/tests/conftest.py
Python | 1129 lines | 1125 code | 4 blank | 0 comment | 0 complexity | de0fe6a8d9084bdc497d2faf4421a808 MD5 | raw file
Possible License(s): GPL-3.0
- import platform
- import sys
- import os
- THIS_DIR = os.path.dirname(__file__)
- sys.path.insert(0, os.path.join(os.path.abspath(THIS_DIR), "../ciscoconfparse/"))
- sys.path.insert(0, os.path.abspath(THIS_DIR))
- import pytest
- from ciscoconfparse import CiscoConfParse
- c01 = """policy-map QOS_1
- class GOLD
- priority percent 10
- !
- class SILVER
- bandwidth 30
- random-detect
- !
- class BRONZE
- random-detect
- !
- interface Serial 1/0
- encapsulation ppp
- ip address 1.1.1.1 255.255.255.252
- !
- interface GigabitEthernet4/1
- switchport
- switchport access vlan 100
- switchport voice vlan 150
- power inline static max 7000
- !
- interface GigabitEthernet4/2
- switchport
- switchport access vlan 100
- switchport voice vlan 150
- power inline static max 7000
- !
- interface GigabitEthernet4/3
- switchport
- switchport access vlan 100
- switchport voice vlan 150
- !
- interface GigabitEthernet4/4
- shutdown
- !
- interface GigabitEthernet4/5
- switchport
- switchport access vlan 110
- !
- interface GigabitEthernet4/6
- switchport
- switchport access vlan 110
- !
- interface GigabitEthernet4/7
- switchport
- switchport access vlan 110
- !
- interface GigabitEthernet4/8
- switchport
- switchport access vlan 110
- !
- access-list 101 deny tcp any any eq 25 log
- access-list 101 permit ip any any
- !
- !
- logging 1.1.3.5
- logging 1.1.3.17
- !
- banner login ^C
- This is a router, and you cannot have it.
- Log off now while you still can type. I break the fingers
- of all tresspassers.
- ^C
- alias exec showthang show ip route vrf THANG""".splitlines()
- config_c01_default_gige = """policy-map QOS_1
- class GOLD
- priority percent 10
- !
- class SILVER
- bandwidth 30
- random-detect
- !
- class BRONZE
- random-detect
- !
- interface Serial 1/0
- encapsulation ppp
- ip address 1.1.1.1 255.255.255.252
- !
- default interface GigabitEthernet4/1
- interface GigabitEthernet4/1
- switchport
- switchport access vlan 100
- switchport voice vlan 150
- power inline static max 7000
- !
- default interface GigabitEthernet4/2
- interface GigabitEthernet4/2
- switchport
- switchport access vlan 100
- switchport voice vlan 150
- power inline static max 7000
- !
- default interface GigabitEthernet4/3
- interface GigabitEthernet4/3
- switchport
- switchport access vlan 100
- switchport voice vlan 150
- !
- default interface GigabitEthernet4/4
- interface GigabitEthernet4/4
- shutdown
- !
- default interface GigabitEthernet4/5
- interface GigabitEthernet4/5
- switchport
- switchport access vlan 110
- !
- default interface GigabitEthernet4/6
- interface GigabitEthernet4/6
- switchport
- switchport access vlan 110
- !
- default interface GigabitEthernet4/7
- interface GigabitEthernet4/7
- switchport
- switchport access vlan 110
- !
- default interface GigabitEthernet4/8
- interface GigabitEthernet4/8
- switchport
- switchport access vlan 110
- !
- access-list 101 deny tcp any any eq 25 log
- access-list 101 permit ip any any
- !
- !
- logging 1.1.3.5
- logging 1.1.3.17
- !
- banner login ^C
- This is a router, and you cannot have it.
- Log off now while you still can type. I break the fingers
- of all tresspassers.
- ^C
- alias exec showthang show ip route vrf THANG""".splitlines()
- config_c01_insert_serial_replace = """policy-map QOS_1
- class GOLD
- priority percent 10
- !
- class SILVER
- bandwidth 30
- random-detect
- !
- class BRONZE
- random-detect
- !
- default interface Serial 2/0
- interface Serial 2/0
- encapsulation ppp
- ip address 1.1.1.1 255.255.255.252
- !
- interface GigabitEthernet4/1
- switchport
- switchport access vlan 100
- switchport voice vlan 150
- power inline static max 7000
- !
- interface GigabitEthernet4/2
- switchport
- switchport access vlan 100
- switchport voice vlan 150
- power inline static max 7000
- !
