Code Review / csit.git / blob
? search:


6bd673d8b081ce2c761f48b9fcee9c8de84b0855
[csit.git] / resources / test_data / honeycomb / plugin_acl.py
1 # Copyright (c) 2017 Cisco and/or its affiliates.
2 # Licensed under the Apache License, Version 2.0 (the "License");
3 # you may not use this file except in compliance with the License.
4 # You may obtain a copy of the License at:
5 #
6 #     http://www.apache.org/licenses/LICENSE-2.0
7 #
8 # Unless required by applicable law or agreed to in writing, software
9 # distributed under the License is distributed on an "AS IS" BASIS,
10 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11 # See the License for the specific language governing permissions and
12 # limitations under the License.
13
14 """Test variables for ACL-plugin test suite."""
15
16
17 def get_variables(test_case, name):
18     """Create and return a dictionary of test variables for the specified
19     test case.
20
21     :param test_case: Determines which test variables to return.
22     :param name: Name for the classify chain used in test.
23     :type test_case: str
24     :type name: str
25
26     :returns: Dictionary of test variables - settings for Honeycomb's
27     ietf-acl node and packet fields to use in verification.
28     :rtype: dict
29     :raises KeyError: If the test_case parameter is incorrect.
30     """
31
32     test_case = test_case.lower()
33     variables = {
34         # Variables for control packet
35         "src_ip": "16.0.0.1",
36         "dst_ip": "16.0.1.1",
37         "src_net": "16.0.0.0",
38         "dst_net": "16.0.1.0",
39         "src_port": "1234",
40         "dst_port": "1234",
41         "src_mac": "01:02:03:04:05:06",
42         "dst_mac": "10:20:30:40:50:60"}
43
44     test_vars = {
45         "macip": {
46             # MACs classified directly
47             "classify_src": "12:23:34:45:56:67",
48             "classify_dst": "89:9A:AB:BC:CD:DE",
49             # MACs classified through mask
50             "classify_src2": "01:02:03:04:56:67",
51             "classify_dst2": "89:9A:AB:BC:50:60",
52             "src_mask": "00:00:00:00:FF:FF",
53             "dst_mask": "FF:FF:FF:FF:00:00"
54         },
55         "l3_ip4": {
56             # IPs for DUT interface setup
57             "dut_to_tg_if1_ip": "16.0.0.2",
58             "dut_to_tg_if2_ip": "192.168.0.2",
59             "prefix_length": 24,
60             "gateway": "192.168.0.1",
61             # classified networks
62             "classify_src_net": "16.0.2.0",
63             "classify_dst_net": "16.0.3.0",
64             # IPs in classified networks
65             "classify_src": "16.0.2.1",
66             "classify_dst": "16.0.3.1",
67         },
68         "l3_ip6": {
69             # Override control packet addresses with IPv6
70             "src_ip": "10::1",
71             "dst_ip": "11::1",
72             "dst_net": "11::",
73             # IPs for DUT interface setup
74             "dut_to_tg_if1_ip": "10::2",
75             "dut_to_tg_if2_ip": "20::2",
76             "prefix_length": 64,
77             "gateway": "20::1",
78             # classified networks
79             "classify_src_net": "12::",
80             "classify_dst_net": "13::",
81             # IPs in classified networks
82             "classify_src": "12::1",
83             "classify_dst": "13::1",
84         },
85         "l4": {
86             # IPs for DUT interface and route setup
87             "dut_to_tg_if1_ip": "16.0.0.2",
88             "dut_to_tg_if2_ip": "192.168.0.2",
89             "prefix_length": 24,
90             "gateway": "192.168.0.1",
91             "classify_dst_net": "16.0.3.0",
92             # Ports in classified ranges
93             "classify_src": 60000,
94             "classify_dst": 61000,
95         },
96         "mixed": {
97             # IPs for DUT interface and route setup
98             "dut_to_tg_if1_ip": "16.0.0.2",
99             "dut_to_tg_if2_ip": "192.168.0.2",
100             "prefix_length": 24,
101             "gateway": "192.168.0.1",
102             "classify_dst_net": "16.0.3.0",
103             # IPs in classified networks
104             "classify_src_ip": "16.0.2.1",
105             "classify_dst_ip": "16.0.3.1",
106             # Ports in classified ranges
107             "classify_src_port": 60000,
108             "classify_dst_port": 61000,
109         },
110         "icmp": {
111             # ICMP code and type for control packet
112             "icmp_type": 0,
113             "icmp_code": 0,
114             # classified ICMP code and type
115             "classify_type": 3,
116             "classify_code": 3
117
118         },
119         "icmpv6": {
120             # Override control packet addresses with IPv6
121             "src_ip": "10::1",
122             "dst_ip": "11::1",
123             "dst_net": "11::",
124             # ICMP code and type for control packet
125             "icmp_type": 1,
126             "icmp_code": 0,
127             # classified ICMP code and type
128             "classify_type": 4,
129             "classify_code": 2
130
131         },
132         "reflex": {
133             # IPs for DUT interface setup
134             "dut_to_tg_if1_ip": "16.0.0.2",
135             "dut_to_tg_if2_ip": "192.168.0.2",
136             "prefix_length": 24,
137             "gateway": "192.168.0.1",
138             "gateway2": "192.168.0.1",
139             # classified networks
140             "classify_src_net": "16.0.2.0",
