def testTranslatePolicyWithEstablished(self): """Test for Nsxv.test_TranslatePolicy.""" self.naming.GetNetAddr.side_effect = [[ nacaddr.IP('10.0.0.1'), nacaddr.IP('10.0.0.2') ], [ nacaddr.IP('10.0.0.0/8'), nacaddr.IP('172.16.0.0/12'), nacaddr.IP('192.168.0.0/16') ]] self.naming.GetServiceByProto.return_value = ['123'] pol = policy.ParsePolicy(INET_FILTER_WITH_ESTABLISHED, self.naming, False) translate_pol = nsxv.Nsxv(pol, EXP_INFO) nsxv_policies = translate_pol.nsxv_policies for (_, filter_name, filter_list, terms) in nsxv_policies: self.assertEqual(filter_name, 'inet') self.assertEqual(filter_list, ['inet']) self.assertEqual(len(terms), 1) self.assertNotIn( '<sourcePort>123</sourcePort><destinationPort>123', str(terms[0])) self.naming.GetNetAddr.assert_has_calls( [mock.call('NTP_SERVERS'), mock.call('INTERNAL')]) self.naming.GetServiceByProto.assert_has_calls( [mock.call('NTP', 'udp')] * 2)
def test_nsxv_policy(self): pol = policy.ParsePolicy(nsxv_mocktest.POLICY, self.defs) exp_info = 2 nsx = copy.deepcopy(pol) fw = nsxv.Nsxv(nsx, exp_info) output = str(fw) # parse the xml root = ET.fromstring(output) # check section name section_name = {'id': '1007', 'name': 'Sample NSXV filter'} self.assertEqual(root.attrib, section_name) # check name and action self.assertEqual(root.find('./rule/name').text, 'reject-imap-requests') self.assertEqual(root.find('./rule/action').text, 'reject') #check IPV4 destination exp_destaddr = ['200.1.1.4/31'] for destination in root.findall('./rule/destinations/destination'): self.assertEqual((destination.find('type').text), 'Ipv4Address') value = (destination.find('value').text) if value not in exp_destaddr: self.fail( 'IPv4Address destination not found in test_nsxv_str()') #check protocol protocol = int(root.find('./rule/services/service/protocol').text) self.assertEqual(protocol, 6) # check destination port destination_port = root.find( './rule/services/service/destinationPort').text self.assertEqual(destination_port, '143')
def test_optionkywd(): pol = policy.ParsePolicy(nsxv_mocktest.POLICY_OPTION_KYWD, self.defs) exp_info = 2 nsx = copy.deepcopy(pol) fw = nsxv.Nsxv(nsx, exp_info) output = str(fw)
def test_TranslatePolicy(self): """ Test for Nsxv.test_TranslatePolicy """ # exp_info default is 2 exp_info = 2 pol = policy.ParsePolicy(nsxv_mocktest.INET_FILTER, self.defs, False) translate_pol = nsxv.Nsxv(pol, exp_info) nsxv_policies = translate_pol.nsxv_policies for (header, filter_name, filter_list, terms) in nsxv_policies: self.assertEqual(filter_name, 'inet') self.assertEqual(filter_list, ['inet']) self.assertEqual(len(terms), 1)
def testBuildTokens(self): self.naming.GetNetAddr('NTP_SERVERS').AndReturn([nacaddr.IP('10.0.0.1'), nacaddr.IP('10.0.0.2')]) self.naming.GetNetAddr('INTERNAL').AndReturn([nacaddr.IP('10.0.0.0/8'), nacaddr.IP('172.16.0.0/12'), nacaddr.IP('192.168.0.0/16')]) self.naming.GetServiceByProto.return_value = ['123'] pol1 = nsxv.Nsxv(policy.ParsePolicy(INET_FILTER, self.naming), 2) st, sst = pol1._BuildTokens() self.assertEquals(st, SUPPORTED_TOKENS) self.assertEquals(sst, SUPPORTED_SUB_TOKENS)
def testParseFilterOptionsCase2(self): pol = nsxv.Nsxv( policy.ParsePolicy(HEADER_WITH_SECURITYGROUP + INET6_TERM, self.naming, False), EXP_INFO) for (header, _, _, _) in pol.nsxv_policies: filter_options = header.FilterOptions(_PLATFORM) pol._ParseFilterOptions(filter_options) self.assertEquals(nsxv.Nsxv._FILTER_OPTIONS_DICT['filter_type'], 'inet6') self.assertEquals(nsxv.Nsxv._FILTER_OPTIONS_DICT['section_id'], 0) self.assertEquals(nsxv.Nsxv._FILTER_OPTIONS_DICT['applied_to'], 'securitygroup-Id1')
def testParseFilterOptionsCase1(self): pol = nsxv.Nsxv( policy.ParsePolicy(HEADER_WITH_SECTIONID + TERM, self.naming, False), EXP_INFO) for (header, _, _, _) in pol.nsxv_policies: filter_options = header.FilterOptions(_PLATFORM) pol._ParseFilterOptions(filter_options) self.assertEquals(nsxv.Nsxv._FILTER_OPTIONS_DICT['filter_type'], 'inet') self.assertEquals(nsxv.Nsxv._FILTER_OPTIONS_DICT['section_id'], '1009') self.assertEquals(nsxv.Nsxv._FILTER_OPTIONS_DICT['applied_to'], None)
