use of org.batfish.datamodel.Configuration in project batfish by batfish.
the class RdsInstance method toConfigurationNode.
public Configuration toConfigurationNode(AwsConfiguration awsVpcConfig, Region region, Warnings warnings) {
Configuration cfgNode = Utils.newAwsConfiguration(_dbInstanceIdentifier, "aws");
cfgNode.getVendorFamily().getAws().setVpcId(_vpcId);
cfgNode.getVendorFamily().getAws().setRegion(region.getName());
// get subnets for the availability zone set for this instance
List<String> subnets = _azsSubnetIds.get(_availabilityZone);
// create an interface per subnet
for (String subnetId : subnets) {
Subnet subnet = region.getSubnets().get(subnetId);
if (subnet == null) {
warnings.redFlag(String.format("Subnet \"%s\" for RDS instance \"%s\" not found", subnetId, _dbInstanceIdentifier));
continue;
}
String instancesIfaceName = String.format("%s-%s", _dbInstanceIdentifier, subnetId);
Ip instancesIfaceIp = subnet.getNextIp();
InterfaceAddress instancesIfaceAddress = new InterfaceAddress(instancesIfaceIp, subnet.getCidrBlock().getPrefixLength());
Utils.newInterface(instancesIfaceName, cfgNode, instancesIfaceAddress);
Ip defaultGatewayAddress = subnet.computeInstancesIfaceIp();
StaticRoute defaultRoute = StaticRoute.builder().setAdministrativeCost(Route.DEFAULT_STATIC_ROUTE_ADMIN).setMetric(Route.DEFAULT_STATIC_ROUTE_COST).setNextHopIp(defaultGatewayAddress).setNetwork(Prefix.ZERO).build();
cfgNode.getDefaultVrf().getStaticRoutes().add(defaultRoute);
}
Utils.processSecurityGroups(region, cfgNode, _securityGroups, warnings);
return cfgNode;
}
use of org.batfish.datamodel.Configuration in project batfish by batfish.
the class Region method applySecurityGroupsAcls.
private void applySecurityGroupsAcls(Map<String, Configuration> cfgNodes) {
for (Entry<String, Set<SecurityGroup>> entry : _configurationSecurityGroups.entrySet()) {
Configuration cfgNode = cfgNodes.get(entry.getKey());
List<IpAccessListLine> inboundRules = new LinkedList<>();
List<IpAccessListLine> outboundRules = new LinkedList<>();
entry.getValue().forEach(securityGroup -> securityGroup.addInOutAccessLines(inboundRules, outboundRules, this));
// create ACLs from inboundRules and outboundRules
IpAccessList inAcl = new IpAccessList(SG_INGRESS_ACL_NAME, inboundRules);
IpAccessList outAcl = new IpAccessList(SG_EGRESS_ACL_NAME, outboundRules);
cfgNode.getIpAccessLists().put(SG_INGRESS_ACL_NAME, inAcl);
cfgNode.getIpAccessLists().put(SG_EGRESS_ACL_NAME, outAcl);
// applying the filters to all interfaces in the node
cfgNode.getInterfaces().values().forEach(iface -> {
iface.setIncomingFilter(inAcl);
iface.setOutgoingFilter(outAcl);
});
}
}
use of org.batfish.datamodel.Configuration in project batfish by batfish.
the class ElasticsearchDomain method toConfigurationNode.
public Configuration toConfigurationNode(AwsConfiguration awsVpcConfig, Region region, Warnings warnings) {
Configuration cfgNode = Utils.newAwsConfiguration(_domainName, "aws");
cfgNode.getVendorFamily().getAws().setVpcId(_vpcId);
cfgNode.getVendorFamily().getAws().setRegion(region.getName());
// create an interface per subnet
for (String subnetId : _subnets) {
Subnet subnet = region.getSubnets().get(subnetId);
if (subnet == null) {
warnings.redFlag(String.format("Subnet \"%s\" for Elasticsearch domain \"%s\" not found", subnetId, _domainName));
continue;
}
String instancesIfaceName = String.format("%s-%s", _domainName, subnetId);
Ip instancesIfaceIp = subnet.getNextIp();
InterfaceAddress instancesIfaceAddress = new InterfaceAddress(instancesIfaceIp, subnet.getCidrBlock().getPrefixLength());
Utils.newInterface(instancesIfaceName, cfgNode, instancesIfaceAddress);
Ip defaultGatewayAddress = subnet.computeInstancesIfaceIp();
StaticRoute defaultRoute = StaticRoute.builder().setAdministrativeCost(Route.DEFAULT_STATIC_ROUTE_ADMIN).setMetric(Route.DEFAULT_STATIC_ROUTE_COST).setNextHopIp(defaultGatewayAddress).setNetwork(Prefix.ZERO).build();
cfgNode.getDefaultVrf().getStaticRoutes().add(defaultRoute);
}
Utils.processSecurityGroups(region, cfgNode, _securityGroups, warnings);
return cfgNode;
}
use of org.batfish.datamodel.Configuration in project batfish by batfish.