141             "classify_dst_net": "16.0.3.0",
142             # IPs in classified networks
143             "classify_src": "16.0.2.1",
144             "classify_dst": "16.0.3.1",
145         },
146         "block_all": {}
147     }
148     acl_data = {
149         # ACL configuration for L2 tests
150         "macip": {
151             "acl": [{
152                 "acl-type":
153                     "vpp-acl:vpp-macip-acl",
154                 "acl-name": name,
155                 "access-list-entries": {"ace": [
156                     {
157                         "rule-name": "rule1",
158                         "matches": {
159                             "vpp-macip-ace-nodes": {
160                                 "source-mac-address":
161                                     test_vars["macip"]["classify_src"],
162                                 "source-mac-address-mask":
163                                     test_vars["macip"]["src_mask"],
164                                 "source-ipv4-network": "16.0.0.0/24"
165                             }
166                         },
167                         "actions": {
168                             "deny": {}
169                         }
170                     },
171                     {
172                         "rule-name": "rule_all",
173                         "matches": {
174                             "vpp-macip-ace-nodes": {
175                                 "source-mac-address":
176                                     test_vars["macip"]["classify_src"],
177                                 "source-mac-address-mask": "00:00:00:00:00:00",
178                                 "source-ipv4-network": "0.0.0.0/0"
179                             }
180                         },
181                         "actions": {
182                             "permit": {}
183                         }
184                     },
185                 ]}
186             }]
187         },
188         # ACL configuration for L3 IPv4 tests
189         "l3_ip4": {
190             "acl": [{
191                 "acl-type":
192                     "vpp-acl:vpp-acl",
193                 "acl-name": name,
194                 "access-list-entries": {"ace": [
195                     {
196                         "rule-name": "rule1",
197                         "matches": {
198                             "vpp-ace-nodes": {
199                                 "source-ipv4-network":
200                                     "{0}/{1}".format(
201                                         test_vars["l3_ip4"]["classify_src_net"],
202                                         test_vars["l3_ip4"]["prefix_length"]),
203                                 "destination-ipv4-network":
204                                     "{0}/{1}".format(
205                                         test_vars["l3_ip4"]["classify_dst_net"],
206                                         test_vars["l3_ip4"]["prefix_length"]),
207                                 "udp-nodes": {
208                                     "source-port-range": {
209                                         "lower-port": "0",
210                                         "upper-port": "65535"
211                                     },
212                                     "destination-port-range": {
213                                         "lower-port": "0",
214                                         "upper-port": "65535"
215                                     }
216                                 }
217                             }
218                         },
219                         "actions": {
220                             "deny": {}
221                         },
222                     },
223                     {
224                         "rule-name": "rule_all",
225                         "matches": {
226                             "vpp-ace-nodes": {
227                                 "source-ipv4-network": "0.0.0.0/0",
228                                 "destination-ipv4-network": "0.0.0.0/0",
229                             }
230                         },
231                         "actions": {
232                             "permit": {}
233                         }
234                     }
235                 ]}
236             }]
237         },
238         # ACL settings for L3 IPv6 tests
239         "l3_ip6": {
240             "acl": [{
241                 "acl-type":
242                     "vpp-acl:vpp-acl",
243                 "acl-name": name,
244                 "access-list-entries": {"ace": [
245                     {
246                         "rule-name": "rule1",
247                         "matches": {
248                             "vpp-ace-nodes": {
249                                 "source-ipv6-network":
250                                     "{0}/{1}".format(
251                                         test_vars["l3_ip6"]["classify_src_net"],
252                                         test_vars["l3_ip6"]["prefix_length"]),
253                                 "destination-ipv6-network":
254                                     "{0}/{1}".format(
255                                         test_vars["l3_ip6"]["classify_dst_net"],
256                                         test_vars["l3_ip6"]["prefix_length"]),
257                                 "udp-nodes": {
258                                     "source-port-range": {
259                                         "lower-port": "0",
