def test_smoke_test_generates_successfully_with_no_args(self):
aclgen.main([])
expected_output = """writing ./filters/sample_cisco_lab.acl
writing ./filters/sample_gce.gce
writing ./filters/sample_ipset
WARNING:root:WARNING: Term accept-traceroute in policy LOOPBACK is expired and will not be rendered.
writing ./filters/sample_juniper_loopback.jcl
writing ./filters/sample_multitarget.jcl
writing ./filters/sample_multitarget.acl
writing ./filters/sample_multitarget.ipt
writing ./filters/sample_multitarget.asa
writing ./filters/sample_multitarget.demo
writing ./filters/sample_multitarget.eacl
writing ./filters/sample_multitarget.bacl
writing ./filters/sample_multitarget.xacl
writing ./filters/sample_multitarget.jcl
writing ./filters/sample_multitarget.acl
writing ./filters/sample_multitarget.ipt
writing ./filters/sample_multitarget.asa
WARNING:root:WARNING: Term accept-traceroute in policy inet is expired and will not be rendered.
WARNING:root:WARNING: Action ['next'] in Term ratelimit-large-dns is not valid and will not be rendered.
writing ./filters/sample_nsxv.nsx
writing ./filters/sample_packetfilter.pf
writing ./filters/sample_speedway.ipt
writing ./filters/sample_speedway.ipt
writing ./filters/sample_speedway.ipt
writing ./filters/sample_srx.srx
22 filters rendered
"""
self.assertEquals(expected_output, self.iobuff.getvalue())
def test_smoke_test_generates_successfully(self, mock_writer):
args = [
'program', '--base_directory={0}'.format(self.policies_dir),
'--definitions_directory={0}'.format(self.defs_dir),
'--output_directory={0}'.format(self.output_dir)
]
aclgen.main(args)
expected = [
mock.call('./sample_cisco_lab.acl', mock.ANY),
mock.call('./sample_gce.gce', mock.ANY),
mock.call('./sample_ipset.ips', mock.ANY),
mock.call('./sample_juniper_loopback.jcl', mock.ANY),
mock.call('./sample_multitarget.acl', mock.ANY),
mock.call('./sample_multitarget.asa', mock.ANY),
mock.call('./sample_multitarget.bacl', mock.ANY),
mock.call('./sample_multitarget.eacl', mock.ANY),
mock.call('./sample_multitarget.ipt', mock.ANY),
mock.call('./sample_multitarget.jcl', mock.ANY),
mock.call('./sample_multitarget.xacl', mock.ANY),
mock.call('./sample_nsxv.nsx', mock.ANY),
mock.call('./sample_packetfilter.pf', mock.ANY),
mock.call('./sample_speedway.ipt', mock.ANY),
mock.call('./sample_srx.srx', mock.ANY),
mock.call('./sample_paloalto.xml', mock.ANY)
]
mock_writer.assert_has_calls(expected, any_order=True)
def test_generate_single_policy(self):
aclgen.main(['-p', 'policies/sample_cisco_lab.pol'])
expected_output = """writing ./filters/sample_cisco_lab.acl
1 filters rendered
"""
self.assertEquals(expected_output, self.iobuff.getvalue())
def test_smoke_test_generates_successfully(self, mock_writer):
args = [
'program',
'--base_directory={0}'.format(self.policies_dir),
'--definitions_directory={0}'.format(self.defs_dir),
'--output_directory={0}'.format(self.output_dir)
]
aclgen.main(args)
expected = [
mock.call('./sample_cisco_lab.acl', mock.ANY),
mock.call('./sample_gce.gce', mock.ANY),
mock.call('./sample_ipset.ips', mock.ANY),
mock.call('./sample_juniper_loopback.jcl', mock.ANY),
mock.call('./sample_multitarget.acl', mock.ANY),
mock.call('./sample_multitarget.asa', mock.ANY),
mock.call('./sample_multitarget.bacl', mock.ANY),
mock.call('./sample_multitarget.eacl', mock.ANY),
mock.call('./sample_multitarget.ipt', mock.ANY),
mock.call('./sample_multitarget.jcl', mock.ANY),
mock.call('./sample_multitarget.xacl', mock.ANY),
mock.call('./sample_nsxv.nsx', mock.ANY),
mock.call('./sample_packetfilter.pf', mock.ANY),
mock.call('./sample_speedway.ipt', mock.ANY),
mock.call('./sample_srx.srx', mock.ANY),
mock.call('./sample_paloalto.xml', mock.ANY)
]
mock_writer.assert_has_calls(expected, any_order=True)
def test_smoke_test_generates_successfully(self):
args = [
'program',
'--base_directory={0}'.format(self.policies_dir),
'--definitions_directory={0}'.format(self.defs_dir),
'--output_directory={0}'.format(self.output_dir)
]
aclgen.main(args)
expected_files = [
'sample_cisco_lab.acl',
'sample_gce.gce',
'sample_ipset.ips',
'sample_juniper_loopback.jcl',
