Code Review / csit.git / blob
? search:


d9d2ecd90f6179886e5797f6f1d0d46f431f6e74
[csit.git] / resources / test_data / honeycomb / plugin_acl.py
1 # Copyright (c) 2017 Cisco and/or its affiliates.
2 # Licensed under the Apache License, Version 2.0 (the "License");
3 # you may not use this file except in compliance with the License.
4 # You may obtain a copy of the License at:
5 #
6 #     http://www.apache.org/licenses/LICENSE-2.0
7 #
8 # Unless required by applicable law or agreed to in writing, software
9 # distributed under the License is distributed on an "AS IS" BASIS,
10 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11 # See the License for the specific language governing permissions and
12 # limitations under the License.
13
14 """Test variables for ACL-plugin test suite."""
15
16
17 def get_variables(test_case, name):
18     """Create and return a dictionary of test variables for the specified
19     test case.
20
21     :param test_case: Determines which test variables to return.
22     :param name: Name for the classify chain used in test.
23     :type test_case: str
24     :type name: str
25
26     :returns: Dictionary of test variables - settings for Honeycomb's
27     ietf-acl node and packet fields to use in verification.
28     :rtype: dict
29     :raises KeyError: If the test_case parameter is incorrect.
30     """
31
32     test_case = test_case.lower()
33     variables = {
34         # Variables for control packet
35         "src_ip": "16.0.0.1",
36         "dst_ip": "16.0.1.1",
37         "dst_net": "16.0.1.0",
38         "src_port": "1234",
39         "dst_port": "1234",
40         "src_mac": "01:02:03:04:05:06",
41         "dst_mac": "10:20:30:40:50:60"}
42
43     test_vars = {
44         "macip": {
45             # MACs classified directly
46             "classify_src": "12:23:34:45:56:67",
47             "classify_dst": "89:9A:AB:BC:CD:DE",
48             # MACs classified through mask
49             "classify_src2": "01:02:03:04:56:67",
50             "classify_dst2": "89:9A:AB:BC:50:60",
51             "src_mask": "00:00:00:00:FF:FF",
52             "dst_mask": "FF:FF:FF:FF:00:00"
53         },
54         "l3_ip4": {
55             # IPs for DUT interface setup
56             "dut_to_tg_if1_ip": "16.0.0.2",
57             "dut_to_tg_if2_ip": "192.168.0.2",
58             "prefix_length": 24,
59             "gateway": "192.168.0.1",
60             # classified networks
61             "classify_src_net": "16.0.2.0",
62             "classify_dst_net": "16.0.3.0",
63             # IPs in classified networks
64             "classify_src": "16.0.2.1",
65             "classify_dst": "16.0.3.1",
66         },
67         "l3_ip6": {
68             # Override control packet addresses with IPv6
69             "src_ip": "10::1",
70             "dst_ip": "11::1",
71             "dst_net": "11::",
72             # IPs for DUT interface setup
73             "dut_to_tg_if1_ip": "10::2",
74             "dut_to_tg_if2_ip": "20::2",
75             "prefix_length": 64,
76             "gateway": "20::1",
77             # classified networks
78             "classify_src_net": "12::",
79             "classify_dst_net": "13::",
80             # IPs in classified networks
81             "classify_src": "12::1",
82             "classify_dst": "13::1",
83         },
84         "l4": {
85             # IPs for DUT interface and route setup
86             "dut_to_tg_if1_ip": "16.0.0.2",
87             "dut_to_tg_if2_ip": "192.168.0.2",
88             "prefix_length": 24,
89             "gateway": "192.168.0.1",
90             "classify_dst_net": "16.0.3.0",
91             # Ports in classified ranges
92             "classify_src": 60000,
93             "classify_dst": 61000,
94         },
95         "mixed": {
96             # IPs for DUT interface and route setup
97             "dut_to_tg_if1_ip": "16.0.0.2",
98             "dut_to_tg_if2_ip": "192.168.0.2",
99             "prefix_length": 24,
100             "gateway": "192.168.0.1",
101             "classify_dst_net": "16.0.3.0",
102             # IPs in classified networks
103             "classify_src_ip": "16.0.2.1",
104             "classify_dst_ip": "16.0.3.1",
105             # Ports in classified ranges
106             "classify_src_port": 60000,
107             "classify_dst_port": 61000,
108         },
109         "icmp": {
110             # ICMP code and type for control packet
111             "icmp_type": 0,
112             "icmp_code": 0,
113             # classified ICMP code and type
114             "classify_type": 3,
115             "classify_code": 3
116
117         },
118         "icmpv6": {
119             # Override control packet addresses with IPv6
120             "src_ip": "10::1",
121             "dst_ip": "11::1",
122             "dst_net": "11::",
123             # ICMP code and type for control packet
124             "icmp_type": 1,
125             "icmp_code": 0,
126             # classified ICMP code and type
127             "classify_type": 4,
128             "classify_code": 2
129
130         },
131         "reflex": {
132             # IPs for DUT interface setup
133             "dut_to_tg_if1_ip": "16.0.0.2",
134             "dut_to_tg_if2_ip": "192.168.0.2",
135             "prefix_length": 24,
136             "gateway": "192.168.0.1",
137             "gateway2": "192.168.0.1",
138             # classified networks
139             "classify_src_net": "16.0.2.0",
140             "classify_dst_net": "16.0.3.0",
