diff --git a/vppcfg/config/acl.py b/vppcfg/config/acl.py index 3580cee..8aef561 100644 --- a/vppcfg/config/acl.py +++ b/vppcfg/config/acl.py @@ -17,7 +17,7 @@ import socket import ipaddress -def get_aclx(yaml): +def get_acls(yaml): """Return a list of all acls.""" ret = [] if "acls" in yaml: diff --git a/vppcfg/config/test_acl.py b/vppcfg/config/test_acl.py index e02ffa8..984b7b1 100644 --- a/vppcfg/config/test_acl.py +++ b/vppcfg/config/test_acl.py @@ -14,10 +14,30 @@ # -*- coding: utf-8 -*- """ Unit tests for taps """ import unittest +import yaml from . import acl +from .unittestyaml import UnitTestYaml class TestACLMethods(unittest.TestCase): + def setUp(self): + with UnitTestYaml("test_acl.yaml") as f: + self.cfg = yaml.load(f, Loader=yaml.FullLoader) + + def test_get_acls(self): + acllist = acl.get_acls(self.cfg) + self.assertIsInstance(acllist, list) + self.assertEqual(2, len(acllist)) + + def test_get_by_name(self): + aclname, _acl = acl.get_by_name(self.cfg, "deny-all") + self.assertIsNotNone(_acl) + self.assertEqual("deny-all", aclname) + + aclname, _acl = acl.get_by_name(self.cfg, "acl-noexist") + self.assertIsNone(aclname) + self.assertIsNone(_acl) + def test_get_port_low_high(self): lo, hi = acl.get_port_low_high(80) self.assertEqual(80, lo) diff --git a/vppcfg/unittest/test_acl.yaml b/vppcfg/unittest/test_acl.yaml new file mode 100644 index 0000000..80bbf5b --- /dev/null +++ b/vppcfg/unittest/test_acl.yaml @@ -0,0 +1,23 @@ +acls: + acl01: + description: "Test ACL #1" + terms: + - description: "Allow a specific IPv6 TCP flow" + action: permit + source: 2001:db8::/64 + destination: 2001:db8:1::/64 + protocol: tcp + destination-port: www + source-port: "1024-65535" + - description: "Allow IPv4 ICMP Destination Unreachable, any code" + family: ipv4 + action: permit + protocol: icmp + icmp-type: 3 + icmp-code: any + - description: "Deny any IPv4 or IPv6" + action: deny + deny-all: + description: "Test ACL #2" + terms: + - action: deny