From 718e9a3c7cac01860f3e3fe6174fcc1bd33fb4eb Mon Sep 17 00:00:00 2001 From: Michal Cmarada Date: Mon, 19 Nov 2018 14:59:14 +0100 Subject: HC2VPP-291: ACL model bump - bump ACL yang models - fix ACL module implementation and validation - fix ACL Unit tests - update postman collection Change-Id: Iaab64e6d92d17babc3ccef7921b41070c3716516 Signed-off-by: Michal Cmarada --- .../src/test/resources/acl/ipv4/ipv4-acl.json | 10 ++--- .../src/test/resources/acl/macip/macip-acl.json | 18 +++++---- .../acl/standard/interface-ref-acl-udp.json | 28 +++++++------- .../acl/standard/standard-acl-icmp-v6.json | 24 ++++++------ .../resources/acl/standard/standard-acl-icmp.json | 24 ++++++------ .../acl/standard/standard-acl-tcp-src-only.json | 40 ++++++++++--------- .../resources/acl/standard/standard-acl-tcp.json | 40 ++++++++++--------- .../resources/acl/standard/standard-acl-udp.json | 34 ++++++++-------- .../resources/interface-acl/acl-references.json | 45 +++++++++------------- .../src/test/resources/rules/icmp-rule.json | 22 ++++++----- .../src/test/resources/rules/icmp-v6-rule.json | 24 ++++++------ .../src/test/resources/rules/no-protocol-rule.json | 16 ++++---- .../src/test/resources/rules/other-rule.json | 26 ------------- .../test/resources/rules/tcp-rule-no-flags.json | 28 +++++++------- .../src/test/resources/rules/tcp-rule.json | 38 +++++++++--------- .../src/test/resources/rules/udp-rule.json | 32 +++++++-------- 16 files changed, 215 insertions(+), 234 deletions(-) delete mode 100644 acl/acl-impl/src/test/resources/rules/other-rule.json (limited to 'acl/acl-impl/src/test/resources') diff --git a/acl/acl-impl/src/test/resources/acl/ipv4/ipv4-acl.json b/acl/acl-impl/src/test/resources/acl/ipv4/ipv4-acl.json index 04a08ff44..9946bc4f7 100644 --- a/acl/acl-impl/src/test/resources/acl/ipv4/ipv4-acl.json +++ b/acl/acl-impl/src/test/resources/acl/ipv4/ipv4-acl.json @@ -1,13 +1,13 @@ { - "access-lists": { + "acls": { "acl": [ { - "acl-name": "standard-acl", - "acl-type": "ipv4-acl", - "access-list-entries": { + "name": "standard-acl", + "type": "ipv4-acl-type", + "aces": { "ace": [ { - "rule-name": "rule1" + "name": "rule1" } ] } diff --git a/acl/acl-impl/src/test/resources/acl/macip/macip-acl.json b/acl/acl-impl/src/test/resources/acl/macip/macip-acl.json index 21ac2597c..bcde22d6b 100644 --- a/acl/acl-impl/src/test/resources/acl/macip/macip-acl.json +++ b/acl/acl-impl/src/test/resources/acl/macip/macip-acl.json @@ -1,23 +1,25 @@ { - "access-lists": { + "acls": { "acl": [ { - "acl-name": "macip-acl", - "acl-type": "vpp-acl:vpp-macip-acl", + "name": "macip-acl", + "type": "vpp-acl:vpp-macip-acl", "tag": "macip-tag-value", - "access-list-entries": { + "aces": { "ace": [ { - "rule-name": "macip-rule", + "name": "macip-rule", "matches": { - "vpp-macip-ace-nodes": { - "source-ipv4-network": "192.168.2.2/32", + "eth": { "source-mac-address": "aa:aa:aa:aa:aa:aa", "source-mac-address-mask": "ff:00:00:00:00:00" + }, + "ipv4": { + "source-ipv4-network": "192.168.2.2/32" } }, "actions": { - "permit": [null] + "forwarding": "ietf-access-control-list:accept" } } ] diff --git a/acl/acl-impl/src/test/resources/acl/standard/interface-ref-acl-udp.json b/acl/acl-impl/src/test/resources/acl/standard/interface-ref-acl-udp.json index ae987a798..060551b9b 100644 --- a/acl/acl-impl/src/test/resources/acl/standard/interface-ref-acl-udp.json +++ b/acl/acl-impl/src/test/resources/acl/standard/interface-ref-acl-udp.json @@ -1,21 +1,21 @@ { - "interfaces":{ - "interface": [{ - "name": "eth2", - "acl": { + "attachment-points": { + "interface": [ + { + "interface-id": "eth2", "ingress": { - "vpp-acls": [ - { - "type": "vpp-acl:vpp-acl", - "name": "standard-acl" - } - ], - "vpp-macip-acl": { - "name": "acl4", - "type": "vpp-acl:vpp-macip-acl" + "acl-sets": { + "acl-set": [ + { + "name": "standard-acl" + }, + { + "name": "acl4" + } + ] } } } - }] + ] } } \ No newline at end of file diff --git a/acl/acl-impl/src/test/resources/acl/standard/standard-acl-icmp-v6.json b/acl/acl-impl/src/test/resources/acl/standard/standard-acl-icmp-v6.json index 9c6530fa9..5973741ed 100644 --- a/acl/acl-impl/src/test/resources/acl/standard/standard-acl-icmp-v6.json +++ b/acl/acl-impl/src/test/resources/acl/standard/standard-acl-icmp-v6.json @@ -1,24 +1,26 @@ { - "access-lists": { + "acls": { "acl": [ { - "acl-name": "standard-acl", - "acl-type": "vpp-acl:vpp-acl", + "name": "standard-acl", + "type": "vpp-acl:vpp-acl", "tag": "icmp-v6-tag-value", - "access-list-entries": { + "aces": { "ace": [ { - "rule-name": "imcp-v6-rule", + "name": "imcp-v6-rule", "matches": { - "vpp-ace-nodes": { - "destination-ipv6-network": "2001:0db8:0a0b:12f0:0000:0000:0000:0001/64", + "ipv6": { "source-ipv6-network": "2001:0db8:0a0b:12f0:0000:0000:0000:0002/48", - "icmp-v6-nodes": { - "icmp-type-range": { + "destination-ipv6-network": "2001:0db8:0a0b:12f0:0000:0000:0000:0001/64" + }, + "icmp": { + "vpp-acl:vpp-icmp-ace": { + "vpp-acl:icmp-type-range": { "first": "5", "last": "8" }, - "icmp-code-range": { + "vpp-acl:icmp-code-range": { "first": "1", "last": "3" } @@ -26,7 +28,7 @@ } }, "actions": { - "permit": [null] + "forwarding": "ietf-access-control-list:accept" } } ] diff --git a/acl/acl-impl/src/test/resources/acl/standard/standard-acl-icmp.json b/acl/acl-impl/src/test/resources/acl/standard/standard-acl-icmp.json index 73a9a6543..cc534f4b4 100644 --- a/acl/acl-impl/src/test/resources/acl/standard/standard-acl-icmp.json +++ b/acl/acl-impl/src/test/resources/acl/standard/standard-acl-icmp.json @@ -1,24 +1,26 @@ { - "access-lists": { + "acls": { "acl": [ { - "acl-name": "standard-acl", - "acl-type": "vpp-acl:vpp-acl", + "name": "standard-acl", + "type": "vpp-acl:vpp-acl", "tag": "icmp-v4-tag-value", - "access-list-entries": { + "aces": { "ace": [ { - "rule-name": "imcp-rule", + "name": "imcp-rule", "matches": { - "vpp-ace-nodes": { - "destination-ipv4-network": "192.168.2.1/24", + "ipv4": { "source-ipv4-network": "192.168.2.2/32", - "icmp-nodes": { - "icmp-type-range": { + "destination-ipv4-network": "192.168.2.1/24" + }, + "icmp": { + "vpp-acl:vpp-icmp-ace": { + "vpp-acl:icmp-type-range": { "first": "5", "last": "8" }, - "icmp-code-range": { + "vpp-acl:icmp-code-range": { "first": "1", "last": "3" } @@ -26,7 +28,7 @@ } }, "actions": { - "permit": [null] + "forwarding": "ietf-access-control-list:accept" } } ] diff --git a/acl/acl-impl/src/test/resources/acl/standard/standard-acl-tcp-src-only.json b/acl/acl-impl/src/test/resources/acl/standard/standard-acl-tcp-src-only.json index 13e757907..9d9b396ba 100644 --- a/acl/acl-impl/src/test/resources/acl/standard/standard-acl-tcp-src-only.json +++ b/acl/acl-impl/src/test/resources/acl/standard/standard-acl-tcp-src-only.json @@ -1,32 +1,34 @@ { - "access-lists": { + "acls": { "acl": [ { - "acl-name": "standard-acl", - "acl-type": "vpp-acl:vpp-acl", - "access-list-entries": { + "name": "standard-acl", + "type": "vpp-acl:vpp-acl", + "aces": { "ace": [ { - "rule-name": "tcp-rule", + "name": "tcp-rule", "matches": { - "vpp-ace-nodes": { - "source-ipv4-network": "192.168.2.2/32", - "tcp-nodes": { - "source-port-range": { - "lower-port": "1", - "upper-port": "5487" - }, - "destination-port-range": { - "lower-port": "87", - "upper-port": "6745" - }, - "tcp-flags-mask": "1", - "tcp-flags-value": "7" + "ipv4": { + "source-ipv4-network": "192.168.2.2/32" + }, + "tcp": { + "source-port": { + "lower-port": "1", + "upper-port": "5487" + }, + "destination-port": { + "lower-port": "87", + "upper-port": "6745" + }, + "flags": "cwr ece urg", + "vpp-acl:vpp-tcp-ace": { + "vpp-acl:flags-mask": "cwr" } } }, "actions": { - "permit": [null] + "forwarding": "ietf-access-control-list:accept" } } ] diff --git a/acl/acl-impl/src/test/resources/acl/standard/standard-acl-tcp.json b/acl/acl-impl/src/test/resources/acl/standard/standard-acl-tcp.json index 6b5dbafc7..35ad4b1da 100644 --- a/acl/acl-impl/src/test/resources/acl/standard/standard-acl-tcp.json +++ b/acl/acl-impl/src/test/resources/acl/standard/standard-acl-tcp.json @@ -1,34 +1,36 @@ { - "access-lists": { + "acls": { "acl": [ { - "acl-name": "standard-acl", - "acl-type": "vpp-acl:vpp-acl", + "name": "standard-acl", + "type": "vpp-acl:vpp-acl", "tag": "tcp-tag-value", - "access-list-entries": { + "aces": { "ace": [ { - "rule-name": "tcp-rule", + "name": "tcp-rule", "matches": { - "vpp-ace-nodes": { + "ipv4": { "destination-ipv4-network": "192.168.2.1/24", - "source-ipv4-network": "192.168.2.2/32", - "tcp-nodes": { - "source-port-range": { - "lower-port": "1", - "upper-port": "5487" - }, - "destination-port-range": { - "lower-port": "87", - "upper-port": "6745" - }, - "tcp-flags-mask": "1", - "tcp-flags-value": "7" + "source-ipv4-network": "192.168.2.2/32" + }, + "tcp": { + "source-port": { + "lower-port": "1", + "upper-port": "5487" + }, + "destination-port": { + "lower-port": "87", + "upper-port": "6745" + }, + "flags": "cwr ece urg", + "vpp-acl:vpp-tcp-ace": { + "vpp-acl:flags-mask": "cwr" } } }, "actions": { - "permit": [null] + "forwarding": "ietf-access-control-list:accept" } } ] diff --git a/acl/acl-impl/src/test/resources/acl/standard/standard-acl-udp.json b/acl/acl-impl/src/test/resources/acl/standard/standard-acl-udp.json