def testVpnConfigWithoutPairPolicy(self): self.mox.ReplayAll() pol = policy.ParsePolicy(HEADER_4 + GOOD_TERM_30, self.naming) self.assertEquals(len(pol.filters), 1) self.assertEquals('special-30', pol.filters[0][1][0].vpn[0]) self.assertEquals('', pol.filters[0][1][0].vpn[1])
def testNoTermRemark(self): acl = brocade.Brocade( policy.ParsePolicy(GOOD_HEADER + GOOD_TERM, self.naming), EXP_INFO) self.failIf('remark good-term-3' in str(acl))
def testBadHeaderCase4(self): pol = policy.ParsePolicy(BAD_HEADER_4 + INET6_TERM, self.naming, False) self.assertRaises(nsxv.UnsupportedNsxvAccessListError, nsxv.Nsxv, pol, EXP_INFO)
def testLogging(self): pol = HEADER + GOOD_TERM_10 ret = policy.ParsePolicy(pol, self.naming) self.assertEqual(len(ret.filters), 1) _, terms = ret.filters[0] self.assertEquals(str(terms[0].logging[0]), 'true')
def test_incorrectfiltertype(): pol = policy.ParsePolicy(nsxv_mocktest.POLICY_INCORRECT_FILTERTYPE, self.defs) exp_info = 2 nsx = copy.deepcopy(pol) fw = nsxv.Nsxv(nsx, exp_info)
def testICMPCodes(self): pol = HEADER + GOOD_TERM_42 result = policy.ParsePolicy(pol, self.naming) self.assertTrue('icmp_code: [3, 4]' in str(result))
def testHopLimitRange(self): pol = HEADER_V6 + GOOD_TERM_V6_2 ret = policy.ParsePolicy(pol, self.naming) self.assertEqual(len(ret.filters), 1) _, terms = ret.filters[0] self.assertEquals(str(terms[0].hop_limit[2]), '7')
def testUdpEstablished(self): acl = cisco.Cisco(policy.ParsePolicy(GOOD_HEADER + GOOD_TERM_9, self.naming), EXP_INFO) self.failIf(re.search('permit 17 any any established', str(acl)), str(acl))
def testDefaultInet6Protocol(self): acl = cisco.Cisco(policy.ParsePolicy(GOOD_INET6_HEADER + GOOD_TERM_12, self.naming), EXP_INFO) self.failUnless(re.search('permit ipv6 any any', str(acl)), str(acl))
def testTcpEstablished(self): acl = cisco.Cisco(policy.ParsePolicy(GOOD_HEADER + GOOD_TERM_3, self.naming), EXP_INFO) self.failUnless(re.search('permit 6 any any established\n', str(acl)), str(acl))
def testLogging(self): acl = cisco.Cisco(policy.ParsePolicy(GOOD_HEADER + GOOD_TERM_4, self.naming), EXP_INFO) self.failUnless(re.search('permit 6 any any log\n', str(acl)), str(acl))
def testTermAndFilterName(self): acl = cisco.Cisco(policy.ParsePolicy(GOOD_HEADER + GOOD_TERM_1, self.naming), EXP_INFO) self.failUnless('ip access-list extended test-filter' in str(acl), str(acl)) self.failUnless('remark good-term-1' in str(acl), str(acl))
def testDSCP(self): acl = cisco.Cisco(policy.ParsePolicy(GOOD_HEADER + GOOD_TERM_16, self.naming), EXP_INFO) self.failUnless(re.search('permit 6 any any dscp 42', str(acl)), str(acl))
def testForwardingClassPolicy(self): self.mox.ReplayAll() pol = policy.ParsePolicy(HEADER + GOOD_TERM_32, self.naming) self.assertEquals('fritzy', pol.filters[0][1][0].forwarding_class)
def testMultipleForwardingClassPolicy(self): pol = policy.ParsePolicy(HEADER + GOOD_TERM_36, self.naming) self.assertEquals(['flashy', 'fritzy'], pol.filters[0][1][0].forwarding_class)
def testTermHopByHop(self): acl = cisco.Cisco(policy.ParsePolicy(GOOD_HEADER + GOOD_TERM_15, self.naming), EXP_INFO) self.failUnless('permit hbh any any' in str(acl), str(acl))
def testStr(self): """Sanity test to verify __eq__ works on Policy objects.""" pol = policy.ParsePolicy(HEADER_4 + GOOD_TERM_30, self.naming) logging.info('Ensuring string formatting doesn\'t throw errors: %s', pol)
def testOwnerTerm(self): acl = cisco.Cisco(policy.ParsePolicy(GOOD_HEADER + GOOD_TERM_13, self.naming), EXP_INFO) self.failUnless(re.search('remark Owner: [email protected]', str(acl)), str(acl))
def testNumericProtocol(self): pol = HEADER + GOOD_TERM_4 ret = policy.ParsePolicy(pol, self.naming) self.assertEqual(len(ret.filters), 1) _, terms = ret.filters[0] self.assertEquals(str(terms[0].protocol[0]), '1')
def testRemoveTrailingCommentWhitespace(self): term = LONG_COMMENT_TERM%'a'*99 acl = cisco.Cisco(policy.ParsePolicy(GOOD_HEADER + term, self.naming), EXP_INFO)
