Add ability to filter get_network_list() by ipv4 or ipv6, and add tests

vppcfg/config/acl.py

@@ -165,17 +165,25 @@ def is_ip(ip_string):
     return False
 
 
-def get_network_list(yaml, network_string):
+def get_network_list(yaml, network_string, want_ipv4=True, want_ipv6=True):
     """Return the full list of source or destination address(es). This function resolves the
     'source' or 'destination' field, which can either be an IP address, a Prefix, or the name
     of a Prefix List. It returns a list of ip_network() objects, including prefix. IP addresses
-    will receive prefixlen /32 or /128."""
+    will receive prefixlen /32 or /128. Optionally, want_ipv4 or want_ipv6 can be set to False
+    to filter the list."""
 
+    ret = []
     if is_ip(network_string):
         ipn = ipaddress.ip_network(network_string, strict=False)
-        return [ipn]
+        if ipn.version == 4 and want_ipv4:
+            ret = [ipn]
+        if ipn.version == 6 and want_ipv6:
+            ret = [ipn]
+        return ret
 
-    return prefixlist.get_network_list(yaml, network_string)
+    return prefixlist.get_network_list(
+        yaml, network_string, want_ipv4=want_ipv4, want_ipv6=want_ipv6
+    )
 
 
 def get_protocol(protostring):

vppcfg/config/prefixlist.py

@@ -36,16 +36,19 @@ def get_by_name(yaml, plname):
     return None, None
 
 
-def get_network_list(yaml, plname):
+def get_network_list(yaml, plname, want_ipv4=True, want_ipv6=True):
     """Returns a list of 0 or more ip_network elements, that represent the members
     in a prefixlist of given name. Return the empty list if the prefixlist doesn't
-    exist"""
+    exist. Optionally, want_ipv4 or want_ipv6 can be set to False to filter the list."""
     ret = []
     plname, pl = get_by_name(yaml, plname)
     if not pl:
         return ret
     for m in pl["members"]:
         ipn = ipaddress.ip_network(m, strict=False)
+        if ipn.version == 4 and want_ipv4:
+            ret.append(ipn)
+        if ipn.version == 6 and want_ipv6:
             ret.append(ipn)
     return ret
 

vppcfg/config/test_acl.py

@@ -135,7 +135,19 @@ class TestACLMethods(unittest.TestCase):
 
         l = acl.get_network_list(self.cfg, "trusted")
         self.assertIsInstance(l, list)
-        self.assertEquals(4, len(l))
+        self.assertEquals(5, len(l))
+
+        l = acl.get_network_list(self.cfg, "trusted", want_ipv6=False)
+        self.assertIsInstance(l, list)
+        self.assertEquals(2, len(l))
+
+        l = acl.get_network_list(self.cfg, "trusted", want_ipv4=False)
+        self.assertIsInstance(l, list)
+        self.assertEquals(3, len(l))
+
+        l = acl.get_network_list(self.cfg, "trusted", want_ipv4=False, want_ipv6=False)
+        self.assertIsInstance(l, list)
+        self.assertEquals(0, len(l))
 
         l = acl.get_network_list(self.cfg, "pl-notexist")
         self.assertIsInstance(l, list)

vppcfg/config/test_prefixlist.py

@@ -41,7 +41,7 @@ class TestACLMethods(unittest.TestCase):
     def test_count(self):
         v4, v6 = prefixlist.count(self.cfg, "trusted")
         self.assertEqual(2, v4)
-        self.assertEqual(2, v6)
+        self.assertEqual(3, v6)
 
         v4, v6 = prefixlist.count(self.cfg, "empty")
         self.assertEqual(0, v4)
@@ -57,7 +57,7 @@ class TestACLMethods(unittest.TestCase):
         self.assertEqual(0, prefixlist.count_ipv4(self.cfg, "pl-noexist"))
 
     def test_count_ipv6(self):
-        self.assertEqual(2, prefixlist.count_ipv6(self.cfg, "trusted"))
+        self.assertEqual(3, prefixlist.count_ipv6(self.cfg, "trusted"))
         self.assertEqual(0, prefixlist.count_ipv6(self.cfg, "empty"))
         self.assertEqual(0, prefixlist.count_ipv6(self.cfg, "pl-noexist"))
 
@@ -79,7 +79,21 @@ class TestACLMethods(unittest.TestCase):
     def test_get_network_list(self):
         l = prefixlist.get_network_list(self.cfg, "trusted")
         self.assertIsInstance(l, list)
-        self.assertEquals(4, len(l))
+        self.assertEquals(5, len(l))
+
+        l = prefixlist.get_network_list(self.cfg, "trusted", want_ipv6=False)
+        self.assertIsInstance(l, list)
+        self.assertEquals(2, len(l))
+
+        l = prefixlist.get_network_list(self.cfg, "trusted", want_ipv4=False)
+        self.assertIsInstance(l, list)
+        self.assertEquals(3, len(l))
+
+        l = prefixlist.get_network_list(
+            self.cfg, "trusted", want_ipv4=False, want_ipv6=False
+        )
+        self.assertIsInstance(l, list)
+        self.assertEquals(0, len(l))
 
         l = prefixlist.get_network_list(self.cfg, "pl-notexist")
         self.assertIsInstance(l, list)

vppcfg/unittest/test_acl.yaml

@@ -1,7 +1,19 @@
+prefixlists:
+  trusted:
+    members:
+      - 192.0.2.1
+      - 192.0.2.0/24
+      - 2001:db8::1
+      - 2001:db8::/64
+      - 2001:db8::/48
+
 acls:
   acl01:
      description: "Test ACL #1"
      terms:
+       - description: "Allow a Prefixlist"
+         action: permit
+         source: trusted
        - description: "Allow a specific IPv6 TCP flow"
          action: permit
          source: 2001:db8::/64

vppcfg/unittest/test_prefixlist.yaml

@@ -6,6 +6,7 @@ prefixlists:
       - 192.0.2.0/24
       - 2001:db8::1
       - 2001:db8::/64
+      - 2001:db8::/48
   deny-all:
     description: "Default for IPv4 and IPv6"
     members: