@Override protected Question createQuestion() { return new SearchFiltersQuestion(); } }
private Multimap<String, String> getSpecifiedAcls(SearchFiltersQuestion question) { SortedMap<String, Configuration> configs = _batfish.loadConfigurations(); FilterSpecifier filterSpecifier = question.getFilterSpecifier(); SpecifierContext specifierContext = _batfish.specifierContext(); ImmutableMultimap.Builder<String, String> acls = ImmutableMultimap.builder(); question.getNodesSpecifier().resolve(_batfish.specifierContext()).stream() .map(configs::get) .forEach( config -> filterSpecifier .resolve(config.getHostname(), specifierContext) .forEach(acl -> acls.put(config.getHostname(), acl.getName()))); return acls.build(); }
@Nonnull @VisibleForTesting SearchFiltersParameters toSearchFiltersParameters() { return SearchFiltersParameters.builder() .setDestinationIpSpaceSpecifier(getDestinationSpecifier()) .setGenerateExplanations(_generateExplanations) .setHeaderSpace(getHeaderSpace()) .setSourceIpSpaceSpecifier(getSourceSpecifier()) .setStartLocationSpecifier(getStartLocationSpecifier()) .build(); }
private Optional<IpAccessList> makeQueryAcl(IpAccessList originalAcl) { SearchFiltersQuestion question = (SearchFiltersQuestion) _question; switch (question.getType()) { case PERMIT: return Optional.of(originalAcl); case DENY: return Optional.of(toDenyAcl(originalAcl)); case MATCH_LINE: // for each ACL, construct a new ACL that accepts if and only if the specified line matches Integer lineNumber = question.getLineNumber(); checkState(lineNumber != null, "Cannot perform a match line query without a line number"); return originalAcl.getLines().size() > lineNumber ? Optional.of(toMatchLineAcl(lineNumber, originalAcl)) : Optional.empty(); default: throw new BatfishException("Unexpected query Type: " + question.getType()); } }
@Test public void testDeserializationDefaultValues() throws IOException { String serialized = String.format("{\"class\":\"%s\"}", SearchFiltersQuestion.class.getCanonicalName()); SearchFiltersQuestion q = BatfishObjectMapper.mapper().readValue(serialized, SearchFiltersQuestion.class); assertThat(q.getFilterSpecifier(), notNullValue()); assertThat(q.getType(), is(Type.PERMIT)); assertThat(q.getNodesSpecifier(), notNullValue()); assertThat(q.getDataPlane(), equalTo(false)); assertThat(q.getNodes(), nullValue()); // src/dst IPs NOT stored in headerspace at this stage assertThat(q.getHeaderSpace().getDstIps(), nullValue()); assertThat(q.getHeaderSpace().getSrcIps(), nullValue()); // src/dst IPs are in specifiers at this stage SearchFiltersParameters parameters = q.toSearchFiltersParameters(); for (IpSpaceSpecifier s : Arrays.asList( parameters.getSourceIpSpaceSpecifier(), parameters.getDestinationIpSpaceSpecifier())) { assertThat( s.resolve(ImmutableSet.of(), MockSpecifierContext.builder().build()).getEntries().stream() .map(Entry::getIpSpace) .collect(ImmutableList.toImmutableList()), hasItem(UniverseIpSpace.INSTANCE)); assertThat(q.getLineNumber(), nullValue()); } }
@Test public void testSetQuery() { SearchFiltersQuestion question = new SearchFiltersQuestion(); assertThat(question.getType(), is(Type.PERMIT)); assertThat(question.getLineNumber(), nullValue()); question = SearchFiltersQuestion.builder().setAction("deny").build(); assertThat(question.getType(), is(Type.DENY)); assertThat(question.getLineNumber(), nullValue()); question = SearchFiltersQuestion.builder().setAction("matchLine 5").build(); assertThat(question.getType(), is(Type.MATCH_LINE)); assertThat(question.getLineNumber(), is(5)); question = SearchFiltersQuestion.builder().setAction("permit").build(); assertThat(question.getType(), is(Type.PERMIT)); assertThat(question.getLineNumber(), nullValue()); exception.expect(BatfishException.class); exception.expectMessage("Unrecognized query: foo"); SearchFiltersQuestion.builder().setAction("foo").build(); }
