resources/test_data/honeycomb/ietf_acl.py

   1 # Copyright (c) 2016 Cisco and/or its affiliates.
   2 # Licensed under the Apache License, Version 2.0 (the "License");
   3 # you may not use this file except in compliance with the License.
   4 # You may obtain a copy of the License at:
   5 #
   6 #     http://www.apache.org/licenses/LICENSE-2.0
   7 #
   8 # Unless required by applicable law or agreed to in writing, software
   9 # distributed under the License is distributed on an "AS IS" BASIS,
  10 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  11 # See the License for the specific language governing permissions and
  12 # limitations under the License.
  13
  14 """Test variables for ietf-ACL test suite."""
  15
  16
  17 def get_variables(test_case, name):
  18     """Create and return a dictionary of test variables for the specified
  19     test case.
  20
  21     :param test_case: Determines which test variables to return.
  22     :param name: Name for the classify chain used in test.
  23     :type test_case: str
  24     :type name: str
  25
  26     :return: Dictionary of test variables - settings for Honeycomb's
  27     ietf-acl node and packet fields to use in verification.
  28     :rtype: dict
  29     """
  30
  31     test_case = test_case.lower()
  32     variables = {
  33         # Variables for control packet, should always pass through DUT
  34         "src_ip": "16.0.0.1",
  35         "dst_ip": "16.0.1.1",
  36         "dst_net": "16.0.1.0",
  37         "src_port": "1234",
  38         "dst_port": "1234",
  39         "src_mac": "01:02:03:04:05:06",
  40         "dst_mac": "10:20:30:40:50:60"}
  41
  42     test_vars = {
  43         "l2": {
  44             # MACs classified directly
  45             "classify_src": "12:23:34:45:56:67",
  46             "classify_dst": "89:9A:AB:BC:CD:DE",
  47             # MACs classified through mask
  48             "classify_src2": "01:02:03:04:56:67",
  49             "classify_dst2": "89:9A:AB:BC:50:60",
  50             "src_mask": "00:00:00:00:FF:FF",
  51             "dst_mask": "FF:FF:FF:FF:00:00"
  52         },
  53         "l3_ip4": {
  54             # IPs for DUT interface setup
  55             "dut_to_tg_if1_ip": "16.0.0.2",
  56             "dut_to_tg_if2_ip": "192.168.0.2",
  57             "gateway": "192.168.0.1",
  58             # classified networks
  59             "classify_src_net": "16.0.2.0",
  60             "classify_dst_net": "16.0.3.0",
  61             # IPs in classified networks
  62             "classify_src": "16.0.2.1",
  63             "classify_dst": "16.0.3.1",
  64             "prefix_length": 24
  65         },
  66         "l3_ip6": {
  67             # Override control packet addresses with IPv6
  68             "src_ip": "10::1",
  69             "dst_ip": "11::1",
  70             "dst_net": "11::",
  71             # IPs for DUT interface setup
  72             "dut_to_tg_if1_ip": "10::2",
  73             "dut_to_tg_if2_ip": "20::2",
  74             "gateway": "20::1",
  75             # classified networks
  76             "classify_src_net": "12::",
  77             "classify_dst_net": "13::",
  78             # IPs in classified networks
  79             "classify_src": "12::1",
  80             "classify_dst": "13::1",
  81             "prefix_length": 64
  82         },
  83         "mixed": {
  84             # IPs for DUT interface setup
  85             "dut_to_tg_if1_ip": "16.0.0.2",
  86             "dut_to_tg_if2_ip": "192.168.0.2",
  87             "gateway": "192.168.0.1",
  88             # classified networks
  89             "classify_src_net": "16.0.2.0",
  90             "classify_dst_net": "16.0.3.0",
  91             # IPs in classified networks
  92             "classify_src_ip": "16.0.2.1",
  93             "classify_dst_ip": "16.0.3.1",
  94             "prefix_length": 24,
  95             # MACs classified through mask
  96             "classify_src_mac": "01:02:03:04:56:67",
  97             "classify_dst_mac": "89:9A:AB:BC:50:60",
  98             "src_mask": "00:00:00:00:FF:FF",
  99             "dst_mask": "FF:FF:FF:FF:00:00"
 100         }
 101     }
 102     acl_data = {
 103         # ACL configuration for L2 tests
 104         "l2": {
 105             "acl": [{
 106                 "acl-type":
 107                     "ietf-access-control-list:eth-acl",
 108                 "acl-name": name,
 109                 "access-list-entries": {"ace": [{
 110                     "rule-name": "rule1",
 111                     "matches": {
 112                         "source-mac-address":
 113                             test_vars["l2"]["classify_src"],
 114                         "source-mac-address-mask":
