def test_validate(monkeypatch):
"""
.
"""
# pylint: disable=unused-argument
@counter_wrapper
def fake_validate(self):
"""
.
"""
return True
monkeypatch.setattr(file_paths, "get_folders_with_config",
lambda folder: [])
monkeypatch.setattr(Firewall, "validate", fake_validate)
monkeypatch.setattr(Host, "validate", fake_validate)
network = Network(
"network", None, ".", "1.1.1.1/24", **{
"interface-name": "eth0",
"firewalls": [Firewall("firewall", "local", "network", ".")],
"hosts": [Host("host", None, ".", "192.168.0.1")],
})
assert network.validate(), "Network is valid"
assert fake_validate.counter == 4, "Called for all three firewalls and host"
def test_network_commands(monkeypatch):
"""
.
"""
network_properties = {
"authoritative": "disable",
"domain-name": "test.domain",
"default-router": "192.168.0.1",
"lease": 86400,
"start": "192.168.0.100",
"stop": "192.168.0.254",
"dns-server": "192.168.0.1",
"dns-servers": ["8.8.8.8", "8.8.4.4"],
"hosts": [],
"firewalls": [],
"interface-name": "eth0",
}
monkeypatch.setattr(Firewall, "commands", lambda self: ([[]], []))
network = Network("network1", None, ".", "192.168.0.0/24",
**network_properties)
ordered_commands, command_list = network.commands()
base = "service dhcp-server shared-network-name network1 "
subnet_base = base + "subnet 192.168.0.0/24 "
expected_commands = [
base + "authoritative disable",
subnet_base + "domain-name test.domain",
subnet_base + "default-router 192.168.0.1",
subnet_base + "lease 86400",
subnet_base + "dns-server 192.168.0.1",
subnet_base + "start 192.168.0.100 stop 192.168.0.254",
subnet_base + "dns-server 8.8.8.8",
subnet_base + "dns-server 8.8.4.4",
# This is auto-generated so must be included
"interfaces ethernet eth0 address 192.168.0.1/24",
]
assert command_list == expected_commands + [
"interfaces ethernet eth0 firewall in name network1-IN",
"interfaces ethernet eth0 firewall out name network1-OUT",
"interfaces ethernet eth0 firewall local name network1-LOCAL",
], "Command list correct"
assert ordered_commands == [
expected_commands,
[], # Firewall commands would go here - checked in later test
[
"interfaces ethernet eth0 firewall in name network1-IN",
"interfaces ethernet eth0 firewall out name network1-OUT",
"interfaces ethernet eth0 firewall local name network1-LOCAL",
],
], "Ordered commands correct"
def test_is_consistent(monkeypatch):
"""
.
"""
# pylint: disable=unused-argument
@counter_wrapper
def fake_host_consistent(self):
"""
.
"""
return True
monkeypatch.setattr(Host, "is_consistent", fake_host_consistent)
host1 = Host("test", None, ".", address="11.0.0.1", mac="ab:cd:ef")
host2 = Host("test2", None, ".", address="10.0.0.1", mac="ab:cd:ef")
host3 = Host("test3", None, ".", address="11.0.0.1", mac="ab:cd:12")
host4 = Host("test4", None, ".", address="10.0.0.2", mac="12:34:56")
firewall1 = Firewall("firewall", "in", "network", ".")
firewall2 = Firewall("firewall2", "out", "network", ".")
network_properties = {
"firewalls": [firewall1, firewall2],
"hosts": [host1, host2, host3, host4],
"default-router": "192.168.0.1",
"start": "10.10.0.100",
"stop": "10.10.0.255",
"interface-name": "eth0",
}
network = Network("network", None, ".", "10.0.0.0/24",
**network_properties)
assert not network.is_consistent(), "Network is not consistent"
assert network.validation_errors() == [
"Default router not in Network network",
"DHCP start address not in Network network",
"DHCP stop address not in Network network",
"Host test not in Network network",
"Host test3 not in Network network",
"Host test shares an address with: Host test3",
"Host test shares its mac with: Host test2",
], "Validation errors set"
assert fake_host_consistent.counter == 4, "Four hosts' consistency checked"
network_properties = {
"firewalls": [firewall1, firewall2],
"hosts": [host2, host4],
"default-router": "10.0.0.1",
"start": "10.0.0.100",
"stop": "10.0.0.255",
"interface-name": "eth0",
}
network = Network("network", None, ".", "10.0.0.0/24",
**network_properties)
assert network.is_consistent(), "Network should be consistent"
assert not network.validation_errors(), "No validation errors present"
def test_connection_consistency(monkeypatch):
"""
.