def getXmlRoot(self, data): pol = policy.ParsePolicy(data, self.naming, False) target = nsxv.Nsxv(pol, EXP_INFO) # parse the output and seperate sections and comment section_tokens = str(target).split('<section') sections = [] for sec in section_tokens: section = sec.replace('name=', '<section name=') sections.append(section) # parse the xml root = ET.fromstring(sections[1]) return root
def testTranslatePolicyMixedFilterInetOnly(self): """Test for Nsxv.test_TranslatePolicy. Testing Mixed filter with inet.""" self.naming.GetNetAddr.return_value = [nacaddr.IP('10.0.0.0/8')] self.naming.GetServiceByProto.return_value = ['25'] pol = policy.ParsePolicy(MIXED_FILTER_INET_ONLY, self.naming, False) translate_pol = nsxv.Nsxv(pol, EXP_INFO) nsxv_policies = translate_pol.nsxv_policies for (_, filter_name, filter_list, terms) in nsxv_policies: self.assertEqual(filter_name, 'mixed') self.assertEqual(filter_list, ['mixed']) self.assertEqual(len(terms), 1) self.assertIn('10.0.0.0/8', str(terms[0])) self.naming.GetServiceByProto.assert_has_calls( [mock.call('MAIL_SERVICES', 'tcp')] * 1)
def test_nsxv_nosectiondid(self): pol = policy.ParsePolicy(nsxv_mocktest.POLICY_NO_SECTION_ID, self.defs) exp_info = 2 nsx = copy.deepcopy(pol) fw = nsxv.Nsxv(nsx, exp_info) output = str(fw) # parse the xml root = ET.fromstring(output) # check section name section_name = {'name': 'NSXV filter without section id'} self.assertEqual(root.attrib, section_name) # check name and action self.assertEqual(root.find('./rule/name').text, 'accept-icmp') self.assertEqual(root.find('./rule/action').text, 'allow') #check protocol protocol = int(root.find('./rule/services/service/protocol').text) self.assertEqual(protocol, 1)
def testBuildWarningTokens(self): self.naming.GetNetAddr.side_effect = [[ nacaddr.IP('10.0.0.1'), nacaddr.IP('10.0.0.2') ], [ nacaddr.IP('10.0.0.0/8'), nacaddr.IP('172.16.0.0/12'), nacaddr.IP('192.168.0.0/16') ]] self.naming.GetServiceByProto.return_value = ['123'] pol1 = nsxv.Nsxv(policy.ParsePolicy(INET_FILTER_2, self.naming), 2) st, sst = pol1._BuildTokens() self.assertEquals(st, SUPPORTED_TOKENS) self.assertEquals(sst, SUPPORTED_SUB_TOKENS) self.naming.GetNetAddr.assert_has_calls( [mock.call('NTP_SERVERS'), mock.call('INTERNAL')])
def test_nsxv_str(self): """ Test for Nsxv._str_ """ # exp_info default is 2 exp_info = 2 pol = policy.ParsePolicy(nsxv_mocktest.MIXED_FILTER, self.defs, False) target = nsxv.Nsxv(pol, exp_info) #parse the xml and check the values root = ET.fromstring(str(target)) # check section name section_name = {'id': '1009', 'name': 'Sample mixed NSXV filter'} self.assertEqual(root.attrib, section_name) # check name and action self.assertEqual(root.find('./rule/name').text, 'accept-to-honestdns') self.assertEqual(root.find('./rule/action').text, 'allow') #check IPV4 and IPV6 destinations exp_ipv4dest = ['8.8.4.4', '8.8.8.8'] exp_ipv6dest = ['2001:4860:4860::8844', '2001:4860:4860::8888'] for destination in root.findall('./rule/destinations/destination'): type = destination.find('type').text value = (destination.find('value').text) if 'Ipv4Address' in type: if value not in exp_ipv4dest: self.fail('IPv4Address not found in test_nsxv_str()') else: if value not in exp_ipv6dest: self.fail('IPv6Address not found in test_nsxv_str()') #check protocol protocol = int(root.find('./rule/services/service/protocol').text) self.assertEqual(protocol, 17) # check destination port destination_port = root.find( './rule/services/service/destinationPort').text self.assertEqual(destination_port, '53') # check notes notes = root.find('./rule/notes').text self.assertEqual(notes, 'Allow name resolution using honestdns.')