index e49a93cfa..10edb349e 100644 --- a/acl/acl-impl/src/test/resources/acl/standard/standard-acl-udp.json +++ b/acl/acl-impl/src/test/resources/acl/standard/standard-acl-udp.json @@ -1,32 +1,32 @@ { - "access-lists": { + "acls": { "acl": [ { - "acl-name": "standard-acl", - "acl-type": "vpp-acl:vpp-acl", + "name": "standard-acl", + "type": "vpp-acl:vpp-acl", "tag": "udp-tag-value", - "access-list-entries": { + "aces": { "ace": [ { - "rule-name": "udp-rule", + "name": "udp-rule", "matches": { - "vpp-ace-nodes": { + "ipv4": { "destination-ipv4-network": "192.168.2.1/24", - "source-ipv4-network": "192.168.2.2/32", - "udp-nodes": { - "source-port-range": { - "lower-port": "1", - "upper-port": "5487" - }, - "destination-port-range": { - "lower-port": "87", - "upper-port": "6745" - } + "source-ipv4-network": "192.168.2.2/32" + }, + "udp": { + "source-port": { + "lower-port": "1", + "upper-port": "5487" + }, + "destination-port": { + "lower-port": "87", + "upper-port": "6745" } } }, "actions": { - "permit": [null] + "forwarding": "ietf-access-control-list:accept" } } ] diff --git a/acl/acl-impl/src/test/resources/interface-acl/acl-references.json b/acl/acl-impl/src/test/resources/interface-acl/acl-references.json index 63c9e20c9..00a86965d 100644 --- a/acl/acl-impl/src/test/resources/interface-acl/acl-references.json +++ b/acl/acl-impl/src/test/resources/interface-acl/acl-references.json @@ -1,13 +1,12 @@ { - "interfaces": { + "attachment-points": { "interface": [ { - "name": "eth0", - "acl": { - "ingress": { - "vpp-acls": [ + "interface-id": "eth0", + "ingress": { + "acl-sets": { + "acl-set": [ { - "type": "vpp-acl:vpp-acl", "name": "acl1" } ] @@ -15,20 +14,14 @@ } }, { - "name": "eth1", - "acl": { - "egress": { - "vpp-acls": [ + "interface-id": "eth1", + "ingress": { + "acl-sets": { + "acl-set": [ { - "type": "vpp-acl:vpp-acl", "name": "acl1" - } - ] - }, - "ingress": { - "vpp-acls": [ + }, { - "type": "vpp-acl:vpp-acl", "name": "acl2" } ] @@ -36,19 +29,17 @@ } }, { - "name": "eth2", - "acl": { - "ingress": { - "vpp-acls": [ + "interface-id": "eth2", + "ingress": { + "acl-sets": { + "acl-set": [ { - "type": "vpp-acl:vpp-acl", "name": "acl1" + }, + { + "name": "acl4" } - ], - "vpp-macip-acl": { - "name": "acl4", - "type": "vpp-acl:vpp-macip-acl" - } + ] } } } diff --git a/acl/acl-impl/src/test/resources/rules/icmp-rule.json b/acl/acl-impl/src/test/resources/rules/icmp-rule.json index 330a448fc..dbee65ea3 100644 --- a/acl/acl-impl/src/test/resources/rules/icmp-rule.json +++ b/acl/acl-impl/src/test/resources/rules/icmp-rule.json @@ -1,23 +1,25 @@ { - "access-lists": { + "acls": { "acl": [ { - "acl-name": "standard-acl", - "acl-type": "vpp-acl:vpp-acl", - "access-list-entries": { + "name": "standard-acl", + "type": "vpp-acl:vpp-acl", + "aces": { "ace": [ { - "rule-name": "imcp-rule", + "name": "imcp-rule", "matches": { - "vpp-ace-nodes": { - "destination-ipv4-network": "192.168.2.1/32", + "ipv4": { "source-ipv4-network": "192.168.2.2/32", - "icmp-nodes": { - "icmp-type-range": { + "destination-ipv4-network": "192.168.2.1/32" + }, + "icmp": { + "vpp-acl:vpp-icmp-ace": { + "vpp-acl:icmp-type-range": { "first": "5", "last": "8" }, - "icmp-code-range": { + "vpp-acl:icmp-code-range": { "first": "1", "last": "3" } diff --git a/acl/acl-impl/src/test/resources/rules/icmp-v6-rule.json b/acl/acl-impl/src/test/resources/rules/icmp-v6-rule.json index 9ea82a19a..3cb989858 100644 --- a/acl/acl-impl/src/test/resources/rules/icmp-v6-rule.json +++ b/acl/acl-impl/src/test/resources/rules/icmp-v6-rule.json @@ -1,23 +1,25 @@ { - "access-lists": { + "acls": { "acl": [ { - "acl-name": "standard-acl", - "acl-type": "vpp-acl:vpp-acl", - "access-list-entries": { + "name": "standard-acl", + "type": "vpp-acl:vpp-acl", + "aces": { "ace": [ { - "rule-name": "imcp-rule", + "name": "imcp-v6-rule", "matches": { - "vpp-ace-nodes": { - "destination-ipv6-network": "2001:0db8:0a0b:12f0:0000:0000:0000:0001/64", - "source-ipv6-network": "2001:0db8:0a0b:12f0:0000:0000:0000:0002/64", - "icmp-v6-nodes": { - "icmp-type-range": { + "ipv6": { + "source-ipv6-network": "2001:0db8:0a0b:12f0:0000:0000:0000:0002/48", + "destination-ipv6-network": "2001:0db8:0a0b:12f0:0000:0000:0000:0001/64" + }, + "icmp": { + "vpp-acl:vpp-icmp-ace": { + "vpp-acl:icmp-type-range": { "first": "5", "last": "8" }, - "icmp-code-range": { + "vpp-acl:icmp-code-range": { "first": "1", "last": "3" } diff --git a/acl/acl-impl/src/test/resources/rules/no-protocol-rule.json b/acl/acl-impl/src/test/resources/rules/no-protocol-rule.json index a022bf08d..dad0f05bb 100644 --- a/acl/acl-impl/src/test/resources/rules/no-protocol-rule.json +++ b/acl/acl-impl/src/test/resources/rules/no-protocol-rule.json @@ -1,17 +1,17 @@ { - "access-lists": { + "acls": { "acl": [ { - "acl-name": "standard-acl", - "acl-type": "vpp-acl:vpp-acl", - "access-list-entries": { + "name": "standard-acl", + "type": "vpp-acl:vpp-acl", + "aces": { "ace": [ { - "rule-name": "no-protocol-rule", + "name": "no-protocol-rule", "matches": { - "vpp-ace-nodes": { - "destination-ipv4-network": "192.168.2.1/32", - "source-ipv4-network": "192.168.2.2/32" + "ipv4": { + "source-ipv4-network": "192.168.2.2/32", + "destination-ipv4-network": "192.168.2.1/32" } } } diff --git a/acl/acl-impl/src/test/resources/rules/other-rule.json b/acl/acl-impl/src/test/resources/rules/other-rule.json deleted file mode 100644 index 0e60dccf7..000000000 --- a/acl/acl-impl/src/test/resources/rules/other-rule.json +++ /dev/null @@ -1,26 +0,0 @@ -{ - "access-lists": { - "acl": [ - { - "acl-name": "standard-acl", - "acl-type": "vpp-acl:vpp-acl", - "access-list-entries": { - "ace": [ - { - "rule-name": "imcp-rule", - "matches": { - "vpp-ace-nodes": { - "destination-ipv4-network": "192.168.2.1/32", - "source-ipv4-network": "192.168.2.2/32", - "other-nodes": { - "protocol": "64" - } - } - } - } - ] - } - } - ] - } -} \ No newline at end of file diff --git a/acl/acl-impl/src/test/resources/rules/tcp-rule-no-flags.json b/acl/acl-impl/src/test/resources/rules/tcp-rule-no-flags.json index 31cc854df..2130f4a32 100644 --- a/acl/acl-impl/src/test/resources/rules/tcp-rule-no-flags.json +++ b/acl/acl-impl/src/test/resources/rules/tcp-rule-no-flags.json @@ -1,24 +1,24 @@ { - "access-lists": { + "acls": { "acl": [ { - "acl-name": "standard-acl", - "acl-type": "vpp-acl:vpp-acl", - "access-list-entries": { + "name": "standard-acl", + "type": "vpp-acl:vpp-acl", + "aces": { "ace": [ { - "rule-name": "tcp-no-flags-rule", + "name": "tcp-no-flags-rule", "matches": { - "vpp-ace-nodes": { + "ipv4": { "destination-ipv4-network": "192.168.2.1/32", - "source-ipv4-network": "192.168.2.2/32", - "tcp-nodes": { - "source-port-range": { - "lower-port": "123" - }, - "destination-port-range": { - "lower-port": "65000" - } + "source-ipv4-network": "192.168.2.2/32" + }, + "tcp": { + "source-port": { + "lower-port": "123" + }, + "destination-port": { + "lower-port": "65000" } } } diff --git a/acl/acl-impl/src/test/resources/rules/tcp-rule.json b/acl/acl-impl/src/test/resources/rules/tcp-rule.json index de3697eef..95fa836d4 100644 --- a/acl/acl-impl/src/test/resources/rules/tcp-rule.json +++ b/acl/acl-impl/src/test/resources/rules/tcp-rule.json @@ -1,28 +1,30 @@ { - "access-lists": { + "acls": { "acl": [ { - "acl-name": "standard-acl", - "acl-type": "vpp-acl:vpp-acl", - "access-list-entries": { + "name": "standard-acl", + "type": "vpp-acl:vpp-acl", + "aces": { "ace": [ { - "rule-name": "imcp-rule", + "name": "tcp-rule", "matches": { - "vpp-ace-nodes": { + "ipv4": { "destination-ipv4-network": "192.168.2.1/32", - "source-ipv4-network": "192.168.2.2/32", - "tcp-nodes": { - "source-port-range": { - "lower-port": "1", - "upper-port": "5487" - }, - "destination-port-range": { - "lower-port": "87", - "upper-port": "6745" - }, - "tcp-flags-mask": "1", - "tcp-flags-value": "7" + "source-ipv4-network": "192.168.2.2/32" + }, + "tcp": { + "source-port": { + "lower-port": "1", + "upper-port": "5487" + }, + "destination-port": { + "lower-port": "87", + "upper-port": "6745" + }, + "flags": "cwr ece urg", + "vpp-acl:vpp-tcp-ace": { + "vpp-acl:flags-mask": "cwr" } } } diff --git a/acl/acl-impl/src/test/resources/rules/udp-rule.json b/acl/acl-impl/src/test/resources/rules/udp-rule.json index 4bc05d4b2..8ee8b82d6 100644 --- a/acl/acl-impl/src/test/resources/rules/udp-rule.json +++ b/acl/acl-impl/src/test/resources/rules/udp-rule.json @@ -1,26 +1,26 @@ { - "access-lists": { + "acls": { "acl": [ { - "acl-name": "standard-acl", - "acl-type": "vpp-acl:vpp-acl", - "access-list-entries": { + "name": "standard-acl", + "type": "vpp-acl:vpp-acl", + "aces": { "ace": [ { - "rule-name": "imcp-rule", + "name": "imcp-rule", "matches": { - "vpp-ace-nodes": { + "ipv4": { "destination-ipv4-network": "192.168.2.1/32", - "source-ipv4-network": "192.168.2.2/32", - "udp-nodes": { - "source-port-range": { - "lower-port": "1", - "upper-port": "5487" - }, - "destination-port-range": { - "lower-port": "87", - "upper-port": "6745" - } + "source-ipv4-network": "192.168.2.2/32" + }, + "udp": { + "source-port": { + "lower-port": "1", + "upper-port": "5487" + }, + "destination-port": { + "lower-port": "87", + "upper-port": "6745" } } } -- cgit 1.2.3-korg