"""
monkeypatch.setattr(
secondary_configs, "get_port_groups", lambda config_path: [PortGroup("a-group")]
)
monkeypatch.setattr(Host, "add_firewall_rules", lambda self: None)
network = Network(
"network", None, ".", "192.168.0.0/24", **{"interface-name": "eth0"}
)
attributes = {
"connections": [
{"allow": True, "rule": 10},
{
"allow": True,
"rule": 20,
"source": {"address": "123.123.123.123"},
"destination": {"address": "a-group"},
},
]
}
host = Host("host", network, ".", "192.168.0.1", **attributes)
assert not host.is_consistent(), "Host is not consistent"
assert host.validation_errors() == [
"Host host has connection with no source address or destination address",
"Host host has connection where its address is not used "
"in source or destination",
]
def test_load_firewalls(monkeypatch):
"""
.
"""
monkeypatch.setattr(
file_paths,
"get_folders_with_config",
lambda folder: ["firewall1/config.yaml", "firewall2/config.yaml"],
)
monkeypatch.setattr(Network, "_load_hosts", lambda self: None)
# Need the direction set here for firewalls
monkeypatch.setattr(
file_paths,
"load_yaml_from_file",
lambda file_path:
{"direction": "local" if "1" in file_path else "out"},
)
network = Network("network", None, ".", "10.0.0.0/8",
**{"interface-name": "eth0"})
assert "firewalls" in network._validate_attributes, "firewalls added"
firewalls = getattr(network, "firewalls")
assert "firewall1" in [firewall.name
for firewall in firewalls], "firewall 1 found"
assert "firewall2" in [firewall.name
for firewall in firewalls], "firewall 2 found"
assert (network.firewalls_by_direction.get(
"in", None).name == "network-IN"), "In firewall auto-constructed"
assert (network.firewalls_by_direction.get(
"local", None).name == "firewall1"), "Local firewall correct"
assert (network.firewalls_by_direction.get(
"out", None).name == "firewall2"), "Out firewall correct"
def test_initialization(monkeypatch):
"""
.
"""
# pylint: disable=unused-argument
@counter_wrapper
def fake_set_attrs(self, attrs: dict):
"""
.
"""
# pylint: disable=unused-argument
@counter_wrapper
def fake_load_firewalls(self):
"""
.
"""
self.firewalls = []
monkeypatch.setattr(Network, "_add_keyword_attributes", fake_set_attrs)
monkeypatch.setattr(Network, "_load_firewalls", fake_load_firewalls)
network = Network("network", None, ".", "10.0.0.0/8",
**{"interface-name": "eth0"})
assert network.name == "network", "Name set"
assert network.cidr == "10.0.0.0/8", "CIDR set"
assert fake_set_attrs.counter == 1, "Set attrs called"
assert fake_load_firewalls.counter == 1, "Load firewalls called"
assert str(network) == "Network network", "Network name returned"
def test_load_hosts(monkeypatch):
"""
.
"""
monkeypatch.setattr(
file_paths,
"get_config_files",
lambda folder:
["network1/hosts/host1.yaml", "network1/hosts/host2.yaml"],
)
monkeypatch.setattr(file_paths, "load_yaml_from_file",
lambda file_path: {"address": "192.168.0.1"})
network = Network("network", None, ".", "10.0.0.0/8", **{
"interface-name": "eth0",
"firewalls": []
})
assert "hosts" in network._validate_attributes, "Hosts added"
hosts = getattr(network, "hosts")
assert "host1" in [host.name for host in hosts], "Host 1 found"
assert "host2" in [host.name for host in hosts], "Host 2 found"
def create_from_configs(cls, config_path: str):
"""
Load configuration from files
"""
nat = NAT(config_path)
return cls(
secondary_configs.get_global_configuration(config_path),
secondary_configs.get_port_groups(config_path),
secondary_configs.get_external_addresses(config_path),
[
Network(
network_folder.split(path.sep)[-2],
nat,
config_path,
**(file_paths.load_yaml_from_file(network_folder))
)
for network_folder in file_paths.get_folders_with_config(
[config_path, file_paths.NETWORK_FOLDER]
)
],
nat,
)
def test_validation_failures(monkeypatch):
"""
.