141             # IPs in classified networks
142             "classify_src": "16.0.2.1",
143             "classify_dst": "16.0.3.1",
144         },
145         "block_all": {}
146     }
147     acl_data = {
148         # ACL configuration for L2 tests
149         "macip": {
150             "acl": [{
151                 "acl-type":
152                     "vpp-acl:vpp-macip-acl",
153                 "acl-name": name,
154                 "access-list-entries": {"ace": [
155                     {
156                         "rule-name": "rule1",
157                         "matches": {
158                             "vpp-macip-ace-nodes": {
159                                 "source-mac-address":
160                                     test_vars["macip"]["classify_src"],
161                                 "source-mac-address-mask":
162                                     test_vars["macip"]["src_mask"],
163                                 "source-ipv4-network": "16.0.0.0/24"
164                             }
165                         },
166                         "actions": {
167                             "deny": {}
168                         }
169                     },
170                     {
171                         "rule-name": "rule_all",
172                         "matches": {
173                             "vpp-macip-ace-nodes": {
174                                 "source-mac-address":
175                                     test_vars["macip"]["classify_src"],
176                                 "source-mac-address-mask": "00:00:00:00:00:00",
177                                 "source-ipv4-network": "0.0.0.0/0"
178                             }
179                         },
180                         "actions": {
181                             "permit": {}
182                         }
183                     },
184                 ]}
185             }]
186         },
187         # ACL configuration for L3 IPv4 tests
188         "l3_ip4": {
189             "acl": [{
190                 "acl-type":
191                     "vpp-acl:vpp-acl",
192                 "acl-name": name,
193                 "access-list-entries": {"ace": [
194                     {
195                         "rule-name": "rule1",
196                         "matches": {
197                             "vpp-ace-nodes": {
198                                 "source-ipv4-network":
199                                     "{0}/{1}".format(
200                                         test_vars["l3_ip4"]["classify_src_net"],
201                                         test_vars["l3_ip4"]["prefix_length"]),
202                                 "destination-ipv4-network":
203                                     "{0}/{1}".format(
204                                         test_vars["l3_ip4"]["classify_dst_net"],
205                                         test_vars["l3_ip4"]["prefix_length"]),
206                                 "udp-nodes": {
207                                     "source-port-range": {
208                                         "lower-port": "0",
209                                         "upper-port": "65535"
210                                     },
211                                     "destination-port-range": {
212                                         "lower-port": "0",
213                                         "upper-port": "65535"
214                                     }
215                                 }
216                             }
217                         },
218                         "actions": {
219                             "deny": {}
220                         },
221                     },
222                     {
223                         "rule-name": "rule_all",
224                         "matches": {
225                             "vpp-ace-nodes": {
226                                 "source-ipv4-network": "0.0.0.0/0",
227                                 "destination-ipv4-network": "0.0.0.0/0",
228                             }
229                         },
230                         "actions": {
231                             "permit": {}
232                         }
233                     }
234                 ]}
235             }]
236         },
237         # ACL settings for L3 IPv6 tests
238         "l3_ip6": {
239             "acl": [{
240                 "acl-type":
241                     "vpp-acl:vpp-acl",
242                 "acl-name": name,
243                 "access-list-entries": {"ace": [
244                     {
245                         "rule-name": "rule1",
246                         "matches": {
247                             "vpp-ace-nodes": {
248                                 "source-ipv6-network":
249                                     "{0}/{1}".format(
250                                         test_vars["l3_ip6"]["classify_src_net"],
251                                         test_vars["l3_ip6"]["prefix_length"]),
252                                 "destination-ipv6-network":
253                                     "{0}/{1}".format(
254                                         test_vars["l3_ip6"]["classify_dst_net"],
255                                         test_vars["l3_ip6"]["prefix_length"]),
256                                 "udp-nodes": {
257                                     "source-port-range": {
258                                         "lower-port": "0",
