resources/test_data/honeycomb/ietf_acl.py

   1 # Copyright (c) 2016 Cisco and/or its affiliates.
   2 # Licensed under the Apache License, Version 2.0 (the "License");
   3 # you may not use this file except in compliance with the License.
   4 # You may obtain a copy of the License at:
   5 #
   6 #     http://www.apache.org/licenses/LICENSE-2.0
   7 #
   8 # Unless required by applicable law or agreed to in writing, software
   9 # distributed under the License is distributed on an "AS IS" BASIS,
  10 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  11 # See the License for the specific language governing permissions and
  12 # limitations under the License.
  13
  14 """Test variables for ietf-ACL test suite."""
  15
  16
  17 def get_variables(test_case, name):
  18     """Create and return a dictionary of test variables for the specified
  19     test case.
  20
  21     :param test_case: Determines which test variables to return.
  22     :param name: Name for the classify chain used in test.
  23     :type test_case: str
  24     :type name: str
  25
  26     :return: Dictionary of test variables - settings for Honeycomb's
  27     ietf-acl node and packet fields to use in verification.
  28     :rtype: dict
  29     """
  30
  31     test_case = test_case.lower()
  32     variables = {
  33         # Variables for control packet, should always pass through DUT
  34         "src_ip": "16.0.0.1",
  35         "dst_ip": "16.0.1.1",
  36         "dst_net": "16.0.1.0",
  37         "src_port": "1234",
  38         "dst_port": "1234",
  39         "src_mac": "01:02:03:04:05:06",
  40         "dst_mac": "10:20:30:40:50:60"}
  41
  42     test_vars = {
  43         "l2": {
  44             # MACs classified directly
  45             "classify_src": "12:23:34:45:56:67",
  46             "classify_dst": "89:9A:AB:BC:CD:DE",
  47             # MACs classified through mask
  48             "classify_src2": "01:02:03:04:56:67",
  49             "classify_dst2": "89:9A:AB:BC:50:60",
  50             "src_mask": "00:00:00:00:FF:FF",
  51             "dst_mask": "FF:FF:FF:FF:00:00"
  52         },
  53         "l3_ip4": {
  54             # IPs for DUT interface setup
  55             "dut_to_tg_if1_ip": "16.0.0.2",
  56             "dut_to_tg_if2_ip": "192.168.0.2",
  57             "gateway": "192.168.0.1",
  58             # classified networks
  59             "classify_src_net": "16.0.2.0",
  60             "classify_dst_net": "16.0.3.0",
  61             # IPs in classified networks
  62             "classify_src": "16.0.2.1",
  63             "classify_dst": "16.0.3.1",
  64             "prefix_length": 24
  65         },
  66         "l3_ip6": {
  67             # Override control packet addresses with IPv6
  68             "src_ip": "10::1",
  69             "dst_ip": "11::1",
  70             "dst_net": "11::",
  71             # IPs for DUT interface setup
  72             "dut_to_tg_if1_ip": "10::2",
  73             "dut_to_tg_if2_ip": "20::2",
  74             "gateway": "20::1",
  75             # classified networks
  76             "classify_src_net": "12::",
  77             "classify_dst_net": "13::",
  78             # IPs in classified networks
  79             "classify_src": "12::1",
  80             "classify_dst": "13::1",
  81             "prefix_length": 64
  82         }
  83     }
  84     acl_data = {
  85         # ACL configuration for L2 tests
  86         "l2": {
  87             "acl": [{
  88                 "acl-type":
  89                     "ietf-access-control-list:eth-acl",
  90                 "acl-name": name,
  91                 "access-list-entries": {"ace": [{
  92                     "rule-name": "rule1",
  93                     "matches": {
  94                         "source-mac-address":
  95                             test_vars["l2"]["classify_src"],
  96                         "source-mac-address-mask":
  97                             test_vars["l2"]["src_mask"],
  98                         "destination-mac-address":
  99                             test_vars["l2"]["classify_dst"],
 100                         "destination-mac-address-mask":
 101                             test_vars["l2"]["dst_mask"]
 102                     },
 103                     "actions": {
 104                         "deny": {}
 105                     }
 106                 }]}
 107             }]
 108         },
 109         # ACL configuration for L3 IPv4 tests
 110         "l3_ip4": {
 111             "acl": [{
 112                 "acl-type":
 113                     "ietf-access-control-list:ipv4-acl",
 114                 "acl-name": name,
 115                 "access-list-entries": {"ace": [{
 116                     "rule-name": "rule1",
 117                     "matches": {
 118                         "source-ipv4-network":
 119                             "{0}/{1}".format(
 120                                 test_vars["l3_ip4"]["classify_src_net"],
 121                                 test_vars["l3_ip4"]["prefix_length"]),
 122                         "destination-ipv4-network":
 123                             "{0}/{1}".format(
 124                                 test_vars["l3_ip4"]["classify_dst_net"],
 125                                 test_vars["l3_ip4"]["prefix_length"]),
 126                         "protocol": 17
 127                     },
 128                     "actions": {
 129                         "deny": {}
 130                     }
 131                 }]}
 132             }]
 133         },
 134         # ACL settings for L3 IPv6 tests
 135         "l3_ip6": {
 136             "acl": [{
 137                 "acl-type":
 138                     "ietf-access-control-list:ipv6-acl",
 139                 "acl-name": name,
 140                 "access-list-entries": {"ace": [{
 141                     "rule-name": "rule1",
 142                     "matches": {
 143                         "source-ipv6-network":
 144                             "{0}/{1}".format(
 145                                 test_vars["l3_ip6"]["classify_src_net"],
 146                                 test_vars["l3_ip6"]["prefix_length"]),
 147                         "destination-ipv6-network":
 148                             "{0}/{1}".format(
 149                                 test_vars["l3_ip6"]["classify_dst_net"],
 150                                 test_vars["l3_ip6"]["prefix_length"]),
 151                         "protocol": 17
 152                     },
 153                     "actions": {
 154                         "deny": {}
 155                     }
 156                 }]}
 157             }]
 158         }
 159     }
 160     try:
 161         variables.update(test_vars[test_case])
 162         variables.update(
 163             {"acl_settings": acl_data[test_case]}
 164         )
 165     except KeyError:
 166         raise Exception("Unrecognized test case {0}."
 167                         " Valid options are: {1}".format(
 168                             test_case, acl_data.keys()))
 169
 170     return variables