"""
monkeypatch.setattr(file_paths, "get_folders_with_config",
lambda folder: [])
network = Network(
"network", None, ".", "1.1.1.1/24", **{
"interface-name":
"eth0",
"firewalls": [Firewall("firewall", "in", "network", ".")],
"hosts": [
Host("host", None, ".", "192.168.0.1"),
Host("host2", None, ".", "192.168.0.1"),
],
})
assert network.validation_failures() == [], "No failures added yet"
monkeypatch.setattr(Firewall, "validation_failures",
lambda self: ["abc", "def"])
monkeypatch.setattr(Host, "validation_errors", lambda self: ["ghi"])
network.add_validation_error("failure")
assert network.validation_failures() == [
"failure",
# Firewall failures repeated three times, one for each
"abc",
"def",
"abc",
"def",
"abc",
"def",
"ghi",
"ghi",
], "Failures returned for network and all children"
def test_is_consistent(monkeypatch):
"""
.
"""
monkeypatch.setattr(Host, "add_firewall_rules", lambda self: None)
network = Network(
"network", None, ".", "192.168.0.0/24", **{"interface-name": "eth0"}
)
host = Host("host", network, ".", "192.168.0.1")
monkeypatch.setattr(secondary_configs, "get_port_groups", lambda config_path: [])
assert host.is_consistent(), "Empty host is consistent"
monkeypatch.setattr(
secondary_configs, "get_port_groups", lambda config_path: [PortGroup("group1")]
)
attrs = {"forward-ports": ["group1", "group2"]}
host = Host("host", network, ".", "192.168.0.1", **attrs)
assert not host.is_consistent(), "Missing forward port group inconsistent"
assert host.validation_errors() == [
"Port Group group2 not defined for forwarding in Host host"
], "Forward port group error set"
attrs = {"forward-ports": ["group1", 80, {8080: 80}]}
host = Host("host", network, ".", "192.168.0.1", **attrs)
assert host.is_consistent(), "Forward port groups consistent"
assert not host.validation_errors(), "No errors for forward port"
attrs = {
"hairpin-ports": [
{
"description": "hairpin",
"interface": "eth1.10",
"connection": {"destination": {"port": "group1"}},
},
{
"description": "hairpin2",
"interface": "eth1.20",
"connection": {"destination": {"port": "group2"}},
},
]
}
host = Host("host", network, ".", "192.168.0.1", **attrs)
assert not host.is_consistent(), "Missing hairpin port group inconsistent"
assert host.validation_errors() == [
"Port Group group2 not defined for hairpin in Host host"
], "Hairpin port group error set"
attrs = {
"hairpin-ports": [
{
"description": "hairpin",
"interface": "eth1.10",
"connection": {"destination": {"port": "group1"}},
},
{
"description": "web",
"interface": "eth1.20",
"connection": {"destination": {"port": 80}},
},
]
}
host = Host("host", network, ".", "192.168.0.2", **attrs)
assert host.is_consistent(), "Hairpin port groups consistent"
assert not host.validation_errors(), "No errors for hairpin port"
attrs = {
"connections": [
{
"allow": True,
"source": {"address": "an-address"},
"destination": {"port": 80},
},
{
"allow": False,
"source": {"address": "12.10.12.12", "port": 8080},
"destination": {"port": "443"},
},
{
"allow": False,
"source": {"address": "192.168.0.0/24"},
"destination": {"port": "group1"},
},
{
"allow": False,
"source": {"port": "group2"},
"destination": {"port": "group3"},
},
{
"allow": True,
"source": {"address": "Amazon"},
"destination": {"port": "web"},
},
]
}
host = Host("host", network, ".", "192.168.0.1", **attrs)
assert not host.is_consistent(), "Connections inconsistent"
assert host.validation_errors() == [
"Source Port Group group2 not defined for blocked connection in Host host",
"Destination Port Group group3 not defined for blocked connection in Host host",
"Destination Port Group web not defined for allowed connection in Host host",
], "Error set for missing port group in connections"
del attrs["connections"][-2:]
host = Host("host", network, ".", "192.168.0.1", **attrs)
assert host.is_consistent(), "Connections are consistent"
assert not host.validation_errors(), "No connection errors"
def test_add_firewall_rules():
"""
.