'sample_multitarget.acl',
'sample_multitarget.asa',
'sample_multitarget.bacl',
'sample_multitarget.eacl',
'sample_multitarget.ipt',
'sample_multitarget.jcl',
'sample_multitarget.xacl',
'sample_nsxv.nsx',
'sample_packetfilter.pf',
'sample_speedway.ipt',
'sample_srx.srx',
'sample_paloalto.xml'
]
def makeoutput(f):
return 'writing file: {0}'.format(os.path.join(self.output_dir, f))
actual_output = self.iobuff.getvalue().split('\n')
for expected_output in map(makeoutput, expected_files):
self.assertTrue(expected_output in actual_output)
self.assertTrue('writing 16 files to disk...' in actual_output)
def test_smoke_test_generates_successfully(self):
args = [
'program',
'--base_directory={0}'.format(self.policies_dir),
'--definitions_directory={0}'.format(self.defs_dir),
'--output_directory={0}'.format(self.output_dir)
]
aclgen.main(args)
expected_files = [
'sample_cisco_lab.acl',
'sample_gce.gce',
'sample_ipset.ips',
'sample_juniper_loopback.jcl',
'sample_multitarget.acl',
'sample_multitarget.asa',
'sample_multitarget.bacl',
'sample_multitarget.eacl',
'sample_multitarget.ipt',
'sample_multitarget.jcl',
'sample_multitarget.xacl',
'sample_nsxv.nsx',
'sample_packetfilter.pf',
'sample_speedway.ipt',
'sample_srx.srx'
]
def makeoutput(f):
return 'writing file: {0}'.format(os.path.join(self.output_dir, f))
actual_output = self.iobuff.getvalue().split('\n')
for expected_output in map(makeoutput, expected_files):
self.assertTrue(expected_output in actual_output)
self.assertTrue('writing 15 files to disk...' in actual_output)
def test_generate_single_policy(self, mock_writer):
args = [
'program',
'--policy_file={0}'.format(os.path.join(self.policies_dir,
'pol', 'sample_cisco_lab.pol')),
'--definitions_directory={0}'.format(self.defs_dir),
'--output_directory={0}'.format(self.output_dir)
]
aclgen.main(args)
mock_writer.assert_called_with('./sample_cisco_lab.acl', mock.ANY)
def test_generate_single_policy(self, mock_writer):
args = [
'program', '--policy_file={0}'.format(
os.path.join(self.policies_dir, 'pol',
'sample_cisco_lab.pol')),
'--definitions_directory={0}'.format(self.defs_dir),
'--output_directory={0}'.format(self.output_dir)
]
aclgen.main(args)
mock_writer.assert_called_with('./sample_cisco_lab.acl', mock.ANY)
def test_missing_defs_folder_raises_error(self):
unused_def_dir, pol_dir, unused_expected_dir = map(
self.dirpath, ('def', 'policies', 'filters_expected'))
args = [
'program', '--base_directory={0}'.format(pol_dir),
'--definitions_directory=/some_missing_dir/',
'--output_directory={0}'.format(self.output_dir)
]
with self.assertRaises(SystemExit) as cm:
aclgen.main(args)
self.assertEqual(cm.exception.code, 1)
self.assertTrue('bad definitions directory' in self.iobuff.getvalue())
def test_missing_defs_folder_raises_error(self, mock_naming, mock_error):
mock_naming.side_effect = naming.NoDefinitionsError()
args = [
'program', '--base_directory={0}'.format(self.policies_dir),
'--definitions_directory=/some_missing_dir/',
'--output_directory={0}'.format(self.output_dir)
]
with self.assertRaises(SystemExit) as cm:
aclgen.main(args)
self.assertEqual(cm.exception.code, 1)
self.assertTrue(mock_error.called)
mock_error.assert_called_with(
((u'bad definitions directory: %s', u'/some_missing_dir/')))
def test_missing_defs_folder_raises_error(self, mock_naming, mock_error):
mock_naming.side_effect = naming.NoDefinitionsError()
args = [
'program',
'--base_directory={0}'.format(self.policies_dir),
'--definitions_directory=/some_missing_dir/',
'--output_directory={0}'.format(self.output_dir)
]
with self.assertRaises(SystemExit) as cm:
aclgen.main(args)
self.assertEqual(cm.exception.code, 1)
self.assertTrue(mock_error.called)
mock_error.assert_called_with(((u'bad definitions directory: %s',
u'/some_missing_dir/')))
def test_missing_defs_folder_raises_error(self):
unused_def_dir, pol_dir, unused_expected_dir = map(
self.dirpath, ('def', 'policies', 'filters_expected'))
args = [
'program', '--base_directory={0}'.format(pol_dir),
'--definitions_directory=/some_missing_dir/',
'--output_directory={0}'.format(self.output_dir)
]
aclgen.main(args)
