aaabfa49e23aede7de4e2051a8b8062a1fa7a020
[csit.git] / resources / test_data / honeycomb / ietf_acl.py
1 # Copyright (c) 2016 Cisco and/or its affiliates.
2 # Licensed under the Apache License, Version 2.0 (the "License");
3 # you may not use this file except in compliance with the License.
4 # You may obtain a copy of the License at:
5 #
6 #     http://www.apache.org/licenses/LICENSE-2.0
7 #
8 # Unless required by applicable law or agreed to in writing, software
9 # distributed under the License is distributed on an "AS IS" BASIS,
10 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11 # See the License for the specific language governing permissions and
12 # limitations under the License.
13
14 """Test variables for ietf-ACL test suite."""
15
16
17 def get_variables(test_case, name):
18     """Create and return a dictionary of test variables for the specified
19     test case.
20
21     :param test_case: Determines which test variables to return.
22     :param name: Name for the classify chain used in test.
23     :type test_case: str
24     :type name: str
25
26     :return: Dictionary of test variables - settings for Honeycomb's
27     ietf-acl node and packet fields to use in verification.
28     :rtype: dict
29     """
30
31     test_case = test_case.lower()
32     variables = {
33         # Variables for control packet, should always pass through DUT
34         "src_ip": "16.0.0.1",
35         "dst_ip": "16.0.1.1",
36         "dst_net": "16.0.1.0",
37         "src_port": "1234",
38         "dst_port": "1234",
39         "src_mac": "01:02:03:04:05:06",
40         "dst_mac": "10:20:30:40:50:60"}
41
42     test_vars = {
43         "l2": {
44             # MACs classified directly
45             "classify_src": "12:23:34:45:56:67",
46             "classify_dst": "89:9A:AB:BC:CD:DE",
47             # MACs classified through mask
48             "classify_src2": "01:02:03:04:56:67",
49             "classify_dst2": "89:9A:AB:BC:50:60",
50             "src_mask": "00:00:00:00:FF:FF",
51             "dst_mask": "FF:FF:FF:FF:00:00"
52         },
53         "l3_ip4": {
54             # IPs for DUT interface setup
55             "dut_to_tg_if1_ip": "16.0.0.2",
56             "dut_to_tg_if2_ip": "192.168.0.2",
57             "prefix_length": 24,
58             "gateway": "192.168.0.1",
59             # classified networks
60             "classify_src_net": "16.0.2.0",
61             "classify_dst_net": "16.0.3.0",
62             # IPs in classified networks
63             "classify_src": "16.0.2.1",
64             "classify_dst": "16.0.3.1",
65         },
66         "l3_ip6": {
67             # Override control packet addresses with IPv6
68             "src_ip": "10::1",
69             "dst_ip": "11::1",
70             "dst_net": "11::",
71             # IPs for DUT interface setup
72             "dut_to_tg_if1_ip": "10::2",
73             "dut_to_tg_if2_ip": "20::2",
74             "prefix_length": 64,
75             "gateway": "20::1",
76             # classified networks
77             "classify_src_net": "12::",
78             "classify_dst_net": "13::",
79             # IPs in classified networks
80             "classify_src": "12::1",
81             "classify_dst": "13::1",
82         },
83         "l4": {
84             # IPs for DUT interface and route setup
85             "dut_to_tg_if1_ip": "16.0.0.2",
86             "dut_to_tg_if2_ip": "192.168.0.2",
87             "prefix_length": 24,
88             "gateway": "192.168.0.1",
89             "classify_dst_net": "16.0.3.0",
90             # Ports in classified ranges
91             "classify_src": 1500,
92             "classify_dst": 2000,
93         },
94         "mixed": {
95             # IPs for DUT interface setup
96             "dut_to_tg_if1_ip": "16.0.0.2",
97             "dut_to_tg_if2_ip": "192.168.0.2",
98             "gateway": "192.168.0.1",
99             # classified networks
100             "classify_src_net": "16.0.2.0",
101             "classify_dst_net": "16.0.3.0",
102             # IPs in classified networks
103             "classify_src_ip": "16.0.2.1",
104             "classify_dst_ip": "16.0.3.1",
105             "prefix_length": 24,
106             # MACs classified through mask
107             "classify_src_mac": "01:02:03:04:56:67",
108             "classify_dst_mac": "89:9A:AB:BC:50:60",
109             "src_mask": "00:00:00:00:FF:FF",
110             "dst_mask": "FF:FF:FF:FF:00:00",
111             # classified ports
112             "classify_src_port": 1500,
113             "classify_dst_port": 2000,
114         },
115         "multirule": {
116             # MACs classified by first rule
117             "classify_src": "12:23:34:45:56:67",
118             "classify_dst": "89:9A:AB:BC:CD:DE",
119             # MACs classified by second rule
120             "classify_src2": "01:02:03:04:56:67",
121             "classify_dst2": "89:9A:AB:BC:50:60",