"""
host_properties = {
"address-groups": ["devices"],
"forward-ports": [
80,
"443",
"server-ports",
{"8080": 80},
{4443: 443},
{222: "22"},
],
"hairpin-ports": [
{
"connection": {"destination": {"address": "8.8.8.8", "port": 53}},
"interface": "eth1.10",
},
{
"connection": {"destination": {"port": "server-ports"}},
"description": "Hairpin server ports back to host",
"interface": "eth0",
},
],
"connections": [
{
"allow": True,
"rule": 20,
"log": False,
"description": "A rule",
"source": {"address": "192.168.0.0/24",},
"destination": {"port": "printer-ports"},
},
{
"allow": False,
"log": True,
"description": "A rule",
"source": {"address": "bad-things",},
"destination": {"address": "devices", "port": 22},
},
{
"allow": True,
"description": "A rule",
"source": {"address": "devices",},
"destination": {"port": "allowed-ports"},
},
{
"allow": False,
"description": "A rule",
"log": True,
"source": {"address": "devices",},
"destination": {"port": "blocked-ports"},
},
{
"allow": True,
"description": "A rule",
"log": False,
"source": {"port": "allowed-ports",},
"destination": {"address": "devices"},
},
],
}
host = Host(
"host1",
Network(
"network", NAT("."), ".", "192.168.0.0/24", **{"interface-name": "eth0"}
),
".",
"192.168.0.100",
**host_properties
)
firewall_in = host.network.firewalls_by_direction["in"]
firewall_out = host.network.firewalls_by_direction["out"]
rule_20 = {
"number": 20,
"firewall_name": "network-IN",
"config_path": ".",
"action": "accept",
"protocol": "tcp_udp",
"log": "disable",
"description": "A rule",
"source": {"address": "192.168.0.0/24"},
"destination": {"port": "printer-ports"},
}
rule_10 = copy.deepcopy(rule_20)
rule_10["number"] = 10
rule_10["source"]["address"] = "devices"
rule_10["destination"]["port"] = "allowed-ports"
rule_30 = copy.deepcopy(rule_10)
rule_30["number"] = 30
rule_30["action"] = "drop"
rule_30["log"] = "enable"
rule_30["destination"]["port"] = "blocked-ports"
assert firewall_in.rules == [
Rule(**rule_20),
Rule(**rule_10),
Rule(**rule_30),
], "Rules created for in firewall correctly"
rule_10["action"] = "drop"
rule_10["source"]["address"] = "bad-things"
rule_10["destination"]["address"] = "devices"
rule_10["destination"]["port"] = 22
rule_10["log"] = "enable"
rule_20 = copy.deepcopy(rule_10)
rule_20["number"] = 20
rule_20["action"] = "accept"
rule_20["log"] = "disable"
rule_20["source"] = {"port": "allowed-ports"}
rule_20["destination"] = {"address": "devices"}
assert firewall_out.rules == [
Rule(**rule_10),
Rule(**rule_20),
], "Rules created for out firewall correctly"
base_rule_properties = {
"number": 10,
"description": "Forward port 80 to host1",
"config_path": ".",
"type": "destination",
"protocol": "tcp_udp",
"inbound-interface": "eth0",
"inside-address": {"address": "192.168.0.100"},
"destination": {"port": 80},
}
ssl_rule = copy.deepcopy(base_rule_properties)
ssl_rule["number"] = 20
ssl_rule["destination"]["port"] = "443"
ssl_rule["description"] = ssl_rule["description"].replace("80", "443")
server_rule = copy.deepcopy(base_rule_properties)
server_rule["number"] = 30
server_rule["destination"]["port"] = "server-ports"
server_rule["description"] = server_rule["description"].replace(
"80", "server-ports"
)
str_translate_rule = copy.deepcopy(base_rule_properties)
str_translate_rule["number"] = 40
str_translate_rule["destination"]["port"] = "8080"
str_translate_rule["inside-address"]["port"] = 80
str_translate_rule["description"] = str_translate_rule["description"].replace(
