Merge branch 'master' into feature/fix-regex

Author: Rob

.travis.yml

@@ -3,6 +3,8 @@ python:
   - "3.6"
   - "3.7"
 # command to install dependencies
-install: "pip install -r requirements.txt -r test-requirements.txt"
+install: "pip install -r requirements.txt -r test-requirements.txt . && pip install flake8"
 # command to run tests
-script: pytest tests/
+script:
+  - python -m unittest discover -s . -p '*_test.py'
+  - flake8 . --count --select=W291,W293,W391 --statistics

capirca/aclgen.py

@@ -507,7 +507,8 @@ def Run(base_directory, definitions_directory, policy_file, output_directory,
         result.get()
       except (ACLParserError, ACLGeneratorError) as e:
         with_errors = True
-        logging.warning('\n\nerror encountered in rendering process:\n%s\n\n', e)
+        logging.warning('\n\nerror encountered in rendering '
+                        'process:\n%s\n\n', e)
 
   # actually write files to disk
   WriteFiles(write_files)

capirca/lib/aclgenerator.py

@@ -39,10 +39,6 @@ class NoPlatformPolicyError(Error):
   """Raised when a policy is received that doesn't support this platform."""
 
 
-class UnsupportedFilter(Error):
-  """Raised when we see an inappropriate filter."""
-
-
 class UnknownIcmpTypeError(Error):
   """Raised when we see an unknown icmp-type."""
 
@@ -55,7 +51,7 @@ class EstablishedError(Error):
   """Raised when a term has established option with inappropriate protocol."""
 
 
-class UnsupportedAF(Error):
+class UnsupportedAFError(Error):
   """Raised when provided an unsupported address family."""
 
 
@@ -67,7 +63,7 @@ class UnsupportedFilterError(Error):
   """Raised when we see an inappropriate filter."""
 
 
-class UnsupportedTargetOption(Error):
+class UnsupportedTargetOptionError(Error):
   """Raised when a filter has an impermissible default action specified."""
 
 
@@ -151,7 +147,7 @@ def NormalizeAddressFamily(self, af):
       af: Numeric address family value
 
     Raises:
-      UnsupportedAF: Address family not in keys or values of our AF_MAP.
+      UnsupportedAFError: Address family not in keys or values of our AF_MAP.
     """
     # ensure address family (af) is valid
     if af in self.AF_MAP_BY_NUMBER:
@@ -160,8 +156,8 @@ def NormalizeAddressFamily(self, af):
       # convert AF name to number (e.g. 'inet' becomes 4, 'inet6' becomes 6)
       af = self.AF_MAP[af]
     else:
-      raise UnsupportedAF('Address family %s is not supported, term %s.' % (
-          af, self.term.name))
+      raise UnsupportedAFError('Address family %s is not supported, '
+                               'term %s.' % (af, self.term.name))
     return af
 
   def NormalizeIcmpTypes(self, icmp_types, protocols, af):
@@ -417,9 +413,10 @@ def FixHighPorts(self, term, af='inet', all_protocols_stateful=False):
       Copy of term that has been fixed
 
     Raises:
-      UnsupportedAF: Address family provided but unsupported.
+      UnsupportedAFError: Address family provided but unsupported.
       UnsupportedFilter: Protocols do not match the address family.
       EstablishedError: Established option used with inappropriate protocol.
+      UnsupportedFilterError: Filter does not support protocols with AF.
     """
     mod = term
 
@@ -431,15 +428,18 @@ def FixHighPorts(self, term, af='inet', all_protocols_stateful=False):
 
     # Check that the address family matches the protocols.
     if af not in self._SUPPORTED_AF:
-      raise UnsupportedAF('\nAddress family %s, found in %s, '
-                          'unsupported by %s' % (af, term.name, self._PLATFORM))
+      raise UnsupportedAFError(
+          '\nAddress family %s, found in %s, unsupported '
+          'by %s' % (af, term.name, self._PLATFORM))
     if af in self._FILTER_BLACKLIST:
       unsupported_protocols = self._FILTER_BLACKLIST[af].intersection(protocols)
       if unsupported_protocols:
-        raise UnsupportedFilter('\n%s targets do not support protocol(s) %s '
-                                'with address family %s (in %s)' %
-                                (self._PLATFORM, unsupported_protocols,
-                                 af, term.name))
+        raise UnsupportedFilterError(
+            '\n%s targets do not support protocol(s) %s '
+            'with address family %s (in %s)' % (self._PLATFORM,
+                                                unsupported_protocols,
+                                                af,
+                                                term.name))
 
