nmstate 2.2.38

Library for networking management in a declarative manner
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165

// SPDX-License-Identifier: Apache-2.0

use crate::{IpsecInterface, NetworkState};

#[test]
fn test_ipsec_hide_psk() {
    let mut state: NetworkState = serde_yaml::from_str(
        r"---
        interfaces:
        - name: hosta_conn
          type: ipsec
          state: up
          wait-ip: any
          ipv4:
            enabled: true
            dhcp: true
            dhcp-client-id: ll
            auto-dns: true
            auto-gateway: true
            auto-routes: true
            auto-route-table-id: 0
            dhcp-send-hostname: true
          ipv6:
            enabled: false
            dhcp: false
            autoconf: false
          lldp:
            enabled: false
          libreswan:
            right: 192.0.2.253
            rightid: '@hostb-psk.example.org'
            left: 192.0.2.250
            leftid: '@hosta-psk.example.org'
            ikev2: insist
            psk: TOP_SECRET",
    )
    .unwrap();

    state.hide_secrets();
    assert!(!serde_yaml::to_string(&state)
        .unwrap()
        .contains("TOP_SECRET"));
}

#[test]
fn test_invalid_ipsec_interface_value() {
    let result = serde_yaml::from_str::<NetworkState>(
        r"---
        interfaces:
        - name: hosta_conn
          type: ipsec
          state: up
          libreswan:
            ipsec-interface: true
            right: 192.0.2.253
            rightid: '@hostb-psk.example.org'
            left: 192.0.2.250
            leftid: '@hosta-psk.example.org'
            ikev2: insist
            psk: TOP_SECRET",
    );
    assert!(result.is_err());

    if let Err(e) = result {
        assert!(e.to_string().contains("Invalid ipsec-interface value"))
    }
}

#[test]
fn test_parse_ipsec_interface_from_string_interger() {
    let iface = serde_yaml::from_str::<IpsecInterface>(
        r"---
          name: hosta_conn
          type: ipsec
          state: up
          libreswan:
            ipsec-interface: '99'
            right: 192.0.2.253
            rightid: '@hostb-psk.example.org'
            left: 192.0.2.250
            leftid: '@hosta-psk.example.org'
            ikev2: insist
            psk: TOP_SECRET",
    )
    .unwrap();

    assert_eq!(
        iface.libreswan.as_ref().unwrap().ipsec_interface.as_deref(),
        Some("99")
    );
}

#[test]
fn test_parse_ipsec_interface_from_interger() {
    let iface = serde_yaml::from_str::<IpsecInterface>(
        r"---
          name: hosta_conn
          type: ipsec
          state: up
          libreswan:
            ipsec-interface: 99
            right: 192.0.2.253
            rightid: '@hostb-psk.example.org'
            left: 192.0.2.250
            leftid: '@hosta-psk.example.org'
            ikev2: insist
            psk: TOP_SECRET",
    )
    .unwrap();

    assert_eq!(
        iface.libreswan.as_ref().unwrap().ipsec_interface.as_deref(),
        Some("99")
    );
}

#[test]
fn test_parse_ipsec_interface_from_string_bool() {
    let iface = serde_yaml::from_str::<IpsecInterface>(
        r"---
          name: hosta_conn
          type: ipsec
          state: up
          libreswan:
            ipsec-interface: 'no'
            right: 192.0.2.253
            rightid: '@hostb-psk.example.org'
            left: 192.0.2.250
            leftid: '@hosta-psk.example.org'
            ikev2: insist
            psk: TOP_SECRET",
    )
    .unwrap();

    assert_eq!(
        iface.libreswan.as_ref().unwrap().ipsec_interface.as_deref(),
        Some("no")
    );
}

#[test]
fn test_ipsec_treat_dhcp_off_and_empty_ip_as_disabled() {
    let mut iface = serde_yaml::from_str::<IpsecInterface>(
        r"---
          name: hosta_conn
          type: ipsec
          state: up
          ipv4:
            enabled: true
            dhcp: false
          libreswan:
            ipsec-interface: 'no'
            right: 192.0.2.253
            rightid: '@hostb-psk.example.org'
            left: 192.0.2.250
            leftid: '@hosta-psk.example.org'
            ikev2: insist
            psk: TOP_SECRET",
    )
    .unwrap();

    iface.sanitize(false);

    assert!(!iface.base.ipv4.as_ref().unwrap().enabled);
}