def test_acl_should_have_icmp_code_and_type_at_flow(self): """ Should have icmp code and type at flow """ data = { "kind": "default#acl", "rules": [{ "id": 1, "protocol": "icmp", "source": "10.0.0.1/32", "destination": "10.0.0.2/32", "icmp-options": { "icmp-code": "0", "icmp-type": "8" } }] } flows = AclFlowBuilder(data) acl = flows.build().next() assert_equal( data["rules"][0]["icmp-options"]["icmp-code"], acl["flow"][0]["match"]["icmpv4-match"]["icmpv4-code"]) assert_equal( data["rules"][0]["icmp-options"]["icmp-type"], acl["flow"][0]["match"]["icmpv4-match"]["icmpv4-type"])
def update_all_flows(self, data, flow_type=FlowTypes.ACL): current_flows = self.get_flows() for node in current_flows.keys(): log.info("Starting update all flows for node %s"%node) if flow_type == FlowTypes.ACL: builder = AclFlowBuilder(data, self.environment, version=self.version) new_flows_set = builder.build() #Makes a diff operations = self._diff_flows(current_flows[node], new_flows_set) try: for flow in operations["delete"]: self.del_flow(flow_id=flow['id'], nodes_ids=[node]) for flow in operations["insert"]: self._flow(flow_id=flow['id'], method='put', data=json.dumps({'flow': [flow]}), nodes_ids=[node]) except Exception as e: message = self._parse_errors(e.response.json()) log.error("ERROR while updating all flows: %s" % message) raise exceptions.CommandErrorException(msg=message)
def update_all_flows(self, data, flow_type=FlowTypes.ACL): current_flows = self.get_flows() for node in current_flows.keys(): log.info("Starting update all flows for node %s" % node) if flow_type == FlowTypes.ACL: builder = AclFlowBuilder(data, self.environment, version=self.version) new_flows_set = builder.build() #Makes a diff operations = self._diff_flows(current_flows[node], new_flows_set) try: for flow in operations["delete"]: self.del_flow(flow_id=flow['id'], nodes_ids=[node]) for flow in operations["insert"]: self._flow(flow_id=flow['id'], method='put', data=json.dumps({'flow': [flow]}), nodes_ids=[node]) except Exception as e: message = self._parse_errors(e.response.json()) log.error("ERROR while updating all flows: %s" % message) raise exceptions.CommandErrorException(msg=message)
def test_acl_should_have_udp_source_and_destination_ports(self): """ Should have udp source and destination ports """ data = { "kind": "default#acl", "rules": [{ "id": 1, "protocol": "udp", "source": "10.0.0.1/32", "destination": "10.0.0.2/32", "l4-options": { "dest-port-op": "eq", "dest-port-start": "26379", "src-port-op": "eq", "src-port-start": "26379" } }] } flows = AclFlowBuilder(data) acl = flows.build().next() assert_equal(acl["flow"][0]["match"]["udp-source-port"], data["rules"][0]["l4-options"]["src-port-start"]) assert_equal(acl["flow"][0]["match"]["udp-destination-port"], data["rules"][0]["l4-options"]["dest-port-start"])
def test_acl_should_raise_value_error_when_there_are_no_icmp_options(self): """ Should raise ValueError when there are no ICMP options """ data = { "kind": "default#acl", "rules": [{ "id": 1, "protocol": "icmp", "source": "10.0.0.1/32", "destination": "10.0.0.2/32", }] } flows = AclFlowBuilder(data) acl = flows.build() assert_raises(ValueError, acl.next)
def test_acl_should_have_tcp_as_ip_protocol(self): """ Should have tcp as ip-protocol field """ data = { "kind": "default#acl", "rules": [{ "id": 1, "source": "10.0.0.1/32", "destination": "10.0.0.2/32", "protocol": "tcp" }] } flows = AclFlowBuilder(data) acl = flows.build().next() assert_equal(6, acl["flow"][0]["match"]["ip-match"]["ip-protocol"])