- interface GigabitEthernet4/3
- switchport
- switchport access vlan 100
- switchport voice vlan 150
- !
- interface GigabitEthernet4/4
- shutdown
- !
- interface GigabitEthernet4/5
- switchport
- switchport access vlan 110
- !
- interface GigabitEthernet4/6
- switchport
- switchport access vlan 110
- !
- interface GigabitEthernet4/7
- switchport
- switchport access vlan 110
- !
- interface GigabitEthernet4/8
- switchport
- switchport access vlan 110
- !
- access-list 101 deny tcp any any eq 25 log
- access-list 101 permit ip any any
- !
- !
- logging 1.1.3.5
- logging 1.1.3.17
- !
- banner login ^C
- This is a router, and you cannot have it.
- Log off now while you still can type. I break the fingers
- of all tresspassers.
- ^C
- alias exec showthang show ip route vrf THANG""".splitlines()
- # A smaller version of c01...
- c02 = """policy-map QOS_1
- class GOLD
- priority percent 10
- !
- class SILVER
- bandwidth 30
- random-detect
- !
- class BRONZE
- random-detect
- !
- interface GigabitEthernet4/1
- switchport
- switchport access vlan 100
- switchport voice vlan 150
- power inline static max 7000
- !""".splitlines()
- ## For historical reasons, I'm use c03 for configs/sample_01.ios (i.e. c01 was
- ## already taken)
- c03 = """!
- service timestamps debug datetime msec localtime show-timezone
- service timestamps log datetime msec localtime show-timezone
- !
- errdisable recovery cause bpduguard
- errdisable recovery interval 400
- !
- aaa new-model
- !
- ip vrf TEST_100_001
- route-target 100:1
- rd 100:1
- !
- interface Serial 1/0
- description Uplink to SBC F923X2K425
- bandwidth 1500
- clock rate 1500
- delay 70
- encapsulation ppp
- ip address 1.1.1.1 255.255.255.252
- !
- interface Serial 1/1
- description Uplink to AT&T
- encapsulation hdlc
- ip address 1.1.1.9 255.255.255.254
- hold-queue 1000 in
- hold-queue 1000 out
- mpls mtu 1540
- ip mtu 1500
- mpls ip
- !
- interface GigabitEthernet4/1
- description
- switchport
- switchport access vlan 100
- switchport voice vlan 150
- power inline static max 7000
- !
- interface GigabitEthernet4/2
- switchport
- switchport access vlan 100
- switchport voice vlan 150
- power inline static max 7000
- speed 100
- duplex full
- !
- interface GigabitEthernet4/3
- mtu 9216
- switchport
- switchport access vlan 100
- switchport voice vlan 150
- !
- interface GigabitEthernet4/4
- shutdown
- !
- interface GigabitEthernet4/5
- switchport
- switchport access vlan 110
- switchport port-security
- switchport port-security maximum 3
- switchport port-security mac-address sticky
- switchport port-security mac-address 1000.2000.3000
- switchport port-security mac-address 1000.2000.3001
- switchport port-security mac-address 1000.2000.3002
- switchport port-security violation shutdown
- !
- interface GigabitEthernet4/6
- description Simulate a Catalyst6500 access port
- switchport
- switchport access vlan 110
- switchport mode access
- switchport nonegotiate
- switchport port-security
- switchport port-security maximum 2
- switchport port-security violation restrict
- switchport port-security aging type inactivity
- switchport port-security aging time 5
- spanning-tree portfast
- spanning-tree portfast bpduguard
- storm-control action shutdown
- storm-control broadcast level 0.40
- storm-control multicast level 0.35
- !
- interface GigabitEthernet4/7
- description Dot1Q trunk allowing vlans 2-4,7,10,11-19,21-4094
- switchport
- switchport trunk encapsulation dot1q
- switchport mode trunk
- switchport trunk native vlan 4094
- switchport trunk allowed vlan remove 1,5-10,20
- switchport trunk allowed vlan add 7,10
- switchport nonegotiate
- !
- interface GigabitEthernet4/8.120
- no switchport
- encapsulation dot1q 120
- ip vrf forwarding TEST_100_001
- ip address 1.1.2.254 255.255.255.0
- !
- interface ATM5/0/0
- no ip address
- no ip redirects
- no ip unreachables
- no ip proxy-arp
- load-interval 30
- carrier-delay msec 100
- no atm ilmi-keepalive
- bundle-enable
- max-reserved-bandwidth 100
- hold-queue 500 in
- !
