bddPacket, sourceMgr, aclSpec.acl.getDependencies(), ImmutableMap.of()); IpAccessList ipAcl = aclSpec.acl.getSanitizedAcl(); List<IpAccessListLine> lines = ipAcl.getLines();
@Test public void testUndefinedReference() { _aclb .setLines( ImmutableList.of( IpAccessListLine.accepting().setMatchCondition(new PermittedByAcl("???")).build())) .build(); List<AclSpecs> aclSpecs = getAclSpecs(ImmutableSet.of("c1")); // The sanitized version of the acl should have one unmatchable line assertThat(aclSpecs, hasSize(1)); CanonicalAcl acl = aclSpecs.get(0).acl; assertThat(acl.getSanitizedAcl().getLines(), equalTo(ImmutableList.of(UNMATCHABLE))); assertThat(acl.hasUndefinedRef(0), equalTo(true)); }
@Test public void testWithUndefinedSrcInterfaceReference() { _aclb .setLines( ImmutableList.of( IpAccessListLine.accepting() .setMatchCondition(new MatchSrcInterface(ImmutableList.of("???"))) .build())) .build(); List<AclSpecs> aclSpecs = getAclSpecs(ImmutableSet.of("c1")); // The sanitized version of the acl should have one unmatchable line assertThat(aclSpecs, hasSize(1)); AclSpecs spec = aclSpecs.get(0); assertThat(spec.acl.getSanitizedAcl().getLines(), equalTo(ImmutableList.of(UNMATCHABLE))); }
@Test public void testWithUndefinedIpSpaceReference() { _aclb .setLines( ImmutableList.of( IpAccessListLine.accepting() .setMatchCondition( new MatchHeaderSpace( HeaderSpace.builder().setSrcIps(new IpSpaceReference("???")).build())) .build())) .build(); List<AclSpecs> aclSpecs = getAclSpecs(ImmutableSet.of("c1")); // The sanitized version of the acl should have one unmatchable line assertThat(aclSpecs, hasSize(1)); AclSpecs spec = aclSpecs.get(0); assertThat(spec.acl.getSanitizedAcl().getLines(), equalTo(ImmutableList.of(UNMATCHABLE))); }
@Test public void testWithIpSpaceReference() { _aclb .setLines( ImmutableList.of( IpAccessListLine.rejecting() .setMatchCondition( new MatchHeaderSpace( HeaderSpace.builder() .setSrcIps(new IpSpaceReference("ipSpace")) .build())) .build())) .build(); List<AclSpecs> aclSpecs = getAclSpecs(ImmutableSet.of("c1")); // The sanitized version of the acl should directly reject 1.2.3.4 assertThat(aclSpecs, hasSize(1)); AclSpecs spec = aclSpecs.get(0); assertThat( spec.acl.getSanitizedAcl().getLines(), equalTo( ImmutableList.of( rejectingHeaderSpace( HeaderSpace.builder().setSrcIps(Ip.parse("1.2.3.4").toIpSpace()).build())))); }
@Test public void testWithUndefinedIpSpaceReferenceChain() { // Make sure it correctly interprets a chain of IpSpaceReferences ending with an undefined ref _c1.setIpSpaces( ImmutableSortedMap.of( "ipSpace1", new IpSpaceReference("ipSpace2"), "ipSpace2", new IpSpaceReference("ipSpace3"))); _aclb .setLines( ImmutableList.of( IpAccessListLine.accepting() .setMatchCondition( new MatchHeaderSpace( HeaderSpace.builder() .setSrcIps(new IpSpaceReference("ipSpace1")) .build())) .build())) .build(); List<AclSpecs> aclSpecs = getAclSpecs(ImmutableSet.of("c1")); // The sanitized version of the acl should have one unmatchable line assertThat(aclSpecs, hasSize(1)); AclSpecs spec = aclSpecs.get(0); assertThat(spec.acl.getSanitizedAcl().getLines(), equalTo(ImmutableList.of(UNMATCHABLE))); }
