2024-09-28 16:57:21 +02:00
|
|
|
"""
|
|
|
|
Tests for the RESTful HTTP API for nftables
|
|
|
|
Copyright 2024, Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
|
Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European Commission - subsequent versions of the EUPL (the "Licence").
|
|
|
|
You may not use this work except in compliance with the Licence.
|
|
|
|
An English copy of the Licence is shipped in a file called LICENSE along with this applications source code.
|
|
|
|
You may obtain copies of the Licence in any of the official languages at https://joinup.ec.europa.eu/collection/eupl/eupl-text-eupl-12.
|
|
|
|
"""
|
|
|
|
|
2024-09-26 00:22:16 +02:00
|
|
|
from json import dumps, loads
|
|
|
|
|
2024-09-28 18:08:37 +02:00
|
|
|
from falcon import HTTP_CREATED, HTTP_OK, HTTP_UNAUTHORIZED
|
2024-09-28 16:57:21 +02:00
|
|
|
from pytest import mark
|
|
|
|
|
2024-09-26 00:22:16 +02:00
|
|
|
vs = [4, 6]
|
|
|
|
|
2024-09-28 18:08:37 +02:00
|
|
|
|
|
|
|
def test_get_set_unauthorized_no_token(client):
|
|
|
|
response = client.simulate_get('/set/inet/filter/testset4')
|
|
|
|
have_out = loads(response.content)
|
|
|
|
assert response.status == HTTP_UNAUTHORIZED
|
|
|
|
assert 'title' in have_out
|
|
|
|
assert have_out['title'] == 'Authentication required'
|
|
|
|
|
|
|
|
|
|
|
|
def test_get_set_unauthorized_wrong_token(client):
|
|
|
|
response = client.simulate_get(
|
|
|
|
'/set/inet/filter/testset4',
|
|
|
|
headers={'X-NFT-API-Token': 'pwned'},
|
|
|
|
)
|
|
|
|
have_out = loads(response.content)
|
|
|
|
assert response.status == HTTP_UNAUTHORIZED
|
|
|
|
assert 'title' in have_out
|
|
|
|
assert have_out['title'] == 'Unauthorized'
|
|
|
|
|
|
|
|
|
|
|
|
def test_post_set_unauthorized_wrong_token_for_method(client):
|
|
|
|
response = client.simulate_post(
|
|
|
|
'/set/inet/filter/testset4',
|
|
|
|
headers={
|
|
|
|
'content-type': 'application/json',
|
|
|
|
'X-NFT-API-Token': 'ICanOnlyGet',
|
|
|
|
},
|
|
|
|
)
|
|
|
|
have_out = loads(response.content)
|
|
|
|
assert response.status == HTTP_UNAUTHORIZED
|
|
|
|
assert 'title' in have_out
|
|
|
|
assert have_out['title'] == 'Unauthorized method for path'
|
|
|
|
|
|
|
|
|
2024-09-26 00:22:16 +02:00
|
|
|
@mark.parametrize('v', vs)
|
2024-09-28 16:57:21 +02:00
|
|
|
def test_get_set(client, nft_ruleset_populated_sets, v): # noqa ARG001, nft is not needed here
|
2024-09-26 00:22:16 +02:00
|
|
|
want_out = {
|
|
|
|
4: ["192.168.0.0/24", "127.0.0.1"],
|
|
|
|
6: ["fd80::/64", "fe80::1"],
|
|
|
|
}
|
2024-09-28 18:08:37 +02:00
|
|
|
response = client.simulate_get(
|
|
|
|
f'/set/inet/filter/testset{v}',
|
|
|
|
headers={'X-NFT-API-Token': 'foo'},
|
|
|
|
)
|
2024-09-26 00:22:16 +02:00
|
|
|
have_out = loads(response.content)
|
|
|
|
assert sorted(have_out) == sorted(want_out[v])
|
|
|
|
assert response.status == HTTP_OK
|
|
|
|
|
2024-09-28 18:08:37 +02:00
|
|
|
|
2024-09-26 00:22:16 +02:00
|
|
|
@mark.parametrize('v', vs)
|
|
|
|
@mark.parametrize('plvariant', ['address', 'network'])
|
|
|
|
@mark.parametrize('plformat', ['string', 'list'])
|
|
|
|
def test_append_to_set(client, nft_ruleset_populated_sets, v, plvariant, plformat):
|
|
|
|
nft = nft_ruleset_populated_sets
|
|
|
|
|
|
|
|
# all the matrixes could be moved to parameters
|
|
|
|
if plformat == 'string':
|
|
|
|
if plvariant == 'address':
|
|
|
|
to_add = {
|
|
|
|
4: '192.168.5.1',
|
|
|
|
6: 'fd10:f00::',
|
|
|
|
}
|
|
|
|
elif plvariant == 'network':
|
|
|
|
to_add = {
|
|
|
|
4: '192.168.5.0/26',
|
|
|
|
6: 'fd10:f00::/48',
|
|
|
|
}
|
|
|
|
added = to_add[v]
|
|
|
|
elif plformat == 'list':
|
|
|
|
if plvariant == 'address':
|
|
|
|
to_add = {
|
|
|
|
4: ['192.168.5.1'],
|
|
|
|
6: ['fd10:f00::'],
|
|
|
|
}
|
|
|
|
elif plvariant == 'network':
|
|
|
|
to_add = {
|
|
|
|
4: ['192.168.5.0/26'],
|
|
|
|
6: ['fd10:f00::/48'],
|
|
|
|
}
|
|
|
|
added = to_add[v][0]
|
|
|
|
|
|
|
|
response = client.simulate_post(
|
|
|
|
f'/set/inet/filter/testset{v}',
|
|
|
|
body=dumps({
|
|
|
|
'addresses': to_add[v],
|
|
|
|
}),
|
|
|
|
headers={
|
|
|
|
'content-type': 'application/json',
|
2024-09-28 18:08:37 +02:00
|
|
|
'X-NFT-API-Token': 'foo',
|
2024-09-26 00:22:16 +02:00
|
|
|
},
|
|
|
|
)
|
|
|
|
have_out = loads(response.content)
|
|
|
|
|
|
|
|
assert have_out == {'status': True}
|
|
|
|
assert response.status == HTTP_CREATED
|
|
|
|
assert added in nft.cmd(f'list set inet filter testset{v}')[1]
|