- interface ATM5/0/0.32 point-to-point
- ip address 1.1.1.5 255.255.255.252
- no ip redirects
- no ip unreachables
- no ip proxy-arp
- ip accounting access-violations
- pvc 0/32
- vbr-nrt 704 704
- !
- interface ATM5/0/1
- shutdown
- !
- router ospf 100 vrf TEST_100_001
- router-id 1.1.2.254
- network 1.1.2.0 0.0.0.255 area 0
- !
- policy-map QOS_1
- class GOLD
- priority percent 10
- !
- class SILVER
- bandwidth 30
- random-detect
- !
- class BRONZE
- random-detect
- !
- access-list 101 deny tcp any any eq 25 log
- access-list 101 permit ip any any
- !
- !
- logging 1.1.3.5
- logging 1.1.3.17
- !
- banner login ^C
- This is a router, and you cannot have it.
- Log off now while you still can type. I break the fingers
- of all tresspassers.
- ^C
- !
- alias exec showthang show ip route vrf THANG""".splitlines()
- j01 = """## Last commit: 2015-06-28 13:00:59 CST by mpenning
- system {
- host-name TEST01_EX;
- domain-name pennington.net;
- domain-search [ pennington.net lab.pennington.net ];
- location {
- country-code 001;
- building HQ_005;
- floor 1;
- }
- root-authentication {
- encrypted-password "$1$y7ArHxKU$zUbdeLfBirgkCsKiOJ5Qa0"; ## SECRET-DATA
- }
- name-server {
- 172.16.3.222;
- }
- login {
- announcement "Test Lab Switch";
- message "Unauthorized access is prohibited";
- user mpenning {
- full-name "Mike Pennington";
- uid 1000;
- class super-user;
- authentication {
- encrypted-password "$1$y7ArHxKU$zUbdeLfBirgkCsKiOJ5Qa0"; ## SECRET-DATA
- }
- }
- }
- services {
- ssh {
- root-login allow;
- }
- telnet;
- web-management {
- http;
- }
- }
- syslog {
- user * {
- any emergency;
- }
- file messages {
- any notice;
- authorization info;
- }
- file interactive-commands {
- interactive-commands any;
- }
- }
- ntp {
- Management {
- vlan-id 1;
- interface {
- ge-0/0/0.0;
- ge-0/0/1.0;
- ge-0/0/2.0;
- ge-0/0/3.0;
- }
- }
- VLAN_FOO {
- vlan-id 5;
- }
- vlan1 {
- vlan-id 1;
- l3-interface vlan.1;
- }
- vlan800 {
- vlan-id 800;
- }
- }
- ethernet-switching-options {
- storm-control {
- interface all;
- }
- }
- interfaces {
- ge-0/0/0 {
- unit 0 {
- family ethernet-switching {
- port-mode access;
- vlan {
- members VLAN_FOO;
- }
- }
- }
- }
- ge-0/0/1 {
- unit 0 {
- family ethernet-switching {
- port-mode trunk;
- vlan {
- members all;
- }
- native-vlan-id 1;
- }
- }
- }
- vlan {
- unit 0 {
- family inet {
- address 172.16.15.5/22;
- }
- }
- }
- }
- routing-options {
- static {
- route 0.0.0.0/0 next-hop 172.16.12.1;
- route 192.168.36.0/25 next-hop 172.16.12.1;
- }
- }""".splitlines()
- a01 = """hostname TEST-FW
- !
- name 1.1.2.20 loghost01
- name 1.1.3.10 dmzsrv00
- name 1.1.3.11 dmzsrv01
- name 1.1.3.12 dmzsrv02
- name 1.1.3.13 dmzsrv03
- !
- interface Ethernet0/0
- description Uplink to SBC F923X2K425
- nameif OUTSIDE
- security-level 0
- delay 70
- ip address 1.1.1.1 255.255.255.252
- !
- interface Ethernet0/1
- nameif INSIDE
- security-level 100
- ip address 1.1.2.1 255.255.255.0
- !
- interface Ethernet0/2
- switchport access vlan 100
- !
- interface VLAN100
- nameif DMZ
- security-level 50
- ip address 1.1.3.1 255.255.255.0
- !
- object-group network ANY_addrs
- network-object 0.0.0.0 0.0.0.0
- !
- object-group network INSIDE_addrs1
- network-object host 1.1.2.1
- network-object 1.1.2.2 255.255.255.255
- network-object 1.1.2.0 255.255.255.0
- !
