Add newline in restore command and add Acl test for generating restore command

1 files changed, 97 insertions, 2 deletions

diff --git a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/maintenance/acl/AclTest.java b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/maintenance/acl/AclTest.java
index cc09f43a8be..10c8e34d647 100644
--- a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/maintenance/acl/AclTest.java
+++ b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/maintenance/acl/AclTest.java
@@ -1,9 +1,104 @@
 package com.yahoo.vespa.hosted.node.admin.maintenance.acl;
 
+import com.google.common.net.InetAddresses;
+import org.junit.Assert;
 import org.junit.Test;
 
-public class AclTest  {
+import java.net.InetAddress;
+import java.util.Arrays;
+import java.util.List;
+import java.util.stream.Collectors;
+
+public class AclTest {
+
+    private final Acl acl = new Acl(
+            createPortList(1234, 453),
+            createTrustedNodes("192.1.2.2", "fb00::1", "fe80::2"));
+
+    @Test
+    public void ipv4_list_rules() {
+        String listRulesIpv4 = acl.toListRules(InetAddresses.forString("169.254.1.2"));
+        Assert.assertEquals(
+                "-P INPUT ACCEPT\n" +
+                        "-P FORWARD ACCEPT\n" +
+                        "-P OUTPUT ACCEPT\n" +
+                        "-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT\n" +
+                        "-A INPUT -i lo -j ACCEPT\n" +
+                        "-A INPUT -p icmp -j ACCEPT\n" +
+                        "-A INPUT -p tcp --dport 1234 -j ACCEPT\n" +
+                        "-A INPUT -p tcp --dport 453 -j ACCEPT\n" +
+                        "-A INPUT -s 192.1.2.2/32 -j ACCEPT\n" +
+                        "-A INPUT -j REJECT\n" +
+                        "-A OUTPUT -d 169.254.1.2 -j REDIRECT",
+                listRulesIpv4);
+    }
+
+    @Test
+    public void ipv4_restore_command() {
+        String restoreCommandIpv4 = acl.toRestoreCommand(InetAddresses.forString("169.254.1.5"));
+
+        Assert.assertEquals("*filter\n" +
+                "-P INPUT ACCEPT\n" +
+                "-P FORWARD ACCEPT\n" +
+                "-P OUTPUT ACCEPT\n" +
+                "-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT\n" +
+                "-A INPUT -i lo -j ACCEPT\n" +
+                "-A INPUT -p icmp -j ACCEPT\n" +
+                "-A INPUT -p tcp --dport 1234 -j ACCEPT\n" +
+                "-A INPUT -p tcp --dport 453 -j ACCEPT\n" +
+                "-A INPUT -s 192.1.2.2/32 -j ACCEPT\n" +
+                "-A INPUT -j REJECT\n" +
+                "-A OUTPUT -d 169.254.1.5 -j REDIRECT\n" +
+                "COMMIT\n", restoreCommandIpv4);
+    }
+
+    @Test
+    public void ipv6_list_rules() {
+        String listRulesIpv6 = acl.toListRules(InetAddresses.forString("1234::1234"));
+        Assert.assertEquals(
+                "-P INPUT ACCEPT\n" +
+                        "-P FORWARD ACCEPT\n" +
+                        "-P OUTPUT ACCEPT\n" +
+                        "-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT\n" +
+                        "-A INPUT -i lo -j ACCEPT\n" +
+                        "-A INPUT -p ipv6-icmp -j ACCEPT\n" +
+                        "-A INPUT -p tcp --dport 1234 -j ACCEPT\n" +
+                        "-A INPUT -p tcp --dport 453 -j ACCEPT\n" +
+                        "-A INPUT -s fb00::1/128 -j ACCEPT\n" +
+                        "-A INPUT -s fe80::2/128 -j ACCEPT\n" +
+                        "-A INPUT -j REJECT\n" +
+                        "-A OUTPUT -d 1234::1234 -j REDIRECT",
+                listRulesIpv6);
+    }
 
     @Test
-    public void list_commands_ipv4  
+    public void ipv6_restore_command() {
+        String restoreCommandIpv6 = acl.toRestoreCommand(InetAddresses.forString("5005:2322:2323:aaaa::1"));
+
+        Assert.assertEquals("*filter\n" +
+                        "-P INPUT ACCEPT\n" +
+                        "-P FORWARD ACCEPT\n" +
+                        "-P OUTPUT ACCEPT\n" +
+                        "-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT\n" +
+                        "-A INPUT -i lo -j ACCEPT\n" +
+                        "-A INPUT -p ipv6-icmp -j ACCEPT\n" +
+                        "-A INPUT -p tcp --dport 1234 -j ACCEPT\n" +
+                        "-A INPUT -p tcp --dport 453 -j ACCEPT\n" +
+                        "-A INPUT -s fb00::1/128 -j ACCEPT\n" +
+                        "-A INPUT -s fe80::2/128 -j ACCEPT\n" +
+                        "-A INPUT -j REJECT\n" +
+                        "-A OUTPUT -d 5005:2322:2323:aaaa::1 -j REDIRECT\n" +
+                        "COMMIT\n",
+                restoreCommandIpv6);
+    }
+
+    private List<Integer> createPortList(Integer... ports) {
+        return Arrays.asList(ports);
+    }
+
+    private List<InetAddress> createTrustedNodes(String... addresses) {
+        return Arrays.stream(addresses)
+                .map(InetAddresses::forString)
+                .collect(Collectors.toList());
+    }
 }