def testNsxvStrWithSecurityGroup(self): """Test for Nsxv._str_.""" pol = policy.ParsePolicy(POLICY_WITH_SECURITY_GROUP, self.naming, False) target = nsxv.Nsxv(pol, EXP_INFO) # parse the output and seperate sections and comment section_tokens = str(target).split('<section') sections = [] for sec in section_tokens: section = sec.replace('id=', '<section id=') sections.append(section) # parse the xml # Checking comment tag comment = sections[0] if 'Id' not in comment: self.fail('Id missing in xml comment in test_nsxv_str()') if 'Date' not in comment: self.fail('Date missing in xml comment in test_nsxv_str()') if 'Revision' not in comment: self.fail('Revision missing in xml comment in test_nsxv_str()') root = ET.fromstring(sections[1]) # check section name section_name = { 'id': '1010', 'name': 'POLICY_WITH_SECURITY_GROUP_NAME' } self.assertEqual(root.attrib, section_name) # check name and action self.assertEqual(root.find('./rule/name').text, 'accept-icmp') self.assertEqual(root.find('./rule/action').text, 'allow') # check protocol protocol = int(root.find('./rule/services/service/protocol').text) self.assertEqual(protocol, 1) # check appliedTo applied_to = root.find('./rule/appliedToList/appliedTo/value').text self.assertEqual(applied_to, 'securitygroup-Id')
def testTranslatePolicy(self): """Test for Nsxv.test_TranslatePolicy.""" # exp_info default is 2 self.naming.GetNetAddr('NTP_SERVERS').AndReturn([nacaddr.IP('10.0.0.1'), nacaddr.IP('10.0.0.2')]) self.naming.GetNetAddr('INTERNAL').AndReturn([nacaddr.IP('10.0.0.0/8'), nacaddr.IP('172.16.0.0/12'), nacaddr.IP('192.168.0.0/16')]) self.naming.GetServiceByProto.return_value = ['123'] exp_info = 2 pol = policy.ParsePolicy(INET_FILTER, self.naming, False) translate_pol = nsxv.Nsxv(pol, exp_info) nsxv_policies = translate_pol.nsxv_policies for (_, filter_name, filter_list, terms) in nsxv_policies: self.assertEqual(filter_name, 'inet') self.assertEqual(filter_list, ['inet']) self.assertEqual(len(terms), 1) self.naming.GetServiceByProto.assert_has_calls( [mock.call('NTP', 'udp')] * 2)
def test_nsxv_incorrectfiltertype(self): pol = policy.ParsePolicy(nsxv_mocktest.POLICY_INCORRECT_FILTERTYPE, self.defs) self.assertRaises(nsxv.UnsupportedNsxvAccessListError, nsxv.Nsxv(pol, 2))
def testNsxvStr(self): """Test for Nsxv._str_.""" # exp_info default is 2 self.naming.GetNetAddr('GOOGLE_DNS').AndReturn([ nacaddr.IP('8.8.4.4'), nacaddr.IP('8.8.8.8'), nacaddr.IP('2001:4860:4860::8844'), nacaddr.IP('2001:4860:4860::8888')]) self.naming.GetServiceByProto.return_value = ['53'] exp_info = 2 pol = policy.ParsePolicy(MIXED_FILTER, self.naming, False) target = nsxv.Nsxv(pol, exp_info) # parse the output and seperate sections and comment section_tokens = str(target).split('<section') sections = [] for sec in section_tokens: section = sec.replace('name=', '<section name=') sections.append(section) # parse the xml # Checking comment tag comment = sections[0] if 'Id' not in comment: self.fail('Id missing in xml comment in test_nsxv_str()') if 'Date' not in comment: self.fail('Date missing in xml comment in test_nsxv_str()') if 'Revision' not in comment: self.fail('Revision missing in xml comment in test_nsxv_str()') root = ET.fromstring(sections[1]) # check section name section_name = {'name': 'Sample mixed NSXV filter'} self.assertEqual(root.attrib, section_name) # check name and action self.assertEqual(root.find('./rule/name').text, 'accept-to-honestdns') self.assertEqual(root.find('./rule/action').text, 