- object-group network INSIDE_addrs1
- network-object host 1.1.2.1
- network-object 1.1.2.2 255.255.255.255
- network-object 1.1.2.0 255.255.255.0
- !
- object-group service DNS_svc
- service-object udp destination eq dns
- !
- object-group service NTP_svc
- service-object udp destination eq ntp
- !
- object-group service FTP_svc
- service-object tcp destination eq ftp
- !
- object-group service HTTP_svc
- service-object tcp destination eq http
- !
- object-group service HTTPS_svc
- service-object tcp destination eq https
- !
- access-list INSIDE_in extended permit object-group FTP_svc object-group INSIDE_addrs1 object-group ANY_addrs log
- access-list INSIDE_in remark Overlap for test purposes
- access-list INSIDE_in extended permit ip object-group INSIDE_addrs1 object-group ANY_addrs log
- access-list INSIDE_in extended deny ip any any log
- !
- !
- clock timezone CST -6
- clock summer-time CDT recurring
- !
- logging enable
- logging timestamp
- logging buffer-size 1048576
- logging buffered informational
- logging trap informational
- logging asdm informational
- logging facility 22
- logging host INSIDE loghost01
- no logging message 302021
- !
- access-group OUTSIDE_in in interface OUTSIDE
- access-group INSIDE_in in interface INSIDE
- !""".splitlines()
- a02 = """: Saved
- : Written by mpenning at 05:37:43.184 CDT Sun Jun 29 2015
- !
- ASA Version 9.0(3)
- !
- command-alias exec slog show log | i Deny|denied
- command-alias exec sacl sh access-list INSIDE_out | e hitcnt=0 |remark|elements
- hostname fw
- domain-name pennington.net
- enable password 2KFQnbNIdI.2KYOU encrypted
- xlate per-session deny tcp any4 any4
- xlate per-session deny tcp any4 any6
- xlate per-session deny tcp any6 any4
- xlate per-session deny tcp any6 any6
- xlate per-session deny udp any4 any4 eq domain
- xlate per-session deny udp any4 any6 eq domain
- xlate per-session deny udp any6 any4 eq domain
- xlate per-session deny udp any6 any6 eq domain
- passwd 2KFQnbNIdI.2KYOU encrypted
- names
- name 192.0.2.13 Machine01 description machine01
- name 192.0.2.17 Machine02_Windows
- name 10.0.0.6 Machine03
- name 74.125.130.125 GTalk01 description Google talk server
- name 74.125.134.125 GTalk02 description Google talk server
- name 74.125.139.125 GTalk03 description Google Talk server
- name 74.125.142.125 GTalk04 description Google Talk server
- name 74.125.192.125 GTalk05 description Google Talk server
- name 74.125.140.125 GTalk06 description Google Talk server
- name 74.125.137.125 GTalk07
- name 74.125.138.125 GTalk08
- name 74.125.141.125 GTalk09
- name 74.125.136.125 GTalk10
- name 74.125.135.125 GTalk11
- name 108.160.160.0 AS19679_Dropbox__108-160-160-0__20
- name 199.47.216.0 AS19679_Dropbox__199.47.216.0__22
- name 173.194.64.109 GmailSMTP01
- name 173.194.64.108 GmailSMTP02
- name 128.223.51.103 route-views.oregon-ix.net description Route-Views route server
- ip local pool SSL_VPN_ADDRS 10.1.1.240-10.1.1.241 mask 255.255.255.0
- !
- interface Ethernet0/0
- description Internet ISP
- switchport access vlan 100
- !
- interface Ethernet0/1
- switchport access vlan 200
- !
- interface Ethernet0/2
- switchport access vlan 200
- shutdown
- !
- interface Ethernet0/3
- switchport access vlan 200
- !
- interface Ethernet0/4
- switchport access vlan 200
- !
- interface Ethernet0/5
- switchport access vlan 200
- !
- interface Ethernet0/6
- switchport access vlan 200
- !
- interface Ethernet0/7
- shutdown
- !
- interface Vlan1
- no nameif
- no security-level
- no ip address
- !
- interface Vlan100
- mac-address 0030.dead.beef
- nameif OUTSIDE
- security-level 0
- ip address dhcp setroute
- !
- interface Vlan200
- nameif INSIDE
- security-level 100
- ip address 192.0.2.1 255.255.255.0
- !
