Example 16 with IpWildcard
use of org.batfish.datamodel.IpWildcard in project batfish by batfish.
the class RdsInstanceTest method testSecurityGroupsAcl.
@Test
public void testSecurityGroupsAcl() throws IOException {
Map<String, Configuration> configurations = loadAwsConfigurations();
assertThat(configurations, hasKey("test-rds"));
assertThat(configurations.get("test-rds").getInterfaces().entrySet(), hasSize(2));
IpAccessListLine rejectSynOnly = IpAccessListLine.builder().setTcpFlags(ImmutableSet.of(TcpFlags.SYN_ONLY)).setAction(LineAction.REJECT).build();
IpAccessList expectedIncomingFilter = new IpAccessList("~SECURITY_GROUP_INGRESS_ACL~", Lists.newArrayList(IpAccessListLine.builder().setAction(LineAction.ACCEPT).setIpProtocols(Sets.newHashSet(IpProtocol.TCP)).setSrcIps(Sets.newHashSet(new IpWildcard("1.2.3.4/32"), new IpWildcard("10.193.16.105/32"))).setDstPorts(Sets.newHashSet(new SubRange(45, 50))).build(), rejectSynOnly, IpAccessListLine.builder().setAction(LineAction.ACCEPT).setSrcIps(Sets.newHashSet(new IpWildcard("0.0.0.0/0"))).build()));
IpAccessList expectedOutgoingFilter = new IpAccessList("~SECURITY_GROUP_EGRESS_ACL~", Lists.newArrayList(IpAccessListLine.builder().setAction(LineAction.ACCEPT).setDstIps(Sets.newHashSet(new IpWildcard("0.0.0.0/0"))).build(), rejectSynOnly, IpAccessListLine.builder().setAction(LineAction.ACCEPT).setIpProtocols(Sets.newHashSet(IpProtocol.TCP)).setDstIps(Sets.newHashSet(new IpWildcard("1.2.3.4/32"), new IpWildcard("10.193.16.105/32"))).setSrcPorts(Sets.newHashSet(new SubRange(45, 50))).build()));
for (Interface iface : configurations.get("test-rds").getInterfaces().values()) {
assertThat(iface.getIncomingFilter(), equalTo(expectedIncomingFilter));
assertThat(iface.getOutgoingFilter(), equalTo(expectedOutgoingFilter));
}
}
Also used :
IpWildcard(org.batfish.datamodel.IpWildcard)
Configuration(org.batfish.datamodel.Configuration)
IpAccessListLine(org.batfish.datamodel.IpAccessListLine)
IpAccessList(org.batfish.datamodel.IpAccessList)
SubRange(org.batfish.datamodel.SubRange)
Interface(org.batfish.datamodel.Interface)
Test(org.junit.Test)
Example 17 with IpWildcard
use of org.batfish.datamodel.IpWildcard in project batfish by batfish.
the class SecurityGroupsTest method testEndHalfOpenInterval.
@Test
public void testEndHalfOpenInterval() throws JSONException {
SecurityGroup sg = new SecurityGroup(_securityGroups.getJSONObject(2), null);
List<IpAccessListLine> inboundRules = new LinkedList<>();
List<IpAccessListLine> outboundRules = new LinkedList<>();
sg.addInOutAccessLines(inboundRules, outboundRules, _region);
assertThat(inboundRules, equalTo(ImmutableList.of(IpAccessListLine.builder().setAction(LineAction.ACCEPT).setIpProtocols(Sets.newHashSet(IpProtocol.TCP)).setSrcIps(Sets.newHashSet(new IpWildcard("1.2.3.4/32"))).setDstPorts(Sets.newHashSet(new SubRange(65530, 65535))).build(), _rejectSynOnly, _allowAllReverseOutboundRule)));
}
Also used :
IpWildcard(org.batfish.datamodel.IpWildcard)
IpAccessListLine(org.batfish.datamodel.IpAccessListLine)
SubRange(org.batfish.datamodel.SubRange)
LinkedList(java.util.LinkedList)
Test(org.junit.Test)
Example 18 with IpWildcard
use of org.batfish.datamodel.IpWildcard in project batfish by batfish.
the class SecurityGroupsTest method testInvalidStartInterval.