122             # MAC rule masks -  only match specific addresses
123             "src_mask": "FF:FF:FF:FF:FF:FF",
124             "dst_mask": "FF:FF:FF:FF:FF:FF",
125         }
126     }
127     acl_data = {
128         # ACL configuration for L2 tests
129         "l2": {
130             "acl": [{
131                 "acl-type":
132                     "ietf-access-control-list:eth-acl",
133                 "acl-name": name,
134                 "access-list-entries": {"ace": [{
135                     "rule-name": "rule1",
136                     "matches": {
137                         "source-mac-address":
138                             test_vars["l2"]["classify_src"],
139                         "source-mac-address-mask":
140                             test_vars["l2"]["src_mask"],
141                         "destination-mac-address":
142                             test_vars["l2"]["classify_dst"],
143                         "destination-mac-address-mask":
144                             test_vars["l2"]["dst_mask"]
145                     },
146                     "actions": {
147                         "deny": {}
148                     }
149                 }]}
150             }]
151         },
152         # ACL configuration for L3 IPv4 tests
153         "l3_ip4": {
154             "acl": [{
155                 "acl-type":
156                     "ietf-access-control-list:ipv4-acl",
157                 "acl-name": name,
158                 "access-list-entries": {"ace": [{
159                     "rule-name": "rule1",
160                     "matches": {
161                         "source-ipv4-network":
162                             "{0}/{1}".format(
163                                 test_vars["l3_ip4"]["classify_src_net"],
164                                 test_vars["l3_ip4"]["prefix_length"]),
165                         "destination-ipv4-network":
166                             "{0}/{1}".format(
167                                 test_vars["l3_ip4"]["classify_dst_net"],
168                                 test_vars["l3_ip4"]["prefix_length"]),
169                         "protocol": 17
170                     },
171                     "actions": {
172                         "deny": {}
173                     }
174                 }]}
175             }]
176         },
177         # ACL settings for L3 IPv6 tests
178         "l3_ip6": {
179             "acl": [{
180                 "acl-type":
181                     "ietf-access-control-list:ipv6-acl",
182                 "acl-name": name,
183                 "access-list-entries": {"ace": [{
184                     "rule-name": "rule1",
185                     "matches": {
186                         "source-ipv6-network":
187                             "{0}/{1}".format(
188                                 test_vars["l3_ip6"]["classify_src_net"],
189                                 test_vars["l3_ip6"]["prefix_length"]),
190                         "destination-ipv6-network":
191                             "{0}/{1}".format(
192                                 test_vars["l3_ip6"]["classify_dst_net"],
193                                 test_vars["l3_ip6"]["prefix_length"]),
194                         "protocol": 17
195                     },
196                     "actions": {
197                         "deny": {}
198                     }
199                 }]}
200             }]
201         },
202         # ACL configuration for L4 tests
203         "l4": {
204             "acl": [{
205                 "acl-type":
206                     "vpp-acl:mixed-acl",
207                 "acl-name": name,
208                 "access-list-entries": {"ace": [{
209                     "rule-name": "rule1",
210                     "matches": {
211                         "destination-ipv4-network": "0.0.0.0/0",
212                         "destination-port-range": {
213                             "lower-port": test_vars["l4"]["classify_dst"],
214                             "upper-port": test_vars["l4"]["classify_dst"] + 50
215                         },
216                         "source-port-range": {
217                             "lower-port": test_vars["l4"]["classify_src"],
218                             "upper-port": test_vars["l4"]["classify_src"] + 50
219                         }
220                     },
221                     "actions": {
222                         "deny": {}
223                     }
224                 }]}
225             }]
226         },
227         "mixed": {
228             "acl": [{
229                 "acl-type":
230                     "vpp-acl:mixed-acl",
231                 "acl-name": name,
232                 "access-list-entries": {"ace": [{
233                     "rule-name": "rule1",
234                     "matches": {
235                         "vpp-acl:source-mac-address":