def test_acl_should_raise_value_error_when_no_source_is_passed(self): """ Should raise ValueError when no source is passed """ data = { "kind": "default#acl", "rules": [{ "id": 1, "protocol": "tcp", "description": "simple flow", "destination": "10.0.0.2/32", }] } acl = AclFlowBuilder(data) assert_raises(ValueError, acl.build().next)
def test_acl_should_raise_exception_when_there_is_no_protocol_field(self): """ Should raise an exception when there is no protocol field """ data = { "kind": "default#acl", "rules": [{ "id": 1, "description": "simple flow", "source": "10.0.0.1/32", "destination": "10.0.0.2/32", }] } flows = AclFlowBuilder(data) acl = flows.build() assert_raises(ValueError, acl.next)
def test_acl_should_have_tcp_as_ip_protocol(self): """ Should have tcp as ip-protocol field """ data = { "kind": "default#acl", "rules": [{ "id": 1, "source": "10.0.0.1/32", "destination": "10.0.0.2/32", "protocol": "tcp" }] } flows = AclFlowBuilder(data) acl = flows.build().next() assert_equal(6, acl["flow"][0]["match"]["ip-match"]["ip-protocol"])
def test_acl_should_raise_exception_when_there_is_no_protocol_field(self): """ Should raise an exception when there is no protocol field """ data = { "kind": "default#acl", "rules": [{ "id": 1, "description": "simple flow", "source": "10.0.0.1/32", "destination": "10.0.0.2/32", }] } flows = AclFlowBuilder(data) acl = flows.build() assert_raises(ValueError, acl.next)
def test_acl_should_raise_value_error_when_there_are_no_icmp_options(self): """ Should raise ValueError when there are no ICMP options """ data = { "kind": "default#acl", "rules": [{ "id": 1, "protocol": "icmp", "source": "10.0.0.1/32", "destination": "10.0.0.2/32", }] } flows = AclFlowBuilder(data) acl = flows.build() assert_raises(ValueError, acl.next)
def test_acl_should_raise_value_error_when_no_source_is_passed(self): """ Should raise ValueError when no source is passed """ data = { "kind": "default#acl", "rules": [{ "id": 1, "protocol": "tcp", "description": "simple flow", "destination": "10.0.0.2/32", }] } acl = AclFlowBuilder(data) assert_raises(ValueError, acl.build().next)
def test_acl_should_raise_error_for_icmp_type_and_code_missing(self): """ Should raise error for ICMP type and code missing """ data = { "kind": "default#acl", "rules": [{ "id": 1, "protocol": "icmp", "source": "10.0.0.1/32", "destination": "10.0.0.2/32", "icmp-options": { } }] } flows = AclFlowBuilder(data) acl = flows.build() assert_raises(ValueError, acl.next)
def test_acl_should_raise_error_for_icmp_type_and_code_missing(self): """ Should raise error for ICMP type and code missing """ data = { "kind": "default#acl", "rules": [{ "id": 1, "protocol": "icmp", "source": "10.0.0.1/32", "destination": "10.0.0.2/32", "icmp-options": {} }] } flows = AclFlowBuilder(data) acl = flows.build() assert_raises(ValueError, acl.next)
def test_acl_should_not_have_actions(self): """ Should not have any action """ data = { "kind": "default#acl", "rules": [{ "id": 1, "protocol": "ip", "source": "10.0.0.1/32", "destination": "10.0.0.2/32", "action": "drop", }] } flows = AclFlowBuilder(data) acl = flows.build().next() assert_not_in("instructions", acl["flow"][0])
