def testVpnConfigWithoutPairPolicy(self):
self.mox.ReplayAll()
pol = policy.ParsePolicy(HEADER_4 + GOOD_TERM_30, self.naming)
self.assertEquals(len(pol.filters), 1)
self.assertEquals('special-30', pol.filters[0][1][0].vpn[0])
self.assertEquals('', pol.filters[0][1][0].vpn[1])
def testNoTermRemark(self):
acl = brocade.Brocade(
policy.ParsePolicy(GOOD_HEADER + GOOD_TERM, self.naming), EXP_INFO)
self.failIf('remark good-term-3' in str(acl))
def testBadHeaderCase4(self):
pol = policy.ParsePolicy(BAD_HEADER_4 + INET6_TERM, self.naming, False)
self.assertRaises(nsxv.UnsupportedNsxvAccessListError, nsxv.Nsxv, pol,
EXP_INFO)
def testLogging(self): pol = HEADER + GOOD_TERM_10 ret = policy.ParsePolicy(pol, self.naming) self.assertEqual(len(ret.filters), 1) _, terms = ret.filters[0] self.assertEquals(str(terms[0].logging[0]), 'true')
def test_incorrectfiltertype():
pol = policy.ParsePolicy(nsxv_mocktest.POLICY_INCORRECT_FILTERTYPE,
self.defs)
exp_info = 2
nsx = copy.deepcopy(pol)
fw = nsxv.Nsxv(nsx, exp_info)
def testICMPCodes(self):
pol = HEADER + GOOD_TERM_42
result = policy.ParsePolicy(pol, self.naming)
self.assertTrue('icmp_code: [3, 4]' in str(result))
def testHopLimitRange(self): pol = HEADER_V6 + GOOD_TERM_V6_2 ret = policy.ParsePolicy(pol, self.naming) self.assertEqual(len(ret.filters), 1) _, terms = ret.filters[0] self.assertEquals(str(terms[0].hop_limit[2]), '7')
def testUdpEstablished(self):
acl = cisco.Cisco(policy.ParsePolicy(GOOD_HEADER + GOOD_TERM_9,
self.naming), EXP_INFO)
self.failIf(re.search('permit 17 any any established',
str(acl)), str(acl))
def testDefaultInet6Protocol(self):
acl = cisco.Cisco(policy.ParsePolicy(GOOD_INET6_HEADER + GOOD_TERM_12,
self.naming), EXP_INFO)
self.failUnless(re.search('permit ipv6 any any', str(acl)), str(acl))
def testTcpEstablished(self):
acl = cisco.Cisco(policy.ParsePolicy(GOOD_HEADER + GOOD_TERM_3,
self.naming), EXP_INFO)
self.failUnless(re.search('permit 6 any any established\n',
str(acl)), str(acl))
def testLogging(self):
acl = cisco.Cisco(policy.ParsePolicy(GOOD_HEADER + GOOD_TERM_4,
self.naming), EXP_INFO)
self.failUnless(re.search('permit 6 any any log\n',
str(acl)), str(acl))
def testTermAndFilterName(self):
acl = cisco.Cisco(policy.ParsePolicy(GOOD_HEADER + GOOD_TERM_1,
self.naming), EXP_INFO)
self.failUnless('ip access-list extended test-filter' in str(acl), str(acl))
self.failUnless('remark good-term-1' in str(acl), str(acl))
def testDSCP(self):
acl = cisco.Cisco(policy.ParsePolicy(GOOD_HEADER + GOOD_TERM_16,
self.naming), EXP_INFO)
self.failUnless(re.search('permit 6 any any dscp 42', str(acl)),
str(acl))
def testForwardingClassPolicy(self):
self.mox.ReplayAll()
pol = policy.ParsePolicy(HEADER + GOOD_TERM_32, self.naming)
self.assertEquals('fritzy', pol.filters[0][1][0].forwarding_class)
def testMultipleForwardingClassPolicy(self):
pol = policy.ParsePolicy(HEADER + GOOD_TERM_36, self.naming)
self.assertEquals(['flashy', 'fritzy'],
pol.filters[0][1][0].forwarding_class)
def testTermHopByHop(self):
acl = cisco.Cisco(policy.ParsePolicy(GOOD_HEADER + GOOD_TERM_15,
self.naming), EXP_INFO)
self.failUnless('permit hbh any any' in str(acl), str(acl))
def testStr(self):
"""Sanity test to verify __eq__ works on Policy objects."""
