def __init__(self, network_name):
BasePolicyDriver.__init__(self)
if not validate_characters(network_name):
raise ValueError("Invalid characters detected in the given network "
"name, %s. Only letters a-z, numbers 0-9, and "
"symbols _.- are supported.", network_name)
self.profile_name = network_name
def validate_arguments(arguments):
"""
Validate argument values:
<PROFILES>
Arguments not validated:
<HOSTNAME>
<ORCHESTRATOR_ID>
<WORKLOAD_ID>
<ENDPOINT_ID>
:param arguments: Docopt processed arguments
"""
# Validate Profiles
profile_ok = True
profiles = arguments.get("<PROFILES>")
if profiles is not None:
for profile in profiles:
profile_ok = validate_characters(profile)
if not profile_ok:
print_paragraph("Profile names must be < 40 character long and can "
"only contain numbers, letters, dots, dashes and "
"underscores.")
sys.exit(1)
def validate_arguments(arguments):
"""
Validate argument values:
<PROFILES>
Arguments not validated:
<HOSTNAME>
<ORCHESTRATOR_ID>
<WORKLOAD_ID>
<ENDPOINT_ID>
:param arguments: Docopt processed arguments
"""
# Validate Profiles
profile_ok = True
profiles = arguments.get("<PROFILES>")
if profiles is not None:
for profile in profiles:
profile_ok = validate_characters(profile)
if not profile_ok:
print_paragraph("Profile names must be < 40 character long and can "
"only contain numbers, letters, dots, dashes and "
"underscores.")
sys.exit(1)
def test_validate_characters(self, input_string, expected_result):
"""
Test validate_characters function
"""
# Call method under test
test_result = util.validate_characters(input_string)
# Assert expected result
self.assertEqual(expected_result, test_result)
def test_validate_characters(self, input_string, expected_result):
"""
Test validate_characters function
"""
with patch('sys.exit', autospec=True) as m_sys_exit:
# Call method under test
test_result = validate_characters(input_string)
# Assert expected result
self.assertEqual(expected_result, test_result)
def test_validate_characters(self, input_string, expected_result):
"""
Test validate_characters function
"""
with patch('sys.exit', autospec=True) as m_sys_exit:
# Call method under test
test_result = validate_characters(input_string)
# Assert expected result
self.assertEqual(expected_result, test_result)
def __init__(self, network_name):
self._client = DatastoreClient()
"""
DatastoreClient for access to the Calico datastore.
"""
self.profile_name = network_name
"""
Name of profile for attach to endpoint.
"""
# Validate the given network name to make sure it is compatible with
# Calico policy.
if not validate_characters(network_name):
raise ValueError("Invalid characters detected in the given network "
"name, %s. Only letters a-z, numbers 0-9, and "
"symbols _.- are supported.", network_name)
def __setitem__(self, key, value):
if key not in Rule.ALLOWED_KEYS:
raise KeyError("Key %s is not allowed on Rule." % key)
# Convert any CIDR strings to netaddr before inserting them.
if key in ("src_net", "dst_net"):
value = IPNetwork(value)
if key == "action" and value not in ("allow", "deny"):
raise ValueError("'%s' is not allowed for key 'action'" % value)
if key == "protocol" and value not in ("tcp", "udp", "icmp", None):
raise ValueError("'%s' is not allowed for key 'protocol'" % value)
if key in ("src_tag", "dst_tag") and not validate_characters(value):
raise ValueError("'%s' is not allowed for key '%s'" % (value, key))
if key in ("src_ports", "dst_ports") and not validate_ports(value):
raise ValueError("'%s' is not allowed for key '%s'" % (value, key))
if key in ("icmp_type", "icmp_code") and not validate_icmp_type(value):
raise ValueError("'%s' is not allowed for key '%s'" % (value, key))
super(Rule, self).__setitem__(key, value)
def __setitem__(self, key, value):
if key not in Rule.ALLOWED_KEYS:
raise KeyError("Key %s is not allowed on Rule." % key)
# Convert any CIDR strings to netaddr before inserting them.
if key in ("src_net", "dst_net"):
value = IPNetwork(value)
if key == "action" and value not in ("allow", "deny"):
raise ValueError("'%s' is not allowed for key 'action'" % value)
if key == "protocol" and value not in ("tcp", "udp", "icmp", None):
raise ValueError("'%s' is not allowed for key 'protocol'" % value)
if key in ("src_tag", "dst_tag") and not validate_characters(value):
raise ValueError("'%s' is not allowed for key '%s'" % (value, key))
if key in ("src_ports", "dst_ports") and not validate_ports(value):
raise ValueError("'%s' is not allowed for key '%s'" % (value, key))
if key in ("icmp_type", "icmp_code") and not validate_icmp_type(value):
raise ValueError("'%s' is not allowed for key '%s'" % (value, key))
super(Rule, self).__setitem__(key, value)
def __init__(self, network_name):
self._client = DatastoreClient()
"""
DatastoreClient for access to the Calico datastore.
"""
self.profile_name = network_name
"""
Name of profile for attach to endpoint.
