def testBuildWarningTokens(self):
pol1 = windows_ipsec.WindowsIPSec(
policy.ParsePolicy(GOOD_HEADER + GOOD_SIMPLE_WARNING, self.naming),
EXP_INFO)
st, sst = pol1._BuildTokens()
self.assertEquals(st, SUPPORTED_TOKENS)
self.assertEquals(sst, SUPPORTED_SUB_TOKENS)
def testExpiredTerm(self, mock_warn):
windows_ipsec.WindowsIPSec(
policy.ParsePolicy(GOOD_HEADER + EXPIRED_TERM, self.naming),
EXP_INFO)
mock_warn.assert_called_once_with(
'WARNING: Term %s in policy %s is expired and '
'will not be rendered.', 'expired_test', 'test-filter')
def testExpiredTerm(self):
self.mox.StubOutWithMock(windows_ipsec.logging, 'warn')
# create mock to ensure we warn about expired terms being skipped
windows_ipsec.logging.warn(
'WARNING: Term %s in policy %s is expired and '
'will not be rendered.', 'expired_test', 'test-filter')
self.mox.ReplayAll()
windows_ipsec.WindowsIPSec(
policy.ParsePolicy(GOOD_HEADER + EXPIRED_TERM, self.naming),
EXP_INFO)
def testExpiringTerm(self, mock_info):
exp_date = datetime.date.today() + datetime.timedelta(weeks=EXP_INFO)
windows_ipsec.WindowsIPSec(
policy.ParsePolicy(
GOOD_HEADER + EXPIRING_TERM % exp_date.strftime('%Y-%m-%d'),
self.naming), EXP_INFO)
mock_info.assert_called_once_with(
'INFO: Term %s in policy %s expires in '
'less than two weeks.', 'is_expiring', 'test-filter')
def testPolicy(self):
self.naming.GetNetAddr('PROD_NET').AndReturn(
[nacaddr.IP('10.0.0.0/8')])
self.naming.GetServiceByProto('SMTP', 'tcp').AndReturn(['25'])
self.mox.ReplayAll()
acl = windows_ipsec.WindowsIPSec(
policy.ParsePolicy(GOOD_HEADER + GOOD_TERM_TCP, self.naming),
EXP_INFO)
result = str(acl)
self.failUnless(['policy name=test-filter-policy assign=yes'], result,
'header')
def testExpiringTerm(self):
self.mox.StubOutWithMock(windows_ipsec.logging, 'info')
# create mock to ensure we inform about expiring terms
windows_ipsec.logging.info(
'INFO: Term %s in policy %s expires in '
'less than two weeks.', 'is_expiring', 'test-filter')
self.mox.ReplayAll()
exp_date = datetime.date.today() + datetime.timedelta(weeks=EXP_INFO)
windows_ipsec.WindowsIPSec(
policy.ParsePolicy(
GOOD_HEADER + EXPIRING_TERM % exp_date.strftime('%Y-%m-%d'),
self.naming), EXP_INFO)
def testPolicy(self):
self.naming.GetNetAddr.return_value = [nacaddr.IP('10.0.0.0/8')]
self.naming.GetServiceByProto.return_value = ['25']
acl = windows_ipsec.WindowsIPSec(
policy.ParsePolicy(GOOD_HEADER + GOOD_TERM_TCP, self.naming),
EXP_INFO)
result = str(acl)
self.failUnless(['policy name=test-filter-policy assign=yes'], result,
'header')
self.naming.GetNetAddr.assert_called_once_with('PROD_NET')
self.naming.GetServiceByProto.assert_called_once_with('SMTP', 'tcp')
def testIcmp(self):
acl = windows_ipsec.WindowsIPSec(
policy.ParsePolicy(GOOD_HEADER + GOOD_TERM_ICMP, self.naming),
EXP_INFO)
result = str(acl)
self.failUnless([
'filterlist name=t_good-term-icmp-list',
'filteraction name=t_good-term-icmp-action action=permit',
'filter filterlist=t_good-term-icmp-list mirrored=yes srcaddr=any '
' dstaddr=any',
'rule name=t_good-term-icmp-rule policy=test-filter'
' filterlist=t_good-term-icmp-list'
' filteraction=t_good-term-icmp-action'
], result, 'good-term-icmp')
def testTcp(self):
self.naming.GetNetAddr('PROD_NET').AndReturn(
[nacaddr.IP('10.0.0.0/8')])
self.naming.GetServiceByProto('SMTP', 'tcp').AndReturn(['25'])
self.mox.ReplayAll()
acl = windows_ipsec.WindowsIPSec(
policy.ParsePolicy(GOOD_HEADER + GOOD_TERM_TCP, self.naming),
EXP_INFO)
result = str(acl)
self.failUnless([
'filteraction name=t_good-term-tcp-action action=permit',
'filter filterlist=t_good-term-tcp-list mirrored=yes srcaddr=any '
' dstaddr=10.0.0.0 dstmask=8 dstport=25',
'rule name=t_good-term-tcp-rule policy=test-filter'
' filterlist=t_good-term-tcp-list'
' filteraction=t_good-term-tcp-action'
], result, 'good-term-tcp')
def testMultiprotocol(self):
acl = windows_ipsec.WindowsIPSec(
policy.ParsePolicy(GOOD_HEADER + MULTIPLE_PROTOCOLS_TERM,
self.naming), EXP_INFO)
result = str(acl)
self.failUnless([
'filterlist name=t_multi-proto-list',
'filteraction name=t_multi-proto-action action=permit',
'filter filterlist=t_multi-proto-list mirrored=yes srcaddr=any '
' dstaddr=any protocol=tcp',
'filter filterlist=t_multi-proto-list mirrored=yes srcaddr=any '
' dstaddr=any protocol=udp',
'filter filterlist=t_multi-proto-list mirrored=yes srcaddr=any '
' dstaddr=any protocol=icmp',
'rule name=t_multi-proto-rule policy=test-filter'
' filterlist=t_multi-proto-list filteraction=t_multi-proto-action'
], result, 'multi-proto')
def testBadIcmp(self):
self.mox.ReplayAll()
acl = windows_ipsec.WindowsIPSec(
policy.ParsePolicy(GOOD_HEADER + BAD_TERM_ICMP, self.naming),
EXP_INFO)
self.assertRaises(aclgenerator.UnsupportedFilterError, str, acl)
