def test_netixlan_diff(self): netix1 = NetworkIXLan.objects.create(network=self.net, ixlan=self.ixlan, status="ok", ipaddr4="195.69.146.250", ipaddr6="2001:7f8:1::a500:2906:1", asn=self.net.asn, speed=1000, is_rs_peer=True) netix2 = NetworkIXLan(network=self.net_2, status="ok", ipaddr4="195.69.146.250", ipaddr6="2001:7f8:1::a500:2906:2", asn=self.net_2.asn, speed=10000, is_rs_peer=False) result = self.ixlan.add_netixlan(netix2, save=False, save_others=False) self.assertEqual( sorted(result["changed"]), ['asn', 'ipaddr6', 'is_rs_peer', 'network_id', 'speed']) netix2.ipaddr4 = "195.69.146.251" netix2.ipaddr6 = netix1.ipaddr6 result = self.ixlan.add_netixlan(netix2, save=False, save_others=False) self.assertEqual( sorted(result["changed"]), ['asn', 'ipaddr4', 'is_rs_peer', 'network_id', 'speed'])
def parse_vlans(self, vlan_list, network, member, connection, speed): """ Parse the 'vlan_list' section of the ixf_schema Arguments: - vlan_list <list> - network <Network>: pdb network instance - member <dict>: row from ixf member_list - connection <dict>: row from ixf connection_list - speed <int>: interface speed """ asn = member["asnum"] for lan in vlan_list: ipv4_valid = False ipv6_valid = False ipv4 = lan.get("ipv4", {}) ipv6 = lan.get("ipv6", {}) # vlan entry has no ipaddresses set, log and ignore if not ipv4 and not ipv6: self.log_error(_("Could not find ipv4 or 6 address in " \ "vlan_list entry for vlan_id {} (AS{})").format( lan.get("vlan_id"), asn)) continue ipv4_addr = ipv4.get("address") ipv6_addr = ipv6.get("address") # parse and validate the ipaddresses attached to the vlan # append the ipaddresses to self.ipaddresses so we can # later check them to see which netixlans need to be # dropped during `process_deletions` try: if ipv4_addr: self.ipaddresses.append("{}-{}".format( asn, ipaddress.ip_address(unicode(ipv4_addr)))) if ipv6_addr: self.ipaddresses.append("{}-{}".format( asn, ipaddress.ip_address(unicode(ipv6_addr)))) except (ipaddress.AddressValueError, ValueError) as exc: self.log_error( _("Ip address error '{}' in vlan_list entry for vlan_id {}" ).format(exc, lan.get("vlan_id"))) continue netixlan_info = NetworkIXLan( ixlan=self.ixlan, network=network, ipaddr4=ipv4_addr, ipaddr6=ipv6_addr, speed=speed, asn=asn, is_rs_peer=(ipv4.get("routeserver", False) or \ ipv6.get("routeserver", False)) ) if not self.save and (not self.ixlan.test_ipv4_address(ipv4_addr) or not \ self.ixlan.test_ipv6_address(ipv6_addr)): #for the preview we don't care at all about new ip addresses #not at the ixlan if they dont match the prefix continue # if connection state is inactive we won't create or update if connection.get("state", "active") == "inactive": self.log_peer(asn, "noop", _("Connection is currently marked as inactive"), netixlan_info) continue # after this point we either add or modify the netixlan, so # now is a good time to check if the related network allows # such updates, bail if not if not network.allow_ixp_update: self.log_peer(asn, "noop", _("Network has disabled ixp updates"), netixlan_info) continue # add / modify the netixlan result = self.ixlan.add_netixlan(netixlan_info, save=self.save, save_others=self.save) if result["netixlan"] and result["changed"]: self.netixlans.append(result["netixlan"]) if result["created"]: action = "add" reason = _("New ip-address") else: action = "modify" reason = _("Fields changed: {}").format(", ".join( result.get("changed"))) self.log_peer(asn, action, reason, result["netixlan"]) elif result["netixlan"]: self.log_peer(asn, "noop", _("No changes"), result["netixlan"]) elif result["log"]: self.log_peer(asn, "ignore", "\n".join(result["log"]), netixlan_info)
def test_bypass_validation(): User = get_user_model() superuser = User.objects.create_user( username="******", password="******", email="su@localhost", is_superuser=True, ) user = User.objects.create_user(username="******", password="******", email="user@localhost") factory = RequestFactory() org = Organization.objects.create(name="Test org", status="ok") ix = InternetExchange.objects.create( name="Text exchange", status="ok", org=org, country="US", city="Some city", region_continent="North America", media="Ethernet", ) net = Network.objects.create(name="Text network", asn=12345, status="ok", org=org) # super user should bypass validation request = factory.get("/") request.user = superuser with current_request(request): validate_address_space("37.77.32.0/20") validate_address_space("131.72.77.240/28") validate_address_space("2403:c240::/32") validate_address_space("2001:504:0:2::/64") validate_info_prefixes4(500001) validate_info_prefixes6(500001) NetworkIXLan(speed=1, network=net, ixlan=ix.ixlan).clean() NetworkIXLan(speed=1000, network=net, ixlan=ix.ixlan).clean() validate_irr_as_set("ripe::as-foo:as123:as345:as678") # user should NOT bypass validation request = factory.get("/") request.user = user with current_request(request): with pytest.raises(ValidationError): validate_address_space("37.77.32.0/20") with pytest.raises(ValidationError): validate_address_space("131.72.77.240/28") with pytest.raises(ValidationError): validate_address_space("2403:c240::/32") with pytest.raises(ValidationError): validate_address_space("2001:504:0:2::/64") with pytest.raises(ValidationError): validate_info_prefixes4(500001) with pytest.raises(ValidationError): validate_info_prefixes6(500001) with pytest.raises(ValidationError): NetworkIXLan(speed=1, network=net, ixlan=ix.ixlan).clean() with pytest.raises(ValidationError): NetworkIXLan(speed=1000, network=net, ixlan=ix.ixlan).clean() with pytest.raises(ValidationError): validate_irr_as_set("ripe::as-foo:as123:as345:as678")