# HG changeset patch # User Branko Majic # Date 2013-06-30 17:23:48 # Node ID 9996f5fcde31063208e5a70853f635f78dfb6d62 # Parent 7b736c4262c59e835fc92b88059d9cee3f74cd9b Added tests for utility functions. Optimised some view tests. Added tests for entity view, entity iptables view, and project iptables view. diff --git a/conntrackt/tests/test_utils.py b/conntrackt/tests/test_utils.py new file mode 100644 --- /dev/null +++ b/conntrackt/tests/test_utils.py @@ -0,0 +1,50 @@ +# Django imports. +from django.test import TestCase + +# Application imports. +from conntrackt.models import Entity +from conntrackt import utils + + +class GenerateEntityIptablesTest(TestCase): + + fixtures = ['test-data.json'] + + def test_generated_iptables(self): + """ + Tests if the entity's iptables are generated properly or not. + """ + + entity = Entity.objects.get(pk=1) + generated = utils.generate_entity_iptables(entity) + + expected = """*filter +:INPUT DROP [0:0] +# Accept all incoming related traffic. +-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT + +# Accept all incoming traffic on loopback interface. +-A INPUT -i lo -j ACCEPT + +# MySQL. +-A INPUT -s 192.168.1.3/255.255.255.255 -d 192.168.1.1/255.255.255.255 -p tcp -m tcp --dport 3306 -j ACCEPT + +# Ping. +-A INPUT -s 192.168.1.2/255.255.255.255 -d 192.168.1.1/255.255.255.255 -p icmp -m icmp --icmp-type 8 -j ACCEPT + +# SSH. +-A INPUT -s 192.168.1.2/255.255.255.255 -d 192.168.1.1/255.255.255.255 -p tcp -m tcp --dport 22 -j ACCEPT +-A INPUT -s 192.168.2.0/255.255.255.0 -d 192.168.1.1/255.255.255.255 -p tcp -m tcp --dport 22 -j ACCEPT + +:OUTPUT ACCEPT [0:0] +:FORWARD DROP [0:0] +COMMIT +*nat +:PREROUTING ACCEPT [0:0] +:INPUT ACCEPT [0:0] +:OUTPUT ACCEPT [0:0] +:POSTROUTING ACCEPT [0:0] +COMMIT +""" + self.assertEqual(generated, expected) + diff --git a/conntrackt/tests/test_views.py b/conntrackt/tests/test_views.py --- a/conntrackt/tests/test_views.py +++ b/conntrackt/tests/test_views.py @@ -1,3 +1,7 @@ +# Standard library imports. +from StringIO import StringIO +from zipfile import ZipFile, ZIP_DEFLATED + # Django imports. from django.core.urlresolvers import reverse from django.test import TestCase @@ -38,7 +42,6 @@ class IndexViewTest(ViewTest): response = self.client.get(reverse("index")) - self.assertEqual(response.status_code, 403) self.assertContains(response, "You have insufficient privileges to access this resource. Please contact your local system administrator if you believe you should have been granted access.", status_code=403) def test_permission_granted(self): @@ -62,7 +65,6 @@ class IndexViewTest(ViewTest): self.client.login(username="fullperms", password="fullperms") response = self.client.get(reverse("index")) - self.assertEqual(response.status_code, 200) self.assertContains(response, "Currently there are no projects defined in the database. Use the administration pages in order to add a new project.") def test_projects_available(self): @@ -90,7 +92,6 @@ class ProjectViewTest(ViewTest): response = self.client.get(reverse("project", args=(1,))) - self.assertEqual(response.status_code, 403) self.assertContains(response, "You have insufficient privileges to access this resource. Please contact your local system administrator if you believe you should have been granted access.", status_code=403) def test_permission_granted(self): @@ -128,3 +129,241 @@ class ProjectViewTest(ViewTest): self.assertContains(response, "Test Location 1") self.assertContains(response, "Test Location 2") + +class EntityView(ViewTest): + + def test_permission_denied(self): + """ + Tests if permission will be denied for client without sufficient privileges. + """ + + self.client.login(username="noperms", password="noperms") + + response = self.client.get(reverse("entity", args=(1,))) + + self.assertContains(response, "You have insufficient privileges to access this resource. Please contact your local system administrator if you believe you should have been granted access.", status_code=403) + + def test_permission_granted(self): + """ + Tests if permission will be granted for user with correct privileges. + """ + + self.client.login(username="fullperms", password="fullperms") + + response = self.client.get(reverse("entity", args=(1,))) + + self.assertEqual(response.status_code, 200) + + def test_entity_show(self): + """ + Tests if the entity information is shown properly. + """ + + self.client.login(username="fullperms", password="fullperms") + + response = self.client.get(reverse("entity", args=(1,))) + + self.assertEqual(str(response.context["entity"]), "Test Entity 1 (Test Project 1 - Test Location 1)") + self.assertContains(response, "Test Entity 1") + self.assertContains(response, ":INPUT") + self.assertContains(response, ":OUTPUT") + self.assertContains(response, ":FORWARD") + + +class EntityIptablesTest(ViewTest): + + def test_permission_denied(self): + """ + Tests if permission will be denied for client without sufficient privileges. + """ + + self.client.login(username="noperms", password="noperms") + + response = self.client.get(reverse("entity_iptables", args=(1,))) + + self.assertContains(response, "You have insufficient privileges to access this resource. Please contact your local system administrator if you believe you should have been granted access.", status_code=403) + + def test_permission_granted(self): + """ + Tests if permission will be granted for user with correct privileges. + """ + + self.client.login(username="fullperms", password="fullperms") + + response = self.client.get(reverse("entity_iptables", args=(1,))) + + self.assertEqual(response.status_code, 200) + + def test_no_entity(self): + """ + Tests if a 404 is returned if no entity was found (invalid ID). + """ + + self.client.login(username="fullperms", password="fullperms") + + response = self.client.get(reverse("entity_iptables", args=(200,))) + + self.assertEqual(response.status_code, 404) + + def test_content_type(self): + """ + Test if correct content type is being returned by the response. + """ + + self.client.login(username="fullperms", password="fullperms") + + response = self.client.get(reverse("entity_iptables", args=(1,))) + + self.assertEqual(response['Content-Type'], "text/plain") + + def test_content_disposition(self): + """ + Test if the correct content disposition has been set. + """ + + self.client.login(username="fullperms", password="fullperms") + + response = self.client.get(reverse("entity_iptables", args=(1,))) + + self.assertEqual(response['Content-Disposition'], "attachment; filename=test_entity_1-iptables.conf") + + def test_entity_iptables_show(self): + """ + Test if the entity's iptables are being show or not. + """ + + self.client.login(username="fullperms", password="fullperms") + + response = self.client.get(reverse("entity_iptables", args=(1,))) + + self.assertContains(response, ":INPUT") + self.assertContains(response, ":OUTPUT") + self.assertContains(response, ":FORWARD") + + +class ProjectIptablesTest(ViewTest): + + def test_permission_denied(self): + """ + Tests if permission will be denied for client without sufficient privileges. + """ + + self.client.login(username="noperms", password="noperms") + + response = self.client.get(reverse("project_iptables", args=(1,))) + + self.assertContains(response, "You have insufficient privileges to access this resource. Please contact your local system administrator if you believe you should have been granted access.", status_code=403) + + def test_permission_granted(self): + """ + Tests if permission will be granted for user with correct privileges. + """ + + self.client.login(username="fullperms", password="fullperms") + + response = self.client.get(reverse("project_iptables", args=(1,))) + + self.assertEqual(response.status_code, 200) + + def test_invalid_project(self): + """ + Tests if a 404 is returned if invalid project is specified. + """ + + self.client.login(username="fullperms", password="fullperms") + + response = self.client.get(reverse("project_iptables", args=(200,))) + self.assertEqual(response.status_code, 404) + + response = self.client.get(reverse("project_location_iptables", args=(200,1))) + self.assertEqual(response.status_code, 404) + + + def test_invalid_location(self): + """ + Tests if a 404 is returned if invalid location is specified. + """ + + self.client.login(username="fullperms", password="fullperms") + + response = self.client.get(reverse("project_location_iptables", args=(1,200))) + self.assertEqual(response.status_code, 404) + + def test_content_type(self): + """ + Test if correct content type is being returned by the response. + """ + + self.client.login(username="fullperms", password="fullperms") + + response = self.client.get(reverse("project_iptables", args=(1,))) + + self.assertEqual(response['Content-Type'], "application/zip") + + def test_content_disposition(self): + """ + Test if the correct content disposition has been set. + """ + + self.client.login(username="fullperms", password="fullperms") + + response = self.client.get(reverse("project_iptables", args=(1,))) + self.assertEqual(response['Content-Disposition'], 'attachment; filename="test_project_1-iptables.zip"') + + response = self.client.get(reverse("project_location_iptables", args=(1,1))) + self.assertEqual(response['Content-Disposition'], 'attachment; filename="test_project_1-test_location_1-iptables.zip"') + + def test_project_entities_show(self): + """ + Test if the project's iptables are being shown or not. + """ + + self.client.login(username="fullperms", password="fullperms") + + response = self.client.get(reverse("project_iptables", args=(1,))) + + buff = StringIO(response.content) + + zipped_iptables = ZipFile(buff, "r", ZIP_DEFLATED) + expected_zip_files = ["test_entity_1-iptables.conf", + "test_entity_2-iptables.conf", + "test_entity_3-iptables.conf", + "test_subnet-iptables.conf" ] + + self.assertEqual(len(zipped_iptables.namelist()), 4) + self.assertEqual(zipped_iptables.namelist(), expected_zip_files) + + for filename in expected_zip_files: + iptables_file = zipped_iptables.read(filename) + self.assertIn(":INPUT", iptables_file) + self.assertIn(":OUTPUT", iptables_file) + self.assertIn(":FORWARD", iptables_file) + + zipped_iptables.close() + + def test_project_location_entities_show(self): + """ + Test if the project location's iptables are being shown or not. + """ + + self.client.login(username="fullperms", password="fullperms") + + response = self.client.get(reverse("project_location_iptables", args=(1,1))) + + buff = StringIO(response.content) + + zipped_iptables = ZipFile(buff, "r", ZIP_DEFLATED) + expected_zip_files = ["test_entity_1-iptables.conf", + "test_entity_2-iptables.conf"] + + self.assertEqual(len(zipped_iptables.namelist()), 2) + self.assertEqual(zipped_iptables.namelist(), expected_zip_files) + + for filename in expected_zip_files: + iptables_file = zipped_iptables.read(filename) + self.assertIn(":INPUT", iptables_file) + self.assertIn(":OUTPUT", iptables_file) + self.assertIn(":FORWARD", iptables_file) + + zipped_iptables.close() +