def add_flow(self, data=None, flow_id=0, flow_type=FlowTypes.ACL, nodes_ids=[]): if flow_type == FlowTypes.ACL: builder = AclFlowBuilder(data, self.environment, version=self.version) flows_set = builder.build() try: for flows in flows_set: for flow in flows['flow']: self._flow(flow_id=flow['id'], method='put', data=json.dumps({'flow': [flow]}), nodes_ids=nodes_ids) except HTTPError as e: raise exceptions.CommandErrorException( msg=self._parse_errors(e.response.json()))
def add_flow(self, data=None, flow_id=0, flow_type=FlowTypes.ACL, nodes_ids=[]): if flow_type == FlowTypes.ACL: builder = AclFlowBuilder(data, self.environment, version=self.version) flows_set = builder.build() try: for flows in flows_set: for flow in flows['flow']: self._flow(flow_id=flow['id'], method='put', data=json.dumps({'flow': [flow]}), nodes_ids=nodes_ids) except HTTPError as e: raise exceptions.CommandErrorException( msg=self._parse_errors(e.response.json()))
def test_build_acl_tcp_double_range(self): """ Build flows from TCP Double Range ACL.""" type_ = 'double_range' input_ = self.tcp_input_path.format(type_) data = self.load_json_file(input_) flow_builder = AclFlowBuilder(data) output_path = self.tcp_output_path generator = flow_builder.build() limit_ = 3 for i in xrange(1, limit_ + 1): output_ = output_path.format(type_, i) self.compare_json(output_, generator.next()) self.assertRaises(StopIteration, generator.next)
def test_acl_should_not_have_actions(self): """ Should not have any action """ data = { "kind": "default#acl", "rules": [{ "id": 1, "protocol": "ip", "source": "10.0.0.1/32", "destination": "10.0.0.2/32", "action": "drop", }] } flows = AclFlowBuilder(data) acl = flows.build().next() assert_not_in("instructions", acl["flow"][0])
def test_acl_should_create_internet_protocol_flow(self): """ Should create an Internet Protocol flow """ data = { "kind": "default#acl", "rules": [{ "id": 1, "protocol": "ip", "source": "10.0.0.1/32", "destination": "10.0.0.2/32", }] } flows = AclFlowBuilder(data) acl = flows.build().next() assert_equal(acl['flow'][0]['match']['ipv4-source'], data['rules'][0]['source']) assert_equal(acl['flow'][0]['match']['ipv4-destination'], data['rules'][0]['destination'])
def test_build_2ip_1udp_3tcp_eq_src_eq_dst_1udp_double_range(self): """ Build 2 IP, 1 UDP, 3 TCP Eq Src Eq Dst and 1 UDP Double Range.""" type_ = '2ip+1udp+3tcp_eq_src_eq_dst+1udp_double_range' input_ = self.mixed_input_path.format(type_) data = self.load_json_file(input_) flow_builder = AclFlowBuilder(data) flow_builder.ALLOWED_FLOWS_SIZE = 5 output_path = self.mixed_output_path generator = flow_builder.build() limit_ = 5 for i in xrange(1, limit_ + 1): output_ = output_path.format(type_, i) self.compare_json(output_, generator.next()) self.assertRaises(StopIteration, generator.next)
def test_build_1udp_1udp_range_src_2icmp_1tcp_eq_src(self): """ Build 1 UDP, 1 UDP Range Src, 2 ICMP and 1 TCP Eq Src.""" type_ = '1udp+1udp_range_src+2icmp+1tcp_eq_src' input_ = self.mixed_input_path.format(type_) data = self.load_json_file(input_) flow_builder = AclFlowBuilder(data) flow_builder.ALLOWED_FLOWS_SIZE = 5 output_path = self.mixed_output_path generator = flow_builder.build() limit_ = 2 for i in xrange(1, limit_ + 1): output_ = output_path.format(type_, i) self.compare_json(output_, generator.next()) self.assertRaises(StopIteration, generator.next)
