def test_parse_addrbook_attached():
f = FakeSRX()
ab = f.add_addrbook('general-stuff')
f.add_address(ab, 'trustedhost', '10.0.9.2/32')
f.add_attach(ab, 'untrust')
f.add_attach(ab, 'trust')
elt = parse_xml(f.fake_show('configuration security address-book'),
'.//address-book')
z = parse.AddressBook._from_xml(elt)
eq_(z.attaches, ['untrust', 'trust'])
eq_(sorted(z.addresses.keys()),
sorted(['any', 'any-ipv4', 'any-ipv6', 'trustedhost']))
eq_(z.addresses['any'], IPSet([IP('0.0.0.0/0')]))
eq_(z.addresses['any-ipv4'], IPSet([IP('0.0.0.0/0')]))
eq_(z.addresses['any-ipv6'], IPSet([]))
eq_(z.addresses['trustedhost'], IPSet([IP('10.0.9.2')]))
def test_parse_addrbook_attached():
f = FakeSRX()
ab = f.add_addrbook('general-stuff')
f.add_address(ab, 'trustedhost', '10.0.9.2/32')
f.add_attach(ab, 'untrust')
f.add_attach(ab, 'trust')
elt = parse_xml(
f.fake_show('configuration security address-book'), './/address-book')
z = parse.AddressBook._from_xml(elt)
eq_(z.attaches, ['untrust', 'trust'])
eq_(sorted(z.addresses.keys()),
sorted(['any', 'any-ipv4', 'any-ipv6', 'trustedhost']))
eq_(z.addresses['any'], IPSet([IP('0.0.0.0/0')]))
eq_(z.addresses['any-ipv4'], IPSet([IP('0.0.0.0/0')]))
eq_(z.addresses['any-ipv6'], IPSet([]))
eq_(z.addresses['trustedhost'], IPSet([IP('10.0.9.2')]))
def test_parse_global_policy():
f = FakeSRX()
f.add_policy('global',
dict(sequence=1, name='global-ping', src='any', dst='any',
app='ping', action='permit'))
f.add_policy('global',
dict(sequence=10, name='global-deny', src='any', dst='any',
app='any', action='deny'))
elt = parse_xml(
f.fake_show('security policies global'), './/security-context')
policies = [parse.Policy._from_xml(None, None, e) for e in elt.findall('./policies/policy-information')]
eq_(policies[0].from_zone, None)
eq_(policies[0].to_zone, None)
eq_(policies[0].to_zone, None)
eq_(policies[0].enabled, True)
eq_(policies[0].sequence, 1)
eq_(policies[0].source_addresses, ['any'])
eq_(policies[0].destination_addresses, ['any'])
eq_(policies[0].applications, ['ping'])
eq_(policies[0].action, 'permit')
eq_(policies[0].from_zone, None)
eq_(policies[1].to_zone, None)
eq_(policies[1].to_zone, None)
eq_(policies[1].enabled, True)
eq_(policies[1].sequence, 10)
eq_(policies[1].source_addresses, ['any'])
eq_(policies[1].destination_addresses, ['any'])
eq_(policies[1].applications, ['any'])
eq_(policies[1].action, 'deny')
def test_parse_addrbook_global():
f = FakeSRX()
ab = f.add_addrbook('global')
f.add_address(ab, 'host1', '9.0.9.1/32')
f.add_address(ab, 'host2', '9.0.9.2/32')
f.add_address_set(ab, 'hosts', 'host1', 'host2')
elt = parse_xml(f.fake_show('configuration security address-book'),
'.//address-book')
z = parse.AddressBook._from_xml(elt)
eq_(z.attaches, [])
eq_(sorted(z.addresses.keys()),
sorted(['any', 'any-ipv4', 'any-ipv6', 'host1', 'host2', 'hosts']))