pol = policy.ParsePolicy(HEADER_4 + GOOD_TERM_30, self.naming)
logging.info('Ensuring string formatting doesn\'t throw errors: %s', pol)
def testOwnerTerm(self):
acl = cisco.Cisco(policy.ParsePolicy(GOOD_HEADER +
GOOD_TERM_13, self.naming), EXP_INFO)
self.failUnless(re.search('remark Owner: [email protected]',
str(acl)), str(acl))
def testNumericProtocol(self): pol = HEADER + GOOD_TERM_4 ret = policy.ParsePolicy(pol, self.naming) self.assertEqual(len(ret.filters), 1) _, terms = ret.filters[0] self.assertEquals(str(terms[0].protocol[0]), '1')
def testRemoveTrailingCommentWhitespace(self):
term = LONG_COMMENT_TERM%'a'*99
acl = cisco.Cisco(policy.ParsePolicy(GOOD_HEADER + term,
self.naming), EXP_INFO)
def testLogNameTerm(self): pol = HEADER_6 + GOOD_TERM_37 ret = policy.ParsePolicy(pol, self.naming) self.assertEqual(len(ret.filters), 1) _, terms = ret.filters[0] self.assertEqual(str(terms[0].log_name), 'my special prefix')
def testICMPTypes(self): pol = HEADER + GOOD_TERM_11 ret = policy.ParsePolicy(pol, self.naming) self.assertEqual(len(ret.filters), 1) _, terms = ret.filters[0] self.assertEqual(terms[0].icmp_type[0], 'echo-reply')
def testMultifilter(self): pol = HEADER + GOOD_TERM_1 + HEADER_2 + GOOD_TERM_1 ret = policy.ParsePolicy(pol, self.naming) self.assertEquals(len(ret.headers), 2)
def testIntegerFilterName(self): pol_text = HEADER_3 + GOOD_TERM_0 pol = policy.ParsePolicy(pol_text, self.naming) self.assertEqual(pol.headers[0].target[0].options[0], '50')
def testTcpEstablished(self):
acl = brocade.Brocade(
policy.ParsePolicy(GOOD_HEADER + GOOD_TERM, self.naming), EXP_INFO)
self.failUnless(
re.search('permit tcp any any established\n', str(acl)), str(acl))
def testPrecedence(self): pol_text = HEADER + GOOD_TERM_22 pol = policy.ParsePolicy(pol_text, self.naming) self.assertEquals(len(pol.filters), 1) _, terms = pol.filters[0] self.assertEquals(terms[0].precedence, [1])
def testNsxvStr(self):
"""Test for Nsxv._str_."""
self.naming.GetNetAddr('GOOGLE_DNS').AndReturn([
nacaddr.IP('8.8.4.4'),
nacaddr.IP('8.8.8.8'),
nacaddr.IP('2001:4860:4860::8844'),
nacaddr.IP('2001:4860:4860::8888')
])
self.naming.GetServiceByProto.return_value = ['53']
pol = policy.ParsePolicy(MIXED_FILTER, self.naming, False)
target = nsxv.Nsxv(pol, EXP_INFO)
# parse the output and seperate sections and comment
section_tokens = str(target).split('<section')
sections = []
for sec in section_tokens:
section = sec.replace('name=', '<section name=')
sections.append(section)
# parse the xml
# Checking comment tag
comment = sections[0]
if 'Id' not in comment:
self.fail('Id missing in xml comment in test_nsxv_str()')
if 'Date' not in comment:
self.fail('Date missing in xml comment in test_nsxv_str()')
if 'Revision' not in comment:
self.fail('Revision missing in xml comment in test_nsxv_str()')
root = ET.fromstring(sections[1])
# check section name
section_name = {'name': 'Sample mixed NSXV filter'}
self.assertEqual(root.attrib, section_name)
# check name and action
self.assertEqual(root.find('./rule/name').text, 'accept-to-honestdns')
self.assertEqual(root.find('./rule/action').text, 'allow')
# check IPV4 and IPV6 destinations
exp_ipv4dest = ['8.8.4.4', '8.8.8.8']
exp_ipv6dest = ['2001:4860:4860::8844', '2001:4860:4860::8888']
for destination in root.findall('./rule/destinations/destination'):
addr_type = destination.find('type').text
value = (destination.find('value').text)
if 'Ipv4Address' in addr_type:
if value not in exp_ipv4dest:
self.fail('IPv4Address not found in test_nsxv_str()')
else:
if value not in exp_ipv6dest:
self.fail('IPv6Address not found in test_nsxv_str()')
# check protocol
protocol = int(root.find('./rule/services/service/protocol').text)
self.assertEqual(protocol, 17)
# check destination port
destination_port = root.find(
'./rule/services/service/destinationPort').text
self.assertEqual(destination_port, '53')
# check notes
notes = root.find('./rule/notes').text
self.assertEqual(notes, 'Allow name resolution using honestdns.')
self.naming.GetServiceByProto.assert_called_once_with('DNS', 'udp')
def testVpnConfigWithPairPolicy(self):
pol = policy.ParsePolicy(HEADER_4 + GOOD_TERM_31, self.naming)
self.assertEquals(len(pol.filters), 1)
self.assertEquals('special-31', pol.filters[0][1][0].vpn[0])
self.assertEquals('policy-11', pol.filters[0][1][0].vpn[1])
def testForwardingClass(self):
policy_text = GOOD_HEADER + GOOD_TERM_27
jcl = juniper.Juniper(policy.ParsePolicy(policy_text, self.naming),
EXP_INFO)
output = str(jcl)
self.failUnless('forwarding-class floop;' in output, output)
def testNextTerm(self):
acl = pcap.PcapFilter(policy.ParsePolicy(
GOOD_HEADER + NEXT_TERM, self.naming), EXP_INFO)
result = str(acl)
self.failUnless('' in result,
'did not find actual term for good-term-icmpv6')