260                                         "upper-port": "65535"
261                                     },
262                                     "destination-port-range": {
263                                         "lower-port": "0",
264                                         "upper-port": "65535"
265                                     }
266                                 }
267                             }
268                         },
269                         "actions": {
270                             "deny": {}
271                         }
272                     },
273                     {
274                         "rule-name": "rule_all",
275                         "matches": {
276                             "vpp-ace-nodes": {
277                                 "source-ipv6-network": "0::0/0",
278                                 "destination-ipv6-network": "0::0/0",
279                             }
280                         },
281                         "actions": {
282                             "permit": {}
283                         }
284                     }
285                 ]}
286             }]
287         },
288         # ACL configuration for L4 tests
289         "l4": {
290             "acl": [{
291                 "acl-type":
292                     "vpp-acl:vpp-acl",
293                 "acl-name": name,
294                 "access-list-entries": {"ace": [{
295                     "rule-name": "rule1",
296                     "matches": {
297                         "vpp-ace-nodes": {
298                             "tcp-nodes": {
299                                 "destination-port-range": {
300                                     "lower-port":
301                                         test_vars["l4"]["classify_dst"],
302                                     "upper-port":
303                                         test_vars["l4"]["classify_dst"] + 10
304                                 },
305                                 "source-port-range": {
306                                     "lower-port":
307                                         test_vars["l4"]["classify_src"],
308                                     "upper-port":
309                                         test_vars["l4"]["classify_src"] + 10
310                                 }
311                             }
312                         }
313                     },
314                     "actions": {
315                         "deny": {}
316                     },
317                 },
318                     {
319                         "rule-name": "rule_all",
320                         "matches": {
321                             "vpp-ace-nodes": {
322                                 "source-ipv4-network": "0.0.0.0/0",
323                                 "destination-ipv4-network": "0.0.0.0/0",
324                             }
325                         },
326                         "actions": {
327                             "permit": {}
328                         }
329                     }
330                 ]}
331             }]
332         },
333         "mixed": {
334             "acl": [{
335                 "acl-type":
336                     "vpp-acl:vpp-acl",
337                 "acl-name": name,
338                 "access-list-entries": {"ace": [{
339                     "rule-name": "ports",
340                     "matches": {
341                         "vpp-ace-nodes": {
342                             "tcp-nodes": {
343                                 "destination-port-range": {
344                                     "lower-port":
345                                         test_vars["l4"]["classify_dst"],
346                                     "upper-port":
347                                         test_vars["l4"]["classify_dst"] + 10
348                                 },
349                                 "source-port-range": {
350                                     "lower-port":
351                                         test_vars["l4"]["classify_src"],
352                                     "upper-port":
353                                         test_vars["l4"]["classify_src"] + 10
354                                 }
355                             }
356                         }
357                     },
358                     "actions": {
359                         "deny": {}
360                     },
361                 },
362                     {
363                         "rule-name": "rule_all",
364                         "matches": {
365                             "vpp-ace-nodes": {
366                                 "source-ipv4-network": "0.0.0.0/0",
367                                 "destination-ipv4-network": "0.0.0.0/0",
368                             }
369                         },
370                         "actions": {
371                             "permit": {}
372                         }
373                     }
374                 ]}
375             }]
376         },
377         "icmp": {
378             "acl": [{
379                 "acl-type":
380                     "vpp-acl:vpp-acl",
381                 "acl-name": name,
382                 "access-list-entries": {"ace": [
383                     {
384                         "rule-name": "rule1",
385                         "matches": {
386                             "vpp-ace-nodes": {
387                                 "icmp-nodes": {