 115                             test_vars["l2"]["src_mask"],
 116                         "destination-mac-address":
 117                             test_vars["l2"]["classify_dst"],
 118                         "destination-mac-address-mask":
 119                             test_vars["l2"]["dst_mask"]
 120                     },
 121                     "actions": {
 122                         "deny": {}
 123                     }
 124                 }]}
 125             }]
 126         },
 127         # ACL configuration for L3 IPv4 tests
 128         "l3_ip4": {
 129             "acl": [{
 130                 "acl-type":
 131                     "ietf-access-control-list:ipv4-acl",
 132                 "acl-name": name,
 133                 "access-list-entries": {"ace": [{
 134                     "rule-name": "rule1",
 135                     "matches": {
 136                         "source-ipv4-network":
 137                             "{0}/{1}".format(
 138                                 test_vars["l3_ip4"]["classify_src_net"],
 139                                 test_vars["l3_ip4"]["prefix_length"]),
 140                         "destination-ipv4-network":
 141                             "{0}/{1}".format(
 142                                 test_vars["l3_ip4"]["classify_dst_net"],
 143                                 test_vars["l3_ip4"]["prefix_length"]),
 144                         "protocol": 17
 145                     },
 146                     "actions": {
 147                         "deny": {}
 148                     }
 149                 }]}
 150             }]
 151         },
 152         # ACL settings for L3 IPv6 tests
 153         "l3_ip6": {
 154             "acl": [{
 155                 "acl-type":
 156                     "ietf-access-control-list:ipv6-acl",
 157                 "acl-name": name,
 158                 "access-list-entries": {"ace": [{
 159                     "rule-name": "rule1",
 160                     "matches": {
 161                         "source-ipv6-network":
 162                             "{0}/{1}".format(
 163                                 test_vars["l3_ip6"]["classify_src_net"],
 164                                 test_vars["l3_ip6"]["prefix_length"]),
 165                         "destination-ipv6-network":
 166                             "{0}/{1}".format(
 167                                 test_vars["l3_ip6"]["classify_dst_net"],
 168                                 test_vars["l3_ip6"]["prefix_length"]),
 169                         "protocol": 17
 170                     },
 171                     "actions": {
 172                         "deny": {}
 173                     }
 174                 }]}
 175             }]
 176         },
 177         "mixed": {
 178             "acl": [{
 179                 "acl-type":
 180                     "vpp-acl:mixed-acl",
 181                 "acl-name": name,
 182                 "access-list-entries": {"ace": [{
 183                     "rule-name": "rule1",
 184                     "matches": {
 185                         "vpp-acl:source-mac-address":
 186                             test_vars["mixed"]["classify_src_mac"],
 187                         "vpp-acl:source-mac-address-mask":
 188                             test_vars["mixed"]["src_mask"],
 189                         "vpp-acl:destination-mac-address":
 190                             test_vars["mixed"]["classify_dst_mac"],
 191                         "vpp-acl:destination-mac-address-mask":
 192                             test_vars["mixed"]["dst_mask"],
 193                         "vpp-acl:source-ipv4-network":
 194                             "{0}/{1}".format(
 195                                 test_vars["mixed"]["classify_src_net"],
 196                                 test_vars["mixed"]["prefix_length"]),
 197                         "vpp-acl:destination-ipv4-network":
 198                             "{0}/{1}".format(
 199                                 test_vars["mixed"]["classify_dst_net"],
 200                                 test_vars["mixed"]["prefix_length"]),
 201                         "vpp-acl:protocol": 17
 202                     },
 203                     "actions": {
 204                         "deny": {}
 205                     }
 206                 }]}
 207             }]
 208         }
 209     }
 210     try:
 211         variables.update(test_vars[test_case])
 212         variables.update(
 213             {"acl_settings": acl_data[test_case]}
 214         )
 215     except KeyError:
 216         raise Exception("Unrecognized test case {0}."
 217                         " Valid options are: {1}".format(
 218                             test_case, acl_data.keys()))
 219     return variables