diff --git a/asr1k_neutron_l3/tests/unit/models/netconf_yang/test_parsing.py b/asr1k_neutron_l3/tests/unit/models/netconf_yang/test_parsing.py
index efeb09fe..7c89b265 100644
--- a/asr1k_neutron_l3/tests/unit/models/netconf_yang/test_parsing.py
+++ b/asr1k_neutron_l3/tests/unit/models/netconf_yang/test_parsing.py
@@ -15,11 +15,17 @@
from asr1k_neutron_l3.models.asr1k_pair import FakeASR1KContext
from asr1k_neutron_l3.common.utils import from_cidr, to_cidr
+from asr1k_neutron_l3.models.netconf_yang.access_list import AccessList
from asr1k_neutron_l3.models.netconf_yang.arp_cache import ArpCache
from asr1k_neutron_l3.models.netconf_yang import bgp
+from asr1k_neutron_l3.models.netconf_yang.class_map import ClassMap
from asr1k_neutron_l3.models.netconf_yang.l2_interface import BridgeDomain
from asr1k_neutron_l3.models.netconf_yang.vrf import VrfDefinition
from asr1k_neutron_l3.models.netconf_yang.nat import StaticNatList
+from asr1k_neutron_l3.models.netconf_yang.parameter_map import ParameterMapInspectGlobalVrf
+from asr1k_neutron_l3.models.netconf_yang.service_policy import ServicePolicy
+from asr1k_neutron_l3.models.netconf_yang.zone import Zone
+from asr1k_neutron_l3.models.netconf_yang.zone_pair import ZonePair
class ParsingTest(base.BaseTestCase):
@@ -373,3 +379,375 @@ def test_arp_cache_parsing(self):
self.assertEqual("2742f0347af546878c600d608cf38382", vrf1.vrf)
self.assertEqual("1.2.3.4", vrf1.entries[0].address)
self.assertEqual("fa:16:3e:11:22:33", vrf1.entries[0].mac)
+
+ def test_acl_parsing(self):
+ xml = """
+
+
+
+
+
+
+ ACL-FWAAS-TEST-ACL
+
+ 10
+
+ permit
+ tcp
+
+
+
+
+
+
+ 20
+
+ permit
+ icmp
+
+
+ echo-reply
+
+
+
+ 100
+
+ deny
+ tcp
+ 1.1.1.1
+ 1.1.1.1
+ 2.2.2.2
+ 2.2.2.2
+ 3333
+
+
+
+ 110
+
+ permit
+ udp
+ 10.0.0.0
+ 0.0.0.255
+ 192.16.0.0
+ 0.0.0.16
+ 22
+
+
+
+ 120
+
+ permit
+ tcp
+ 192.16.0.0
+ 0.0.0.16
+ 10.0.0.0
+ 0.0.0.255
+ 1999
+ 2991
+
+
+
+ 130
+
+ deny
+ icmp
+ 100.200.0.0
+ 0.0.255.255
+
+
+
+
+ 150
+
+ deny
+ udp
+ 1.1.1.1
+ 1.1.1.1
+ 10000
+ 20000
+
+
+
+
+ 160
+
+ deny
+ ip
+ 192.168.1.0
+ 0.0.0.255
+ 192.168.2.0
+ 0.0.0.255
+
+
+
+
+
+
+
+
+"""
+
+ context = FakeASR1KContext()
+ acl = AccessList.from_xml(xml, context)
+ self.assertEqual("ACL-FWAAS-TEST-ACL", acl.id)
+ self.assertEqual("ACL-FWAAS-TEST-ACL", acl.name)
+ self.assertEqual(8, len(acl.rules))
+ rules = acl.rules
+
+ rule = rules[0]
+ self.assertEqual("10", rule.sequence)
+ ace = rule.ace_rule[0]
+ self.assertEqual("permit", ace.action)
+ self.assertEqual("tcp", ace.protocol)
+ self.assertTrue(ace.any)
+ self.assertTrue(ace.dst_any)
+ self.assertTrue(ace.established)
+
+ rule = rules[1]
+ self.assertEqual("20", rule.sequence)
+ ace = rule.ace_rule[0]
+ self.assertEqual("permit", ace.action)
+ self.assertEqual("icmp", ace.protocol)
+ self.assertTrue(ace.any)
+ self.assertTrue(ace.dst_any)
+ self.assertEqual("echo-reply", ace.named_message_type)
+
+ rule = rules[2]
+ self.assertEqual("100", rule.sequence)
+ ace = rule.ace_rule[0]
+ self.assertEqual("deny", ace.action)
+ self.assertEqual("tcp", ace.protocol)
+ self.assertEqual("1.1.1.1", ace.host)
+ self.assertEqual("2.2.2.2", ace.dst_host)
+ self.assertEqual("3333", ace.dst_eq)
+
+ rule = rules[3]
+ self.assertEqual("110", rule.sequence)
+ ace = rule.ace_rule[0]
+ self.assertEqual("permit", ace.action)
+ self.assertEqual("udp", ace.protocol)
+ self.assertEqual("10.0.0.0", ace.ipv4_address)
+ self.assertEqual("0.0.0.255", ace.mask)
+ self.assertEqual("192.16.0.0", ace.dest_ipv4_address)
+ self.assertEqual("0.0.0.16", ace.dest_mask)
+ self.assertEqual("22", ace.dst_eq)
+
+ rule = rules[4]
+ self.assertEqual("120", rule.sequence)
+ ace = rule.ace_rule[0]
+ self.assertEqual("permit", ace.action)
+ self.assertEqual("tcp", ace.protocol)