236                             test_vars["mixed"]["classify_src_mac"],
237                         "vpp-acl:source-mac-address-mask":
238                             test_vars["mixed"]["src_mask"],
239                         "vpp-acl:destination-mac-address":
240                             test_vars["mixed"]["classify_dst_mac"],
241                         "vpp-acl:destination-mac-address-mask":
242                             test_vars["mixed"]["dst_mask"],
243                         "vpp-acl:source-ipv4-network":
244                             "{0}/{1}".format(
245                                 test_vars["mixed"]["classify_src_net"],
246                                 test_vars["mixed"]["prefix_length"]),
247                         "vpp-acl:destination-ipv4-network":
248                             "{0}/{1}".format(
249                                 test_vars["mixed"]["classify_dst_net"],
250                                 test_vars["mixed"]["prefix_length"]),
251                         "vpp-acl:protocol": 17,
252                         "vpp-acl:destination-port-range": {
253                             "lower-port": test_vars["l4"]["classify_dst"],
254                             "upper-port": test_vars["l4"]["classify_dst"] + 50
255                         },
256                         "vpp-acl:source-port-range": {
257                             "lower-port": test_vars["l4"]["classify_src"],
258                             "upper-port": test_vars["l4"]["classify_src"] + 50
259                         }
260                     },
261                     "actions": {
262                         "deny": {}
263                     }
264                 }]}
265             }]
266         },
267         "multirule": {
268             "acl": [{
269                 "acl-type":
270                     "ietf-access-control-list:eth-acl",
271                 "acl-name": name,
272                 "access-list-entries": {"ace": [
273                     {
274                         "rule-name": "rule1",
275                         "matches": {
276                             "source-mac-address":
277                                 test_vars["multirule"]["classify_src"],
278                             "source-mac-address-mask":
279                                 test_vars["multirule"]["src_mask"],
280                             "destination-mac-address":
281                                 test_vars["multirule"]["classify_dst"],
282                             "destination-mac-address-mask":
283                                 test_vars["multirule"]["dst_mask"]
284                         },
285                         "actions": {
286                             "deny": {}
287                         }
288                     },
289                     {
290                         "rule-name": "rule2",
291                         "matches": {
292                             "source-mac-address":
293                                 test_vars["multirule"]["classify_src2"],
294                             "source-mac-address-mask":
295                                 test_vars["multirule"]["src_mask"],
296                             "destination-mac-address":
297                                 test_vars["multirule"]["classify_dst2"],
298                             "destination-mac-address-mask":
299                                 test_vars["multirule"]["dst_mask"]
300                         },
301                         "actions": {
302                             "deny": {}
303                         }
304                     },
305                     {
306                         "rule-name": "rule3",
307                         "matches": {
308                             "source-mac-address":
309                                 variables["src_mac"],
310                             "source-mac-address-mask":
311                                 test_vars["multirule"]["src_mask"],
312                             "destination-mac-address":
313                                 variables["dst_mac"],
314                             "destination-mac-address-mask":
315                                 test_vars["multirule"]["dst_mask"]
316                         },
317                         "actions": {
318                             "permit": {}
319                         }
320                     }
321                 ]}
322             }]
323         }
324     }
325     try:
326         ret_vars = {}
327         ret_vars.update(variables)
328         ret_vars.update(test_vars[test_case])
329         ret_vars.update(
330             {"acl_settings": acl_data[test_case]}
331         )
332     except KeyError:
333         raise Exception("Unrecognized test case {0}."
334                         " Valid options are: {1}".format(
335                             test_case, acl_data.keys()))
336     return ret_vars