コード例 #1
0
 def __init__(self, network_name):
     BasePolicyDriver.__init__(self)
     if not validate_characters(network_name):
         raise ValueError("Invalid characters detected in the given network "
                          "name, %s. Only letters a-z, numbers 0-9, and "
                          "symbols _.- are supported.", network_name)
     self.profile_name = network_name
コード例 #2
0
def validate_arguments(arguments):
    """
    Validate argument values:
        <PROFILES>

    Arguments not validated:
        <HOSTNAME>
        <ORCHESTRATOR_ID>
        <WORKLOAD_ID>
        <ENDPOINT_ID>

    :param arguments: Docopt processed arguments
    """
    # Validate Profiles
    profile_ok = True
    profiles = arguments.get("<PROFILES>")
    if profiles is not None:
        for profile in profiles:
            profile_ok = validate_characters(profile)

    if not profile_ok:
        print_paragraph("Profile names must be < 40 character long and can "
                        "only contain numbers, letters, dots, dashes and "
                        "underscores.")
        sys.exit(1)
コード例 #3
0
def validate_arguments(arguments):
    """
    Validate argument values:
        <PROFILES>

    Arguments not validated:
        <HOSTNAME>
        <ORCHESTRATOR_ID>
        <WORKLOAD_ID>
        <ENDPOINT_ID>

    :param arguments: Docopt processed arguments
    """
    # Validate Profiles
    profile_ok = True
    profiles = arguments.get("<PROFILES>")
    if profiles is not None:
        for profile in profiles:
            profile_ok = validate_characters(profile)

    if not profile_ok:
        print_paragraph("Profile names must be < 40 character long and can "
                        "only contain numbers, letters, dots, dashes and "
                        "underscores.")
        sys.exit(1)
コード例 #4
0
ファイル: test_util.py プロジェクト: mkumatag/libcalico
    def test_validate_characters(self, input_string, expected_result):
        """
        Test validate_characters function
        """
        # Call method under test
        test_result = util.validate_characters(input_string)

        # Assert expected result
        self.assertEqual(expected_result, test_result)
コード例 #5
0
ファイル: test_util.py プロジェクト: TrimBiggs/libcalico
    def test_validate_characters(self, input_string, expected_result):
        """
        Test validate_characters function
        """
        with patch('sys.exit', autospec=True) as m_sys_exit:
            # Call method under test
            test_result = validate_characters(input_string)

            # Assert expected result
            self.assertEqual(expected_result, test_result)
コード例 #6
0
ファイル: test_util.py プロジェクト: ozdanborne/libcalico
    def test_validate_characters(self, input_string, expected_result):
        """
        Test validate_characters function
        """
        with patch('sys.exit', autospec=True) as m_sys_exit:
            # Call method under test
            test_result = validate_characters(input_string)

            # Assert expected result
            self.assertEqual(expected_result, test_result)
コード例 #7
0
ファイル: policy_drivers.py プロジェクト: EmmEff/calico-cni
    def __init__(self, network_name):

        self._client = DatastoreClient()
        """
        DatastoreClient for access to the Calico datastore.
        """

        self.profile_name = network_name
        """
        Name of profile for attach to endpoint.
        """

        # Validate the given network name to make sure it is compatible with
        # Calico policy.
        if not validate_characters(network_name):
            raise ValueError("Invalid characters detected in the given network "
                             "name, %s. Only letters a-z, numbers 0-9, and "
                             "symbols _.- are supported.", network_name)
コード例 #8
0
    def __setitem__(self, key, value):
        if key not in Rule.ALLOWED_KEYS:
            raise KeyError("Key %s is not allowed on Rule." % key)