eq_(z.addresses['any'], IPSet([IP('0.0.0.0/0')]))
eq_(z.addresses['any-ipv4'], IPSet([IP('0.0.0.0/0')]))
eq_(z.addresses['any-ipv6'], IPSet([]))
eq_(z.addresses['host1'], IPSet([IP('9.0.9.1')]))
eq_(z.addresses['host2'], IPSet([IP('9.0.9.2')]))
eq_(z.addresses['hosts'], IPSet([IP('9.0.9.1'), IP('9.0.9.2')]))
def test_parse_global_policy():
f = FakeSRX()
f.add_policy(
'global',
dict(sequence=1,
name='global-ping',
src='any',
dst='any',
app='ping',
action='permit'))
f.add_policy(
'global',
dict(sequence=10,
name='global-deny',
src='any',
dst='any',
app='any',
action='deny'))
elt = parse_xml(f.fake_show('security policies global'),
'.//security-context')
policies = [
parse.Policy._from_xml(None, None, e)
for e in elt.findall('./policies/policy-information')
]
eq_(policies[0].from_zone, None)
eq_(policies[0].to_zone, None)
eq_(policies[0].to_zone, None)
eq_(policies[0].enabled, True)
eq_(policies[0].sequence, 1)
eq_(policies[0].source_addresses, ['any'])
eq_(policies[0].destination_addresses, ['any'])
eq_(policies[0].applications, ['ping'])
eq_(policies[0].action, 'permit')
eq_(policies[0].from_zone, None)
eq_(policies[1].to_zone, None)
eq_(policies[1].to_zone, None)
eq_(policies[1].enabled, True)
eq_(policies[1].sequence, 10)
eq_(policies[1].source_addresses, ['any'])
eq_(policies[1].destination_addresses, ['any'])
eq_(policies[1].applications, ['any'])
eq_(policies[1].action, 'deny')
def test_parse_addrbook_global():
f = FakeSRX()
ab = f.add_addrbook('global')
f.add_address(ab, 'host1', '9.0.9.1/32')
f.add_address(ab, 'host2', '9.0.9.2/32')
f.add_address_set(ab, 'hosts', 'host1', 'host2')
elt = parse_xml(
f.fake_show('configuration security address-book'), './/address-book')
z = parse.AddressBook._from_xml(elt)
eq_(z.attaches, [])
eq_(sorted(z.addresses.keys()),
sorted(['any', 'any-ipv4', 'any-ipv6', 'host1', 'host2', 'hosts']))
eq_(z.addresses['any'], IPSet([IP('0.0.0.0/0')]))
eq_(z.addresses['any-ipv4'], IPSet([IP('0.0.0.0/0')]))
eq_(z.addresses['any-ipv6'], IPSet([]))
eq_(z.addresses['host1'], IPSet([IP('9.0.9.1')]))
eq_(z.addresses['host2'], IPSet([IP('9.0.9.2')]))
eq_(z.addresses['hosts'], IPSet([IP('9.0.9.1'), IP('9.0.9.2')]))
def install():
global F
F = FakeSRX()
F.install()
def install():
global F
F = FakeSRX()
F.install()
def test_parse_zone_no_sets():
f = FakeSRX()
z = f.add_zone('untrust')
f.add_address(z, 'trustedhost', '10.0.9.2/32')
f.add_address(z, 'dmz', '10.1.0.0/16')
f.add_address(z, 'shadow', '10.1.99.99/32')
f.add_interface(z, 'reth1')
elt = parse_xml(f.fake_show('configuration security zones'),
'.//security-zone')
z = parse.Zone._from_xml(elt)
eq_(z.interfaces, ['reth1'])
eq_(
sorted(z.addresses.keys()),
sorted(['any', 'any-ipv4', 'any-ipv6', 'trustedhost', 'dmz',
'shadow']))
eq_(z.addresses['any'], IPSet([IP('0.0.0.0/0')]))
