acl: consistency in error messages, reformatted, and updated unittests
This commit is contained in:
Pim van Pelt
@ -303,57 +303,57 @@ def validate_acls(yaml):
|
|||||||
|
|
||||||
if src_low_port is None or src_high_port is None:
|
if src_low_port is None or src_high_port is None:
|
||||||
msgs.append(
|
msgs.append(
|
||||||
f"acl {aclname} term {terms} could not understand source port"
|
f"acl {aclname} term {terms} could not understand source-port"
|
||||||
)
|
)
|
||||||
result = False
|
result = False
|
||||||
else:
|
else:
|
||||||
if src_low_port > src_high_port:
|
if src_low_port > src_high_port:
|
||||||
msgs.append(
|
msgs.append(
|
||||||
f"acl {aclname} term {terms} source low port is higher than source high port"
|
f"acl {aclname} term {terms} source-port low value is greater than high value"
|
||||||
)
|
)
|
||||||
result = False
|
result = False
|
||||||
if src_low_port < 0 or src_low_port > 65535:
|
if src_low_port < 0 or src_low_port > 65535:
|
||||||
msgs.append(
|
msgs.append(
|
||||||
f"acl {aclname} term {terms} source low port is not between [0,65535]"
|
f"acl {aclname} term {terms} source-port low value is not between [0,65535]"
|
||||||
)
|
)
|
||||||
result = False
|
result = False
|
||||||
if src_high_port < 0 or src_high_port > 65535:
|
if src_high_port < 0 or src_high_port > 65535:
|
||||||
msgs.append(
|
msgs.append(
|
||||||
f"acl {aclname} term {terms} source high port is not between [0,65535]"
|
f"acl {aclname} term {terms} source-port high value is not between [0,65535]"
|
||||||
)
|
)
|
||||||
result = False
|
result = False
|
||||||
|
|
||||||
if dst_low_port is None or dst_high_port is None:
|
if dst_low_port is None or dst_high_port is None:
|
||||||
msgs.append(
|
msgs.append(
|
||||||
f"acl {aclname} term {terms} could not understand destination port"
|
f"acl {aclname} term {terms} could not understand destination-port"
|
||||||
)
|
)
|
||||||
result = False
|
result = False
|
||||||
else:
|
else:
|
||||||
if dst_low_port > dst_high_port:
|
if dst_low_port > dst_high_port:
|
||||||
msgs.append(
|
msgs.append(
|
||||||
f"acl {aclname} term {terms} destination low port is higher than destination high port"
|
f"acl {aclname} term {terms} destination-port low value is greater than high value"
|
||||||
)
|
)
|
||||||
result = False
|
result = False
|
||||||
if dst_low_port < 0 or dst_low_port > 65535:
|
if dst_low_port < 0 or dst_low_port > 65535:
|
||||||
msgs.append(
|
msgs.append(
|
||||||
f"acl {aclname} term {terms} destination low port is not between [0,65535]"
|
f"acl {aclname} term {terms} destination-port low value is not between [0,65535]"
|
||||||
)
|
)
|
||||||
result = False
|
result = False
|
||||||
if dst_high_port < 0 or dst_high_port > 65535:
|
if dst_high_port < 0 or dst_high_port > 65535:
|
||||||
msgs.append(
|
msgs.append(
|
||||||
f"acl {aclname} term {terms} destination high port is not between [0,65535]"
|
f"acl {aclname} term {terms} destination-port high value is not between [0,65535]"
|
||||||
)
|
)
|
||||||
result = False
|
result = False
|
||||||
|
|
||||||
if not proto in [1, 58]:
|
if not proto in [1, 58]:
|
||||||
if "icmp-code" in orig_acl_term:
|
if "icmp-code" in orig_acl_term:
|
||||||
msgs.append(
|
msgs.append(
|
||||||
f"acl {aclname} term {terms} icmp-code can only be specified for protocol icmp or icmp-ipv6"
|
f"acl {aclname} term {terms} icmp-code can only be specified for protocol icmp or ipv6-icmp"
|
||||||
)
|
)
|
||||||
result = False
|
result = False
|
||||||
if "icmp-type" in orig_acl_term:
|
if "icmp-type" in orig_acl_term:
|
||||||
msgs.append(
|
msgs.append(
|
||||||
f"acl {aclname} term {terms} icmp-type can only be specified for protocol icmp or icmp-ipv6"
|
