@Override public AnswerElement answerDiff() { differentialAnswer((SearchFiltersQuestion) _question); return _tableAnswerElement; }
@Override protected Answerer createAnswerer(Question question, IBatfish batfish) { return new SearchFiltersAnswerer(question, batfish); }
@Override protected Question createQuestion() { return new SearchFiltersQuestion(); } }
@Test public void testGetQueryAcls_permit() { SearchFiltersQuestion question = SearchFiltersQuestion.builder() .setFilterSpecifier(ACL.getName()) .setAction("permit") .build(); SearchFiltersAnswerer answerer = new SearchFiltersAnswerer(question, _batfish); List<Triple<String, String, IpAccessList>> queryAcls = answerer.getQueryAcls(question); assertThat(queryAcls, hasSize(1)); String queryConfig = queryAcls.get(0).getLeft(); String queryAclName = queryAcls.get(0).getMiddle(); IpAccessList queryAcl = queryAcls.get(0).getRight(); assertThat(queryConfig, equalTo(_config.getHostname())); assertThat(queryAclName, equalTo(ACL.getName())); assertThat(queryAcl, is(ACL)); }
@Test public void testReachFilterNodeSpecifierDefault() { SearchFiltersQuestion q = new SearchFiltersQuestion(); Set<String> nodes = q.getNodesSpecifier().resolve(_batfish.specifierContext()); assertThat(nodes, contains(_config.getHostname())); q = SearchFiltersQuestion.builder() .setFilterSpecifier(ACL.getName()) .setAction("permit") .setNodeSpecifier("UNMATCHABLE") .build(); nodes = q.getNodesSpecifier().resolve(_batfish.specifierContext()); assertThat(nodes, emptyIterable()); }
@Test public void testSetQuery() { SearchFiltersQuestion question = new SearchFiltersQuestion(); assertThat(question.getType(), is(Type.PERMIT)); assertThat(question.getLineNumber(), nullValue()); question = SearchFiltersQuestion.builder().setAction("deny").build(); assertThat(question.getType(), is(Type.DENY)); assertThat(question.getLineNumber(), nullValue()); question = SearchFiltersQuestion.builder().setAction("matchLine 5").build(); assertThat(question.getType(), is(Type.MATCH_LINE)); assertThat(question.getLineNumber(), is(5)); question = SearchFiltersQuestion.builder().setAction("permit").build(); assertThat(question.getType(), is(Type.PERMIT)); assertThat(question.getLineNumber(), nullValue()); exception.expect(BatfishException.class); exception.expectMessage("Unrecognized query: foo"); SearchFiltersQuestion.builder().setAction("foo").build(); }
private Optional<IpAccessList> makeQueryAcl(IpAccessList originalAcl) { SearchFiltersQuestion question = (SearchFiltersQuestion) _question; switch (question.getType()) { case PERMIT: return Optional.of(originalAcl); case DENY: return Optional.of(toDenyAcl(originalAcl)); case MATCH_LINE: // for each ACL, construct a new ACL that accepts if and only if the specified line matches Integer lineNumber = question.getLineNumber(); checkState(lineNumber != null, "Cannot perform a match line query without a line number"); return originalAcl.getLines().size() > lineNumber ? Optional.of(toMatchLineAcl(lineNumber, originalAcl)) : Optional.empty(); default: throw new BatfishException("Unexpected query Type: " + question.getType()); } }
@Test public void testAnswerWithRenamingAndExplanations() { SearchFiltersQuestion question = SearchFiltersQuestion.builder().setGenerateExplanations(true).setAction("deny").build(); SearchFiltersAnswerer answerer = new SearchFiltersAnswerer(question, _batfish); TableAnswerElement ae = (TableAnswerElement) answerer.answer(); assertThat( ae, hasRows( containsInAnyOrder( ImmutableList.of( allOf( hasColumn(COL_ACTION, equalTo("DENY"), Schema.STRING), hasColumn(COL_FILTER_NAME, equalTo(ACL.getName()), Schema.STRING)), allOf( hasColumn(COL_ACTION, equalTo("DENY"), Schema.STRING), hasColumn( COL_FILTER_NAME, equalTo(BLOCKED_LINE_ACL.getName()), Schema.STRING)), allOf( hasColumn(COL_ACTION, equalTo("DENY"), Schema.STRING), hasColumn(COL_FILTER_NAME, equalTo(SRC_ACL.getName()), Schema.STRING)))))); }
@Test public void testReachFilter_matchLine() { Optional<SearchFiltersResult> permitResult = _batfish.reachFilter(_config, toMatchLineAcl(0, ACL), _allLocationsParams); assertThat("Should find permitted flow", permitResult.isPresent()); assertThat(permitResult.get().getExampleFlow(), hasDstIp(IP0)); permitResult = _batfish.reachFilter(_config, toMatchLineAcl(1, ACL), _allLocationsParams); assertThat("Should find permitted flow", permitResult.isPresent()); assertThat(permitResult.get().getExampleFlow(), hasDstIp(IP1)); permitResult = _batfish.reachFilter(_config, toMatchLineAcl(2, ACL), _allLocationsParams); assertThat("Should find permitted flow", permitResult.isPresent()); assertThat(permitResult.get().getExampleFlow(), hasDstIp(IP2)); permitResult = _batfish.reachFilter(_config, toMatchLineAcl(3, ACL), _allLocationsParams); assertThat("Should find permitted flow", permitResult.isPresent()); assertThat(permitResult.get().getExampleFlow(), hasDstIp(IP3)); }