eq_(z.addresses['any-ipv4'], IPSet([IP('0.0.0.0/0')]))
eq_(z.addresses['any-ipv6'], IPSet([]))
eq_(z.addresses['trustedhost'], IPSet([IP('10.0.9.2')]))
eq_(z.addresses['dmz'], IPSet([IP('10.1.0.0/16')]))
eq_(z.addresses['shadow'], IPSet([IP('10.1.99.99')]))
def test_parse_zone():
f = FakeSRX()
z = f.add_zone('untrust')
f.add_address(z, 'host1', '9.0.9.1/32')
f.add_address(z, 'host2', '9.0.9.2/32')
f.add_address(z, 'puppet', '9.0.9.3/32')
f.add_address_set(z, 'hosts', 'host1', 'host2')
f.add_interface(z, 'reth0')
elt = parse_xml(f.fake_show('configuration security zones'),
'.//security-zone')
z = parse.Zone._from_xml(elt)
eq_(z.interfaces, ['reth0'])
eq_(
sorted(z.addresses.keys()),
sorted([
'any', 'any-ipv4', 'any-ipv6', 'host1', 'host2', 'hosts', 'puppet'
]))
eq_(z.addresses['any'], IPSet([IP('0.0.0.0/0')]))
eq_(z.addresses['any-ipv4'], IPSet([IP('0.0.0.0/0')]))
eq_(z.addresses['any-ipv6'], IPSet([]))
eq_(z.addresses['host1'], IPSet([IP('9.0.9.1')]))
eq_(z.addresses['host2'], IPSet([IP('9.0.9.2')]))
eq_(z.addresses['puppet'], IPSet([IP('9.0.9.3')]))
eq_(z.addresses['hosts'], IPSet([IP('9.0.9.1'), IP('9.0.9.2')]))
def test_parse_zone_no_sets():
f = FakeSRX()
z = f.add_zone('untrust')
f.add_address(z, 'trustedhost', '10.0.9.2/32')
f.add_address(z, 'dmz', '10.1.0.0/16')
f.add_address(z, 'shadow', '10.1.99.99/32')
f.add_interface(z, 'reth1')
elt = parse_xml(
f.fake_show('configuration security zones'), './/security-zone')
z = parse.Zone._from_xml(elt)
eq_(z.interfaces, ['reth1'])
eq_(sorted(z.addresses.keys()),
sorted(['any', 'any-ipv4', 'any-ipv6', 'trustedhost', 'dmz', 'shadow']))
eq_(z.addresses['any'], IPSet([IP('0.0.0.0/0')]))
eq_(z.addresses['any-ipv4'], IPSet([IP('0.0.0.0/0')]))
eq_(z.addresses['any-ipv6'], IPSet([]))
eq_(z.addresses['trustedhost'], IPSet([IP('10.0.9.2')]))
eq_(z.addresses['dmz'], IPSet([IP('10.1.0.0/16')]))
eq_(z.addresses['shadow'], IPSet([IP('10.1.99.99')]))
def test_parse_zone():
f = FakeSRX()
z = f.add_zone('untrust')
f.add_address(z, 'host1', '9.0.9.1/32')
f.add_address(z, 'host2', '9.0.9.2/32')
f.add_address(z, 'puppet', '9.0.9.3/32')
f.add_address_set(z, 'hosts', 'host1', 'host2')
f.add_interface(z, 'reth0')
elt = parse_xml(
f.fake_show('configuration security zones'), './/security-zone')
z = parse.Zone._from_xml(elt)
eq_(z.interfaces, ['reth0'])
eq_(sorted(z.addresses.keys()),
sorted(['any', 'any-ipv4', 'any-ipv6', 'host1', 'host2', 'hosts', 'puppet']))
eq_(z.addresses['any'], IPSet([IP('0.0.0.0/0')]))
eq_(z.addresses['any-ipv4'], IPSet([IP('0.0.0.0/0')]))
eq_(z.addresses['any-ipv6'], IPSet([]))
eq_(z.addresses['host1'], IPSet([IP('9.0.9.1')]))
eq_(z.addresses['host2'], IPSet([IP('9.0.9.2')]))
eq_(z.addresses['puppet'], IPSet([IP('9.0.9.3')]))
eq_(z.addresses['hosts'], IPSet([IP('9.0.9.1'), IP('9.0.9.2')]))