"80", "8080"
)
int_translate_rule = copy.deepcopy(base_rule_properties)
int_translate_rule["number"] = 50
int_translate_rule["destination"]["port"] = 4443
int_translate_rule["inside-address"]["port"] = 443
int_translate_rule["description"] = int_translate_rule["description"].replace(
"80", "4443"
)
other_translate_rule = copy.deepcopy(base_rule_properties)
other_translate_rule["number"] = 60
other_translate_rule["destination"]["port"] = 222
other_translate_rule["inside-address"]["port"] = "22"
other_translate_rule["description"] = other_translate_rule["description"].replace(
"80", "222"
)
hairpin_rule = {
"number": 70,
"description": "",
"config_path": ".",
"type": "destination",
"protocol": "tcp_udp",
"inside-address": {"address": "192.168.0.100"},
"destination": {"address": "8.8.8.8", "port": 53},
"inbound-interface": "eth1.10",
}
hairpin_rule_2 = copy.deepcopy(hairpin_rule)
hairpin_rule_2["number"] = 80
hairpin_rule_2["description"] = "Hairpin server ports back to host"
hairpin_rule_2["destination"] = {
"address": "external-addresses",
"port": "server-ports",
}
hairpin_rule_2["inbound-interface"] = "eth0"
assert host.network.nat.rules == [
NATRule(**base_rule_properties),
NATRule(**ssl_rule),
NATRule(**server_rule),
NATRule(**str_translate_rule),
NATRule(**int_translate_rule),
NATRule(**other_translate_rule),
NATRule(**hairpin_rule),
NATRule(**hairpin_rule_2),
], "NAT rules created"
def test_host_firewall_consistency(monkeypatch):
"""
.
"""
monkeypatch.setattr(secondary_configs, "get_port_groups", lambda config_path: [])
monkeypatch.setattr(Host, "add_firewall_rules", lambda self: None)
network = Network(
"network", None, ".", "192.168.0.0/24", **{"interface-name": "eth0"}
)
attrs = {
"address-groups": ["an-address"],
"connections": [
{
"allow": True,
"rule": 10,
"source": {"address": "an-address"},
"destination": {"port": 80},
},
{
"allow": False,
"rule": 10,
"source": {"address": "12.10.12.12", "port": 8080},
},
{
"allow": False,
"rule": 20,
"source": {"address": "an-address"},
"destination": {"port": 443},
},
{
"allow": False,
"rule": 20,
"source": {"address": "an-address"},
"destination": {"port": 4443},
},
],
}
host = Host("host", network, ".", "12.10.12.12", **attrs)
assert not host.is_consistent(), "Duplicate rules inconsistent"
assert host.validation_errors() == [
"Host host has duplicate firewall rules: 10, 20"
], "Duplicate rules errors set"
firewall_in = Firewall(
"firewall-in",
"in",
"network",
".",
rules=[Rule(10, "firewall-in", "."), Rule(30, "firewall-in", ".")],
)
firewall_out = Firewall(
"firewall-out",
"out",
"network",
".",
rules=[Rule(20, "firewall-out", "."), Rule(40, "firewall-out", ".")],
)
network = Network(
"network",
None,
".",
"192.168.0.0/24",
**{"interface-name": "eth0", "firewalls": [firewall_in, firewall_out],}
)
attrs = {
"address-groups": ["an-address"],
"connections": [
{
"allow": True,
"rule": 10,
"source": {"address": "an-address"},
"destination": {"port": 80},
},
{
"allow": False,
"rule": 20,
"source": {"address": "an-address"},
"destination": {"port": 443},
},
],
}
host = Host("host", network, ".", "192.168.0.1", **attrs)
assert not host.is_consistent(), "Rules conflicting with firewall is inconsistent"
assert host.validation_errors() == [
"Host host has conflicting connection rule with Firewall firewall-in, "
"rule number 10",
"Host host has conflicting connection rule with Firewall firewall-out, "
"rule number 20",
], "Firewall rule conflict errors set"