        # Convert any CIDR strings to netaddr before inserting them.
        if key in ("src_net", "dst_net"):
            value = IPNetwork(value)
        if key == "action" and value not in ("allow", "deny"):
            raise ValueError("'%s' is not allowed for key 'action'" % value)
        if key == "protocol" and value not in ("tcp", "udp", "icmp", None):
            raise ValueError("'%s' is not allowed for key 'protocol'" % value)
        if key in ("src_tag", "dst_tag") and not validate_characters(value):
            raise ValueError("'%s' is not allowed for key '%s'" % (value, key))
        if key in ("src_ports", "dst_ports") and not validate_ports(value):
            raise ValueError("'%s' is not allowed for key '%s'" % (value, key))
        if key in ("icmp_type", "icmp_code") and not validate_icmp_type(value):
            raise ValueError("'%s' is not allowed for key '%s'" % (value, key))

        super(Rule, self).__setitem__(key, value)
コード例 #9
0
    def __setitem__(self, key, value):
        if key not in Rule.ALLOWED_KEYS:
            raise KeyError("Key %s is not allowed on Rule." % key)

        # Convert any CIDR strings to netaddr before inserting them.
        if key in ("src_net", "dst_net"):
            value = IPNetwork(value)
        if key == "action" and value not in ("allow", "deny"):
            raise ValueError("'%s' is not allowed for key 'action'" % value)
        if key == "protocol" and value not in ("tcp", "udp", "icmp", None):
            raise ValueError("'%s' is not allowed for key 'protocol'" % value)
        if key in ("src_tag", "dst_tag") and not validate_characters(value):
            raise ValueError("'%s' is not allowed for key '%s'" % (value, key))
        if key in ("src_ports", "dst_ports") and not validate_ports(value):
            raise ValueError("'%s' is not allowed for key '%s'" % (value, key))
        if key in ("icmp_type", "icmp_code") and not validate_icmp_type(value):
            raise ValueError("'%s' is not allowed for key '%s'" % (value, key))

        super(Rule, self).__setitem__(key, value)
コード例 #10
0
ファイル: policy_drivers.py プロジェクト: tomdee/calico-cni
    def __init__(self, network_name):

        self._client = DatastoreClient()
        """
        DatastoreClient for access to the Calico datastore.
        """

        self.profile_name = network_name
        """
        Name of profile for attach to endpoint.
        """

        # Validate the given network name to make sure it is compatible with
        # Calico policy.
        if not validate_characters(network_name):
            raise ValueError(
                "Invalid characters detected in the given network "
                "name, %s. Only letters a-z, numbers 0-9, and "
                "symbols _.- are supported.", network_name)
コード例 #11
0
def validate_arguments(arguments):
    """
    Validate argument values:
        <PROFILE>
        <SRCTAG>
        <SRCCIDR>
        <DSTTAG>
        <DSTCIDR>
        <ICMPTYPE>
        <ICMPCODE>
        <SRCPORTS>
        <DSTPORTS>

    Arguments not validated:
        <POSITION>

    :param arguments: Docopt processed arguments
    """
    # Validate Profiles
    profile_ok = True
    if arguments.get("<PROFILE>") is not None:
        profile = arguments.get("<PROFILE>")
        profile_ok = validate_characters(profile)

    # Validate tags
    tag_src_ok = (arguments.get("<SRCTAG>") is None
                  or validate_characters(arguments["<SRCTAG>"]))
    tag_dst_ok = (arguments.get("<DSTTAG>") is None
                  or validate_characters(arguments["<DSTTAG>"]))

    # Validate IPs
    cidr_ok = True
    cidr_list = []
    for arg in ["<SRCCIDR>", "<DSTCIDR>"]:
        if arguments.get(arg) is not None:
            cidr_list.append(arguments[arg])
            cidr_ok = validate_cidr(arguments[arg])
            if not cidr_ok:
                break

    icmp_ok = True
    for arg in ["<ICMPCODE>", "<ICMPTYPE>"]:
        if arguments.get(arg) is not None:
            icmp_ok = validate_icmp_type(arguments[arg])
            if not icmp_ok:
                break

    ports_ok = True
    for arg in ["<SRCPORTS>", "<DSTPORTS>"]:
        if arguments.get(arg) is not None:
            ports_ok = validate_ports(arguments[arg])
            if not ports_ok:
                break

    cidr_versions_ok = True
    if cidr_list:
        ip_version = None
        if arguments.get("icmp"):
            ip_version = 4
        elif arguments.get("icmpv6"):
            ip_version = 6
        cidr_versions_ok = validate_cidr_versions(cidr_list,
                                                  ip_version=ip_version)