259                                         "upper-port": "65535"
260                                     },
261                                     "destination-port-range": {
262                                         "lower-port": "0",
263                                         "upper-port": "65535"
264                                     }
265                                 }
266                             }
267                         },
268                         "actions": {
269                             "deny": {}
270                         }
271                     },
272                     {
273                         "rule-name": "rule_all",
274                         "matches": {
275                             "vpp-ace-nodes": {
276                                 "source-ipv6-network": "0::0/0",
277                                 "destination-ipv6-network": "0::0/0",
278                             }
279                         },
280                         "actions": {
281                             "permit": {}
282                         }
283                     }
284                 ]}
285             }]
286         },
287         # ACL configuration for L4 tests
288         "l4": {
289             "acl": [{
290                 "acl-type":
291                     "vpp-acl:vpp-acl",
292                 "acl-name": name,
293                 "access-list-entries": {"ace": [{
294                     "rule-name": "rule1",
295                     "matches": {
296                         "vpp-ace-nodes": {
297                             "tcp-nodes": {
298                                 "destination-port-range": {
299                                     "lower-port":
300                                         test_vars["l4"]["classify_dst"],
301                                     "upper-port":
302                                         test_vars["l4"]["classify_dst"] + 10
303                                 },
304                                 "source-port-range": {
305                                     "lower-port":
306                                         test_vars["l4"]["classify_src"],
307                                     "upper-port":
308                                         test_vars["l4"]["classify_src"] + 10
309                                 }
310                             }
311                         }
312                     },
313                     "actions": {
314                         "deny": {}
315                     },
316                 },
317                     {
318                         "rule-name": "rule_all",
319                         "matches": {
320                             "vpp-ace-nodes": {
321                                 "source-ipv4-network": "0.0.0.0/0",
322                                 "destination-ipv4-network": "0.0.0.0/0",
323                             }
324                         },
325                         "actions": {
326                             "permit": {}
327                         }
328                     }
329                 ]}
330             }]
331         },
332         "mixed": {
333             "acl": [{
334                 "acl-type":
335                     "vpp-acl:vpp-acl",
336                 "acl-name": name,
337                 "access-list-entries": {"ace": [{
338                     "rule-name": "ports",
339                     "matches": {
340                         "vpp-ace-nodes": {
341                             "tcp-nodes": {
342                                 "destination-port-range": {
343                                     "lower-port":
344                                         test_vars["l4"]["classify_dst"],
345                                     "upper-port":
346                                         test_vars["l4"]["classify_dst"] + 10
347                                 },
348                                 "source-port-range": {
349                                     "lower-port":
350                                         test_vars["l4"]["classify_src"],
351                                     "upper-port":
352                                         test_vars["l4"]["classify_src"] + 10
353                                 }
354                             }
355                         }
356                     },
357                     "actions": {
358                         "deny": {}
359                     },
360                 },
361                     {
362                         "rule-name": "rule_all",
363                         "matches": {
364                             "vpp-ace-nodes": {
365                                 "source-ipv4-network": "0.0.0.0/0",
366                                 "destination-ipv4-network": "0.0.0.0/0",
367                             }
368                         },
369                         "actions": {
370                             "permit": {}
371                         }
372                     }
373                 ]}
374             }]
375         },
376         "icmp": {
377             "acl": [{
378                 "acl-type":
379                     "vpp-acl:vpp-acl",
380                 "acl-name": name,
381                 "access-list-entries": {"ace": [
382                     {
383                         "rule-name": "rule1",
384                         "matches": {
385                             "vpp-ace-nodes": {
386                                 "icmp-nodes": {