- banner motd
- banner motd Test banner for $(hostname)
- banner motd
- banner motd *******************************
- boot system disk0:/asa903-k8.bin
- ftp mode passive
- clock timezone CST -6
- clock summer-time CDT recurring
- dns domain-lookup INSIDE
- dns server-group DefaultDNS
- name-server Machine01
- domain-name pennington.net
- object network GTalk01
- host 74.125.130.125
- description Created during name migration
- object network GTalk02
- host 74.125.134.125
- description Created during name migration
- object network GTalk03
- host 74.125.139.125
- description Created during name migration
- object network GTalk04
- host 74.125.142.125
- description Created during name migration
- object network GTalk05
- host 74.125.192.125
- description Created during name migration
- object network GTalk06
- host 74.125.140.125
- description Created during name migration
- object network GTalk07
- host 74.125.137.125
- description Created during name migration
- object network GTalk08
- host 74.125.138.125
- description Created during name migration
- object network GTalk09
- host 74.125.141.125
- description Created during name migration
- object network GTalk10
- host 74.125.136.125
- description Created during name migration
- object network GTalk11
- host 74.125.135.125
- description Created during name migration
- object network AS19679_Dropbox__108-160-160-0__20
- subnet 108.160.160.0 255.255.240.0
- description Created during name migration
- object network AS19679_Dropbox__199.47.216.0__22
- subnet 199.47.216.0 255.255.252.0
- description Created during name migration
- object network Machine01
- host 192.0.2.5
- description Created during name migration
- object network obj_any
- subnet 0.0.0.0 0.0.0.0
- object network Machine02_Windows
- host 192.0.2.17
- description Created during name migration
- object-group network GoogleTalk
- network-object object GTalk01
- network-object object GTalk02
- network-object object GTalk03
- network-object object GTalk04
- network-object object GTalk05
- network-object object GTalk06
- network-object object GTalk07
- network-object object GTalk08
- network-object object GTalk09
- network-object object GTalk10
- network-object object GTalk11
- object-group service GoogleTalkPorts
- service-object tcp destination eq 5222
- service-object tcp destination eq https
- service-object udp destination range 19302 19309
- object-group network Inside
- network-object 192.0.2.0 255.255.255.0
- network-object 192.0.22.0 255.255.255.0
- network-object 192.0.23.0 255.255.255.0
- object-group network DROPBOX_AS19679
- network-object object AS19679_Dropbox__108-160-160-0__20
- network-object object AS19679_Dropbox__199.47.216.0__22
- object-group network GOOGLE_addrs
- description dig -t TXT _netblocks.google.com 8.8.8.8
- network-object 216.239.32.0 255.255.224.0
- network-object 64.233.160.0 255.255.224.0
- network-object 66.249.80.0 255.255.240.0
- network-object 72.14.192.0 255.255.192.0
- network-object 209.85.128.0 255.255.128.0
- network-object 66.102.0.0 255.255.240.0
- network-object 74.125.0.0 255.255.0.0
- network-object 64.18.0.0 255.255.240.0
- network-object 207.126.144.0 255.255.240.0
- network-object 173.194.0.0 255.255.0.0
- object-group network SSH_addrs
- network-object 192.168.1.0 255.255.255.0
- object-group network ANY_addrs
- network-object 0.0.0.0 0.0.0.0
- object-group network INSIDE_addrs
- network-object 192.0.2.0 255.255.255.0
- network-object 10.0.0.0 255.0.0.0
- object-group service GOOGLE_svc
- description Google's push service for Android
- service-object tcp destination eq www
- service-object tcp destination eq https
- service-object tcp destination eq 5228
- service-object tcp destination eq 5222
- service-object tcp destination eq 587
- object-group service TELNET_svc
- service-object tcp destination eq telnet
- object-group service WHOIS_svc
- service-object tcp destination eq whois
- object-group service SSH_svc
- service-object tcp destination eq ssh
- object-group service WEB_svc
- description Standard web services - http, https, ftp
- service-object tcp destination eq ftp
- service-object tcp destination eq www
- service-object tcp destination eq https
- service-object icmp
- object-group service DNS_svc
- service-object udp destination eq domain
- service-object tcp destination eq domain
- object-group network MACHINE01_addrs
- network-object object Machine01
- object-group service ANDROID_svc
- description Google's push service for Android
- service-object tcp destination eq 5228
- object-group service GMAILSMTP_svc
- service-object tcp destination eq 2525
- object-group service NTP_svc
- service-object udp destination eq ntp
