diff options
author | Christian Poessinger <christian@poessinger.com> | 2021-07-03 11:40:19 +0000 |
---|---|---|
committer | Christian Poessinger <christian@poessinger.com> | 2021-07-03 13:45:31 +0200 |
commit | 2d79a5000c8a02fd7570f629c3182fd55fdb8c86 (patch) | |
tree | f6e32e8e97e805a9b08c18eeb7ab5e1833609311 /src | |
parent | ff004bee54df0b298c56e91b5f41dda075d35220 (diff) | |
download | vyos-1x-2d79a5000c8a02fd7570f629c3182fd55fdb8c86.tar.gz vyos-1x-2d79a5000c8a02fd7570f629c3182fd55fdb8c86.zip |
ipsec: T2816: add Jinja2 converter for ESP/IKE groups to string
Diffstat (limited to 'src')
-rw-r--r-- | src/tests/test_template.py | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/src/tests/test_template.py b/src/tests/test_template.py index 67c0fe84a..2d065f545 100644 --- a/src/tests/test_template.py +++ b/src/tests/test_template.py @@ -122,3 +122,63 @@ class TestVyOSTemplate(TestCase): self.assertTrue(vyos.template.compare_netmask('2001:db8:1000::/48', '2001:db8:2000::/48')) self.assertTrue(vyos.template.compare_netmask('2001:db8:1000::/64', '2001:db8:2000::/64')) self.assertFalse(vyos.template.compare_netmask('2001:db8:1000::/48', '2001:db8:2000::/64')) + + def test_cipher_to_string(self): + ESP_DEFAULT = 'aes256gcm128-sha256-ecp256,aes128ccm64-sha256-ecp256' + IKEv2_DEFAULT = 'aes256gcm128-sha256-ecp256,aes128ccm128-md5_128-modp1024' + + data = { + 'esp_group': { + 'ESP_DEFAULT': { + 'compression': 'disable', + 'lifetime': '3600', + 'mode': 'tunnel', + 'pfs': 'dh-group19', + 'proposal': { + '10': { + 'encryption': 'aes256gcm128', + 'hash': 'sha256', + }, + '20': { + 'encryption': 'aes128ccm64', + 'hash': 'sha256', + } + } + } + }, + 'ike_group': { + 'IKEv2_DEFAULT': { + 'close_action': 'none', + 'dead_peer_detection': { + 'action': 'hold', + 'interval': '30', + 'timeout': '120' + }, + 'ikev2_reauth': 'no', + 'key_exchange': 'ikev2', + 'lifetime': '10800', + 'mobike': 'disable', + 'proposal': { + '10': { + 'dh_group': '19', + 'encryption': 'aes256gcm128', + 'hash': 'sha256' + }, + '20': { + 'dh_group': '2', + 'encryption': 'aes128ccm128', + 'hash': 'md5_128' + }, + } + } + }, + } + + for group_name, group_config in data['esp_group'].items(): + ciphers = vyos.template.get_esp_ike_cipher(group_config) + self.assertIn(ESP_DEFAULT, ','.join(ciphers)) + + for group_name, group_config in data['ike_group'].items(): + ciphers = vyos.template.get_esp_ike_cipher(group_config) + self.assertIn(IKEv2_DEFAULT, ','.join(ciphers)) + |