'allow') # check IPV4 and IPV6 destinations exp_ipv4dest = ['8.8.4.4', '8.8.8.8'] exp_ipv6dest = ['2001:4860:4860::8844', '2001:4860:4860::8888'] for destination in root.findall('./rule/destinations/destination'): addr_type = destination.find('type').text value = (destination.find('value').text) if 'Ipv4Address' in addr_type: if value not in exp_ipv4dest: self.fail('IPv4Address not found in test_nsxv_str()') else: if value not in exp_ipv6dest: self.fail('IPv6Address not found in test_nsxv_str()') # check protocol protocol = int(root.find('./rule/services/service/protocol').text) self.assertEqual(protocol, 17) # check destination port destination_port = root.find('./rule/services/service/destinationPort').text self.assertEqual(destination_port, '53') # check notes notes = root.find('./rule/notes').text self.assertEqual(notes, 'Allow name resolution using honestdns.') self.naming.GetServiceByProto.assert_called_once_with('DNS', 'udp')
def RenderFile(input_file, output_directory, definitions, exp_info, write_files): """Render a single file. Args: input_file: the name of the input policy file. output_directory: the directory in which we place the rendered file. definitions: the definitions from naming.Naming(). exp_info: print a info message when a term is set to expire in that many weeks. write_files: a list of file tuples, (output_file, acl_text), to write """ logging.debug('rendering file: %s into %s', input_file, output_directory) pol = None jcl = False acl = False asacl = False aacl = False bacl = False eacl = False gcefw = False ips = False ipt = False spd = False nsx = False pcap_accept = False pcap_deny = False pf = False srx = False jsl = False nft = False win_afw = False xacl = False paloalto = False try: conf = open(input_file).read() logging.debug('opened and read %s', input_file) except IOError as e: logging.warn('bad file: \n%s', e) raise try: pol = policy.ParsePolicy(conf, definitions, optimize=FLAGS.optimize, base_dir=FLAGS.base_directory, shade_check=FLAGS.shade_check) except policy.ShadingError as e: logging.warn('shading errors for %s:\n%s', input_file, e) return except (policy.Error, naming.Error): raise ACLParserError( 'Error parsing policy file %s:\n%s%s' % (input_file, sys.exc_info()[0], sys.exc_info()[1])) platforms = set() for header in pol.headers: platforms.update(header.platforms) if 'juniper' in platforms: jcl = copy.deepcopy(pol) if 'cisco' in platforms: acl = copy.deepcopy(pol) if 'ciscoasa' in platforms: asacl = copy.deepcopy(pol) if 'brocade' in platforms: bacl = copy.deepcopy(pol) if 'arista' in platforms: eacl = copy.deepcopy(pol) if 'aruba' in platforms: aacl = copy.deepcopy(pol) if 'ipset' in platforms: ips = copy.deepcopy(pol) if 'iptables' in platforms: ipt = copy.deepcopy(pol) if 'nsxv' in platforms: nsx = copy.deepcopy(pol) if 'packetfilter' in platforms: pf = copy.deepcopy(pol) if 'pcap' in platforms: pcap_accept = copy.deepcopy(pol) pcap_deny = copy.deepcopy(pol) if 'speedway' in platforms: spd = copy.deepcopy(pol) if 'srx' in platforms: srx = copy.deepcopy(pol) if 'srxlo' in platforms: jsl = copy.deepcopy(pol) if 'windows_advfirewall' in platforms: win_afw = copy.deepcopy(pol) if 'ciscoxr' in platforms: xacl = copy.deepcopy(pol) if 'nftables' in platforms: nft = copy.deepcopy(pol) if 'gce' in platforms: gcefw = copy.deepcopy(pol) if 'paloalto' in platforms: paloalto = copy.deepcopy(pol) if not output_directory.endswith('/'): output_directory += '/' try: if jcl: acl_obj = juniper.Juniper(jcl, exp_info) RenderACL(str(acl_obj), acl_obj.SUFFIX, output_directory, input_file, write_files) if srx: acl_obj = junipersrx.JuniperSRX(srx, exp_info) RenderACL(str(acl_obj), acl_obj.SUFFIX, output_directory, input_file, write_files) if acl: acl_obj = cisco.Cisco(acl, exp_info) RenderACL(str(acl_obj), acl_obj.SUFFIX, output_directory, input_file, write_files) if asacl: acl_obj = ciscoasa.CiscoASA(acl, exp_info) RenderACL(str(acl_obj), acl_obj.SUFFIX, output_directory, input_file, write_files) if aacl: acl_obj = aruba.Aruba(aacl, exp_info) RenderACL(str(acl_obj), acl_obj.SUFFIX, output_directory, input_file, write_files) if bacl: acl_obj = brocade.Brocade(bacl, exp_info) RenderACL(str(acl_obj), acl_obj.SUFFIX, output_directory, input_file, write_files) if eacl: acl_obj = arista.Arista(eacl, exp_info) RenderACL(str(acl_obj), acl_obj.SUFFIX, output_directory, input_file, write_files) if ips: acl_obj = ipset.Ipset(ips, exp_info) RenderACL(str(acl_obj), acl_obj.SUFFIX, output_directory, input_file, write_files) if ipt: acl_obj = iptables.Iptables(ipt, exp_info) RenderACL(str(acl_obj), acl_obj.SUFFIX, output_directory, input_file, write_files) if nsx: acl_obj = nsxv.Nsxv(nsx, exp_info) RenderACL(str(acl_obj), acl_obj.SUFFIX, output_directory, input_file, write_files) if spd: acl_obj = speedway.Speedway(spd, exp_info) RenderACL(str(acl_obj), acl_obj.SUFFIX, output_directory, input_file, write_files) if pcap_accept: acl_obj = pcap.PcapFilter(pcap_accept, exp_info) RenderACL(str(acl_obj), '-accept' + acl_obj.SUFFIX, output_directory, input_file, write_files) if pcap_deny: acl_obj = pcap.PcapFilter(pcap_deny, exp_info, invert=True) RenderACL(str(acl_obj), '-deny' + acl_obj.SUFFIX, output_directory, input_file, write_files) if pf: acl_obj = packetfilter.PacketFilter(pf, exp_info) RenderACL(str(acl_obj), acl_obj.SUFFIX, output_directory, input_file, write_files) if win_afw: acl_obj = windows_advfirewall.WindowsAdvFirewall(win_afw, exp_info) RenderACL(str(acl_obj), acl_obj.SUFFIX, output_directory, input_file, write_files) if jsl: acl_obj = srxlo.SRXlo(jsl, exp_info) RenderACL(str(acl_obj), acl_obj.SUFFIX, output_directory, input_file, write_files) if xacl: acl_obj = ciscoxr.CiscoXR(xacl, exp_info) RenderACL(str(acl_obj), acl_obj.SUFFIX, output_directory, input_file, write_files) if nft: acl_obj = nftables.Nftables(nft, exp_info) RenderACL(str(acl_obj), acl_obj.SUFFIX, output_directory, input_file, write_files) if gcefw: acl_obj = gce.GCE(gcefw, exp_info) RenderACL(str(acl_obj), acl_obj.SUFFIX, output_directory, input_file, write_files) if paloalto: acl_obj = paloaltofw.PaloAltoFW(paloalto, exp_info) RenderACL(str(acl_obj), acl_obj.SUFFIX, output_directory, input_file, write_files) # TODO(robankeny) add additional errors. except (juniper.Error, junipersrx.Error, cisco.Error, ipset.Error, iptables.Error, speedway.Error, pcap.Error, aclgenerator.Error, aruba.Error, nftables.Error, gce.Error): raise ACLGeneratorError( 'Error generating target ACL for %s:\n%s%s' % (input_file, sys.exc_info()[0], sys.exc_info()[1]))