- object-group service SKYPE_svc
- service-object udp destination eq 5555
- object-group service XBOX_svc
- service-object tcp destination eq domain
- service-object udp destination eq domain
- service-object udp destination eq 88
- service-object tcp destination eq 3074
- service-object udp destination eq 3074
- object-group network ANY
- object-group service NaverLine_svc
- service-object udp destination eq 11000
- service-object udp destination range 9401 9405
- object-group network NaverLine_addrs
- network-object 174.35.127.0 255.255.255.0
- object-group network Facebook_addrs
- network-object 66.220.144.0 255.255.240.0
- network-object 69.63.176.0 255.255.248.0
- network-object 69.63.184.0 255.255.248.0
- network-object 69.171.224.0 255.255.240.0
- network-object 69.171.239.0 255.255.255.0
- network-object 69.171.240.0 255.255.240.0
- network-object 69.171.253.0 255.255.255.0
- network-object 69.171.255.0 255.255.255.0
- network-object 74.119.76.0 255.255.252.0
- network-object 103.4.96.0 255.255.252.0
- network-object 173.252.64.0 255.255.192.0
- network-object 204.15.20.0 255.255.252.0
- network-object 31.13.24.0 255.255.248.0
- network-object 31.13.64.0 255.255.192.0
- network-object 31.13.96.0 255.255.224.0
- object-group service IP_SLA_PathTrace_svc
- service-object udp destination range 33400 33499
- object-group service FTP_svc
- service-object tcp destination eq ftp
- object-group service TeamViewerPorts
- service-object tcp destination eq 5938
- object-group service SSLVPN_svc
- service-object udp destination eq 443
- object-group service TEST_PORTS tcp
- port-object eq domain
- port-object eq smtp
- access-list SPLIT_TUNNEL_NETS remark [[ destinations available via the VPN ]]
- access-list SPLIT_TUNNEL_NETS standard permit 192.0.2.0 255.255.255.0
- access-list NO_SSLVPN_NAT remark [[ prevent inadvertent nat of sslvpn traffic ]]
- access-list NO_SSLVPN_NAT extended permit ip 192.0.2.0 255.255.255.0 192.0.2.0 255.255.255.0
- access-list INSIDE_in extended deny object-group SKYPE_svc object-group INSIDE_addrs object-group ANY_addrs log disable
- access-list INSIDE_in extended permit object-group GOOGLE_svc object-group INSIDE_addrs object-group GOOGLE_addrs log
- access-list INSIDE_in extended permit object-group ANDROID_svc object-group INSIDE_addrs object-group GOOGLE_addrs log
- access-list INSIDE_in extended permit object-group IP_SLA_PathTrace_svc any host 4.2.2.2 log
- access-list INSIDE_in extended permit object-group DNS_svc object-group INSIDE_addrs object-group ANY_addrs log
- access-list INSIDE_in extended permit object-group NTP_svc object-group INSIDE_addrs object-group ANY_addrs log
- access-list INSIDE_in extended permit object-group TELNET_svc object-group INSIDE_addrs host 128.223.51.103 log
- access-list INSIDE_in extended permit object-group FTP_svc object-group INSIDE_addrs object-group ANY_addrs log
- access-list INSIDE_in extended permit object-group WEB_svc object-group INSIDE_addrs object-group ANY_addrs log
- access-list INSIDE_in extended permit object-group SSH_svc object-group INSIDE_addrs object-group SSH_addrs log
- access-list INSIDE_in extended permit object-group GMAILSMTP_svc object-group TSUNAMI_addrs object-group ANY_addrs log
- access-list INSIDE_in extended permit object-group WHOIS_svc object-group TSUNAMI_addrs object-group ANY_addrs log
- access-list INSIDE_in extended deny ip any4 any4 log
- access-list ANY extended permit ip object-group Inside any4
- access-list ANY extended permit ip any4 object-group Inside
- access-list VOIP extended permit object-group GoogleTalkPorts object-group Inside object-group GoogleTalk
- access-list VOIP extended permit object-group GoogleTalkPorts object-group GoogleTalk object-group Inside
- access-list MAINTENANCE extended deny ip any4 any4 log
- access-list OUTSIDE_in extended deny ip host 4.2.2.2 any4 log
- access-list OUTSIDE_in extended permit icmp any4 0.0.0.0 0.0.0.0 unreachable log interval 1
- access-list OUTSIDE_in extended permit icmp any4 0.0.0.0 0.0.0.0 time-exceeded log interval 1
- access-list OUTSIDE_in extended deny ip any4 any4 log
- pager lines 23
- logging enable
- logging timestamp
- logging buffer-size 1048576
- logging buffered informational
- logging trap informational
- logging asdm informational
- logging facility 22
- logging host INSIDE Machine01
- logging class sys buffered informational
- no logging message 302021
- no logging message 302020
- mtu OUTSIDE 1500
- mtu INSIDE 1500
- ip verify reverse-path interface INSIDE
- icmp unreachable rate-limit 1 burst-size 1
- asdm image disk0:/asdm-645.bin
- no asdm history enable
- arp timeout 14400
- no arp permit-nonconnected
- !