@Test public void testWithAclIpSpaceWithCircularRef() { // Named IP spaces includes AclIpSpace "aclIpSpace". // "aclIpSpace" contains an IpSpaceReference to itself. Rip _c1.setIpSpaces( ImmutableSortedMap.of( "aclIpSpace", AclIpSpace.of(AclIpSpaceLine.permit(new IpSpaceReference("aclIpSpace"))))); _aclb .setLines( ImmutableList.of( IpAccessListLine.accepting() .setMatchCondition( new MatchHeaderSpace( HeaderSpace.builder() .setSrcIps(new IpSpaceReference("aclIpSpace")) .build())) .build())) .build(); List<AclSpecs> aclSpecs = getAclSpecs(ImmutableSet.of("c1")); // The sanitized version of the acl should have one unmatchable line assertThat(aclSpecs, hasSize(1)); AclSpecs spec = aclSpecs.get(0); assertThat(spec.acl.getSanitizedAcl().getLines(), equalTo(ImmutableList.of(UNMATCHABLE))); }
@Test public void testWithCircularIpSpaceReferenceChain() { // Make sure it identifies an undefined reference for a circular chain of IpSpaceReferences _c1.setIpSpaces( ImmutableSortedMap.of( "ipSpace1", new IpSpaceReference("ipSpace2"), "ipSpace2", new IpSpaceReference("ipSpace3"), "ipSpace3", new IpSpaceReference("ipSpace1"))); _aclb .setLines( ImmutableList.of( IpAccessListLine.accepting() .setMatchCondition( new MatchHeaderSpace( HeaderSpace.builder() .setSrcIps(new IpSpaceReference("ipSpace1")) .build())) .build())) .build(); List<AclSpecs> aclSpecs = getAclSpecs(ImmutableSet.of("c1")); // The sanitized version of the acl should have one unmatchable line assertThat(aclSpecs, hasSize(1)); AclSpecs spec = aclSpecs.get(0); assertThat(spec.acl.getSanitizedAcl().getLines(), equalTo(ImmutableList.of(UNMATCHABLE))); }
spec.acl.getSanitizedAcl().getLines(), equalTo( ImmutableList.of( } else { assertThat(spec.acl.getSanitizedAcl().getLines(), equalTo(ImmutableList.of(UNMATCHABLE))); assertThat(spec.acl.inCycle(0), equalTo(true));
@Test public void testWithAclIpSpaceWithGoodRefs() { // ACL contains an AclIpSpace that references the same valid named IpSpace twice _aclb .setLines( ImmutableList.of( acceptingHeaderSpace( HeaderSpace.builder() .setSrcIps( AclIpSpace.of( AclIpSpaceLine.permit(new IpSpaceReference("ipSpace")), AclIpSpaceLine.permit(new IpSpaceReference("ipSpace")))) .build()))) .build(); List<AclSpecs> aclSpecs = getAclSpecs(ImmutableSet.of("c1")); // The sanitized version of the acl should have correctly dereferenced "ipSpace" assertThat(aclSpecs, hasSize(1)); AclSpecs spec = aclSpecs.get(0); assertThat( spec.acl.getSanitizedAcl().getLines(), equalTo( ImmutableList.of( acceptingHeaderSpace( HeaderSpace.builder() .setSrcIps( AclIpSpace.of( AclIpSpaceLine.permit(Ip.parse("1.2.3.4").toIpSpace()), AclIpSpaceLine.permit(Ip.parse("1.2.3.4").toIpSpace()))) .build())))); }
AclSpecs spec = aclSpecs.get(0); assertThat( spec.acl.getSanitizedAcl().getLines(), equalTo( ImmutableList.of(
.map(spec -> spec.acl.getSanitizedAcl().getLines().get(0).getMatchCondition()) .collect(Collectors.toSet()); assertThat(