the class Instance method toConfigurationNode.
public Configuration toConfigurationNode(AwsConfiguration awsVpcConfig, Region region, Warnings warnings) {
String name = _tags.getOrDefault("Name", _instanceId);
Configuration cfgNode = Utils.newAwsConfiguration(name, "aws");
for (String interfaceId : _networkInterfaces) {
NetworkInterface netInterface = region.getNetworkInterfaces().get(interfaceId);
if (netInterface == null) {
warnings.redFlag(String.format("Network interface \"%s\" for instance \"%s\" not found", interfaceId, _instanceId));
continue;
}
ImmutableSortedSet.Builder<InterfaceAddress> ifaceAddressesBuilder = new ImmutableSortedSet.Builder<>(Comparator.naturalOrder());
Subnet subnet = region.getSubnets().get(netInterface.getSubnetId());
Prefix ifaceSubnet = subnet.getCidrBlock();
Ip defaultGatewayAddress = subnet.computeInstancesIfaceIp();
StaticRoute defaultRoute = StaticRoute.builder().setAdministrativeCost(Route.DEFAULT_STATIC_ROUTE_ADMIN).setMetric(Route.DEFAULT_STATIC_ROUTE_COST).setNextHopIp(defaultGatewayAddress).setNetwork(Prefix.ZERO).build();
cfgNode.getDefaultVrf().getStaticRoutes().add(defaultRoute);
for (Ip ip : netInterface.getIpAddressAssociations().keySet()) {
if (!ifaceSubnet.containsIp(ip)) {
warnings.pedantic(String.format("Instance subnet \"%s\" does not contain private ip: \"%s\"", ifaceSubnet, ip));
continue;
}
if (ip.equals(ifaceSubnet.getEndIp())) {
warnings.pedantic(String.format("Expected end address \"%s\" to be used by generated subnet node", ip));
continue;
}
InterfaceAddress address = new InterfaceAddress(ip, ifaceSubnet.getPrefixLength());
ifaceAddressesBuilder.add(address);
}
SortedSet<InterfaceAddress> ifaceAddresses = ifaceAddressesBuilder.build();
Interface iface = Utils.newInterface(interfaceId, cfgNode, ifaceAddresses.first());
iface.setAllAddresses(ifaceAddresses);
cfgNode.getVendorFamily().getAws().setVpcId(_vpcId);
cfgNode.getVendorFamily().getAws().setSubnetId(_subnetId);
cfgNode.getVendorFamily().getAws().setRegion(region.getName());
}
Utils.processSecurityGroups(region, cfgNode, _securityGroups, warnings);
return cfgNode;
}
use of org.batfish.datamodel.Configuration in project batfish by batfish.
the class InternetGateway method toConfigurationNode.
public Configuration toConfigurationNode(AwsConfiguration awsConfiguration, Region region, Warnings warnings) {
Configuration cfgNode = Utils.newAwsConfiguration(_internetGatewayId, "aws");
cfgNode.getVendorFamily().getAws().setRegion(region.getName());
for (String vpcId : _attachmentVpcIds) {
String igwIfaceName = vpcId;
Pair<InterfaceAddress, InterfaceAddress> igwAddresses = awsConfiguration.getNextGeneratedLinkSubnet();
InterfaceAddress igwIfaceAddress = igwAddresses.getFirst();
Utils.newInterface(igwIfaceName, cfgNode, igwIfaceAddress);
// add the interface to the vpc router
Configuration vpcConfigNode = awsConfiguration.getConfigurationNodes().get(vpcId);
String vpcIfaceName = _internetGatewayId;
InterfaceAddress vpcIfaceAddress = igwAddresses.getSecond();
Utils.newInterface(vpcIfaceName, vpcConfigNode, vpcIfaceAddress);
// associate this gateway with the vpc
region.getVpcs().get(vpcId).setInternetGatewayId(_internetGatewayId);
// add a route on the gateway to the vpc
Vpc vpc = region.getVpcs().get(vpcId);
vpc.getCidrBlockAssociations().forEach(prefix -> {
StaticRoute igwVpcRoute = StaticRoute.builder().setNetwork(prefix).setNextHopIp(vpcIfaceAddress.getIp()).setAdministrativeCost(Route.DEFAULT_STATIC_ROUTE_ADMIN).setMetric(Route.DEFAULT_STATIC_ROUTE_COST).build();
cfgNode.getDefaultVrf().getStaticRoutes().add(igwVpcRoute);
});
}
return cfgNode;
}
Aggregations