    # Print error message
    if not profile_ok:
        print_paragraph("Profile names must be < 40 character long and can "
                        "only contain numbers, letters, dots, dashes and "
                        "underscores.")
    if not (tag_src_ok and tag_dst_ok):
        print_paragraph("Tags names can only contain numbers, letters, dots, "
                        "dashes and underscores.")
    if not cidr_ok:
        print "Invalid CIDR specified."
    if not icmp_ok:
        print "Invalid ICMP type or ICMP code specified."
    if not ports_ok:
        print "Invalid SRCPORTS or DSTPORTS specified."
    if not cidr_versions_ok:
        print "Invalid or unmatching IP versions for SRCCIDR/DSTCIDR."

    # Exit if not valid
    if not (profile_ok and tag_src_ok and tag_dst_ok and cidr_ok and icmp_ok
            and ports_ok and cidr_versions_ok):
        sys.exit(1)
コード例 #12
0
ファイル: profile.py プロジェクト: xuzhaokui/calico-docker
def validate_arguments(arguments):
    """
    Validate argument values:
        <PROFILE>
        <SRCTAG>
        <SRCCIDR>
        <DSTTAG>
        <DSTCIDR>
        <ICMPTYPE>
        <ICMPCODE>
        <SRCPORTS>
        <DSTPORTS>

    Arguments not validated:
        <POSITION>

    :param arguments: Docopt processed arguments
    """
    # Validate Profiles
    profile_ok = True
    if arguments.get("<PROFILE>") is not None:
        profile = arguments.get("<PROFILE>")
        profile_ok = validate_characters(profile)

    # Validate tags
    tag_src_ok = (arguments.get("<SRCTAG>") is None or
                validate_characters(arguments["<SRCTAG>"]))
    tag_dst_ok = (arguments.get("<DSTTAG>") is None or
                validate_characters(arguments["<DSTTAG>"]))

    # Validate IPs
    cidr_ok = True
    for arg in ["<SRCCIDR>", "<DSTCIDR>"]:
        if arguments.get(arg) is not None:
            cidr_ok = validate_cidr(arguments[arg])
            if not cidr_ok:
                break

    icmp_ok = True
    for arg in ["<ICMPCODE>", "<ICMPTYPE>"]:
        if arguments.get(arg) is not None:
            icmp_ok = validate_icmp_type(arguments[arg])
            if not icmp_ok:
                break

    ports_ok = True
    for arg in ["<SRCPORTS>", "<DSTPORTS>"]:
        if arguments.get(arg) is not None:
            ports_ok = validate_ports(arguments[arg])
            if not ports_ok:
                break

    # Print error message
    if not profile_ok:
        print_paragraph("Profile names must be < 40 character long and can "
                        "only contain numbers, letters, dots, dashes and "
                        "underscores.")
    if not (tag_src_ok and tag_dst_ok):
        print_paragraph("Tags names can only contain numbers, letters, dots, "
                        "dashes and underscores.")
    if not cidr_ok:
        print "Invalid CIDR specified."
    if not icmp_ok:
        print "Invalid ICMP type or ICMP code specified."
    if not ports_ok:
        print "Invalid SRCPORTS or DSTPORTS specified."

    # Exit if not valid
    if not (profile_ok and tag_src_ok and tag_dst_ok
            and cidr_ok and icmp_ok and ports_ok):
        sys.exit(1)