@Test
public void testInvalidStartInterval() throws JSONException {
SecurityGroup sg = new SecurityGroup(_securityGroups.getJSONObject(6), null);
List<IpAccessListLine> inboundRules = new LinkedList<>();
List<IpAccessListLine> outboundRules = new LinkedList<>();
sg.addInOutAccessLines(inboundRules, outboundRules, _region);
assertThat(inboundRules, equalTo(ImmutableList.of(IpAccessListLine.builder().setAction(LineAction.ACCEPT).setIpProtocols(Sets.newHashSet(IpProtocol.TCP)).setSrcIps(Sets.newHashSet(new IpWildcard("1.2.3.4/32"))).setDstPorts(Sets.newHashSet(new SubRange(0, 50))).build(), _rejectSynOnly, _allowAllReverseOutboundRule)));
}
Also used :
IpWildcard(org.batfish.datamodel.IpWildcard)
IpAccessListLine(org.batfish.datamodel.IpAccessListLine)
SubRange(org.batfish.datamodel.SubRange)
LinkedList(java.util.LinkedList)
Test(org.junit.Test)
Example 19 with IpWildcard
use of org.batfish.datamodel.IpWildcard in project batfish by batfish.
the class SecurityGroupsTest method testClosedInterval.
@Test
public void testClosedInterval() throws JSONException {
SecurityGroup sg = new SecurityGroup(_securityGroups.getJSONObject(5), null);
List<IpAccessListLine> inboundRules = new LinkedList<>();
List<IpAccessListLine> outboundRules = new LinkedList<>();
sg.addInOutAccessLines(inboundRules, outboundRules, _region);
assertThat(inboundRules, equalTo(ImmutableList.of(IpAccessListLine.builder().setAction(LineAction.ACCEPT).setIpProtocols(Sets.newHashSet(IpProtocol.TCP)).setSrcIps(Sets.newHashSet(new IpWildcard("1.2.3.4/32"))).setDstPorts(Sets.newHashSet(new SubRange(45, 50))).build(), _rejectSynOnly, _allowAllReverseOutboundRule)));
}
Also used :
IpWildcard(org.batfish.datamodel.IpWildcard)
IpAccessListLine(org.batfish.datamodel.IpAccessListLine)
SubRange(org.batfish.datamodel.SubRange)
LinkedList(java.util.LinkedList)
Test(org.junit.Test)
Example 20 with IpWildcard
use of org.batfish.datamodel.IpWildcard in project batfish by batfish.
the class SecurityGroupsTest method testAllTrafficAllowed.
@Test
public void testAllTrafficAllowed() throws JSONException {
SecurityGroup sg = new SecurityGroup(_securityGroups.getJSONObject(4), null);
List<IpAccessListLine> inboundRules = new LinkedList<>();
List<IpAccessListLine> outboundRules = new LinkedList<>();
sg.addInOutAccessLines(inboundRules, outboundRules, _region);
assertThat(inboundRules, equalTo(ImmutableList.of(IpAccessListLine.builder().setAction(LineAction.ACCEPT).setSrcIps(Sets.newHashSet(new IpWildcard("0.0.0.0/0"))).setDstPorts(Sets.newHashSet()).build(), _rejectSynOnly, _allowAllReverseOutboundRule)));
}
Also used :
IpWildcard(org.batfish.datamodel.IpWildcard)
IpAccessListLine(org.batfish.datamodel.IpAccessListLine)
LinkedList(java.util.LinkedList)
Test(org.junit.Test)
Aggregations
IpWildcard (org.batfish.datamodel.IpWildcard)63
Test (org.junit.Test)38
Ip (org.batfish.datamodel.Ip)18
IpAccessListLine (org.batfish.datamodel.IpAccessListLine)17
SubRange (org.batfish.datamodel.SubRange)16
HeaderSpace (org.batfish.datamodel.HeaderSpace)12
Prefix (org.batfish.datamodel.Prefix)9
LinkedList (java.util.LinkedList)8
Configuration (org.batfish.datamodel.Configuration)8
Context (com.microsoft.z3.Context)7
Interface (org.batfish.datamodel.Interface)7
IpAccessList (org.batfish.datamodel.IpAccessList)6
IpProtocol (org.batfish.datamodel.IpProtocol)6
BoolExpr (com.microsoft.z3.BoolExpr)5
TreeSet (java.util.TreeSet)5
BatfishException (org.batfish.common.BatfishException)5
RouteFilterList (org.batfish.datamodel.RouteFilterList)5
ImmutableSortedMap (com.google.common.collect.ImmutableSortedMap)4
Status (com.microsoft.z3.Status)4
Map (java.util.Map)4