def testLogNameTerm(self): pol = HEADER_6 + GOOD_TERM_37 ret = policy.ParsePolicy(pol, self.naming) self.assertEqual(len(ret.filters), 1) _, terms = ret.filters[0] self.assertEqual(str(terms[0].log_name), 'my special prefix')
def testICMPTypes(self): pol = HEADER + GOOD_TERM_11 ret = policy.ParsePolicy(pol, self.naming) self.assertEqual(len(ret.filters), 1) _, terms = ret.filters[0] self.assertEqual(terms[0].icmp_type[0], 'echo-reply')
def testMultifilter(self): pol = HEADER + GOOD_TERM_1 + HEADER_2 + GOOD_TERM_1 ret = policy.ParsePolicy(pol, self.naming) self.assertEquals(len(ret.headers), 2)
def testIntegerFilterName(self): pol_text = HEADER_3 + GOOD_TERM_0 pol = policy.ParsePolicy(pol_text, self.naming) self.assertEqual(pol.headers[0].target[0].options[0], '50')
def testTcpEstablished(self): acl = brocade.Brocade( policy.ParsePolicy(GOOD_HEADER + GOOD_TERM, self.naming), EXP_INFO) self.failUnless( re.search('permit tcp any any established\n', str(acl)), str(acl))
def testPrecedence(self): pol_text = HEADER + GOOD_TERM_22 pol = policy.ParsePolicy(pol_text, self.naming) self.assertEquals(len(pol.filters), 1) _, terms = pol.filters[0] self.assertEquals(terms[0].precedence, [1])
def testNsxvStr(self): """Test for Nsxv._str_.""" self.naming.GetNetAddr('GOOGLE_DNS').AndReturn([ nacaddr.IP('8.8.4.4'), nacaddr.IP('8.8.8.8'), nacaddr.IP('2001:4860:4860::8844'), nacaddr.IP('2001:4860:4860::8888') ]) self.naming.GetServiceByProto.return_value = ['53'] pol = policy.ParsePolicy(MIXED_FILTER, self.naming, False) target = nsxv.Nsxv(pol, EXP_INFO) # parse the output and seperate sections and comment section_tokens = str(target).split('<section') sections = [] for sec in section_tokens: section = sec.replace('name=', '<section name=') sections.append(section) # parse the xml # Checking comment tag comment = sections[0] if 'Id' not in comment: self.fail('Id missing in xml comment in test_nsxv_str()') if 'Date' not in comment: self.fail('Date missing in xml comment in test_nsxv_str()') if 'Revision' not in comment: self.fail('Revision missing in xml comment in test_nsxv_str()') root = ET.fromstring(sections[1]) # check section name section_name = {'name': 'Sample mixed NSXV filter'} self.assertEqual(root.attrib, section_name) # check name and action self.assertEqual(root.find('./rule/name').text, 'accept-to-honestdns') self.assertEqual(root.find('./rule/action').text, 'allow') # check IPV4 and IPV6 destinations exp_ipv4dest = ['8.8.4.4', '8.8.8.8'] exp_ipv6dest = ['2001:4860:4860::8844', '2001:4860:4860::8888'] for destination in root.findall('./rule/destinations/destination'): addr_type = destination.find('type').text value = (destination.find('value').text) if 'Ipv4Address' in addr_type: if value not in exp_ipv4dest: self.fail('IPv4Address not found in test_nsxv_str()') else: if value not in exp_ipv6dest: self.fail('IPv6Address not found in test_nsxv_str()') # check protocol protocol = int(root.find('./rule/services/service/protocol').text) self.assertEqual(protocol, 17) # check destination port destination_port = root.find( './rule/services/service/destinationPort').text self.assertEqual(destination_port, '53') # check notes notes = root.find('./rule/notes').text self.assertEqual(notes, 'Allow name resolution using honestdns.') self.naming.GetServiceByProto.assert_called_once_with('DNS', 'udp')
def testVpnConfigWithPairPolicy(self): pol = policy.ParsePolicy(HEADER_4 + GOOD_TERM_31, self.naming) self.assertEquals(len(pol.filters), 1) self.assertEquals('special-31', pol.filters[0][1][0].vpn[0]) self.assertEquals('policy-11', pol.filters[0][1][0].vpn[1])
def testForwardingClass(self): policy_text = GOOD_HEADER + GOOD_TERM_27 jcl = juniper.Juniper(policy.ParsePolicy(policy_text, self.naming), EXP_INFO) output = str(jcl) self.failUnless('forwarding-class floop;' in output, output)
def testNextTerm(self): acl = pcap.PcapFilter(policy.ParsePolicy( GOOD_HEADER + NEXT_TERM, self.naming), EXP_INFO) result = str(acl) self.failUnless('' in result, 'did not find actual term for good-term-icmpv6')