def test_build_1tcp_range_src_eq_dst_4icmp_1ip_1udp_double_range(self): """ Build 1 TCP Range Src and Eq Dst, 4 ICMP, 1 IP and 1 UDP Double Range.""" type_ = '1tcp_range_src_eq_dst+4icmp+1ip+1udp_double_range' input_ = self.mixed_input_path.format(type_) data = self.load_json_file(input_) flow_builder = AclFlowBuilder(data) flow_builder.ALLOWED_FLOWS_SIZE = 5 output_path = self.mixed_output_path generator = flow_builder.build() limit_ = 5 for i in xrange(1, limit_ + 1): output_ = output_path.format(type_, i) self.compare_json(output_, generator.next()) self.assertRaises(StopIteration, generator.next)
def test_acl_should_have_icmp_as_ip_protocol(self): """ Should have ICMP as ip protocol """ data = { "kind": "default#acl", "rules": [{ "id": 1, "protocol": "icmp", "source": "10.0.0.1/32", "destination": "10.0.0.2/32", "icmp-options": { "icmp-code": "0", "icmp-type": "8" } }] } flows = AclFlowBuilder(data) acl = flows.build().next() assert_equal(1, acl["flow"][0]["match"]["ip-match"]["ip-protocol"])
def test_acl_should_have_ethernet_type(self): """ Should have ethernet type as match field """ data = { "kind": "default#acl", "rules": [{ "id": 1, "protocol": "tcp", "description": "simple flow", "source": "10.0.0.1/32", "destination": "10.0.0.2/32", }] } flows = AclFlowBuilder(data) acl = flows.build().next() assert_equal( 2048, acl["flow"][0] ["match"]["ethernet-match"]["ethernet-type"]["type"])
def test_acl_should_have_ethernet_type(self): """ Should have ethernet type as match field """ data = { "kind": "default#acl", "rules": [{ "id": 1, "protocol": "tcp", "description": "simple flow", "source": "10.0.0.1/32", "destination": "10.0.0.2/32", }] } flows = AclFlowBuilder(data) acl = flows.build().next() assert_equal( 2048, acl["flow"][0]["match"]["ethernet-match"]["ethernet-type"]["type"])
def test_build_acl_tcp_range_dst_eq_src(self): """ Build flows from TCP Range Dst and Eq Src ACL.""" type_ = 'range_dst_eq_src' input_ = self.tcp_input_path.format(type_) data = self.load_json_file(input_) flow_builder = AclFlowBuilder(data) flow_builder.ALLOWED_FLOWS_SIZE = 5 output_path = self.tcp_output_path generator = flow_builder.build() limit_ = 1 for i in xrange(1, limit_ + 1): output_ = output_path.format(type_, i) self.compare_json(output_, generator.next()) self.assertRaises(StopIteration, generator.next)
def test_acl_should_have_icmp_as_ip_protocol(self): """ Should have ICMP as ip protocol """ data = { "kind": "default#acl", "rules": [{ "id": 1, "protocol": "icmp", "source": "10.0.0.1/32", "destination": "10.0.0.2/32", "icmp-options": { "icmp-code": "0", "icmp-type": "8" } }] } flows = AclFlowBuilder(data) acl = flows.build().next() assert_equal(1, acl["flow"][0]["match"]["ip-match"]["ip-protocol"])
def test_acl_should_create_internet_protocol_flow(self): """ Should create an Internet Protocol flow """ data = { "kind": "default#acl", "rules": [{ "id": 1, "protocol": "ip", "source": "10.0.0.1/32", "destination": "10.0.0.2/32", }] } flows = AclFlowBuilder(data) acl = flows.build().next() assert_equal(acl['flow'][0]['match']['ipv4-source'], data['rules'][0]['source']) assert_equal(acl['flow'][0]['match']['ipv4-destination'], data['rules'][0]['destination'])
def test_acl_should_have_action_local(self): """ Should have the Openflow NORMAL action """ data = { "kind": "default#acl", "rules": [{ "id": 1, "protocol": "ip", "source": "10.0.0.1/32", "destination": "10.0.0.2/32", "action": "permit", }] } flows = AclFlowBuilder(data) acl = flows.build().next() assert_in("instructions", acl["flow"][0]) instruction = acl["flow"][0]["instructions"]["instruction"][0] assert_equal(instruction["apply-actions"]["action"][0]["output-action"] ["output-node-connector"], "NORMAL")