388                                     "icmp-type-range": {
389                                         "first": "1",
390                                         "last": "5"
391                                     },
392                                     "icmp-code-range": {
393                                         "first": "1",
394                                         "last": "5"
395                                     }
396                                 }
397                             }
398                         },
399                         "actions": {
400                             "deny": {}
401                         },
402                     },
403                     {
404                         "rule-name": "rule_all",
405                         "matches": {
406                             "vpp-ace-nodes": {
407                                 "source-ipv4-network": "0.0.0.0/0",
408                                 "destination-ipv4-network": "0.0.0.0/0",
409                             }
410                         },
411                         "actions": {
412                             "permit": {}
413                         }
414                     }
415                 ]}
416             }]
417         },
418         "icmpv6": {
419             "acl": [{
420                 "acl-type":
421                     "vpp-acl:vpp-acl",
422                 "acl-name": name,
423                 "access-list-entries": {"ace": [
424                     {
425                         "rule-name": "rule1",
426                         "matches": {
427                             "vpp-ace-nodes": {
428                                 "icmp-v6-nodes": {
429                                     "icmp-type-range": {
430                                         "first": "1",
431                                         "last": "5"
432                                     },
433                                     "icmp-code-range": {
434                                         "first": "1",
435                                         "last": "5"
436                                     }
437                                 }
438                             }
439                         },
440                         "actions": {
441                             "deny": {}
442                         },
443                     },
444                     {
445                         "rule-name": "rule_all",
446                         "matches": {
447                             "vpp-ace-nodes": {
448                                 "source-ipv6-network": "0::0/0",
449                                 "destination-ipv6-network": "0::0/0",
450                             }
451                         },
452                         "actions": {
453                             "permit": {}
454                         }
455                     }
456                 ]}
457             }]
458         },
459         "reflex": {
460             "acl": [{
461                 "acl-type":
462                     "vpp-acl:vpp-acl",
463                 "acl-name": name,
464                 "access-list-entries": {"ace": [
465                     {
466                         "rule-name": "rule1",
467                         "matches": {
468                             "vpp-ace-nodes": {
469                                 "source-ipv4-network":
470                                     "{0}/{1}".format(
471                                         test_vars["reflex"]["classify_dst_net"],
472                                         test_vars["reflex"]["prefix_length"]),
473                                 "destination-ipv4-network":
474                                     "{0}/{1}".format(
475                                         test_vars["reflex"]["classify_src_net"],
476                                         test_vars["reflex"]["prefix_length"]),
477                             }
478                         },
479                         "actions": {
480                             # TODO: will be renamed in HC2VPP-57
481                             "vpp-acl:permit": {}
482                         },
483                     },
484                 ]}
485             }]
486         },
487         "block_all": {
488             "acl": [{
489                 "acl-type":
490                     "vpp-acl:vpp-acl",
491                 "acl-name": name,
492                 "access-list-entries": {"ace": [
493                     {
494                         "rule-name": "rule_all",
495                         "matches": {
496                             "vpp-ace-nodes": {
497                                 "source-ipv4-network": "0.0.0.0/0",
498                                 "destination-ipv4-network": "0.0.0.0/0",
499                             }
500                         },
501                         "actions": {
502                             "deny": {}
503                         }
504                     }
505                 ]}
506             }]
507         },
508     }
509
510     try:
511         ret_vars = {}
512         ret_vars.update(variables)
513         ret_vars.update(test_vars[test_case])
514         ret_vars.update(
515             {"acl_settings": acl_data[test_case]}
516         )
517     except KeyError:
518         raise KeyError(
519             "Unrecognized test case {0}. Valid options are: {1}".format(
520                 test_case, acl_data.keys()))
521     return ret_vars
Integration tests