@Test public void testReachFilterNodeSpecifierDefault() { SearchFiltersQuestion q = new SearchFiltersQuestion(); Set<String> nodes = q.getNodesSpecifier().resolve(_batfish.specifierContext()); assertThat(nodes, contains(_config.getHostname())); q = SearchFiltersQuestion.builder() .setFilterSpecifier(ACL.getName()) .setAction("permit") .setNodeSpecifier("UNMATCHABLE") .build(); nodes = q.getNodesSpecifier().resolve(_batfish.specifierContext()); assertThat(nodes, emptyIterable()); }
new SearchFiltersQuestion() .toSearchFiltersParameters() .toBuilder() .setStartLocationSpecifier(ALL_LOCATIONS)
SearchFiltersParameters parameters = question.toSearchFiltersParameters(); question.getGenerateExplanations()); TableAnswerElement deltaTable = toSearchFiltersTable( TestFiltersAnswerer.create(new TestFiltersQuestion(null, null, null, null)), question.getGenerateExplanations()); if (baseAcl.isPresent() && !deltaAcl.isPresent() && question.getIncludeOneTableKeys()) { baseTable.addRow( Row.builder(baseTable.getMetadata().toColumnMap()) if (!baseAcl.isPresent() && deltaAcl.isPresent() && question.getIncludeOneTableKeys()) { deltaTable.addRow( Row.builder(deltaTable.getMetadata().toColumnMap()) description, testFiltersRow(true, node, aclName, flow), question.getGenerateExplanations())); deltaTable.addRow( toSearchFiltersRow( description, testFiltersRow(false, node, aclName, flow), question.getGenerateExplanations())); }); if (question.getIncludeOneTableKeys()) { addOneSnapshotNodes(Sets.difference(baseAcls.keySet(), deltaAcls.keySet()), baseTable); addOneSnapshotNodes(Sets.difference(deltaAcls.keySet(), baseAcls.keySet()), deltaTable);
@Test public void testGetQueryAcls_deny() { SearchFiltersQuestion question = SearchFiltersQuestion.builder().setFilterSpecifier(ACL.getName()).setAction("deny").build(); SearchFiltersAnswerer answerer = new SearchFiltersAnswerer(question, _batfish); List<Triple<String, String, IpAccessList>> queryAcls = answerer.getQueryAcls(question); assertThat(queryAcls, hasSize(1)); String queryConfig = queryAcls.get(0).getLeft(); String queryAclName = queryAcls.get(0).getMiddle(); IpAccessList queryAcl = queryAcls.get(0).getRight(); assertThat(queryConfig, equalTo(_config.getHostname())); assertThat(queryAclName, equalTo(ACL.getName())); assertThat(queryAcl.getName(), equalTo(NEGATED_RENAMER.apply(ACL.getName()))); assertThat(queryAcl, is(DENY_ACL)); }
IpAccessList acl = triple.getRight(); Optional<SearchFiltersResult> optionalResult; optionalResult = _batfish.reachFilter(node, acl, question.toSearchFiltersParameters()); optionalResult.ifPresent( result -> result.getHeaderSpaceDescription().orElse(null), testFiltersRow(true, hostname, aclname, result.getExampleFlow()), question.getGenerateExplanations()))); toSearchFiltersTable( TestFiltersAnswerer.create(new TestFiltersQuestion(null, null, null, null)), question.getGenerateExplanations()); _tableAnswerElement.postProcessAnswer(question, rows);
@Test public void testIpProtocols() throws IOException { ImmutableSortedSet<IpProtocol> ipProtocols = ImmutableSortedSet.of(IpProtocol.TCP, IpProtocol.ICMP); SearchFiltersQuestion question = SearchFiltersQuestion.builder() .setHeaders(PacketHeaderConstraints.builder().setIpProtocols(ipProtocols).build()) .build(); assertThat(question.getHeaderSpace().getIpProtocols(), equalTo(ipProtocols)); // test (de)serialization question = BatfishObjectMapper.clone(question, SearchFiltersQuestion.class); assertThat(question.getHeaderSpace().getIpProtocols(), equalTo(ipProtocols)); } }