+ self.assertEqual("192.16.0.0", ace.ipv4_address)
+ self.assertEqual("0.0.0.16", ace.mask)
+ self.assertEqual("10.0.0.0", ace.dest_ipv4_address)
+ self.assertEqual("0.0.0.255", ace.dest_mask)
+ self.assertEqual("1999", ace.dst_range1)
+ self.assertEqual("2991", ace.dst_range2)
+
+ rule = rules[5]
+ self.assertEqual("130", rule.sequence)
+ ace = rule.ace_rule[0]
+ self.assertEqual("deny", ace.action)
+ self.assertEqual("icmp", ace.protocol)
+ self.assertEqual("100.200.0.0", ace.ipv4_address)
+ self.assertEqual("0.0.255.255", ace.mask)
+ self.assertTrue(ace.dst_any)
+
+ rule = rules[6]
+ self.assertEqual("150", rule.sequence)
+ ace = rule.ace_rule[0]
+ self.assertEqual("deny", ace.action)
+ self.assertEqual("udp", ace.protocol)
+ self.assertEqual("1.1.1.1", ace.host)
+ self.assertEqual("10000", ace.src_range1)
+ self.assertEqual("20000", ace.src_range2)
+ self.assertTrue(ace.dst_any)
+
+ rule = rules[7]
+ self.assertEqual("160", rule.sequence)
+ ace = rule.ace_rule[0]
+ self.assertEqual("deny", ace.action)
+ self.assertEqual("ip", ace.protocol)
+ self.assertEqual("192.168.1.0", ace.ipv4_address)
+ self.assertEqual("0.0.0.255", ace.mask)
+
+ def test_class_map_parsing(self):
+ xml = """
+
+
+
+
+
+ CM-FWAAS-COFFEE-CRIMES
+ inspect
+ match-all
+
+
+ ACL-FWAAS-FROZEN-CARAMEL-MACHIATO
+
+
+
+
+
+
+
+"""
+ context = FakeASR1KContext()
+ cm = ClassMap.from_xml(xml, context)
+ self.assertEqual("CM-FWAAS-COFFEE-CRIMES", cm.id)
+ self.assertEqual("inspect", cm.type)
+ self.assertEqual("match-all", cm.prematch)
+ self.assertEqual("ACL-FWAAS-FROZEN-CARAMEL-MACHIATO", cm.acl_id)
+
+ def test_parameter_map_inspect_global_vrf_parsing(self):
+
+ xml = """
+
+
+
+
+
+
+
+
+
+ DAGOBERTDUCK
+ PAM-FWAAS-POLICE-VRF
+
+
+
+
+
+
+
+
+"""
+ context = FakeASR1KContext()
+ pm = ParameterMapInspectGlobalVrf.from_xml(xml, context)
+ self.assertEqual("DAGOBERTDUCK", pm.vrf)
+ self.assertEqual("PAM-FWAAS-POLICE-VRF", pm.parameter_map)
+
+ def test_service_policy_parsing(self):
+ xml = """
+
+
+
+
+
+ SP-FWAAS-NO-CRAP-ON-TAP
+ inspect
+
+ CM-FWAAS-NO-CRAP-ON-TAP
+ inspect
+
+ inspect
+
+
+
+ class-default
+
+ drop
+
+
+
+
+
+
+
+
+"""
+
+ context = FakeASR1KContext()
+ sp = ServicePolicy.from_xml(xml, context)
+ self.assertEqual("SP-FWAAS-NO-CRAP-ON-TAP", sp.id)
+ self.assertEqual("inspect", sp.type)
+ classes = sp.classes
+ self.assertEqual(2, len(classes))
+ self.assertEqual("CM-FWAAS-NO-CRAP-ON-TAP", classes[0].id)
+ self.assertEqual("inspect", classes[0].type)
+ self.assertEqual("inspect", classes[0].policy_action)
+ self.assertEqual("class-default", classes[1].id)
+ self.assertEqual("drop", classes[1].policy_action)
+ self.assertTrue(classes[1].log)
+
+ def test_zone_parsing(self):
+ xml = """
+
+
+
+
+
+ ZN-FWAAS-123
+
+
+
+
+
+"""
+
+ context = FakeASR1KContext()
+ zone = Zone.from_xml(xml, context)
+ self.assertEqual("ZN-FWAAS-123", zone.id)
+
+ def test_zone_pair_parsing(self):
+ xml = """
+
+
+
+
+
+ ZP-FWAAS-EXT-EGRESS-123
+ default
+ ZN-FWAAS-123
+
+
+ SP-FWAAS-ALLOW-INSPECT
+
+
+
+
+
+
+
+ """
+ context = FakeASR1KContext()
+ zone_pair = ZonePair.from_xml(xml, context)
+ self.assertEqual("ZP-FWAAS-EXT-EGRESS-123", zone_pair.id)
+ self.assertEqual("default", zone_pair.source)
+ self.assertEqual("ZN-FWAAS-123", zone_pair.destination)
+ self.assertEqual("SP-FWAAS-ALLOW-INSPECT", zone_pair.service_policy)
+
+ xml = """
+
+
+
+
+
+ ZP-FWAAS-EXT-INGRESS-123
+ ZN-FWAAS-123
+ default
+
+
+ SP-FWAAS-NO-CRAP-ON-TAP
+
+
+
+
+
+
+
+"""
+
+ zone_pair = ZonePair.from_xml(xml, context)
+ self.assertEqual("ZP-FWAAS-EXT-INGRESS-123", zone_pair.id)
+ self.assertEqual("ZN-FWAAS-123", zone_pair.source)
+ self.assertEqual("default", zone_pair.destination)
+ self.assertEqual("SP-FWAAS-NO-CRAP-ON-TAP", zone_pair.service_policy)
+