From 58eacaa74119d9e3574de46924e57bd476d107e7 Mon Sep 17 00:00:00 2001 From: shirim Date: Wed, 5 Feb 2025 13:48:04 +0200 Subject: [PATCH 1/7] changes path's string() and update some tests --- pkg/symbolicexpr/symbolicPath.go | 2 +- pkg/symbolicexpr/symbolicexpr_test.go | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/pkg/symbolicexpr/symbolicPath.go b/pkg/symbolicexpr/symbolicPath.go index 98c5cf66..cee6518c 100644 --- a/pkg/symbolicexpr/symbolicPath.go +++ b/pkg/symbolicexpr/symbolicPath.go @@ -7,7 +7,7 @@ import ( ) func (path *SymbolicPath) String() string { - return path.Conn.String() + " from " + path.Src.string() + " to " + path.Dst.string() + return "src: " + path.Src.string() + " dst: " + path.Dst.string() + " conn: " + path.Conn.String() } // if the source or destination is empty then so is the entire path diff --git a/pkg/symbolicexpr/symbolicexpr_test.go b/pkg/symbolicexpr/symbolicexpr_test.go index 14759c1e..6626cbdd 100644 --- a/pkg/symbolicexpr/symbolicexpr_test.go +++ b/pkg/symbolicexpr/symbolicexpr_test.go @@ -61,8 +61,8 @@ func TestSymbolicPaths(t *testing.T) { } conjSymbolicPath := SymbolicPath{Src: conjSrc, Dst: conjDst, Conn: netset.AllTCPTransport()} fmt.Printf("\nconjSymbolicPath:\n%v\n", conjSymbolicPath.String()) - require.Equal(t, "TCP from (group = str1 and group = str2 and group = str3) to "+ - "(group != str1 and group != str2 and group != str3)", + require.Equal(t, "src: (group = str1 and group = str2 and group = str3) dst: "+ + "(group != str1 and group != str2 and group != str3) conn: TCP", conjSymbolicPath.String(), "conjSymbolicPath not as expected") println("conjEmpty", conjEmpty.string()) require.Equal(t, emptySet, conjEmpty.string(), "empty conjunction not as expected") @@ -80,7 +80,7 @@ func TestSymbolicPaths(t *testing.T) { hints := Hints{GroupsDisjoint: disjoint} pathNoRedundant := path.removeRedundant(&hints) fmt.Printf("pathNoRedundant:%v\n", pathNoRedundant) - require.Equal(t, "TCP from (group = Gryffindor) to (group = Slytherin)", pathNoRedundant.String(), + require.Equal(t, "src: (group = Gryffindor) dst: (group = Slytherin) conn: TCP", pathNoRedundant.String(), "redundant removal not working") } @@ -108,9 +108,9 @@ func TestComputeAllowGivenDenySingleTermEach1(t *testing.T) { fmt.Printf("allowPath is %v\ndenyPath is %v\n", allowPath.String(), denyPath.String()) allowGivenDeny := *computeAllowGivenAllowHigherDeny(allowPath, denyPath, &Hints{GroupsDisjoint: [][]string{}}) fmt.Printf("computeAllowGivenAllowHigherDeny(allowPath, denyPath) is\n%v\n", allowGivenDeny.String()) - require.Equal(t, "All Connections from (tag = src1 and tag != src2) to (tag = dst1)\n"+ - "All Connections from (tag = src1) to (tag = dst1 and tag != dst2)\n"+ - "ICMP,TCP from (tag = src1) to (tag = dst1)", + require.Equal(t, "src: (tag = src1 and tag != src2) dst: (tag = dst1) conn: All Connections\n"+ + "src: (tag = src1) dst: (tag = dst1 and tag != dst2) conn: All Connections\n"+ + "src: (tag = src1) dst: (tag = dst1) conn: ICMP,TCP", allowGivenDeny.String(), "allowGivenDeny single term computation not as expected") } From a3e0dc50fc9e862c69dcf070b8068718e836c995 Mon Sep 17 00:00:00 2001 From: shirim Date: Wed, 5 Feb 2025 13:50:39 +0200 Subject: [PATCH 2/7] update tests --- pkg/symbolicexpr/symbolicexpr_test.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pkg/symbolicexpr/symbolicexpr_test.go b/pkg/symbolicexpr/symbolicexpr_test.go index 6626cbdd..f6156825 100644 --- a/pkg/symbolicexpr/symbolicexpr_test.go +++ b/pkg/symbolicexpr/symbolicexpr_test.go @@ -137,14 +137,14 @@ func TestComputeAllowGivenDenySingleTermEach2(t *testing.T) { allowGivenDeny := *computeAllowGivenAllowHigherDeny(allowPath, denyPath, &Hints{GroupsDisjoint: [][]string{}}) fmt.Printf("computeAllowGivenAllowHigherDeny(allowPath, denyPath) is\n%v\n", allowGivenDeny.String()) // computeAllowGivenAllowHigherDeny not optimized - require.Equal(t, "UDP from (tag = src1 and tag != src2) to (tag = dst1)\n"+ - "UDP from (tag = src1) to (tag = dst1 and tag != dst2)\nUDP from (tag = src1) to (tag = dst1)", + require.Equal(t, "src: (tag = src1 and tag != src2) dst: (tag = dst1) conn: UDP\n"+ + "src: (tag = src1) dst: (tag = dst1 and tag != dst2) conn: UDP\nsrc: (tag = src1) dst: (tag = dst1) conn: UDP", allowGivenDeny.String(), "allowGivenDeny single term computation not as expected") // ComputeAllowGivenDenies optimize allowGivenDenyPaths := *ComputeAllowGivenDenies(&SymbolicPaths{&allowPath}, &SymbolicPaths{&denyPath}, &Hints{GroupsDisjoint: [][]string{}}) fmt.Printf("allowGivenDenyPaths is %v\n", allowGivenDenyPaths.String()) - require.Equal(t, "UDP from (tag = src1) to (tag = dst1)", allowGivenDenyPaths.String(), + require.Equal(t, "src: (tag = src1) dst: (tag = dst1) conn: UDP", allowGivenDenyPaths.String(), "ComputeAllowGivenDenies does not work