def render_filters(source_file, definitions_obj, shade_check, exp_info): count = 0 [(eacl, aacl, bacl, jfw, jcl, acl, asa, xacl, ipt, ips, pf, spd, spk, srx, dem, gcefw, nsx)] = [(False, False, False, False, False, False, False, False, False, False, False, False, False, False, False, False, False)] pol = policy.ParsePolicy(open(source_file).read(), definitions_obj, shade_check=shade_check) for header in pol.headers: if 'arista' in header.platforms: eacl = copy.deepcopy(pol) if 'aruba' in header.platforms: aacl = copy.deepcopy(pol) if 'brocade' in header.platforms: bacl = copy.deepcopy(pol) if 'juniper' in header.platforms: jcl = copy.deepcopy(pol) if 'juniperfw' in header.platforms: jfw = copy.deepcopy(pol) if 'cisco' in header.platforms: acl = copy.deepcopy(pol) if 'ciscoasa' in header.platforms: asa = copy.deepcopy(pol) if 'ciscoxr' in header.platforms: xacl = copy.deepcopy(pol) if 'gce' in header.platforms: gcefw = copy.deepcopy(pol) if 'iptables' in header.platforms: ipt = copy.deepcopy(pol) if 'ipset' in header.platforms: ips = copy.deepcopy(pol) if 'packetfilter' in header.platforms: pf = copy.deepcopy(pol) if 'speedway' in header.platforms: spd = copy.deepcopy(pol) # SRX needs to be un-optimized for correct building of the address book # entries. if 'srx' in header.platforms: unoptimized_pol = policy.ParsePolicy(open(source_file).read(), definitions_obj, optimize=False) srx = copy.deepcopy(unoptimized_pol) if 'demo' in header.platforms: dem = copy.deepcopy(pol) if 'nsxv' in header.platforms: nsx = copy.deepcopy(pol) if eacl: fw = arista.Arista(eacl, exp_info) do_output_filter(str(fw), filter_name(source_file, fw._SUFFIX)) count += 1 if aacl: fw = aruba.Aruba(aacl, exp_info) do_output_filter(str(fw), filter_name(source_file, fw._SUFFIX)) count += 1 if bacl: fw = brocade.Brocade(bacl, exp_info) do_output_filter(str(fw), filter_name(source_file, fw._SUFFIX)) count += 1 if jcl: fw = juniper.Juniper(jcl, exp_info) do_output_filter(str(fw), filter_name(source_file, fw._SUFFIX)) count += 1 if jfw: fw = juniperfw.Juniper(jfw, exp_info) do_output_filter(str(fw), filter_name(source_file, fw._SUFFIX)) count += 1 if acl: fw = cisco.Cisco(acl, exp_info) do_output_filter(str(fw), filter_name(source_file, fw._SUFFIX)) count += 1 if asa: fw = ciscoasa.CiscoASA(asa, exp_info) do_output_filter(str(fw), filter_name(source_file, fw._SUFFIX)) count += 1 if xacl: fw = ciscoxr.CiscoXR(xacl, exp_info) do_output_filter(str(fw), filter_name(source_file, fw._SUFFIX)) count += 1 if ipt: fw = iptables.Iptables(ipt, exp_info) do_output_filter(str(fw), filter_name(source_file, fw._SUFFIX)) count += 1 if ips: fw = ipset.Ipset(ips, exp_info) do_output_filter(str(fw), filter_name(source_file, fw._SUFFIX)) count += 1 if pf: fw = packetfilter.PacketFilter(pf, exp_info) do_output_filter(str(fw), filter_name(source_file, fw._SUFFIX)) count += 1 if spd: fw = speedway.Speedway(spd, exp_info) do_output_filter(str(fw), filter_name(source_file, fw._SUFFIX)) count += 1 if srx: fw = junipersrx.JuniperSRX(srx, exp_info) do_output_filter(str(fw), filter_name(source_file, fw._SUFFIX)) count += 1 if dem: fw = demo.Demo(dem, exp_info) do_output_filter(str(fw), filter_name(source_file, fw._SUFFIX)) count += 1 if gcefw: fw = gce.GCE(gcefw, exp_info) do_output_filter(str(fw), filter_name(source_file, fw._SUFFIX)) count += 1 if nsx: fw = nsxv.Nsxv(nsx, exp_info) do_output_filter(str(fw), filter_name(source_file, fw._SUFFIX)) count += 1 return count
def test_incorrectfiltertype(): pol = policy.ParsePolicy(nsxv_mocktest.POLICY_INCORRECT_FILTERTYPE, self.defs) exp_info = 2 nsx = copy.deepcopy(pol) fw = nsxv.Nsxv(nsx, exp_info)
def test_nsxv_optionkywd(self): pol = policy.ParsePolicy(nsxv_mocktest.POLICY_OPTION_KYWD, self.defs) self.assertRaises(nsxv.NsxvAclTermError, str(nsxv.Nsxv(pol, 2)))