diff options
author | toby <smorgrav@yahoo-inc.com> | 2018-04-10 15:17:35 +0200 |
---|---|---|
committer | toby <smorgrav@yahoo-inc.com> | 2018-04-10 15:17:35 +0200 |
commit | 68bec7e4530c59bd96f470037ea9603904ef4227 (patch) | |
tree | 608befd8571048328eca2b39247feec30e23eeb7 /node-admin/src/test/java/com | |
parent | 5505a460e2fd924b553258a26e4a45afd62211ff (diff) |
Add newline in restore command and add Acl test for generating restore command
Diffstat (limited to 'node-admin/src/test/java/com')
-rw-r--r-- | node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/maintenance/acl/AclTest.java | 99 |
1 files changed, 97 insertions, 2 deletions
diff --git a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/maintenance/acl/AclTest.java b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/maintenance/acl/AclTest.java index cc09f43a8be..10c8e34d647 100644 --- a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/maintenance/acl/AclTest.java +++ b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/maintenance/acl/AclTest.java @@ -1,9 +1,104 @@ package com.yahoo.vespa.hosted.node.admin.maintenance.acl; +import com.google.common.net.InetAddresses; +import org.junit.Assert; import org.junit.Test; -public class AclTest { +import java.net.InetAddress; +import java.util.Arrays; +import java.util.List; +import java.util.stream.Collectors; + +public class AclTest { + + private final Acl acl = new Acl( + createPortList(1234, 453), + createTrustedNodes("192.1.2.2", "fb00::1", "fe80::2")); + + @Test + public void ipv4_list_rules() { + String listRulesIpv4 = acl.toListRules(InetAddresses.forString("169.254.1.2")); + Assert.assertEquals( + "-P INPUT ACCEPT\n" + + "-P FORWARD ACCEPT\n" + + "-P OUTPUT ACCEPT\n" + + "-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT\n" + + "-A INPUT -i lo -j ACCEPT\n" + + "-A INPUT -p icmp -j ACCEPT\n" + + "-A INPUT -p tcp --dport 1234 -j ACCEPT\n" + + "-A INPUT -p tcp --dport 453 -j ACCEPT\n" + + "-A INPUT -s 192.1.2.2/32 -j ACCEPT\n" + + "-A INPUT -j REJECT\n" + + "-A OUTPUT -d 169.254.1.2 -j REDIRECT", + listRulesIpv4); + } + + @Test + public void ipv4_restore_command() { + String restoreCommandIpv4 = acl.toRestoreCommand(InetAddresses.forString("169.254.1.5")); + + Assert.assertEquals("*filter\n" + + "-P INPUT ACCEPT\n" + + "-P FORWARD ACCEPT\n" + + "-P OUTPUT ACCEPT\n" + + "-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT\n" + + "-A INPUT -i lo -j ACCEPT\n" + + "-A INPUT -p icmp -j ACCEPT\n" + + "-A INPUT -p tcp --dport 1234 -j ACCEPT\n" + + "-A INPUT -p tcp --dport 453 -j ACCEPT\n" + + "-A INPUT -s 192.1.2.2/32 -j ACCEPT\n" + + "-A INPUT -j REJECT\n" + + "-A OUTPUT -d 169.254.1.5 -j REDIRECT\n" + + "COMMIT\n", restoreCommandIpv4); + } + + @Test + public void ipv6_list_rules() { + String listRulesIpv6 = acl.toListRules(InetAddresses.forString("1234::1234")); + Assert.assertEquals( + "-P INPUT ACCEPT\n" + + "-P FORWARD ACCEPT\n" + + "-P OUTPUT ACCEPT\n" + + "-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT\n" + + "-A INPUT -i lo -j ACCEPT\n" + + "-A INPUT -p ipv6-icmp -j ACCEPT\n" + + "-A INPUT -p tcp --dport 1234 -j ACCEPT\n" + + "-A INPUT -p tcp --dport 453 -j ACCEPT\n" + + "-A INPUT -s fb00::1/128 -j ACCEPT\n" + + "-A INPUT -s fe80::2/128 -j ACCEPT\n" + + "-A INPUT -j REJECT\n" + + "-A OUTPUT -d 1234::1234 -j REDIRECT", + listRulesIpv6); + } @Test - public void list_commands_ipv4 + public void ipv6_restore_command() { + String restoreCommandIpv6 = acl.toRestoreCommand(InetAddresses.forString("5005:2322:2323:aaaa::1")); + + Assert.assertEquals("*filter\n" + + "-P INPUT ACCEPT\n" + + "-P FORWARD ACCEPT\n" + + "-P OUTPUT ACCEPT\n" + + "-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT\n" + + "-A INPUT -i lo -j ACCEPT\n" + + "-A INPUT -p ipv6-icmp -j ACCEPT\n" + + "-A INPUT -p tcp --dport 1234 -j ACCEPT\n" + + "-A INPUT -p tcp --dport 453 -j ACCEPT\n" + + "-A INPUT -s fb00::1/128 -j ACCEPT\n" + + "-A INPUT -s fe80::2/128 -j ACCEPT\n" + + "-A INPUT -j REJECT\n" + + "-A OUTPUT -d 5005:2322:2323:aaaa::1 -j REDIRECT\n" + + "COMMIT\n", + restoreCommandIpv6); + } + + private List<Integer> createPortList(Integer... ports) { + return Arrays.asList(ports); + } + + private List<InetAddress> createTrustedNodes(String... addresses) { + return Arrays.stream(addresses) + .map(InetAddresses::forString) + .collect(Collectors.toList()); + } } |