def test_acl_should_have_udp_destination_port(self): """ Should have udp destination port """ data = { "kind": "default#acl", "rules": [{ "id": 1, "protocol": "udp", "source": "10.0.0.1/32", "destination": "10.0.0.2/32", "l4-options": { "dest-port-op": "eq", "dest-port-start": "26379" } }] } flows = AclFlowBuilder(data) acl = flows.build().next() assert_equal(acl["flow"][0]["match"]["udp-destination-port"], data["rules"][0]["l4-options"]["dest-port-start"])
def test_acl_flow_builder_should_have_a_description(self): """ Should have description on flow """ data = { "kind": "default#acl", "rules": [{ "id": 1, "protocol": "tcp", "description": "simple flow", "source": "10.0.0.1/32", "destination": "10.0.0.2/32", }] } acl = AclFlowBuilder(data) flow = acl.build() acl = flow.next() assert_in("flow-name", acl["flow"][0]) assert_equal(acl["flow"][0]["flow-name"], data["rules"][0]["description"])
def test_acl_should_have_tcp_source_port(self): """ Should have tcp source port """ data = { "kind": "default#acl", "rules": [{ "id": 1, "protocol": "tcp", "description": "simple flow", "source": "10.0.0.1/32", "destination": "10.0.0.2/32", "l4-options": { "src-port-op": "eq", "src-port-start": "26379" } }] } flows = AclFlowBuilder(data) acl = flows.build().next() assert_equal(acl["flow"][0]["match"]["tcp-source-port"], data["rules"][0]["l4-options"]["src-port-start"])
def test_acl_should_have_action_local(self): """ Should have the Openflow NORMAL action """ data = { "kind": "default#acl", "rules": [{ "id": 1, "protocol": "ip", "source": "10.0.0.1/32", "destination": "10.0.0.2/32", "action": "permit", }] } flows = AclFlowBuilder(data) acl = flows.build().next() assert_in("instructions", acl["flow"][0]) instruction = acl["flow"][0]["instructions"]["instruction"][0] assert_equal( instruction["apply-actions"]["action"][0]["output-action"] ["output-node-connector"], "NORMAL")
def test_acl_should_have_tcp_source_port(self): """ Should have tcp source port """ data = { "kind": "default#acl", "rules": [{ "id": 1, "protocol": "tcp", "description": "simple flow", "source": "10.0.0.1/32", "destination": "10.0.0.2/32", "l4-options": { "src-port-op": "eq", "src-port-start": "26379" } }] } flows = AclFlowBuilder(data) acl = flows.build().next() assert_equal(acl["flow"][0]["match"]["tcp-source-port"], data["rules"][0]["l4-options"]["src-port-start"])
def test_acl_flow_builder_should_have_a_description(self): """ Should have description on flow """ data = { "kind": "default#acl", "rules": [{ "id": 1, "protocol": "tcp", "description": "simple flow", "source": "10.0.0.1/32", "destination": "10.0.0.2/32", }] } acl = AclFlowBuilder(data) flow = acl.build() acl = flow.next() assert_in("flow-name", acl["flow"][0]) assert_equal(acl["flow"][0]["flow-name"], data["rules"][0]["description"])
def test_acl_should_have_icmp_code_and_type_at_flow(self): """ Should have icmp code and type at flow """ data = { "kind": "default#acl", "rules": [{ "id": 1, "protocol": "icmp", "source": "10.0.0.1/32", "destination": "10.0.0.2/32", "icmp-options": { "icmp-code": "0", "icmp-type": "8" } }] } flows = AclFlowBuilder(data) acl = flows.build().next() assert_equal(data["rules"][0]["icmp-options"]["icmp-code"], acl["flow"][0]["match"]["icmpv4-match"]["icmpv4-code"]) assert_equal(data["rules"][0]["icmp-options"]["icmp-type"], acl["flow"][0]["match"]["icmpv4-match"]["icmpv4-type"])