@Nonnull @VisibleForTesting SearchFiltersParameters toSearchFiltersParameters() { return SearchFiltersParameters.builder() .setDestinationIpSpaceSpecifier(getDestinationSpecifier()) .setGenerateExplanations(_generateExplanations) .setHeaderSpace(getHeaderSpace()) .setSourceIpSpaceSpecifier(getSourceSpecifier()) .setStartLocationSpecifier(getStartLocationSpecifier()) .build(); }
@Test public void testReachFilter_deny() { Optional<SearchFiltersResult> permitResult = _batfish.reachFilter(_config, toDenyAcl(ACL), _allLocationsParams); assertThat("Should find permitted flow", permitResult.isPresent()); assertThat(permitResult.get().getExampleFlow(), hasDstIp(not(oneOf(IP0, IP3)))); }
@Test public void testReachFilter_deny_ACCEPT_ALL() { Optional<SearchFiltersResult> result = _batfish.reachFilter(_config, toDenyAcl(ACCEPT_ALL_ACL), _allLocationsParams); assertThat("Should not find permitted flow", !result.isPresent()); }
@Test public void testReachFilter_matchLine_blocked() { Optional<SearchFiltersResult> permitResult = _batfish.reachFilter(_config, toMatchLineAcl(2, BLOCKED_LINE_ACL), _allLocationsParams); assertThat("Should not find permitted flow", !permitResult.isPresent()); }
@Override public AnswerElement answer() { SearchFiltersQuestion question = (SearchFiltersQuestion) _question; nonDifferentialAnswer(question); return _tableAnswerElement; }
public static Builder builder() { return new Builder(); }
@Test public void testGetQueryAcls_deny() { SearchFiltersQuestion question = SearchFiltersQuestion.builder().setFilterSpecifier(ACL.getName()).setAction("deny").build(); SearchFiltersAnswerer answerer = new SearchFiltersAnswerer(question, _batfish); List<Triple<String, String, IpAccessList>> queryAcls = answerer.getQueryAcls(question); assertThat(queryAcls, hasSize(1)); String queryConfig = queryAcls.get(0).getLeft(); String queryAclName = queryAcls.get(0).getMiddle(); IpAccessList queryAcl = queryAcls.get(0).getRight(); assertThat(queryConfig, equalTo(_config.getHostname())); assertThat(queryAclName, equalTo(ACL.getName())); assertThat(queryAcl.getName(), equalTo(NEGATED_RENAMER.apply(ACL.getName()))); assertThat(queryAcl, is(DENY_ACL)); }
@Test public void testMatchSrcInterface() { Optional<SearchFiltersResult> result = _batfish.reachFilter(_config, toMatchLineAcl(0, SRC_ACL), _allLocationsParams); assertThat( result.get().getExampleFlow(), allOf(hasIngressInterface(nullValue()), hasDstIp(IP0))); result = _batfish.reachFilter(_config, toMatchLineAcl(1, SRC_ACL), _allLocationsParams); assertThat(result.get().getExampleFlow(), allOf(hasIngressInterface(IFACE1), hasDstIp(IP1))); result = _batfish.reachFilter(_config, toMatchLineAcl(2, SRC_ACL), _allLocationsParams); assertThat(result.get().getExampleFlow(), allOf(hasIngressInterface(IFACE2), hasDstIp(IP2))); // cannot have two different source interfaces result = _batfish.reachFilter(_config, toMatchLineAcl(3, SRC_ACL), _allLocationsParams); assertThat(result, equalTo(Optional.empty())); // cannot have originate from device and have a source interface result = _batfish.reachFilter(_config, toMatchLineAcl(4, SRC_ACL), _allLocationsParams); assertThat(result, equalTo(Optional.empty())); }
public SearchFiltersQuestion build() { return new SearchFiltersQuestion( _complementHeaderSpace, _filters, _generateExplanations, _headers, _nodeSpecifierInput, _startLocation, _type); } }
@Test public void testReachFilter_deny_REJECT_ALL() { Optional<SearchFiltersResult> result = _batfish.reachFilter(_config, toDenyAcl(REJECT_ALL_ACL), _allLocationsParams); assertThat("Should find permitted flow", result.isPresent()); }
@Test public void testGetQueryAcls_matchLine2() { SearchFiltersQuestion question = SearchFiltersQuestion.builder() .setFilterSpecifier(ACL.getName()) .setAction("matchLine 2") .build(); SearchFiltersAnswerer answerer = new SearchFiltersAnswerer(question, _batfish); List<Triple<String, String, IpAccessList>> queryAcls = answerer.getQueryAcls(question); assertThat(queryAcls, hasSize(1)); String queryConfig = queryAcls.get(0).getLeft(); String queryAclName = queryAcls.get(0).getMiddle(); IpAccessList queryAcl = queryAcls.get(0).getRight(); assertThat(queryConfig, equalTo(_config.getHostname())); assertThat(queryAclName, equalTo(ACL.getName())); assertThat(queryAcl.getName(), equalTo(MATCH_LINE_RENAMER.apply(2, ACL.getName()))); assertThat(queryAcl, is(MATCH_LINE2_ACL)); }