- object network obj_any
- nat (INSIDE,OUTSIDE) dynamic interface
- access-group OUTSIDE_in in interface OUTSIDE
- access-group INSIDE_in in interface INSIDE
- route INSIDE 10.0.0.0 255.0.0.0 192.0.2.2 1
- timeout xlate 3:00:00
- timeout pat-xlate 0:00:30
- timeout conn 1:00:00 half-closed 0:59:00 udp 0:02:00 icmp 0:00:02
- timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
- timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
- timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
- timeout tcp-proxy-reassembly 0:01:00
- timeout floating-conn 0:00:00
- dynamic-access-policy-record DfltAccessPolicy
- user-identity default-domain LOCAL
- aaa authentication ssh console LOCAL
- aaa authentication enable console LOCAL
- aaa authentication http console LOCAL
- aaa authorization command LOCAL
- aaa local authentication attempts max-fail 16
- filter java 1-65535 192.0.2.0 255.255.255.0 0.0.0.0 0.0.0.0
- http server enable
- http 192.0.2.0 255.255.255.0 INSIDE
- snmp-server host INSIDE Machine01 poll community public
- snmp-server location ServerRoom
- snmp-server contact mike@pennington.net
- snmp-server community public
- snmp-server enable traps snmp authentication linkup linkdown coldstart
- crypto ipsec security-association pmtu-aging infinite
- crypto ca trustpoint LOCAL_CERT_fw
- enrollment self
- fqdn fw.pennington.net
- subject-name CN=fw.pennington.net
- crl configure
- crypto ca trustpool policy
- telnet timeout 5
- ssh scopy enable
- ssh 192.0.2.0 255.255.255.0 INSIDE
- ssh 10.0.0.0 255.0.0.0 INSIDE
- ssh timeout 60
- ssh version 2
- console timeout 5
- no vpn-addr-assign aaa
- no vpn-addr-assign dhcp
- dhcpd dns 68.94.156.1 Machine01
- dhcpd lease 604800
- dhcpd domain pennington.net
- dhcpd auto_config OUTSIDE
- !
- threat-detection basic-threat
- threat-detection scanning-threat shun duration 30
- threat-detection statistics host
- threat-detection statistics port
- threat-detection statistics protocol
- threat-detection statistics access-list
- no threat-detection statistics tcp-intercept
- ntp server 17.151.16.20
- ntp server 17.151.16.21
- ntp server 17.151.16.22
- ntp server 17.151.16.23
- group-policy SSL_VPN_Policy01 internal
- group-policy SSL_VPN_Policy01 attributes
- dns-server value 192.0.2.13
- vpn-idle-timeout none
- vpn-filter none
- vpn-tunnel-protocol ssl-client ssl-clientless
- split-tunnel-policy tunnelspecified
- split-tunnel-network-list value SPLIT_TUNNEL_NETS
- default-domain value pennington.net
- webvpn
- anyconnect keep-installer installed
- anyconnect ssl rekey time 30
- anyconnect ssl rekey method ssl
- anyconnect ask none default anyconnect
- username mpenning password dXRTaA5wrZ3OL8gz encrypted privilege 15
- tunnel-group DefaultWEBVPNGroup general-attributes
- address-pool SSL_VPN_ADDRS
- default-group-policy SSL_VPN_Policy01
- !
- !
- policy-map type inspect dns preset_dns_map
- parameters
- message-length maximum client auto
- message-length maximum 512
- policy-map global_policy
- class inspection_default
- inspect dns preset_dns_map
- inspect h323 h225
- inspect h323 ras
- inspect rsh
- inspect rtsp
- inspect esmtp
- inspect sqlnet
- inspect skinny
- inspect sunrpc
- inspect xdmcp
- inspect sip
- inspect netbios
- inspect tftp
- inspect ip-options
- inspect icmp
- inspect http
- !