def from_config(*args, **kwargs):
interface_name = {
"interface-name": "eth0",
"start": "10.10.0.100",
"stop": "10.10.0.254",
}
if from_config.counter % 2:
return root_parser.RootNode(
GlobalSettings(),
[],
ExternalAddresses([]),
[
Network(
"network1",
NAT(".", []),
".",
"10.10.0.0/24",
firewalls=[
Firewall("n1f1", "in", "network1", ".", rules=[]),
Firewall("n1f2", "out", "network1", ".", rules=[]),
],
hosts=[],
**interface_name),
Network(
"network2",
NAT(".", []),
".",
"10.11.0.0/24",
firewalls=[
Firewall("n2f1", "in", "network2", ".", rules=[]),
Firewall("n2f2", "out", "network2", ".", rules=[]),
],
hosts=[],
**interface_name),
Network("network3",
NAT(".", []),
".",
"10.12.0.0/24",
firewalls=[
Firewall(
"n3f1", "in", "network3", ".", rules=[]),
],
hosts=[],
**interface_name),
],
NAT(".", []),
)
else:
return root_parser.RootNode(
GlobalSettings(),
[],
ExternalAddresses([]),
[
Network(
"network4",
NAT(".", []),
".",
"10.13.0.0/24",
firewalls=[
Firewall("n4f1", "in", "network4", ".", rules=[]),
Firewall("n4f2", "out", "network4", ".", rules=[]),
],
hosts=[],
**interface_name),
Network(
"network2",
NAT(".", []),
".",
"10.11.0.0/24",
firewalls=[
Firewall("n2f1", "in", "network2", ".", rules=[]),
Firewall("n2f2", "out", "network2", ".", rules=[]),
],
hosts=[],
**interface_name),
Network(
"network3",
NAT(".", []),
".",
"10.12.0.0/24",
firewalls=[
Firewall("n3f1", "in", "network3", ".", rules=[]),
Firewall("n3f2", "in", "network3", ".", rules=[]),
],
hosts=[],
**interface_name),
],
NAT(".", []),
)
def test_command_ordering(monkeypatch):
"""
.
"""
# pylint: disable=unused-argument
@counter_wrapper
def get_firewall_commands(self):
"""
.
"""
if get_firewall_commands.counter == 1:
commands = (
[["firewall1-command"], ["firewall1-command2"]],
["firewall1-command", "firewall1-command2"],
)
elif get_firewall_commands.counter == 2:
commands = (
[["firewall2-command", "firewall2-command2"],
["firewall2-command3"]],
[
"firewall2-command", "firewall2-command2",
"firewall2-command3"
],
)
else:
commands = ([["firewall3-command"]], ["firewall3-command"])
return commands
monkeypatch.setattr(Firewall, "commands", get_firewall_commands)
host_properties = {
"mac": "abc",
"address": "123",
"address-groups": ["desktop", "windows"],
}
network_properties = {
"domain-name":
"test.domain",
"default-router":
"192.168.0.1",
"lease":
86400,
"start":
"192.168.0.100",
"stop":
"192.168.0.254",
"interface-name":
"eth0",
"interface-description":
"the interface",
"hosts": [
Host("host1", None, ".", **host_properties),
Host("host2", None, ".", mac="def", address="234"),
],
"firewalls": [
Firewall("firewall1", "in", "network", "."),
Firewall("firewall2", "out", "network", "."),
],
}
network = Network("network1", None, ".", "192.168.0.0/24",
**network_properties)
ordered_commands, command_list = network.commands()
base = "service dhcp-server shared-network-name network1 "
subnet_base = base + "subnet 192.168.0.0/24 "
mapping_base = subnet_base + "static-mapping "
interface_base = "interfaces ethernet eth0 "
assert command_list == [
subnet_base + "domain-name test.domain",
subnet_base + "default-router 192.168.0.1",
subnet_base + "lease 86400",
subnet_base + "start 192.168.0.100 stop 192.168.0.254",
interface_base + "address 192.168.0.1/24",
interface_base + "description 'the interface'",
"firewall1-command",
"firewall1-command2",
interface_base + "firewall in name firewall1",
"firewall2-command",
"firewall2-command2",
"firewall2-command3",