387                                     "icmp-type-range": {
388                                         "first": "1",
389                                         "last": "5"
390                                     },
391                                     "icmp-code-range": {
392                                         "first": "1",
393                                         "last": "5"
394                                     }
395                                 }
396                             }
397                         },
398                         "actions": {
399                             "deny": {}
400                         },
401                     },
402                     {
403                         "rule-name": "rule_all",
404                         "matches": {
405                             "vpp-ace-nodes": {
406                                 "source-ipv4-network": "0.0.0.0/0",
407                                 "destination-ipv4-network": "0.0.0.0/0",
408                             }
409                         },
410                         "actions": {
411                             "permit": {}
412                         }
413                     }
414                 ]}
415             }]
416         },
417         "icmpv6": {
418             "acl": [{
419                 "acl-type":
420                     "vpp-acl:vpp-acl",
421                 "acl-name": name,
422                 "access-list-entries": {"ace": [
423                     {
424                         "rule-name": "rule1",
425                         "matches": {
426                             "vpp-ace-nodes": {
427                                 "icmp-v6-nodes": {
428                                     "icmp-type-range": {
429                                         "first": "1",
430                                         "last": "5"
431                                     },
432                                     "icmp-code-range": {
433                                         "first": "1",
434                                         "last": "5"
435                                     }
436                                 }
437                             }
438                         },
439                         "actions": {
440                             "deny": {}
441                         },
442                     },
443                     {
444                         "rule-name": "rule_all",
445                         "matches": {
446                             "vpp-ace-nodes": {
447                                 "source-ipv6-network": "0::0/0",
448                                 "destination-ipv6-network": "0::0/0",
449                             }
450                         },
451                         "actions": {
452                             "permit": {}
453                         }
454                     }
455                 ]}
456             }]
457         },
458         "reflex": {
459             "acl": [{
460                 "acl-type":
461                     "vpp-acl:vpp-acl",
462                 "acl-name": name,
463                 "access-list-entries": {"ace": [
464                     {
465                         "rule-name": "rule1",
466                         "matches": {
467                             "vpp-ace-nodes": {
468                                 "source-ipv4-network":
469                                     "{0}/{1}".format(
470                                         test_vars["reflex"]["classify_dst_net"],
471                                         test_vars["reflex"]["prefix_length"]),
472                                 "destination-ipv4-network":
473                                     "{0}/{1}".format(
474                                         test_vars["reflex"]["classify_src_net"],
475                                         test_vars["reflex"]["prefix_length"]),
476                             }
477                         },
478                         "actions": {
479                             # TODO: will be renamed in HC2VPP-57
480                             "vpp-acl:permit": {}
481                         },
482                     },
483                 ]}
484             }]
485         },
486         "block_all": {
487             "acl": [{
488                 "acl-type":
489                     "vpp-acl:vpp-acl",
490                 "acl-name": name,
491                 "access-list-entries": {"ace": [
492                     {
493                         "rule-name": "rule_all",
494                         "matches": {
495                             "vpp-ace-nodes": {
496                                 "source-ipv4-network": "0.0.0.0/0",
497                                 "destination-ipv4-network": "0.0.0.0/0",
498                             }
499                         },
500                         "actions": {
501                             "deny": {}
502                         }
503                     }
504                 ]}
505             }]
506         },
507     }
508
509     try:
510         ret_vars = {}
511         ret_vars.update(variables)
512         ret_vars.update(test_vars[test_case])
513         ret_vars.update(
514             {"acl_settings": acl_data[test_case]}
515         )
516     except KeyError:
517         raise KeyError(
518             "Unrecognized test case {0}. Valid options are: {1}".format(
519                 test_case, acl_data.keys()))
520     return ret_vars
Integration tests