- service-policy global_policy global
- prompt hostname context
- no call-home reporting anonymous
- call-home
- profile CiscoTAC-1
- no active
- destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
- destination address email callhome@cisco.com
- destination transport-method http
- subscribe-to-alert-group diagnostic
- subscribe-to-alert-group environment
- subscribe-to-alert-group inventory periodic monthly
- subscribe-to-alert-group configuration periodic monthly
- subscribe-to-alert-group telemetry periodic daily
- Cryptochecksum:571d01b7b08342e35db838e9acec00f6
- : end""".splitlines()
- @pytest.yield_fixture(scope='session')
- def c01_default_gigethernets(request):
- yield config_c01_default_gige
- @pytest.yield_fixture(scope='session')
- def c01_insert_serial_replace(request):
- yield config_c01_insert_serial_replace
- @pytest.yield_fixture(scope='function')
- def parse_c01(request):
- """Preparsed c01"""
- parse_c01 = CiscoConfParse(c01, factory=False)
-
- yield parse_c01
- @pytest.yield_fixture(scope='function')
- def parse_c01_factory(request):
- """Preparsed c01 with factory option"""
- parse_c01_factory = CiscoConfParse(c01, factory=True)
-
- yield parse_c01_factory
- @pytest.yield_fixture(scope='function')
- def parse_c02(request):
- """Preparsed c02"""
- parse_c02 = CiscoConfParse(c02, factory=False)
-
- yield parse_c02
- @pytest.yield_fixture(scope='function')
- def parse_c02_factory(request):
- """Preparsed c02"""
- parse_c02 = CiscoConfParse(c02, factory=True)
-
- yield parse_c02
- ## parse_c03 yields configs/sample_01.ios
- @pytest.yield_fixture(scope='function')
- def parse_c03(request):
- """Preparsed c03"""
- parse_c03 = CiscoConfParse(c03, factory=False)
-
- yield parse_c03
- ## parse_c03_factory yields configs/sample_01.ios
- @pytest.yield_fixture(scope='function')
- def parse_c03_factory(request):
- """Preparsed c01 with factory option"""
- parse_c03_factory = CiscoConfParse(c03, factory=True)
-
- yield parse_c03_factory
- ## parse_j01 yields configs/sample_01.junos
- @pytest.yield_fixture(scope='function')
- def parse_j01(request):
- """Preparsed j01"""
- parse_j01 = CiscoConfParse(j01, syntax='junos', comment='#!', factory=False)
- yield parse_j01
- ## parse_j01_factory yields configs/sample_01.junos
- @pytest.yield_fixture(scope='function')
- def parse_j01_factory(request):
- """Preparsed j01 with factory option"""
- parse_j01_factory = CiscoConfParse(j01, syntax='junos', comment='#!',
- factory=True)
- yield parse_j01_factory
- ## parse_a01 yields the asa configuration
- @pytest.yield_fixture(scope='function')
- def parse_a01(request):
- """Preparsed a01"""
- parse_a01_factory = CiscoConfParse(a01, syntax='asa', factory=False)
- yield parse_a01_factory
- ## parse_a01_factory yields the asa configuration
- @pytest.yield_fixture(scope='function')
- def parse_a01_factory(request):
- """Preparsed a01 with factory option"""
- parse_a01_factory = CiscoConfParse(a01, syntax='asa', factory=True)
- yield parse_a01_factory
- ## config_a02 yields an asa configuration
- @pytest.yield_fixture(scope='function')
- def config_a02(request):
- """Unparsed a02"""
- yield a02
- ## parse_a02 yields an asa configuration
- @pytest.yield_fixture(scope='function')
- def parse_a02(request):
- """Preparsed a02"""
- parse_a02_factory = CiscoConfParse(a02, syntax='asa', factory=False)
- yield parse_a02_factory
- ## parse_a02_factory yields an asa configuration
- @pytest.yield_fixture(scope='function')
- def parse_a02_factory(request):
- """Preparsed a02 with factory option"""
- parse_a02_factory = CiscoConfParse(a02, syntax='asa', factory=True)
- yield parse_a02_factory
- @pytest.mark.skipif(sys.version_info[0]>=3,
- reason="No Python3 MockSSH support")
- @pytest.mark.skipif('windows' in platform.system().lower(),
- reason="No Windows MockSSH support")
- @pytest.yield_fixture(scope='session')
- def cisco_sshd_mocked(request):
- """Mock Cisco IOS SSH"""
- from fixtures.devices.mock_cisco import start_cisco_mock, stop_cisco_mock
- try:
- ## Start the SSH Server
- start_cisco_mock()
- yield True
- except:
- yield False
- stop_cisco_mock()
- stop_cisco_mock()