interface_base + "firewall out name firewall2",
"firewall3-command",
interface_base + "firewall local name network1-LOCAL",
mapping_base + "host1 ip-address 123",
mapping_base + "host1 mac-address abc",
mapping_base + "host2 ip-address 234",
mapping_base + "host2 mac-address def",
], "Network commands correct"
assert ordered_commands == [
[
subnet_base + "domain-name test.domain",
subnet_base + "default-router 192.168.0.1",
subnet_base + "lease 86400",
subnet_base + "start 192.168.0.100 stop 192.168.0.254",
interface_base + "address 192.168.0.1/24",
interface_base + "description 'the interface'",
],
[
"firewall1-command",
"firewall2-command",
"firewall2-command2",
"firewall3-command",
],
["firewall1-command2", "firewall2-command3"],
[
"interfaces ethernet eth0 firewall in name firewall1",
"interfaces ethernet eth0 firewall out name firewall2",
"interfaces ethernet eth0 firewall local name network1-LOCAL",
],
[
mapping_base + "host1 ip-address 123",
mapping_base + "host1 mac-address abc",
mapping_base + "host2 ip-address 234",
mapping_base + "host2 mac-address def",
],
], "Ordered network commands correct"
def test_interface_commands(monkeypatch):
"""
.
"""
monkeypatch.setattr(Firewall, "commands", lambda self: ([[]], []))
network_properties = {
"hosts": [],
"firewalls": [],
"interface-name": "eth0",
"interface-description": "desc",
"duplex": "auto",
"speed": "auto",
}
network = Network("network1", None, ".", "192.168.0.0/24",
**network_properties)
ordered_commands, command_list = network.commands()
interface_base = "interfaces ethernet eth0 "
expected_commands = [
interface_base + "duplex auto",
interface_base + "speed auto",
interface_base + "address dhcp",
interface_base + "description 'desc'",
]
assert command_list == [
*expected_commands,
interface_base + "firewall in name network1-IN",
interface_base + "firewall out name network1-OUT",
interface_base + "firewall local name network1-LOCAL",
], "Command list for non-VIF interface correct"
assert ordered_commands == [
expected_commands,
[], # Firewall commands empty
[
interface_base + "firewall in name network1-IN",
interface_base + "firewall out name network1-OUT",
interface_base + "firewall local name network1-LOCAL",
],
], "Ordered commands correct"
network_properties = {
"hosts": [],
"firewalls": [],
"interface-name": "eth0",
"interface-description": "VLAN 123",
"default-router": "192.168.0.1",
"duplex": "half",
"speed": 100,
"vif": "123",
}
network = Network("network1", None, ".", "192.168.0.0/24",
**network_properties)
ordered_commands, command_list = network.commands()
interface_base = "interfaces ethernet eth0 "
expected_commands = [
"service dhcp-server shared-network-name network1 subnet 192.168.0.0/24 "
"default-router 192.168.0.1",
interface_base + "duplex half",
interface_base + "speed 100",
interface_base + "description 'CARRIER'",
interface_base + "vif 123 address 192.168.0.1/24",
interface_base + "vif 123 description 'VLAN 123'",
]
assert command_list == [
*expected_commands,
interface_base + "vif 123 firewall in name network1-IN",
interface_base + "vif 123 firewall out name network1-OUT",
interface_base + "vif 123 firewall local name network1-LOCAL",
], "Command list for VIF interface correct"
assert ordered_commands == [
expected_commands,
[], # Firewall commands empty
[
interface_base + "vif 123 firewall in name network1-IN",
interface_base + "vif 123 firewall out name network1-OUT",
interface_base + "vif 123 firewall local name network1-LOCAL",
],
]