def convert_to_valid_router_rules(data): """ Validates and converts router rules to the appropriate data structure Example argument = [{'source': 'any', 'destination': 'any', 'action':'deny'}, {'source': '1.1.1.1/32', 'destination': 'any', 'action':'permit', 'nexthops': ['1.1.1.254', '1.1.1.253']} ] """ V4ANY = '0.0.0.0/0' if not isinstance(data, list): emsg = _("Invalid data format for router rule: '%s'") % data LOG.debug(emsg) raise qexception.InvalidInput(error_message=emsg) _validate_uniquerules(data) rules = [] expected_keys = ['source', 'destination', 'action'] for rule in data: rule['nexthops'] = rule.get('nexthops', []) if not isinstance(rule['nexthops'], list): rule['nexthops'] = rule['nexthops'].split('+') src = V4ANY if rule['source'] == 'any' else rule['source'] dst = V4ANY if rule['destination'] == 'any' else rule['destination'] errors = [ attr._verify_dict_keys(expected_keys, rule, False), attr._validate_subnet(dst), attr._validate_subnet(src), _validate_nexthops(rule['nexthops']), _validate_action(rule['action']) ] errors = [m for m in errors if m] if errors: LOG.debug(errors) raise qexception.InvalidInput(error_message=errors) rules.append(rule) return rules
def convert_to_valid_router_rules(data): """ Validates and converts router rules to the appropriate data structure Example argument = [{'source': 'any', 'destination': 'any', 'action':'deny'}, {'source': '1.1.1.1/32', 'destination': 'any', 'action':'permit', 'nexthops': ['1.1.1.254', '1.1.1.253']} ] """ V4ANY = '0.0.0.0/0' if not isinstance(data, list): emsg = _("Invalid data format for router rule: '%s'") % data LOG.debug(emsg) raise qexception.InvalidInput(error_message=emsg) _validate_uniquerules(data) rules = [] expected_keys = ['source', 'destination', 'action'] for rule in data: rule['nexthops'] = rule.get('nexthops', []) if not isinstance(rule['nexthops'], list): rule['nexthops'] = rule['nexthops'].split('+') src = V4ANY if rule['source'] == 'any' else rule['source'] dst = V4ANY if rule['destination'] == 'any' else rule['destination'] errors = [attr._verify_dict_keys(expected_keys, rule, False), attr._validate_subnet(dst), attr._validate_subnet(src), _validate_nexthops(rule['nexthops']), _validate_action(rule['action'])] errors = [m for m in errors if m] if errors: LOG.debug(errors) raise qexception.InvalidInput(error_message=errors) rules.append(rule) return rules
def test_validate_subnet(self): # Valid - IPv4 cidr = "10.0.2.0/24" msg = attributes._validate_subnet(cidr, None) self.assertIsNone(msg) # Valid - IPv6 without final octets cidr = "fe80::/24" msg = attributes._validate_subnet(cidr, None) self.assertIsNone(msg) # Valid - IPv6 with final octets cidr = "fe80::0/24" msg = attributes._validate_subnet(cidr, None) self.assertIsNone(msg) # Invalid - IPv4 missing mask cidr = "10.0.2.0" msg = attributes._validate_subnet(cidr, None) error = "'%s' is not a valid IP subnet" % cidr self.assertEqual(msg, error) # Invalid - IPv6 without final octets, missing mask cidr = "fe80::" msg = attributes._validate_subnet(cidr, None) error = "'%s' is not a valid IP subnet" % cidr self.assertEqual(msg, error) # Invalid - IPv6 with final octets, missing mask cidr = "fe80::0" msg = attributes._validate_subnet(cidr, None) error = "'%s' is not a valid IP subnet" % cidr self.assertEqual(msg, error) # Invalid - Address format error cidr = 'invalid' msg = attributes._validate_subnet(cidr, None) error = "'%s' is not a valid IP subnet" % cidr self.assertEqual(msg, error)
def test_cidr(self): # Valid - IPv4 cidr = "10.0.2.0/24" msg = attributes._validate_subnet(cidr, None) self.assertEquals(msg, None) # Valid - IPv6 without final octets cidr = "fe80::/24" msg = attributes._validate_subnet(cidr, None) self.assertEquals(msg, None) # Valid - IPv6 with final octets cidr = "fe80::0/24" msg = attributes._validate_subnet(cidr, None) self.assertEquals(msg, None) # Invalid - IPv4 missing mask cidr = "10.0.2.0" msg = attributes._validate_subnet(cidr, None) error = "%s is not a valid IP subnet" % cidr self.assertEquals(msg, error) # Invalid - IPv6 without final octets, missing mask cidr = "fe80::" msg = attributes._validate_subnet(cidr, None) error = "%s is not a valid IP subnet" % cidr self.assertEquals(msg, error) # Invalid - IPv6 with final octets, missing mask cidr = "fe80::0" msg = attributes._validate_subnet(cidr, None) error = "%s is not a valid IP subnet" % cidr self.assertEquals(msg, error)