@Test public void testGetQueryAcls_permit() { SearchFiltersQuestion question = SearchFiltersQuestion.builder() .setFilterSpecifier(ACL.getName()) .setAction("permit") .build(); SearchFiltersAnswerer answerer = new SearchFiltersAnswerer(question, _batfish); List<Triple<String, String, IpAccessList>> queryAcls = answerer.getQueryAcls(question); assertThat(queryAcls, hasSize(1)); String queryConfig = queryAcls.get(0).getLeft(); String queryAclName = queryAcls.get(0).getMiddle(); IpAccessList queryAcl = queryAcls.get(0).getRight(); assertThat(queryConfig, equalTo(_config.getHostname())); assertThat(queryAclName, equalTo(ACL.getName())); assertThat(queryAcl, is(ACL)); }
public SearchFiltersQuestion build() { return new SearchFiltersQuestion( _complementHeaderSpace, _filters, _generateExplanations, _headers, _nodeSpecifierInput, _startLocation, _type); } }
@Test public void testGetQueryAcls_matchLine2() { SearchFiltersQuestion question = SearchFiltersQuestion.builder() .setFilterSpecifier(ACL.getName()) .setAction("matchLine 2") .build(); SearchFiltersAnswerer answerer = new SearchFiltersAnswerer(question, _batfish); List<Triple<String, String, IpAccessList>> queryAcls = answerer.getQueryAcls(question); assertThat(queryAcls, hasSize(1)); String queryConfig = queryAcls.get(0).getLeft(); String queryAclName = queryAcls.get(0).getMiddle(); IpAccessList queryAcl = queryAcls.get(0).getRight(); assertThat(queryConfig, equalTo(_config.getHostname())); assertThat(queryAclName, equalTo(ACL.getName())); assertThat(queryAcl.getName(), equalTo(MATCH_LINE_RENAMER.apply(2, ACL.getName()))); assertThat(queryAcl, is(MATCH_LINE2_ACL)); }
@Test public void testAnswer() { SearchFiltersQuestion question = new SearchFiltersQuestion(); SearchFiltersAnswerer answerer = new SearchFiltersAnswerer(question, _batfish); TableAnswerElement ae = (TableAnswerElement) answerer.answer(); assertThat( ae, hasRows( containsInAnyOrder( ImmutableList.of( allOf( hasColumn(COL_ACTION, equalTo("PERMIT"), Schema.STRING), hasColumn(COL_FILTER_NAME, equalTo(ACL.getName()), Schema.STRING)), allOf( hasColumn(COL_ACTION, equalTo("PERMIT"), Schema.STRING), hasColumn( COL_FILTER_NAME, equalTo(BLOCKED_LINE_ACL.getName()), Schema.STRING)), allOf( hasColumn(COL_ACTION, equalTo("PERMIT"), Schema.STRING), hasColumn(COL_FILTER_NAME, equalTo(SRC_ACL.getName()), Schema.STRING)))))); }
@Test public void testAnswerWithRenamingAndExplanations() { SearchFiltersQuestion question = SearchFiltersQuestion.builder().setGenerateExplanations(true).setAction("deny").build(); SearchFiltersAnswerer answerer = new SearchFiltersAnswerer(question, _batfish); TableAnswerElement ae = (TableAnswerElement) answerer.answer(); assertThat( ae, hasRows( containsInAnyOrder( ImmutableList.of( allOf( hasColumn(COL_ACTION, equalTo("DENY"), Schema.STRING), hasColumn(COL_FILTER_NAME, equalTo(ACL.getName()), Schema.STRING)), allOf( hasColumn(COL_ACTION, equalTo("DENY"), Schema.STRING), hasColumn( COL_FILTER_NAME, equalTo(BLOCKED_LINE_ACL.getName()), Schema.STRING)), allOf( hasColumn(COL_ACTION, equalTo("DENY"), Schema.STRING), hasColumn(COL_FILTER_NAME, equalTo(SRC_ACL.getName()), Schema.STRING)))))); }
(TableAnswerElement) new SearchFiltersAnswerer( SearchFiltersQuestion.builder().setStartLocation("enter(.*)").build(), batfish) .answerDiff(); assertThat(
(TableAnswerElement) new SearchFiltersAnswerer( SearchFiltersQuestion.builder() .setStartLocation("enter(.*)") .setAction("deny")