     # Many renders expect high ports for terms with the established option.
     for opt in [str(x) for x in term.option]:

capirca/lib/aruba.py

@@ -309,7 +309,7 @@ def _TranslatePolicy(self, pol, exp_info):
 
           if term.expiration <= current_date:
             logging.warning('WARNING: Term %s in policy %s is expired and '
-                         'will not be rendered.', term.name, filter_name)
+                            'will not be rendered.', term.name, filter_name)
             continue
 
         new_terms.append(Term(term, filter_type, verbose))

capirca/lib/cisco.py

@@ -745,7 +745,9 @@ def __str__(self):
         and ('tcp-established' in opts or 'established' in opts)):
       if 'established' not in self.options:
         self.options.append('established')
-    if ('ip' in protocol) and ('fragments' in opts):
+    # Using both 'fragments' and 'is-fragment', ref Github Issue #187
+    if ('ip' in protocol) and (('fragments' in opts) or
+      ('is-fragment' in opts)):
       if 'fragments' not in self.options:
         self.options.append('fragments')
     # ACL-based Forwarding
@@ -1077,6 +1079,7 @@ def _BuildTokens(self):
 
     supported_sub_tokens.update({'option': {'established',
                                             'tcp-established',
+                                            'is-fragment',
                                             'fragments'},
                                  # Warning, some of these are mapped
                                  # differently. See _ACTION_TABLE
@@ -1159,7 +1162,7 @@ def _TranslatePolicy(self, pol, exp_info):
                            'in less than two weeks.', term.name, filter_name)
             if term.expiration <= current_date:
               logging.warning('WARNING: Term %s in policy %s is expired and '
-                           'will not be rendered.', term.name, filter_name)
+                              'will not be rendered.', term.name, filter_name)
               continue
 
           # render terms based on filter type

capirca/lib/ciscoasa.py

@@ -21,14 +21,14 @@
 from __future__ import unicode_literals
 
 import datetime
+import ipaddress
 import logging
 import re
+from typing import cast
 
 from capirca.lib import aclgenerator
 from capirca.lib import cisco
 from capirca.lib import nacaddr
-import ipaddress
-from typing import cast
 
 
 _ACTION_TABLE = {
@@ -365,4 +365,3 @@ def __str__(self):
 
       # end for header, filter_name, filter_type...
       return '\n'.join(target)
-

capirca/lib/ciscoxr.py

@@ -64,7 +64,8 @@ def _BuildTokens(self):
 
   def _GetObjectGroupTerm(self, term, filter_name, verbose=True):
     """Returns an ObjectGroupTerm object."""
-    return CiscoXRObjectGroupTerm(term, filter_name, platform=self._PLATFORM, verbose=verbose)
+    return CiscoXRObjectGroupTerm(term, filter_name,
+                                  platform=self._PLATFORM, verbose=verbose)
 
 
 class CiscoXRObjectGroupTerm(cisco.ObjectGroupTerm):

capirca/lib/juniper.py

@@ -122,11 +122,11 @@ class Term(aclgenerator.Term):
   """Representation of an individual Juniper term.
 
     This is mostly useful for the __str__() method.
-
-  Args:
-    term: policy.Term object
-    term_type: the address family for the term, one of "inet", "inet6",
-      or "bridge"
+  Attributes:
+    term: The term object from policy.
+    term_type: String indicating type of term, inet, inet6 icmp etc.
+    enable_dsmo: Boolean to enable dsmo.
+    noverbose: Boolean to disable verbosity.
   """
   _PLATFORM = 'juniper'
   _DEFAULT_INDENT = 12
@@ -826,7 +826,7 @@ class Juniper(aclgenerator.ACLGenerator):
     This class takes a policy object and renders the output into a syntax
     which is understood by juniper routers.
 
-  Args:
+  Attributes:
     pol: policy.Policy object
   """
 
@@ -906,7 +906,6 @@ def _TranslatePolicy(self, pol, exp_info):
       enable_dsmo = 'enable_dsmo' in filter_options[1:]
       noverbose = 'noverbose' in filter_options[1:]
 
-
       if not interface_specific:
         filter_options.remove('not-interface-specific')
       if enable_dsmo:
@@ -921,7 +920,7 @@ def _TranslatePolicy(self, pol, exp_info):
       new_terms = []
       for term in terms:
 
-        # if the inactive option is set, we should deactivate the term and remove the option
+        # if inactive is set, deactivate the term and remove the option.
         if 'inactive' in term.option:
           term.inactive = True
           term.option.remove('inactive')

capirca/lib/junipersrx.py

@@ -448,8 +448,8 @@ def _TranslatePolicy(self, pol, exp_info):
       self._FixLargePolices(terms, filter_type)
       for term in terms:
         if set(['established', 'tcp-established']).intersection(term.option):
-          logging.debug('Skipping established term %s ' +
-                        'because SRX is stateful.', term.name)
+          logging.debug('Skipping established term %s because SRX is stateful.',
+                        term.name)
           continue
         term.name = self.FixTermLength(term.name)
         if term.name in term_dup_check:

capirca/lib/nacaddr.py

@@ -21,8 +21,8 @@
 from __future__ import unicode_literals
 
 import collections
-import itertools
 import ipaddress
+import itertools
 from typing import Union