diff --git a/vppcfg/config/acl.py b/vppcfg/config/acl.py index d395cb8..dc788f0 100644 --- a/vppcfg/config/acl.py +++ b/vppcfg/config/acl.py @@ -192,37 +192,37 @@ def validate_acls(yaml): terms += 1 orig_acl_term = acl_term.copy() acl_term = hydrate_term(acl_term) - logger.debug(f"acl term {terms} orig {orig_acl_term} hydrated {acl_term}") + logger.debug(f"acl {aclname} term {terms} orig {orig_acl_term} hydrated {acl_term}") if acl_term["family"] == "any": if "source" in acl_term: - msgs.append(f"acl term {terms} family any cannot have source") + msgs.append(f"acl {aclname} term {terms} family any cannot have source") result = False if "destination" in acl_term: - msgs.append(f"acl term {terms} family any cannot have destination") + msgs.append(f"acl {aclname} term {terms} family any cannot have destination") result = False else: src = ipaddress.ip_network(acl_term["source"]) dst = ipaddress.ip_network(acl_term["destination"]) if src.version != dst.version: msgs.append( - f"acl term {terms} source and destination have different address family" + f"acl {aclname} term {terms} source and destination have different address family" ) result = False proto = get_protocol(acl_term["protocol"]) if proto is None: - msgs.append(f"acl term {terms} could not understand protocol") + msgs.append(f"acl {aclname} term {terms} could not understand protocol") result = False if not proto in [6, 17]: if "source-port" in orig_acl_term: msgs.append( - f"acl term {terms} source-port can only be specified for protocol tcp or udp" + f"acl {aclname} term {terms} source-port can only be specified for protocol tcp or udp" ) result = False if "destination-port" in orig_acl_term: msgs.append( - f"acl term {terms} destination-port can only be specified for protocol tcp or udp" + f"acl {aclname} term {terms} destination-port can only be specified for protocol tcp or udp" ) result = False @@ -233,66 +233,66 @@ def validate_acls(yaml): ) if src_low_port is None or src_high_port is None: - msgs.append(f"acl term {terms} could not understand source port") + msgs.append(f"acl {aclname} term {terms} could not understand source port") result = False else: if src_low_port > src_high_port: msgs.append( - f"acl term {terms} source low port is higher than source high port" + f"acl {aclname} term {terms} source low port is higher than source high port" ) result = False if src_low_port < 0 or src_low_port > 65535: msgs.append( - f"acl term {terms} source low port is not between [0,65535]" + f"acl {aclname} term {terms} source low port is not between [0,65535]" ) result = False if src_high_port < 0 or src_high_port > 65535: msgs.append( - f"acl term {terms} source high port is not between [0,65535]" + f"acl {aclname} term {terms} source high port is not between [0,65535]" ) result = False if dst_low_port is None or dst_high_port is None: msgs.append( - f"acl term {terms} could not understand destination port" + f"acl {aclname} term {terms} could not understand destination port" ) result = False else: if dst_low_port > dst_high_port: msgs.append( - f"acl term {terms} destination low port is higher than destination high port" + f"acl {aclname} term {terms} destination low port is higher than destination high port" ) result = False if dst_low_port < 0 or dst_low_port > 65535: msgs.append( - f"acl term {terms} destination low port is not between [0,65535]" + f"acl {aclname} term {terms} destination low port is not between [0,65535]" ) result = False if dst_high_port < 0 or dst_high_port > 65535: msgs.append( - f"acl term {terms} destination high port is not between [0,65535]" + f"acl {aclname} term {terms} destination high port is not between [0,65535]" ) result = False if not proto in [1, 58]: if "icmp-code" in orig_acl_term: msgs.append( - f"acl term {terms} icmp-code can only be specified for protocol icmp or icmp-ipv6" + f"acl {aclname} term {terms} icmp-code can only be specified for protocol icmp or icmp-ipv6" ) result = False if "icmp-type" in orig_acl_term: msgs.append( - f"acl term {terms} icmp-type can only be specified for protocol icmp or icmp-ipv6" + f"acl {aclname} term {terms} icmp-type can only be specified for protocol icmp or icmp-ipv6" ) result = False if proto in [1, 58]: icmp_code_low, icmp_code_high = get_icmp_low_high(acl_term["icmp-code"]) icmp_type_low, icmp_type_high = get_icmp_low_high(acl_term["icmp-type"]) if icmp_code_low > icmp_code_high: - msgs.append(f"acl term {terms} icmp-code low value is higher than high value") + msgs.append(f"acl {aclname} term {terms} icmp-code low value is higher than high value") result = False if icmp_type_low > icmp_type_high: - msgs.append(f"acl term {terms} icmp-type low value is higher than high value") + msgs.append(f"acl {aclname} term {terms} icmp-type low value is higher than high value") result = False return result, msgs diff --git a/vppcfg/unittest/yaml/error-acl1.yaml b/vppcfg/unittest/yaml/error-acl1.yaml index 1812395..a758e42 100644 --- a/vppcfg/unittest/yaml/error-acl1.yaml +++ b/vppcfg/unittest/yaml/error-acl1.yaml @@ -2,7 +2,7 @@ test: description: "Family any precludes source/destination" errors: expected: - - "acl term .* family any cannot have (source|destination)" + - "acl .* term .* family any cannot have (source|destination)" count: 4 --- acls: diff --git a/vppcfg/unittest/yaml/error-acl2.yaml b/vppcfg/unittest/yaml/error-acl2.yaml index f088f63..3f18e00 100644 --- a/vppcfg/unittest/yaml/error-acl2.yaml +++ b/vppcfg/unittest/yaml/error-acl2.yaml @@ -2,7 +2,7 @@ test: description: "Source and Destination must have the same address family" errors: expected: - - "acl term .* source and destination have different address family" + - "acl .* term .* source and destination have different address family" count: 4 --- acls: diff --git a/vppcfg/unittest/yaml/error-acl3.yaml b/vppcfg/unittest/yaml/error-acl3.yaml index cc1961b..fb16337 100644 --- a/vppcfg/unittest/yaml/error-acl3.yaml +++ b/vppcfg/unittest/yaml/error-acl3.yaml @@ -2,13 +2,13 @@ test: description: "Ways in which port ranges can fail" errors: expected: - - "acl term .* could not understand source port" - - "acl term .* could not understand destination port" - - "acl term .* source low port is higher than source high port" - - "acl term .* source (high|low) port is not between \\[0,65535\\]" - - "acl term .* destination (high|low) port is not between \\[0,65535\\]" - - "acl term .* source-port can only be specified for protocol tcp or udp" - - "acl term .* destination-port can only be specified for protocol tcp or udp" + - "acl .* term .* could not understand source port" + - "acl .* term .* could not understand destination port" + - "acl .* term .* source low port is higher than source high port" + - "acl .* term .* source (high|low) port is not between \\[0,65535\\]" + - "acl .* term .* destination (high|low) port is not between \\[0,65535\\]" + - "acl .* term .* source-port can only be specified for protocol tcp or udp" + - "acl .* term .* destination-port can only be specified for protocol tcp or udp" count: 7 --- acls: diff --git a/vppcfg/unittest/yaml/error-acl4.yaml b/vppcfg/unittest/yaml/error-acl4.yaml index dc32e40..45cdb4c 100644 --- a/vppcfg/unittest/yaml/error-acl4.yaml +++ b/vppcfg/unittest/yaml/error-acl4.yaml @@ -2,7 +2,7 @@ test: description: "Ways in which ACE protocol can fail" errors: expected: - - "acl term .* could not understand protocol" + - "acl .* term .* could not understand protocol" count: 1 --- acls: diff --git a/vppcfg/unittest/yaml/error-acl5.yaml b/vppcfg/unittest/yaml/error-acl5.yaml index 952fa87..c212978 100644 --- a/vppcfg/unittest/yaml/error-acl5.yaml +++ b/vppcfg/unittest/yaml/error-acl5.yaml @@ -2,10 +2,10 @@ test: description: "Ways in which ICMP code and type can fail" errors: expected: - - "acl term .* icmp-type can only be specified for protocol icmp or icmp-ipv6" - - "acl term .* icmp-code can only be specified for protocol icmp or icmp-ipv6" - - "acl term .* icmp-code low value is higher than high value" - - "acl term .* icmp-type low value is higher than high value" + - "acl .* term .* icmp-type can only be specified for protocol icmp or icmp-ipv6" + - "acl .* term .* icmp-code can only be specified for protocol icmp or icmp-ipv6" + - "acl .* term .* icmp-code low value is higher than high value" + - "acl .* term .* icmp-type low value is higher than high value" count: 8 --- acls: