@Override public Boolean visitMatchHeaderSpace(MatchHeaderSpace matchHeaderSpace) { return trace(matchHeaderSpace.getHeaderspace()); }
@Override public Boolean visitPermittedByAcl(PermittedByAcl permittedByAcl) { return trace(_availableAcls.get(permittedByAcl.getAclName())); }
public static AclTrace trace( @Nonnull IpAccessList ipAccessList, @Nonnull Flow flow, @Nullable String srcInterface, @Nonnull Map<String, IpAccessList> availableAcls, @Nonnull Map<String, IpSpace> namedIpSpaces, @Nonnull Map<String, IpSpaceMetadata> namedIpSpaceMetadata) { AclTracer tracer = new AclTracer(flow, srcInterface, availableAcls, namedIpSpaces, namedIpSpaceMetadata); tracer.trace(ipAccessList); return tracer.getTrace(); }
@Test public void testDefaultDeniedByIpAccessList() { IpAccessList acl = IpAccessList.builder().setName(ACL_NAME).build(); Map<String, IpAccessList> availableAcls = ImmutableMap.of(ACL_NAME, acl); Map<String, IpSpace> namedIpSpaces = ImmutableMap.of(); Map<String, IpSpaceMetadata> namedIpSpaceMetadata = ImmutableMap.of(); AclTrace trace = AclTracer.trace( acl, FLOW, SRC_INTERFACE, availableAcls, namedIpSpaces, namedIpSpaceMetadata); /* The ACL has no lines, so the only event should be a default deny */ assertThat(trace, hasEvents(contains(isDefaultDeniedByIpAccessListNamed(ACL_NAME)))); }
@Test public void testDeniedByIpAccessListLine() { IpAccessList acl = IpAccessList.builder() .setName(ACL_NAME) .setLines(ImmutableList.of(IpAccessListLine.REJECT_ALL)) .build(); Map<String, IpAccessList> availableAcls = ImmutableMap.of(ACL_NAME, acl); Map<String, IpSpace> namedIpSpaces = ImmutableMap.of(); Map<String, IpSpaceMetadata> namedIpSpaceMetadata = ImmutableMap.of(); AclTrace trace = AclTracer.trace( acl, FLOW, SRC_INTERFACE, availableAcls, namedIpSpaces, namedIpSpaceMetadata); assertThat( trace, hasEvents( contains( isDeniedByIpAccessListLineThat( allOf( DeniedByIpAccessListLineMatchers.hasName(ACL_NAME), DeniedByIpAccessListLineMatchers.hasIndex(0)))))); }
@Test public void testPermittedByIpAccessListLine() { IpAccessList acl = IpAccessList.builder() .setName(ACL_NAME) .setLines(ImmutableList.of(IpAccessListLine.ACCEPT_ALL)) .build(); Map<String, IpAccessList> availableAcls = ImmutableMap.of(ACL_NAME, acl); Map<String, IpSpace> namedIpSpaces = ImmutableMap.of(); Map<String, IpSpaceMetadata> namedIpSpaceMetadata = ImmutableMap.of(); AclTrace trace = AclTracer.trace( acl, FLOW, SRC_INTERFACE, availableAcls, namedIpSpaces, namedIpSpaceMetadata); assertThat( trace, hasEvents( contains( isPermittedByIpAccessListLineThat( allOf( PermittedByIpAccessListLineMatchers.hasName(ACL_NAME), PermittedByIpAccessListLineMatchers.hasIndex(0)))))); }
@Test public void testDeniedByUnnamedAclIpSpace() { AclIpSpace aclIpSpace = AclIpSpace.DENY_ALL; IpAccessList acl = IpAccessList.builder() .setName(ACL_NAME) .setLines( ImmutableList.of( IpAccessListLine.acceptingHeaderSpace( HeaderSpace.builder().setDstIps(aclIpSpace).build()))) .build(); Map<String, IpAccessList> availableAcls = ImmutableMap.of(ACL_NAME, acl); Map<String, IpSpace> namedIpSpaces = ImmutableMap.of(); Map<String, IpSpaceMetadata> namedIpSpaceMetadata = ImmutableMap.of(); AclTrace trace = AclTracer.trace( acl, FLOW, SRC_INTERFACE, availableAcls, namedIpSpaces, namedIpSpaceMetadata); assertThat(trace, hasEvents(contains(isDefaultDeniedByIpAccessListNamed(ACL_NAME)))); }
@Test public void testDeniedByUnnamedSimpleIpSpace() { IpSpace ipSpace = EmptyIpSpace.INSTANCE; IpAccessList acl = IpAccessList.builder() .setName(ACL_NAME) .setLines( ImmutableList.of( IpAccessListLine.acceptingHeaderSpace( HeaderSpace.builder().setDstIps(ipSpace).build()))) .build(); Map<String, IpAccessList> availableAcls = ImmutableMap.of(ACL_NAME, acl); Map<String, IpSpace> namedIpSpaces = ImmutableMap.of(); Map<String, IpSpaceMetadata> namedIpSpaceMetadata = ImmutableMap.of(); AclTrace trace = AclTracer.trace( acl, FLOW, SRC_INTERFACE, availableAcls, namedIpSpaces, namedIpSpaceMetadata); assertThat(trace, hasEvents(contains(isDefaultDeniedByIpAccessListNamed(ACL_NAME)))); }
@Test public void testDefaultDeniedByNamedAclIpSpace() { AclIpSpace aclIpSpace = AclIpSpace.DENY_ALL; IpAccessList acl = IpAccessList.builder() .setName(ACL_NAME) .setLines( ImmutableList.of( IpAccessListLine.acceptingHeaderSpace( HeaderSpace.builder() .setDstIps(new IpSpaceReference(ACL_IP_SPACE_NAME)) .build()))) .build(); Map<String, IpAccessList> availableAcls = ImmutableMap.of(ACL_NAME, acl); Map<String, IpSpace> namedIpSpaces = ImmutableMap.of(ACL_IP_SPACE_NAME, aclIpSpace); Map<String, IpSpaceMetadata> namedIpSpaceMetadata = ImmutableMap.of(ACL_IP_SPACE_NAME, new IpSpaceMetadata(ACL_IP_SPACE_NAME, TEST_ACL)); AclTrace trace = AclTracer.trace( acl, FLOW, SRC_INTERFACE, availableAcls, namedIpSpaces, namedIpSpaceMetadata); assertThat( trace, hasEvents(contains(ImmutableList.of(isDefaultDeniedByIpAccessListNamed(ACL_NAME))))); }
@Test public void testPermittedByUnnamedAclIpSpace() { AclIpSpace aclIpSpace = AclIpSpace.PERMIT_ALL; IpAccessList acl = IpAccessList.builder() .setName(ACL_NAME) .setLines( ImmutableList.of( IpAccessListLine.acceptingHeaderSpace( HeaderSpace.builder().setDstIps(aclIpSpace).build()))) .build(); Map<String, IpAccessList> availableAcls = ImmutableMap.of(ACL_NAME, acl); Map<String, IpSpace> namedIpSpaces = ImmutableMap.of(); Map<String, IpSpaceMetadata> namedIpSpaceMetadata = ImmutableMap.of(); AclTrace trace = AclTracer.trace( acl, FLOW, SRC_INTERFACE, availableAcls, namedIpSpaces, namedIpSpaceMetadata); assertThat( trace, hasEvents( contains( ImmutableList.of( isPermittedByIpAccessListLineThat( allOf( PermittedByIpAccessListLineMatchers.hasName(ACL_NAME), PermittedByIpAccessListLineMatchers.hasIndex(0))))))); }
@Test public void testPermittedByUnnamedSimpleIpSpace() { IpSpace ipSpace = UniverseIpSpace.INSTANCE; IpAccessList acl = IpAccessList.builder() .setName(ACL_NAME) .setLines( ImmutableList.of( IpAccessListLine.acceptingHeaderSpace( HeaderSpace.builder().setDstIps(ipSpace).build()))) .build(); Map<String, IpAccessList> availableAcls = ImmutableMap.of(ACL_NAME, acl); Map<String, IpSpace> namedIpSpaces = ImmutableMap.of(); Map<String, IpSpaceMetadata> namedIpSpaceMetadata = ImmutableMap.of(); AclTrace trace = AclTracer.trace( acl, FLOW, SRC_INTERFACE, availableAcls, namedIpSpaces, namedIpSpaceMetadata); assertThat( trace, hasEvents( contains( ImmutableList.of( isPermittedByIpAccessListLineThat( allOf( PermittedByIpAccessListLineMatchers.hasName(ACL_NAME), PermittedByIpAccessListLineMatchers.hasIndex(0))))))); }
@Test public void testDeniedByNamedSimpleIpSpace() { String ipSpaceName = "aclIpSpace"; IpAccessList acl = IpAccessList.builder() .setName(ACL_NAME) .setLines( ImmutableList.of( IpAccessListLine.acceptingHeaderSpace( HeaderSpace.builder() .setDstIps(new IpSpaceReference(ipSpaceName)) .build()))) .build(); Map<String, IpAccessList> availableAcls = ImmutableMap.of(ACL_NAME, acl); Map<String, IpSpace> namedIpSpaces = ImmutableMap.of(ipSpaceName, Ip.MAX.toIpSpace()); Map<String, IpSpaceMetadata> namedIpSpaceMetadata = ImmutableMap.of(ipSpaceName, new IpSpaceMetadata(ipSpaceName, TEST_ACL)); AclTrace trace = AclTracer.trace( acl, FLOW, SRC_INTERFACE, availableAcls, namedIpSpaces, namedIpSpaceMetadata); assertThat( trace, hasEvents(contains(ImmutableList.of(isDefaultDeniedByIpAccessListNamed(ACL_NAME))))); }
@Test public void testDeniedByNamedAclIpSpaceLine() { AclIpSpace aclIpSpace = AclIpSpace.of(AclIpSpaceLine.DENY_ALL); IpAccessList acl = IpAccessList.builder() .setName(ACL_NAME) .setLines( ImmutableList.of( IpAccessListLine.acceptingHeaderSpace( HeaderSpace.builder() .setDstIps(new IpSpaceReference(ACL_IP_SPACE_NAME)) .build()))) .build(); Map<String, IpAccessList> availableAcls = ImmutableMap.of(ACL_NAME, acl); Map<String, IpSpace> namedIpSpaces = ImmutableMap.of(ACL_IP_SPACE_NAME, aclIpSpace); Map<String, IpSpaceMetadata> namedIpSpaceMetadata = ImmutableMap.of(ACL_IP_SPACE_NAME, new IpSpaceMetadata(ACL_IP_SPACE_NAME, TEST_ACL)); AclTrace trace = AclTracer.trace( acl, FLOW, SRC_INTERFACE, availableAcls, namedIpSpaces, namedIpSpaceMetadata); assertThat( trace, hasEvents(contains(ImmutableList.of(isDefaultDeniedByIpAccessListNamed(ACL_NAME))))); }
ImmutableMap.of(ipSpaceName, new IpSpaceMetadata(ipSpaceName, TEST_ACL)); AclTrace trace = AclTracer.trace( acl, FLOW, SRC_INTERFACE, availableAcls, namedIpSpaces, namedIpSpaceMetadata);
ImmutableMap.of(ACL_IP_SPACE_NAME, new IpSpaceMetadata(ACL_IP_SPACE_NAME, TEST_ACL)); AclTrace trace = AclTracer.trace( acl, FLOW, SRC_INTERFACE, availableAcls, namedIpSpaces, namedIpSpaceMetadata);
Map<String, IpSpaceMetadata> namedIpSpaceMetadata = ImmutableMap.of(); AclTrace trace = AclTracer.trace( acl, FLOW, SRC_INTERFACE, availableAcls, namedIpSpaces, namedIpSpaceMetadata);
Map<String, IpSpaceMetadata> namedIpSpaceMetadata = ImmutableMap.of(); AclTrace trace = AclTracer.trace( acl, FLOW, SRC_INTERFACE, availableAcls, namedIpSpaces, namedIpSpaceMetadata);
AclTracer.trace( filter, flow,