"""
# Validate the given network name to make sure it is compatible with
# Calico policy.
if not validate_characters(network_name):
raise ValueError(
"Invalid characters detected in the given network "
"name, %s. Only letters a-z, numbers 0-9, and "
"symbols _.- are supported.", network_name)
def validate_arguments(arguments):
"""
Validate argument values:
<PROFILE>
<SRCTAG>
<SRCCIDR>
<DSTTAG>
<DSTCIDR>
<ICMPTYPE>
<ICMPCODE>
<SRCPORTS>
<DSTPORTS>
Arguments not validated:
<POSITION>
:param arguments: Docopt processed arguments
"""
# Validate Profiles
profile_ok = True
if arguments.get("<PROFILE>") is not None:
profile = arguments.get("<PROFILE>")
profile_ok = validate_characters(profile)
# Validate tags
tag_src_ok = (arguments.get("<SRCTAG>") is None
or validate_characters(arguments["<SRCTAG>"]))
tag_dst_ok = (arguments.get("<DSTTAG>") is None
or validate_characters(arguments["<DSTTAG>"]))
# Validate IPs
cidr_ok = True
cidr_list = []
for arg in ["<SRCCIDR>", "<DSTCIDR>"]:
if arguments.get(arg) is not None:
cidr_list.append(arguments[arg])
cidr_ok = validate_cidr(arguments[arg])
if not cidr_ok:
break
icmp_ok = True
for arg in ["<ICMPCODE>", "<ICMPTYPE>"]:
if arguments.get(arg) is not None:
icmp_ok = validate_icmp_type(arguments[arg])
if not icmp_ok:
break
ports_ok = True
for arg in ["<SRCPORTS>", "<DSTPORTS>"]:
if arguments.get(arg) is not None:
ports_ok = validate_ports(arguments[arg])
if not ports_ok:
break
cidr_versions_ok = True
if cidr_list:
ip_version = None
if arguments.get("icmp"):
ip_version = 4
elif arguments.get("icmpv6"):
ip_version = 6
cidr_versions_ok = validate_cidr_versions(cidr_list,
ip_version=ip_version)
# Print error message
if not profile_ok:
print_paragraph("Profile names must be < 40 character long and can "
"only contain numbers, letters, dots, dashes and "
"underscores.")
if not (tag_src_ok and tag_dst_ok):
print_paragraph("Tags names can only contain numbers, letters, dots, "
"dashes and underscores.")
if not cidr_ok:
print "Invalid CIDR specified."
if not icmp_ok:
print "Invalid ICMP type or ICMP code specified."
if not ports_ok:
print "Invalid SRCPORTS or DSTPORTS specified."
if not cidr_versions_ok:
print "Invalid or unmatching IP versions for SRCCIDR/DSTCIDR."
# Exit if not valid
if not (profile_ok and tag_src_ok and tag_dst_ok and cidr_ok and icmp_ok
and ports_ok and cidr_versions_ok):
sys.exit(1)
def validate_arguments(arguments):
"""
Validate argument values:
<PROFILE>
<SRCTAG>
<SRCCIDR>
<DSTTAG>
<DSTCIDR>
<ICMPTYPE>
<ICMPCODE>
<SRCPORTS>
<DSTPORTS>
Arguments not validated:
<POSITION>
:param arguments: Docopt processed arguments
"""
# Validate Profiles
profile_ok = True
if arguments.get("<PROFILE>") is not None:
profile = arguments.get("<PROFILE>")
profile_ok = validate_characters(profile)
# Validate tags
tag_src_ok = (arguments.get("<SRCTAG>") is None or
validate_characters(arguments["<SRCTAG>"]))
tag_dst_ok = (arguments.get("<DSTTAG>") is None or
validate_characters(arguments["<DSTTAG>"]))
# Validate IPs
cidr_ok = True
for arg in ["<SRCCIDR>", "<DSTCIDR>"]:
if arguments.get(arg) is not None:
cidr_ok = validate_cidr(arguments[arg])
if not cidr_ok:
break
icmp_ok = True
for arg in ["<ICMPCODE>", "<ICMPTYPE>"]:
if arguments.get(arg) is not None:
icmp_ok = validate_icmp_type(arguments[arg])
if not icmp_ok:
break
ports_ok = True
for arg in ["<SRCPORTS>", "<DSTPORTS>"]:
if arguments.get(arg) is not None:
ports_ok = validate_ports(arguments[arg])
if not ports_ok:
break
# Print error message
if not profile_ok:
print_paragraph("Profile names must be < 40 character long and can "
"only contain numbers, letters, dots, dashes and "
"underscores.")
if not (tag_src_ok and tag_dst_ok):
print_paragraph("Tags names can only contain numbers, letters, dots, "
"dashes and underscores.")
if not cidr_ok:
print "Invalid CIDR specified."
if not icmp_ok:
print "Invalid ICMP type or ICMP code specified."
if not ports_ok:
print "Invalid SRCPORTS or DSTPORTS specified."
# Exit if not valid
if not (profile_ok and tag_src_ok and tag_dst_ok
and cidr_ok and icmp_ok and ports_ok):
sys.exit(1)
