def test_check_protocol(self): """ check default protocols """ for protocol in utils.VALID_PROTOCOLS: self.assertEqual( protocol.capitalize(), utils.check_protocol(protocol).capitalize() ) # something unknow with self.assertRaises(cfy_exc.NonRecoverableError): utils.check_protocol("Unknow").capitalize()
def creation_validation(vca_client, **kwargs): """ validate firewall rules for node """ getaway = get_gateway( vca_client, _get_gateway_name(ctx.node.properties) ) if not getaway.is_fw_enabled(): raise cfy_exc.NonRecoverableError( "Gateway firewall is disabled. Please, enable firewall.") rules = get_mandatory(ctx.node.properties, 'rules') for rule in rules: description = rule.get("description") if description and not isinstance(description, basestring): raise cfy_exc.NonRecoverableError( "Parameter 'description' must be string.") source = rule.get("source") if source: if not isinstance(source, basestring): raise cfy_exc.NonRecoverableError( "Parameter 'source' must be valid IP address string.") if not _is_literal_ip(source): check_ip(source) utils.check_port(rule.get('source_port')) destination = rule.get('destination') if destination: if not isinstance(destination, basestring): raise cfy_exc.NonRecoverableError( "Parameter 'destination' must be valid IP address string.") if not _is_literal_ip(destination): check_ip(destination) utils.check_port(rule.get('destination_port')) utils.check_protocol(rule.get('protocol')) action = get_mandatory(rule, "action") if (not isinstance(action, basestring) or action.lower() not in ACTIONS): raise cfy_exc.NonRecoverableError( "Action must be on of{0}.".format(ACTIONS)) log = rule.get('log_traffic') if log and not isinstance(log, bool): raise cfy_exc.NonRecoverableError( "Parameter 'log_traffic' must be boolean.")
def creation_validation(vca_client, **kwargs): """ validate nat rules in node properties """ nat = get_mandatory(ctx.node.properties, 'nat') gateway = get_gateway(vca_client, get_mandatory(nat, 'edge_gateway')) service_type = get_vcloud_config().get('service_type') public_ip = nat.get(PUBLIC_IP) if public_ip: check_ip(public_ip) else: if is_subscription(service_type): getFreeIP(gateway) for rule in get_mandatory(ctx.node.properties, 'rules'): if _is_dnat(rule['type']): utils.check_protocol(rule.get('protocol')) original_port = rule.get('original_port') if original_port and not isinstance(original_port, int): raise cfy_exc.NonRecoverableError( "Parameter 'original_port' must be integer") translated_port = rule.get('translated_port') if translated_port and not isinstance(translated_port, int): raise cfy_exc.NonRecoverableError( "Parameter 'translated_port' must be integer")