# NOTE that the code still continues work, even if a bad directory
# was passed in.
# TODO(jzohrab): verify this behaviour.
self.assertTrue('bad definitions directory' in self.iobuff.getvalue())
def test_missing_defs_folder_raises_error(self):
unused_def_dir, pol_dir, unused_expected_dir = map(
self.dirpath, ('def', 'policies', 'filters_expected'))
args = [
'program',
'--base_directory={0}'.format(pol_dir),
'--definitions_directory=/some_missing_dir/',
'--output_directory={0}'.format(self.output_dir)
]
aclgen.main(args)
# NOTE that the code still continues work, even if a bad directory
# was passed in.
# TODO(jzohrab): verify this behaviour.
self.assertTrue('bad definitions directory' in self.iobuff.getvalue())
def test_generate_single_policy(self):
args = [
'program',
'--policy_file={0}'.format(os.path.join(self.policies_dir,
'pol', 'sample_cisco_lab.pol')),
'--definitions_directory={0}'.format(self.defs_dir),
'--output_directory={0}'.format(self.output_dir)
]
aclgen.main(args)
actual_output = self.iobuff.getvalue()
expected_outputs = [
'rendering one file',
os.path.join(self.output_dir, 'sample_cisco_lab.acl')
]
for s in expected_outputs:
self.assertTrue(s in actual_output)
def test_characterization(self):
def_dir, pol_dir, expected_dir = map(
self.dirpath, ('def', 'policies', 'filters_expected'))
args = [
'program', '--base_directory={0}'.format(pol_dir),
'--definitions_directory={0}'.format(def_dir),
'--output_directory={0}'.format(self.output_dir)
]
aclgen.main(args)
dircmp = filecmp.dircmp(self.output_dir, expected_dir)
self.assertEquals([], dircmp.left_only,
'missing {0} in filters_expected'.format(
dircmp.left_only))
self.assertEquals([], dircmp.right_only,
'missing {0} in filters_actual'.format(
dircmp.right_only))
self.assertEquals([], dircmp.diff_files)
def test_generate_single_policy(self):
args = [
'program',
'--policy_file={0}'.format(os.path.join(self.policies_dir,
'pol', 'sample_cisco_lab.pol')),
'--definitions_directory={0}'.format(self.defs_dir),
'--output_directory={0}'.format(self.output_dir)
]
aclgen.main(args)
actual_output = self.iobuff.getvalue()
expected_outputs = [
'rendering one file',
os.path.join(self.output_dir, 'sample_cisco_lab.acl')
]
for s in expected_outputs:
self.assertTrue(s in actual_output)
def test_characterization(self):
def_dir, pol_dir, expected_dir = map(
self.dirpath, ('def', 'policies', 'filters_expected'))
args = [
'program',
'--base_directory={0}'.format(pol_dir),
'--definitions_directory={0}'.format(def_dir),
'--output_directory={0}'.format(self.output_dir)
]
aclgen.main(args)
dircmp = filecmp.dircmp(self.output_dir, expected_dir)
self.assertEquals(
[],
dircmp.left_only,
'missing {0} in filters_expected'.format(dircmp.left_only))
self.assertEquals(
[],
dircmp.right_only,
'missing {0} in filters_actual'.format(dircmp.right_only))
self.assertEquals([], dircmp.diff_files)