as expected") } @@ -168,7 +168,7 @@ func TestComputeAllowGivenDenySingleTermEach3(t *testing.T) { allowGivenDenyPaths := *ComputeAllowGivenDenies(&SymbolicPaths{&allowPath}, &SymbolicPaths{&denyPath}, &Hints{GroupsDisjoint: [][]string{}}) fmt.Printf("allowGivenDenyPaths is %v\n", allowGivenDenyPaths.String()) - require.Equal(t, "TCP src-ports: 51-65535 from (group = src1) to (group = dst1)", allowGivenDenyPaths.String(), + require.Equal(t, "src: (group = src1) dst: (group = dst1) conn: TCP src-ports: 51-65535", allowGivenDenyPaths.String(), "ComputeAllowGivenDenies does not work as expected") } From 7030733e5b26f66a8eb39019bb4ffe0559042774 Mon Sep 17 00:00:00 2001 From: shirim Date: Wed, 5 Feb 2025 13:55:38 +0200 Subject: [PATCH 3/7] update tests --- pkg/symbolicexpr/symbolicexpr_test.go | 86 +++++++++++++-------------- 1 file changed, 43 insertions(+), 43 deletions(-) diff --git a/pkg/symbolicexpr/symbolicexpr_test.go b/pkg/symbolicexpr/symbolicexpr_test.go index f6156825..a16846bc 100644 --- a/pkg/symbolicexpr/symbolicexpr_test.go +++ b/pkg/symbolicexpr/symbolicexpr_test.go @@ -234,18 +234,18 @@ func TestComputeAllowGivenDenyThreeTermsEach(t *testing.T) { fmt.Printf("symbolicAllow is %s\nsymbolicDeny is %s\n", allowPath.String(), denyPath.String()) fmt.Printf("computeAllowGivenAllowHigherDeny(allowPath, denyPath) is\n%v\n", allowGivenDenyPaths.String()) require.Equal(t, - "TCP from (group = src1 and group = src2 and group = src3 and group != src1`) to"+ - " (group = dst1 and group = dst2 and group = dst3)\n"+ - "TCP from (group = src1 and group = src2 and group = src3 and group != src2`) to "+ - "(group = dst1 and group = dst2 and group = dst3)\n"+ - "TCP from (group = src1 and group = src2 and group = src3 and group != src3`) to"+ - " (group = dst1 and group = dst2 and group = dst3)\n"+ - "TCP from (group = src1 and group = src2 and group = src3) to "+ - "(group = dst1 and group = dst2 and group = dst3 and group != dst1`)\n"+ - "TCP from (group = src1 and group = src2 and group = src3) to "+ - "(group = dst1 and group = dst2 and group = dst3 and group != dst2`)\n"+ - "TCP from (group = src1 and group = src2 and group = src3) to "+ - "(group = dst1 and group = dst2 and group = dst3 and group != dst3`)", + "src: (group = src1 and group = src2 and group = src3 and group != src1`) dst:"+ + " (group = dst1 and group = dst2 and group = dst3) conn: TCP\n"+ + "src: (group = src1 and group = src2 and group = src3 and group != src2`) dst: "+ + "(group = dst1 and group = dst2 and group = dst3) conn: TCP\n"+ + "src: (group = src1 and group = src2 and group = src3 and group != src3`) dst:"+ + " (group = dst1 and group = dst2 and group = dst3) conn: TCP\n"+ + "src: (group = src1 and group = src2 and group = src3) dst: "+ + "(group = dst1 and group = dst2 and group = dst3 and group != dst1`) conn: TCP\n"+ + "src: (group = src1 and group = src2 and group = src3) dst: "+ + "(group = dst1 and group = dst2 and group = dst3 and group != dst2`) conn: TCP\n"+ + "src: (group = src1 and group = src2 and group = src3) dst: "+ + "(group = dst1 and group = dst2 and group = dst3 and group != dst3`) conn: TCP", allowGivenDenyPaths.String(), "allowGivenDeny three terms computation not as expected") } @@ -278,10 +278,10 @@ func TestComputeAllowGivenDenyAllowTautology(t *testing.T) { allowGivenDeny := *computeAllowGivenAllowHigherDeny(allowPath, denyPath, &Hints{GroupsDisjoint: [][]string{}}) fmt.Printf("computeAllowGivenAllowHigherDeny(allowPath, denyPath) is\n%v\n", allowGivenDeny.String()) require.Equal(t, - "All Connections from (group != src1`) to (*)\nAll Connections from (group != src2`) to (*)\n"+ - "All Connections from (group != src3`) to (*)\nAll Connections from (*) to (group != dst1`)\n"+ - "All Connections from (*) to (group != dst2`)\nAll Connections from (*) to (group != dst3`)\n"+ - "ICMP,TCP from (*) to (*)", allowGivenDeny.String(), + "All Connections src: (group != src1`) dst: (*)\nAll Connections src: (group != src2`) dst: (*)\n"+ + "All Connections src: (group != src3`) dst: (*)\nAll Connections src: (*) dst: (group != dst1`)\n"+ + "All Connections src: (*) dst: (group != dst2`)\nAll Connections src: (*) dst: (group != dst3`)\n"+ + "ICMP,TCP src: (*) dst: (*)", allowGivenDeny.String(), "allowGivenDeny allow tautology computation not as expected") } @@ -355,31 +355,31 @@ func TestComputeAllowGivenDenies(t *testing.T) { res := ComputeAllowGivenDenies(&allowPaths, &denyPaths, &Hints{GroupsDisjoint: [][]string{}}) fmt.Printf("ComputeAllowGivenDenies:\n%v\n", res.String()) require.Equal(t, - "TCP from (group = t0 and group != s0 and group != s2 and group != s4) to (group = t1)\n"+ - "TCP from (group = t0 and group != s0 and group != s2) to (group = t1 and group != s5)\n"+ - "TCP from (group = t0 and group != s0 and group != s4) to (group = t1 and