f"acl {aclname} term {terms} icmp-type can only be specified for protocol icmp or ipv6-icmp"
|
||||||
)
|
)
|
||||||
result = False
|
result = False
|
||||||
else:
|
else:
|
||||||
@ -361,12 +361,12 @@ def validate_acls(yaml):
|
|||||||
icmp_type_low, icmp_type_high = get_icmp_low_high(acl_term["icmp-type"])
|
icmp_type_low, icmp_type_high = get_icmp_low_high(acl_term["icmp-type"])
|
||||||
if icmp_code_low > icmp_code_high:
|
if icmp_code_low > icmp_code_high:
|
||||||
msgs.append(
|
msgs.append(
|
||||||
f"acl {aclname} term {terms} icmp-code low value is higher than high value"
|
f"acl {aclname} term {terms} icmp-code low value is greater than high value"
|
||||||
)
|
)
|
||||||
result = False
|
result = False
|
||||||
if icmp_type_low > icmp_type_high:
|
if icmp_type_low > icmp_type_high:
|
||||||
msgs.append(
|
msgs.append(
|
||||||
f"acl {aclname} term {terms} icmp-type low value is higher than high value"
|
f"acl {aclname} term {terms} icmp-type low value is greater than high value"
|
||||||
)
|
)
|
||||||
result = False
|
result = False
|
||||||
|
|
||||||
|
|||||||
@ -3,8 +3,7 @@ test:
|
|||||||
errors:
|
errors:
|
||||||
expected:
|
expected:
|
||||||
- "acl .* term .* source and destination family do not overlap"
|
- "acl .* term .* source and destination family do not overlap"
|
||||||
- "acl .* term .* family any has no source"
|
- "acl .* term .* family any has no (source|destination)"
|
||||||
- "acl .* term .* family any has no destination"
|
|
||||||
count: 8
|
count: 8
|
||||||
---
|
---
|
||||||
prefixlists:
|
prefixlists:
|
||||||
|
|||||||
@ -2,13 +2,10 @@ test:
|
|||||||
description: "Ways in which port ranges can fail"
|
description: "Ways in which port ranges can fail"
|
||||||
errors:
|
errors:
|
||||||
expected:
|
expected:
|
||||||
- "acl .* term .* could not understand source port"
|
- "acl .* term .* could not understand (source|destination)-port"
|
||||||
- "acl .* term .* could not understand destination port"
|
- "acl .* term .* (source|destination)-port low value is greater than high value"
|
||||||
- "acl .* term .* source low port is higher than source high port"
|
- "acl .* term .* (source|destination)-port (low|high) value is not between \\[0,65535\\]"
|
||||||
- "acl .* term .* source (high|low) port is not between \\[0,65535\\]"
|
- "acl .* term .* (source|destination)-port can only be specified for protocol tcp or udp"
|
||||||
- "acl .* term .* destination (high|low) port is not between \\[0,65535\\]"
|
|
||||||
- "acl .* term .* source-port can only be specified for protocol tcp or udp"
|
|
||||||
- "acl .* term .* destination-port can only be specified for protocol tcp or udp"
|
|
||||||
count: 7
|
count: 7
|
||||||
---
|
---
|
||||||
acls:
|
acls:
|
||||||
|
|||||||
@ -2,10 +2,10 @@ test:
|
|||||||
description: "Ways in which ICMP code and type can fail"
|
description: "Ways in which ICMP code and type can fail"
|
||||||
errors:
|
errors:
|
||||||
expected:
|
expected:
|
||||||
- "acl .* term .* icmp-type can only be specified for protocol icmp or icmp-ipv6"
|
- "acl .* term .* icmp-type can only be specified for protocol icmp or ipv6-icmp"
|
||||||
- "acl .* term .* icmp-code can only be specified for protocol icmp or icmp-ipv6"
|
- "acl .* term .* icmp-code can only be specified for protocol icmp or ipv6-icmp"
|
||||||
- "acl .* term .* icmp-code low value is higher than high value"
|
- "acl .* term .* icmp-code low value is greater than high value"
|
||||||
- "acl .* term .* icmp-type low value is higher than high value"
|
- "acl .* term .* icmp-type low value is greater than high value"
|
||||||
count: 8
|
count: 8
|
||||||
---
|
---
|
||||||
acls:
|
acls:
|
||||||
|
|||||||
Reference in New Issue
Block a user