def test_flow_with_ack_flag(self): """ Try to send a flow with ACK flag """ acl = { "kind": "acl_with_tcp_flags", "rules": [{ "action": "permit", "description": "ACK access", "destination": "10.0.0.0/8", "id": "300", "l4-options": { "flags": [ "ACK" ] }, "owner": "networkapi", "protocol": "tcp", "source": "0.0.0.0/0" }] } # Beryllium flows = AclFlowBuilder(acl, environment=0, version='BERYLLIUM') flow = flows.build().next() tcp_flag = flow['flow'][0]['match']['tcp-flag-match']['tcp-flag'] assert tcp_flag == 16 # Carbon flows = AclFlowBuilder(acl, environment=0, version='CARBON') flow = flows.build().next() tcp_flag = flow['flow'][0]['match']['tcp-flags-match']['tcp-flags'] assert tcp_flag == 16 # Boron flows = AclFlowBuilder(acl, environment=0, version='BORON') flow = flows.build().next() tcp_flag = flow['flow'][0]['match']['tcp-flags-match']['tcp-flags'] assert tcp_flag == 16 # Nitrogen flows = AclFlowBuilder(acl, environment=0, version='NITROGEN') flow = flows.build().next() tcp_flag = flow['flow'][0]['match']['tcp-flags-match']['tcp-flags'] assert tcp_flag == 16
def test_acl_flow_builder_empty_json(self): """ Should return a json with empty data """ data = {"kind": "default#acl", "rules": []} flows = AclFlowBuilder(data) flow = flows.dump() assert_raises(StopIteration, flow.next)
def test_flow_with_ack_flag(self): """ Try to send a flow with ACK flag """ acl = { "kind": "acl_with_tcp_flags", "rules": [{ "action": "permit", "description": "ACK access", "destination": "10.0.0.0/8", "id": "300", "l4-options": { "flags": ["ACK"] }, "owner": "networkapi", "protocol": "tcp", "source": "0.0.0.0/0" }] } # Beryllium flows = AclFlowBuilder(acl, environment=0, version='BERYLLIUM') flow = flows.build().next() tcp_flag = flow['flow'][0]['match']['tcp-flag-match']['tcp-flag'] assert tcp_flag == 16 # Carbon flows = AclFlowBuilder(acl, environment=0, version='CARBON') flow = flows.build().next() tcp_flag = flow['flow'][0]['match']['tcp-flags-match']['tcp-flags'] assert tcp_flag == 16 # Boron flows = AclFlowBuilder(acl, environment=0, version='BORON') flow = flows.build().next() tcp_flag = flow['flow'][0]['match']['tcp-flags-match']['tcp-flags'] assert tcp_flag == 16 # Nitrogen flows = AclFlowBuilder(acl, environment=0, version='NITROGEN') flow = flows.build().next() tcp_flag = flow['flow'][0]['match']['tcp-flags-match']['tcp-flags'] assert tcp_flag == 16
def test_acl_flow_builder_empty_json(self): """ Should return a json with empty data """ data = {"kind": "default#acl", "rules": []} flows = AclFlowBuilder(data) flow = flows.dump() assert_raises(StopIteration, flow.next)
def test_acl_flow_builder_malformed_json(self): """ Should return a ValueError """ acl = AclFlowBuilder({}) assert_raises(ValueError, acl.dump().next)
def test_acl_flow_builder_raising_type_error(self): """ Should rise TypeError when flows variable is not a dict """ flows = AclFlowBuilder({}) flows.flows = None flows = flows.dump() assert_raises(TypeError, flows.next)
def test_acl_flow_builder_raising_type_error(self): """ Should rise TypeError when flows variable is not a dict """ flows = AclFlowBuilder({}) flows.flows = None flows = flows.dump() assert_raises(TypeError, flows.next)
def test_acl_flow_builder_malformed_json(self): """ Should return a ValueError """ acl = AclFlowBuilder({}) assert_raises(ValueError, acl.dump().next)