group != s3)\n"+ - "TCP from (group = t0 and group != s0) to (group = t1 and group != s3 and group != s5)\n"+ - "TCP from (group = t0 and group != s2 and group != s4) to (group = t1 and group != s1)\n"+ - "TCP from (group = t0 and group != s2) to (group = t1 and group != s1 and group != s5)\n"+ - "TCP from (group = t0 and group != s4) to (group = t1 and group != s1 and group != s3)\n"+ - "TCP from (group = t0) to (group = t1 and group != s1 and group != s3 and group != s5)\n"+ - "TCP from (group = t2 and group != s0 and group != s2 and group != s4) to (group = t3)\n"+ - "TCP from (group = t2 and group != s0 and group != s2) to (group = t3 and group != s5)\n"+ - "TCP from (group = t2 and group != s0 and group != s4) to (group = t3 and group != s3)\n"+ - "TCP from (group = t2 and group != s0) to (group = t3 and group != s3 and group != s5)\n"+ - "TCP from (group = t2 and group != s2 and group != s4) to (group = t3 and group != s1)\n"+ - "TCP from (group = t2 and group != s2) to (group = t3 and group != s1 and group != s5)\n"+ - "TCP from (group = t2 and group != s4) to (group = t3 and group != s1 and group != s3)\n"+ - "TCP from (group = t2) to (group = t3 and group != s1 and group != s3 and group != s5)", + "TCP src: (group = t0 and group != s0 and group != s2 and group != s4) dst: (group = t1)\n"+ + "TCP src: (group = t0 and group != s0 and group != s2) dst: (group = t1 and group != s5)\n"+ + "TCP src: (group = t0 and group != s0 and group != s4) dst: (group = t1 and group != s3)\n"+ + "TCP src: (group = t0 and group != s0) dst: (group = t1 and group != s3 and group != s5)\n"+ + "TCP src: (group = t0 and group != s2 and group != s4) dst: (group = t1 and group != s1)\n"+ + "TCP src: (group = t0 and group != s2) dst: (group = t1 and group != s1 and group != s5)\n"+ + "TCP src: (group = t0 and group != s4) dst: (group = t1 and group != s1 and group != s3)\n"+ + "TCP src: (group = t0) dst: (group = t1 and group != s1 and group != s3 and group != s5)\n"+ + "TCP src: (group = t2 and group != s0 and group != s2 and group != s4) dst: (group = t3)\n"+ + "TCP src: (group = t2 and group != s0 and group != s2) dst: (group = t3 and group != s5)\n"+ + "TCP src: (group = t2 and group != s0 and group != s4) dst: (group = t3 and group != s3)\n"+ + "TCP src: (group = t2 and group != s0) dst: (group = t3 and group != s3 and group != s5)\n"+ + "TCP src: (group = t2 and group != s2 and group != s4) dst: (group = t3 and group != s1)\n"+ + "TCP src: (group = t2 and group != s2) dst: (group = t3 and group != s1 and group != s5)\n"+ + "TCP src: (group = t2 and group != s4) dst: (group = t3 and group != s1 and group != s3)\n"+ + "TCP src: (group = t2) dst: (group = t3 and group != s1 and group != s3 and group != s5)", res.String(), "ComputeAllowGivenDenies computation not as expected") } // Input: // allow symbolic path: -// group = src1 to * +// group = src1 dst: * // deny symbolic path: -// (group = src1) to (d1 = dst1) -// Output allow paths: (group = str1) to (d1 != dst1) +// (group = src1) dst: (d1 = dst1) +// Output allow paths: (group = str1) dst: (d1 != dst1) func TestAllowDenyOptimizeEmptyPath(t *testing.T) { conjSrc1, conjDst1 := Conjunction{}, Conjunction{} atomicSrc1 := newDummyGroupTerm("src1", false) @@ -392,19 +392,19 @@ func TestAllowDenyOptimizeEmptyPath(t *testing.T) { &Hints{GroupsDisjoint: [][]string{}}) fmt.Printf("allow path: %v with higher priority deny path:%v is:\n%v\n\n", allowPath.String(), denyPath.String(), allowWithDeny.String()) - require.Equal(t, "All Connections from (group = src1) to (group != dst1)", allowWithDeny.String(), + require.Equal(t, "All Connections src: (group = src1) dst: (group != dst1)", allowWithDeny.String(), "optimized with deny not working properly") } // conj1: (group = str1) // conj2: (group = str1), (s2 = str2) // conj3: (group = str1), (s2 = str2), (s3 = str3) -// path1: conj1 to conj1 TCP -// path1Tag: conj1 to conj1 All -// path2: conj2 to conj2 TCP -// path3: conj3 to conj3 TCP -// path4: conj1 to conj2 TCP -// path5: conj3 to conj2 TCP +// path1: conj1 dst: conj1 TCP +// path1Tag: conj1 dst: conj1 All +// path2: conj2 dst: conj2 TCP +// path3: conj3 dst: conj3 TCP +// path4: conj1 dst: conj2 TCP +// path5: conj3 dst: conj2 TCP // tests: // path1 is implied by all paths // path1Tag is not implied by path3 @@ -437,7 +437,7 @@ func TestSymbolicPathsImplied(t *testing.T) { path1.isSuperset(path5, &Hints{GroupsDisjoint: [][]string{}}), "path1 is a superset of all paths but path2Tag") require.Equal(t, true, !path1.isSuperset(path2Tag, &Hints{GroupsDisjoint: [][]string{}}), - "path1 is not a superset of path2Tag due to the connection") + "path1 is not a superset of path2Tag due dst: the connection") require.Equal(t, true, path2.isSuperset(path3, &Hints{GroupsDisjoint: [][]string{}}) && path2.isSuperset(path5, &Hints{GroupsDisjoint: [][]string{}}) && !path2.isSuperset(path4, &Hints{GroupsDisjoint: [][]string{}}), From ad893a37fb976c6d080796eaa605c0ac6f5530cd Mon Sep 17 00:00:00 2001 From: shirim Date: Wed, 5 Feb 2025 14:09:57 +0200 Subject: [PATCH 4/7] update tests --- pkg/symbolicexpr/symbolicexpr_test.go | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/pkg/symbolicexpr/symbolicexpr_test.go b/pkg/symbolicexpr/symbolicexpr_test.go index a16846bc..29df0318 100644 --- a/pkg/symbolicexpr/symbolicexpr_test.go +++ b/pkg/symbolicexpr/symbolicexpr_test.go @@ -278,10 +278,11 @@ func TestComputeAllowGivenDenyAllowTautology(t *testing.T) { allowGivenDeny := *computeAllowGivenAllowHigherDeny(allowPath, denyPath, &Hints{GroupsDisjoint: [][]string{}}) fmt.Printf("computeAllowGivenAllowHigherDeny(allowPath, denyPath) is\n%v\n", allowGivenDeny.String()) require.Equal(t, - "All Connections src: (group != src1`) dst: (*)\nAll Connections src: (group != src2`) dst: (*)\n"+ - "All Connections src: (group != src3`) dst: (*)\nAll Connections src: (*) dst: (group != dst1`)\n"+ - "All Connections src: (*) dst: (group != dst2`)\nAll Connections src: (*) dst: (group != dst3`)\n"+ - "ICMP,TCP src: (*) dst: (*)", allowGivenDeny.String(), + "src: (group != src1`) dst: (*) conn: All Connections\n"+ + "src: (group != src2`) dst: (*) conn: All Connections\nsrc: (group != src3`) dst: (*) conn: All Connections\n"+ + "src: (*) dst: (group != dst1`) conn: All Connections\n"+ + "src: (*) dst: (group != dst2`) conn: All Connections\nsrc: (*) dst: (group != dst3`) conn: All Connections\n"+ + "src: (*) dst: (*) conn: ICMP,TCP", allowGivenDeny.String(), "allowGivenDeny allow tautology computation not as expected") } From ee6fb5a9b4a806d21ddcd8ca0d10b9072efb7637 Mon Sep 17 00:00:00 2001 From: shirim Date: Wed, 5 Feb 2025 14:13:41 +0200 Subject: [PATCH 5/7] update tests --- pkg/symbolicexpr/symbolicexpr_test.go | 34 +++++++++++++-------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/pkg/symbolicexpr/symbolicexpr_test.go b/pkg/symbolicexpr/symbolicexpr_test.go index 29df0318..2ba3e7d2 100644 --- a/pkg/symbolicexpr/symbolicexpr_test.go +++ b/pkg/symbolicexpr/symbolicexpr_test.go @@ -356,22 +356,22 @@ func TestComputeAllowGivenDenies(t *testing.T) { res := ComputeAllowGivenDenies(&allowPaths, &denyPaths, &Hints{GroupsDisjoint: [][]string{}}) fmt.Printf("ComputeAllowGivenDenies:\n%v\n", res.String()) require.Equal(t, - "TCP src: (group = t0 and group != s0 and group != s2 and group != s4) dst: (group = t1)\n"+ - "TCP src: (group = t0 and group != s0 and group != s2) dst: (group = t1 and group != s5)\n"+ - "TCP src: (group = t0 and group != s0 and group != s4) dst: (group = t1 and group != s3)\n"+ - "TCP src: (group = t0 and group != s0) dst: (group = t1 and group != s3 and group != s5)\n"+ - "TCP src: (group = t0 and group != s2 and group != s4) dst: (group = t1 and group != s1)\n"+ - "TCP src: (group = t0 and group != s2) dst: (group = t1 and group != s1 and group != s5)\n"+ - "TCP src: (group = t0 and group != s4) dst: (group = t1 and group != s1 and group != s3)\n"+ - "TCP src: (group = t0) dst: (group = t1 and group != s1 and group != s3 and group != s5)\n"+ - "TCP src: (group = t2 and group != s0 and group != s2 and group != s4) dst: (group = t3)\n"+ - "TCP src: (group = t2 and group != s0 and group != s2) dst: (group = t3 and group != s5)\n"+ - "TCP src: (group = t2 and group != s0 and group != s4) dst: (group = t3 and group != s3)\n"+ - "TCP src: (group = t2 and group != s0) dst: (group = t3 and group != s3 and group != s5)\n"+ - "TCP src: (group = t2 and group != s2 and group != s4) dst: (group = t3 and group != s1)\n"+ - "TCP src: (group = t2 and group != s2) dst: (group = t3 and group != s1 and group != s5)\n"+ - "TCP src: (group = t2 and group != s4) dst: (group = t3 and group != s1 and group != s3)\n"+ - "TCP src: (group = t2) dst: (group = t3 and group != s1 and group != s3 and group != s5)", + "src: (group = t0 and group != s0 and group != s2 and group != s4) dst: (group = t1) conn: TCP\n"+ + "src: (group = t0 and group != s0 and group != s2) dst: (group = t1 and group != s5) conn: TCP\n"+ + "src: (group = t0 and group != s0 and group != s4) dst: (group = t1 and group != s3) conn: TCP\n"+ + "src: (group = t0 and group != s0) dst: (group = t1 and group != s3 and group != s5) conn: TCP\n"+ + "src: (group = t0 and group != s2 and group != s4) dst: (group = t1 and group != s1) conn: TCP\n"+ + "src: (group = t0 and group != s2) dst: (group = t1 and group != s1 and group != s5) conn: TCP\n"+ + "src: (group = t0 and group != s4) dst: (group = t1 and group != s1 and group != s3) conn: TCP\n"+ + "src: (group = t0) dst: (group = t1 and group != s1 and group != s3 and group != s5) conn: TCP\n"+ + "src: (group = t2 and group != s0 and group != s2 and group != s4) dst: (group = t3) conn: TCP\n"+ + "src: (group = t2 and group != s0 and group != s2) dst: (group = t3 and group != s5) conn: TCP\n"+ + "src: (group = t2 and group != s0 and group != s4) dst: (group = t3 and group != s3) conn: TCP\n"+ + "src: (group = t2 and group != s0) dst: (group = t3 and group != s3 and group != s5) conn: TCP\n"+ + "src: (group = t2 and group != s2 and group != s4) dst: (group = t3 and group != s1) conn: TCP\n"+ + "src: (group = t2 and group != s2) dst: (group = t3 and group != s1 and group != s5) conn: TCP\n"+ + "src: (group = t2 and group != s4) dst: (group = t3 and group != s1 and group != s3) conn: TCP\n"+ + "src: (group = t2) dst: (group = t3 and group != s1 and group != s3 and group != s5) conn: TCP", res.String(), "ComputeAllowGivenDenies computation not as expected") } @@ -393,7 +393,7 @@ func TestAllowDenyOptimizeEmptyPath(t *testing.T) { &Hints{GroupsDisjoint: [][]string{}}) fmt.Printf("allow path: %v with higher priority deny path:%v is:\n%v\n\n", allowPath.String(), denyPath.String(), allowWithDeny.String()) - require.Equal(t, "All Connections src: (group = src1) dst: (group != dst1)", allowWithDeny.String(), + require.Equal(t, "src: (group = src1) dst: (group != dst1) conn: All Connections", allowWithDeny.String(), "optimized with deny not working properly") } From 718b0eaa3797d83ef450c21fada53a19b98fcf99 Mon Sep 17 00:00:00 2001 From: shirim Date: Wed, 5 Feb 2025 14:18:27 +0200 Subject: [PATCH 6/7] update tests --- .../Example1c_PreProcessing.txt | 8 ++--- .../ExampleDenyPassSimple_PreProcessing.txt | 20 +++++------ .../ExampleDumbeldore_PreProcessing.txt | 16 ++++----- .../ExampleExprAndConds_PreProcessing.txt | 16 ++++----- .../ExampleExprOrConds_PreProcessing.txt | 28 +++++++-------- .../ExampleExprSingleScope_PreProcessing.txt | 36 +++++++++---------- .../ExampleExprTwoScopes_PreProcessing.txt | 32 ++++++++--------- .../ExampleHintsDisjoint_PreProcessing.txt | 20 +++++------ ...mpleHogwartsNoDumbledore_PreProcessing.txt | 32 ++++++++--------- .../ExampleHogwartsSimpler_PreProcessing.txt | 24 ++++++------- .../ExampleHogwarts_PreProcessing.txt | 36 +++++++++---------- ...mpleHogwarts_PreProcessing_Application.txt | 36 +++++++++---------- .../ExampleTwoDeniesSimple_PreProcessing.txt | 20 +++++------ 13 files changed, 162 insertions(+), 162 deletions(-) diff --git a/pkg/synthesis/tests_expected_output/Example1c_PreProcessing.txt b/pkg/synthesis/tests_expected_output/Example1c_PreProcessing.txt index 74fe259a..a11afdf0 100644 --- a/pkg/synthesis/tests_expected_output/Example1c_PreProcessing.txt +++ b/pkg/synthesis/tests_expected_output/Example1c_PreProcessing.txt @@ -1,8 +1,8 @@ category: Application ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ symbolic inbound rules: - 0. action: allow paths: TCP dst-ports: 445 from (group = frontend) to (group = backend) - 1. action: deny paths: All Connections from (*) to (*) + 0. action: allow paths: src: (group = frontend) dst: (group = backend) conn: TCP dst-ports: 445 + 1. action: deny paths: src: (*) dst: (*) conn: All Connections symbolic outbound rules: - 0. action: allow paths: TCP dst-ports: 445 from (group = frontend) to (group = backend) - 1. action: deny paths: All Connections from (*) to (*) \ No newline at end of file + 0. action: allow paths: src: (group = frontend) dst: (group = backend) conn: TCP dst-ports: 445 + 1. action: deny paths: src: (*) dst: (*) conn: All Connections \ No newline at end of file diff --git a/pkg/synthesis/tests_expected_output/ExampleDenyPassSimple_PreProcessing.txt b/pkg/synthesis/tests_expected_output/ExampleDenyPassSimple_PreProcessing.txt index 252eb375..55c15929 100644 --- a/pkg/synthesis/tests_expected_output/ExampleDenyPassSimple_PreProcessing.txt +++ b/pkg/synthesis/tests_expected_output/ExampleDenyPassSimple_PreProcessing.txt @@ -1,18 +1,18 @@ category: Environment ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ symbolic inbound rules: - 0. action: jump_to_application paths: All Connections from (*) to (group = Dumbledore) - 1. action: deny paths: All Connections from (*) to (group = Hufflepuff) - 2. action: deny paths: All Connections from (*) to (group = Slytherin) + 0. action: jump_to_application paths: src: (*) dst: (group = Dumbledore) conn: All Connections + 1. action: deny paths: src: (*) dst: (group = Hufflepuff) conn: All Connections + 2. action: deny paths: src: (*) dst: (group = Slytherin) conn: All Connections symbolic outbound rules: - 0. action: jump_to_application paths: All Connections from (*) to (group = Dumbledore) - 1. action: deny paths: All Connections from (*) to (group = Hufflepuff) - 2. action: deny paths: All Connections from (*) to (group = Slytherin) + 0. action: jump_to_application paths: src: (*) dst: (group = Dumbledore) conn: All Connections + 1. action: deny paths: src: (*) dst: (group = Hufflepuff) conn: All Connections + 2. action: deny paths: src: (*) dst: (group = Slytherin) conn: All Connections category: Application ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ symbolic inbound rules: - 0. action: allow paths: All Connections from (*) to (*) - 1. action: deny paths: All Connections from (*) to (*) + 0. action: allow paths: src: (*) dst: (*) conn: All Connections + 1. action: deny paths: src: (*) dst: (*) conn: All Connections symbolic outbound rules: - 0. action: allow paths: All Connections from (*) to (*) - 1. action: deny paths: All Connections from (*) to (*) \ No newline at end of file + 0. action: allow paths: src: (*) dst: (*) conn: All Connections + 1. action: deny paths: src: (*) dst: (*) conn: All Connections \ No newline at end of file diff --git a/pkg/synthesis/tests_expected_output/ExampleDumbeldore_PreProcessing.txt b/pkg/synthesis/tests_expected_output/ExampleDumbeldore_PreProcessing.txt index 6f1cb5e6..53ba3ff6 100644 --- a/pkg/synthesis/tests_expected_output/ExampleDumbeldore_PreProcessing.txt +++ b/pkg/synthesis/tests_expected_output/ExampleDumbeldore_PreProcessing.txt @@ -1,12 +1,12 @@ category: Application ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ symbolic inbound rules: - 0. action: allow paths: All Connections from (group = DumbledoreAll) to (*) - 1. action: deny paths: All Connections from (group = DumbledoreNoSly) to (group = Slytherin) - 2. action: allow paths: All Connections from (group = DumbledoreNoSly) to (*) - 3. action: deny paths: All Connections from (*) to (*) + 0. action: allow paths: src: (group = DumbledoreAll) dst: (*) conn: All Connections + 1. action: deny paths: src: (group = DumbledoreNoSly) dst: (group = Slytherin) conn: All Connections + 2. action: allow paths: src: (group = DumbledoreNoSly) dst: (*) conn: All Connections + 3. action: deny paths: src: (*) dst: (*) conn: All Connections symbolic outbound rules: - 0. action: allow paths: All Connections from (group = DumbledoreAll) to (*) - 1. action: deny paths: All Connections from (group = DumbledoreNoSly) to (group = Slytherin) - 2. action: allow paths: All Connections from (group = DumbledoreNoSly) to (*) - 3. action: deny paths: All Connections from (*) to (*) \ No newline at end of file + 0. action: allow paths: src: (group = DumbledoreAll) dst: (*) conn: All Connections + 1. action: deny paths: src: (group = DumbledoreNoSly) dst: (group = Slytherin) conn: All Connections + 2. action: allow paths: src: (group = DumbledoreNoSly) dst: (*) conn: All Connections + 3. action: deny paths: src: (*) dst: (*) conn: All Connections \ No newline at end of file diff --git a/pkg/synthesis/tests_expected_output/ExampleExprAndConds_PreProcessing.txt b/pkg/synthesis/tests_expected_output/ExampleExprAndConds_PreProcessing.txt index a804a8ca..5d831738 100644 --- a/pkg/synthesis/tests_expected_output/ExampleExprAndConds_PreProcessing.txt +++ b/pkg/synthesis/tests_expected_output/ExampleExprAndConds_PreProcessing.txt @@ -1,12 +1,12 @@ category: Application ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ symbolic inbound rules: - 0. action: allow paths: All Connections from (*) to (tag = Slytherin and tag != DB) - 1. action: allow paths: All Connections from (*) to (tag = Gryffindor and tag != DB) - 2. action: allow paths: All Connections from (*) to (tag = Hufflepuff and tag != DB) - 3. action: deny paths: All Connections from (*) to (*) + 0. action: allow paths: src: (*) dst: (tag = Slytherin and tag != DB) conn: All Connections + 1. action: allow paths: src: (*) dst: (tag = Gryffindor and tag != DB) conn: All Connections + 2. action: allow paths: src: (*) dst: (tag = Hufflepuff and tag != DB) conn: All Connections + 3. action: deny paths: src: (*) dst: (*) conn: All Connections symbolic outbound rules: - 0. action: allow paths: All Connections from (*) to (tag = Slytherin and tag != DB) - 1. action: allow paths: All Connections from (*) to (tag = Gryffindor and tag != DB) - 2. action: allow paths: All Connections from (*) to (tag = Hufflepuff and tag != DB) - 3. action: deny paths: All Connections from (*) to (*) \ No newline at end of file + 0. action: allow paths: src: (*) dst: (tag = Slytherin and tag != DB) conn: All Connections + 1. action: allow paths: src: (*) dst: (tag = Gryffindor and tag != DB) conn: All Connections + 2. action: allow paths: src: (*) dst: (tag = Hufflepuff and tag != DB) conn: All Connections + 3. action: deny paths: src: (*) dst: (*) conn: All Connections \ No newline at end of file diff --git a/pkg/synthesis/tests_expected_output/ExampleExprOrConds_PreProcessing.txt b/pkg/synthesis/tests_expected_output/ExampleExprOrConds_PreProcessing.txt index 355c2d52..b8a8d26a 100644 --- a/pkg/synthesis/tests_expected_output/ExampleExprOrConds_PreProcessing.txt +++ b/pkg/synthesis/tests_expected_output/ExampleExprOrConds_PreProcessing.txt @@ -1,18 +1,18 @@ category: Application ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ symbolic inbound rules: - 0. action: allow paths: All Connections from (*) to (tag = Slytherin) -All Connections from (*) to (tag != DB) - 1. action: allow paths: All Connections from (*) to (tag = Gryffindor) -All Connections from (*) to (tag != DB) - 2. action: allow paths: All Connections from (*) to (tag = Hufflepuff) -All Connections from (*) to (tag != DB) - 3. action: deny paths: All Connections from (*) to (*) + 0. action: allow paths: src: (*) dst: (tag = Slytherin) conn: All Connections +src: (*) dst: (tag != DB) conn: All Connections + 1. action: allow paths: src: (*) dst: (tag = Gryffindor) conn: All Connections +src: (*) dst: (tag != DB) conn: All Connections + 2. action: allow paths: src: (*) dst: (tag = Hufflepuff) conn: All Connections +src: (*) dst: (tag != DB) conn: All Connections + 3. action: deny paths: src: (*) dst: (*) conn: All Connections symbolic outbound rules: - 0. action: allow paths: All Connections from (*) to (tag = Slytherin) -All Connections from (*) to (tag != DB) - 1. action: allow paths: All Connections from (*) to (tag = Gryffindor) -All Connections from (*) to (tag != DB) - 2. action: allow paths: All Connections from (*) to (tag = Hufflepuff) -All Connections from (*) to (tag != DB) - 3. action: deny paths: All Connections from (*) to (*) \ No newline at end of file + 0. action: allow paths: src: (*) dst: (tag = Slytherin) conn: All Connections +src: (*) dst: (tag != DB) conn: All Connections + 1. action: allow paths: src: (*) dst: (tag = Gryffindor) conn: All Connections +src: (*) dst: (tag != DB) conn: All Connections + 2. action: allow paths: src: (*) dst: (tag = Hufflepuff) conn: All Connections +src: (*) dst: (tag != DB) conn: All Connections + 3. action: deny paths: src: (*) dst: (*) conn: All Connections \ No newline at end of file diff --git a/pkg/synthesis/tests_expected_output/ExampleExprSingleScope_PreProcessing.txt b/pkg/synthesis/tests_expected_output/ExampleExprSingleScope_PreProcessing.txt index 27f5ff19..ede4cef5 100644 --- a/pkg/synthesis/tests_expected_output/ExampleExprSingleScope_PreProcessing.txt +++ b/pkg/synthesis/tests_expected_output/ExampleExprSingleScope_PreProcessing.txt @@ -1,22 +1,22 @@ category: Application ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ symbolic inbound rules: - 0. action: deny paths: All Connections from (tag = Dumbledore) to (tag = Slytherin) - 1. action: allow paths: All Connections from (tag = Dumbledore) to (*) - 2. action: deny paths: All Connections from (tag = Gryffindor) to (tag = Hufflepuff) - 3. action: allow paths: All Connections from (tag = Gryffindor) to (*) - 4. action: deny paths: All Connections from (tag = Hufflepuff) to (tag = Slytherin) - 5. action: allow paths: All Connections from (tag = Hufflepuff) to (*) - 6. action: deny paths: All Connections from (tag = Slytherin) to (tag = Gryffindor) - 7. action: allow paths: All Connections from (tag = Slytherin) to (*) - 8. action: deny paths: All Connections from (*) to (*) + 0. action: deny paths: src: (tag = Dumbledore) dst: (tag = Slytherin) conn: All Connections + 1. action: allow paths: src: (tag = Dumbledore) dst: (*) conn: All Connections + 2. action: deny paths: src: (tag = Gryffindor) dst: (tag = Hufflepuff) conn: All Connections + 3. action: allow paths: src: (tag = Gryffindor) dst: (*) conn: All Connections + 4. action: deny paths: src: (tag = Hufflepuff) dst: (tag = Slytherin) conn: All Connections + 5. action: allow paths: src: (tag = Hufflepuff) dst: (*) conn: All Connections + 6. action: deny paths: src: (tag = Slytherin) dst: (tag = Gryffindor) conn: All Connections + 7. action: allow paths: src: (tag = Slytherin) dst: (*) conn: All Connections + 8. action: deny paths: src: (*) dst: (*) conn: All Connections symbolic outbound rules: - 0. action: deny paths: All Connections from (tag = Dumbledore) to (tag = Slytherin) - 1. action: allow paths: All Connections from (tag = Dumbledore) to (*) - 2. action: deny paths: All Connections from (tag = Gryffindor) to (tag = Hufflepuff) - 3. action: allow paths: All Connections from (tag = Gryffindor) to (*) - 4. action: deny paths: All Connections from (tag = Hufflepuff) to (tag = Slytherin) - 5. action: allow paths: All Connections from (tag = Hufflepuff) to (*) - 6. action: deny paths: All Connections from (tag = Slytherin) to (tag = Gryffindor) - 7. action: allow paths: All Connections from (tag = Slytherin) to (*) - 8. action: deny paths: All Connections from (*) to (*) \ No newline at end of file + 0. action: deny paths: src: (tag = Dumbledore) dst: (tag = Slytherin) conn: All Connections + 1. action: allow paths: src: (tag = Dumbledore) dst: (*) conn: All