % filter_direction) for term in terms: term_str = str(term) if term_str: target.Append(term_str, verbatim=True) target.Append('}') # rule { ... } target.Append('}') # stateful-firewall { ... } target.Append('}') # services { ... } for line in self._GenerateApplications(filter_name): target.Append(line) target.Append('}') # filter_name { ... } target.Append('}') # groups { ... } target.Append('apply-groups %s;' % filter_name) return str(target) + '\n'
def __str__(self): # Verify platform specific terms. Skip whole term if platform does not # match. if self.term.platform: if self._PLATFORM not in self.term.platform: return '' if self.term.platform_exclude: if self._PLATFORM in self.term.platform_exclude: return '' if self.enable_dsmo: raise NotImplementedError('enable_dsmo not implemented for msmpc') ret_str = juniper.Config(indent=self._DEFAULT_INDENT) # COMMENTS # this deals just fine with multi line comments, but we could probably # output them a little cleaner; do things like make sure the # len(output) < 80, etc. Note, if 'noverbose' is set for the filter, skip # all comment processing. if not self.noverbose: if self.term.owner: self.term.comment.append('Owner: %s' % self.term.owner) if self.term.comment: ret_str.Append('/*') for comment in self.term.comment: for line in comment.split('\n'): ret_str.Append('** ' + line) ret_str.Append('*/') # Term verbatim output - this will skip over normal term creation # code. Warning generated from policy.py if appropriate. if self.term.verbatim: for next_term in self.term.verbatim: if next_term[0] == self._PLATFORM: ret_str.Append(str(next_term[1]), verbatim=True) return str(ret_str) # Determine whether there are any match conditions for the term. has_match_criteria = ( self.term.address or self.term.dscp_except or self.term.dscp_match or self.term.destination_address or self.term.destination_port or self.term.destination_prefix or self.term.destination_prefix_except or self.term.encapsulate or self.term.ether_type or self.term.flexible_match_range or self.term.forwarding_class or self.term.forwarding_class_except or self.term.fragment_offset or self.term.hop_limit or self.term.next_ip or self.term.port or self.term.precedence or self.term.protocol or self.term.protocol_except or self.term.source_address or self.term.source_port or self.term.source_prefix or self.term.source_prefix_except or self.term.traffic_type or self.term.ttl) suffixes = [] duplicate_term = False has_icmp = 'icmp' in self.term.protocol has_icmpv6 = 'icmpv6' in self.term.protocol has_v4_ip = self.term.GetAddressOfVersion( 'source_address', self.AF_MAP.get('inet')) or self.term.GetAddressOfVersion( 'source_address_exclude', self.AF_MAP.get('inet')) or self.term.GetAddressOfVersion( 'destination_address', self.AF_MAP.get('inet')) or self.term.GetAddressOfVersion( 'destination_address_exclude', self.AF_MAP.get('inet')) has_v6_ip = self.term.GetAddressOfVersion( 'source_address', self.AF_MAP.get('inet6')) or self.term.GetAddressOfVersion( 'source_address_exclude', self.AF_MAP.get('inet6')) or self.term.GetAddressOfVersion( 'destination_address', self.AF_MAP.get('inet6')) or self.term.GetAddressOfVersion( 'destination_address_exclude', self.AF_MAP.get('inet6')) if self.term_type == 'mixed': if not (has_v4_ip or has_v6_ip): suffixes = ['inet'] elif not has_v6_ip: suffixes = ['inet'] elif not has_v4_ip: suffixes = ['inet6'] else: suffixes = ['inet', 'inet6'] duplicate_term = True if not suffixes and self.term_type in ['inet', 'inet6']: suffixes = [self.term_type] for suffix in suffixes: if self.term_type == 'mixed' and (not (has_icmp and has_icmpv6)) and ( has_v4_ip and has_v6_ip): if (has_icmp and suffix != 'inet') or (has_icmpv6 and suffix != 'inet6'): continue source_address = self.term.GetAddressOfVersion('source_address', self.AF_MAP.get(suffix)) source_address_exclude = self.term.GetAddressOfVersion( 'source_address_exclude', self.AF_MAP.get(suffix)) source_address, source_address_exclude = self._MinimizePrefixes( source_address, source_address_exclude) destination_address = self.term.GetAddressOfVersion( 'destination_address', self.AF_MAP.get(suffix)) destination_address_exclude = self.term.GetAddressOfVersion( 'destination_address_exclude', self.AF_MAP.get(suffix)) destination_address, destination_address_exclude = self._MinimizePrefixes( destination_address, destination_address_exclude) if ((not source_address) and self.term.GetAddressOfVersion( 'source_address', self.AF_MAP.get('mixed')) and not source_address_exclude) or ( (not destination_address) and self.term.GetAddressOfVersion( 'destination_address', self.AF_MAP.get('mixed')) and not destination_address_exclude): continue if ((has_icmpv6 and not has_icmp and suffix == 'inet') or (has_icmp and not has_icmpv6 and suffix == 'inet6')) and self.term_type != 'mixed': logging.debug( self.NO_AF_LOG_PROTO.substitute( term=self.term.name, proto=', '.join(self.term.protocol), af=suffix)) return '' # NAME # if the term is inactive we have to set the prefix if self.term.inactive: term_prefix = 'inactive:' else: term_prefix = '' ret_str.Append( '%s term %s%s {' % (term_prefix, self.term.name, '-' + suffix if duplicate_term else '')) # We only need a "from {" clause if there are any conditions to match. if has_match_criteria: ret_str.Append('from {') # SOURCE ADDRESS if source_address or source_address_exclude: ret_str.Append('source-address {') if source_address: for saddr in source_address: for comment in self._Comment(saddr): ret_str.Append('%s' % comment) if saddr.version == 6 and 0 < saddr.prefixlen < 16: for saddr2 in saddr.subnets(new_prefix=16): ret_str.Append('%s;' % saddr2) else: if saddr == nacaddr.IPv6('0::0/0'): saddr = 'any-ipv6' elif saddr == nacaddr.IPv4('0.0.0.0/0'): saddr = 'any-ipv4' ret_str.Append('%s;' % saddr) # SOURCE ADDRESS EXCLUDE if source_address_exclude: for ex in source_address_exclude: for comment in self._Comment(ex): ret_str.Append('%s' % comment) if ex.version == 6 and 0 < ex.prefixlen < 16: for ex2 in ex.subnets(new_prefix=16): ret_str.Append('%s except;' % ex2) else: if ex == nacaddr.IPv6('0::0/0'): ex = 'any-ipv6' elif ex == nacaddr.IPv4('0.0.0.0/0'): ex = 'any-ipv4' ret_str.Append('%s except;' % ex) ret_str.Append('}') # source-address {...} # DESTINATION ADDRESS if destination_address or destination_address_exclude: ret_str.Append('destination-address {') if destination_address: for daddr in destination_address: for comment in self._Comment(daddr): ret_str.Append('%s' % comment) if daddr.version == 6 and 0 < daddr.prefixlen < 16: for daddr2 in daddr.subnets(new_prefix=16): ret_str.Append('%s;' % daddr2) else: if daddr == nacaddr.IPv6('0::0/0'): daddr = 'any-ipv6' elif daddr == nacaddr.IPv4('0.0.0.0/0'): daddr = 'any-ipv4' ret_str.Append('%s;' % daddr) # DESTINATION ADDRESS EXCLUDE if destination_address_exclude: for ex in destination_address_exclude: for comment in self._Comment(ex): ret_str.Append('%s' % comment) if ex.version == 6 and 0 < ex.prefixlen < 16: for ex2 in ex.subnets(new_prefix=16): ret_str.Append('%s except;' % ex2) else: if ex == nacaddr.IPv6('0::0/0'): ex = 'any-ipv6' elif ex == nacaddr.IPv4('0.0.0.0/0'): ex = 'any-ipv4' ret_str.Append('%s except;' % ex) ret_str.Append('}') # destination-address {...} # source prefix <except> list if self.term.source_prefix or self.term.source_prefix_except: for pfx in self.term.source_prefix: ret_str.Append('source-prefix-list ' + pfx + ';') for epfx in self.term.source_prefix_except: ret_str.Append('source-prefix-list ' + epfx + ' except;') # destination prefix <except> list if self.term.destination_prefix or self.term.destination_prefix_except: for pfx in self.term.destination_prefix: ret_str.Append('destination-prefix-list ' + pfx + ';') for epfx in self.term.destination_prefix_except: ret_str.Append('destination-prefix-list ' + epfx + ' except;') # APPLICATION if (self.term.source_port or self.term.destination_port or self.term.icmp_type or self.term.protocol): if hasattr(self.term, 'replacement_application_name'): ret_str.Append('application-sets ' + self.term.replacement_application_name + '-app;') else: ret_str.Append('application-sets ' + self.filter_name[:((MAX_IDENTIFIER_LEN) // 2)] + self.term.name[-((MAX_IDENTIFIER_LEN) // 2):] + '-app;') ret_str.Append('}') # from {...} ret_str.Append('then {') # ACTION for action in self.term.action: ret_str.Append(self._ACTIONS.get(str(action)) + ';') if self.term.logging and 'disable' not in [ x.value for x in self.term.logging ]: ret_str.Append('syslog;') ret_str.Append('}') # then {...} ret_str.Append('}') # term {...} return str(ret_str)