Connections + 2. action: deny paths: src: (tag = Gryffindor) dst: (tag = Hufflepuff) conn: All Connections + 3. action: allow paths: src: (tag = Gryffindor) dst: (*) conn: All Connections + 4. action: deny paths: src: (tag = Hufflepuff) dst: (tag = Slytherin) conn: All Connections + 5. action: allow paths: src: (tag = Hufflepuff) dst: (*) conn: All Connections + 6. action: deny paths: src: (tag = Slytherin) dst: (tag = Gryffindor) conn: All Connections + 7. action: allow paths: src: (tag = Slytherin) dst: (*) conn: All Connections + 8. action: deny paths: src: (*) dst: (*) conn: All Connections \ No newline at end of file diff --git a/pkg/synthesis/tests_expected_output/ExampleExprTwoScopes_PreProcessing.txt b/pkg/synthesis/tests_expected_output/ExampleExprTwoScopes_PreProcessing.txt index 0c3a9990..4bfbad66 100644 --- a/pkg/synthesis/tests_expected_output/ExampleExprTwoScopes_PreProcessing.txt +++ b/pkg/synthesis/tests_expected_output/ExampleExprTwoScopes_PreProcessing.txt @@ -1,24 +1,24 @@ category: Environment ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ symbolic inbound rules: - 0. action: jump_to_application paths: All Connections from (tag = Gryffindor) to (tag = Gryffindor) - 1. action: jump_to_application paths: All Connections from (tag = Hufflepuff) to (tag = Hufflepuff) - 2. action: jump_to_application paths: All Connections from (tag = Slytherin) to (tag = Slytherin) - 3. action: deny paths: All Connections from (*) to (*) + 0. action: jump_to_application paths: src: (tag = Gryffindor) dst: (tag = Gryffindor) conn: All Connections + 1. action: jump_to_application paths: src: (tag = Hufflepuff) dst: (tag = Hufflepuff) conn: All Connections + 2. action: jump_to_application paths: src: (tag = Slytherin) dst: (tag = Slytherin) conn: All Connections + 3. action: deny paths: src: (*) dst: (*) conn: All Connections symbolic outbound rules: - 0. action: jump_to_application paths: All Connections from (tag = Gryffindor) to (tag = Gryffindor) - 1. action: jump_to_application paths: All Connections from (tag = Hufflepuff) to (tag = Hufflepuff) - 2. action: jump_to_application paths: All Connections from (tag = Slytherin) to (tag = Slytherin) - 3. action: deny paths: All Connections from (*) to (*) + 0. action: jump_to_application paths: src: (tag = Gryffindor) dst: (tag = Gryffindor) conn: All Connections + 1. action: jump_to_application paths: src: (tag = Hufflepuff) dst: (tag = Hufflepuff) conn: All Connections + 2. action: jump_to_application paths: src: (tag = Slytherin) dst: (tag = Slytherin) conn: All Connections + 3. action: deny paths: src: (*) dst: (*) conn: All Connections category: Application ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ symbolic inbound rules: - 0. action: allow paths: All Connections from (*) to (tag = Web) - 1. action: allow paths: All Connections from (tag = Web) to (tag = App) - 2. action: allow paths: All Connections from (tag = App) to (tag = DB) - 3. action: deny paths: All Connections from (*) to (*) + 0. action: allow paths: src: (*) dst: (tag = Web) conn: All Connections + 1. action: allow paths: src: (tag = Web) dst: (tag = App) conn: All Connections + 2. action: allow paths: src: (tag = App) dst: (tag = DB) conn: All Connections + 3. action: deny paths: src: (*) dst: (*) conn: All Connections symbolic outbound rules: - 0. action: allow paths: All Connections from (*) to (tag = Web) - 1. action: allow paths: All Connections from (tag = Web) to (tag = App) - 2. action: allow paths: All Connections from (tag = App) to (tag = DB) - 3. action: deny paths: All Connections from (*) to (*) \ No newline at end of file + 0. action: allow paths: src: (*) dst: (tag = Web) conn: All Connections + 1. action: allow paths: src: (tag = Web) dst: (tag = App) conn: All Connections + 2. action: allow paths: src: (tag = App) dst: (tag = DB) conn: All Connections + 3. action: deny paths: src: (*) dst: (*) conn: All Connections \ No newline at end of file diff --git a/pkg/synthesis/tests_expected_output/ExampleHintsDisjoint_PreProcessing.txt b/pkg/synthesis/tests_expected_output/ExampleHintsDisjoint_PreProcessing.txt index 9b675101..00140c0b 100644 --- a/pkg/synthesis/tests_expected_output/ExampleHintsDisjoint_PreProcessing.txt +++ b/pkg/synthesis/tests_expected_output/ExampleHintsDisjoint_PreProcessing.txt @@ -1,14 +1,14 @@ category: Application ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ symbolic inbound rules: - 0. action: deny paths: All Connections from (group = Dumbledore1) to (group = Slytherin) - 1. action: deny paths: All Connections from (group = Dumbledore2) to (group = Gryffindor) - 2. action: allow paths: All Connections from (group = Dumbledore1) to (*) - 3. action: allow paths: All Connections from (group = Dumbledore2) to (*) - 4. action: deny paths: All Connections from (*) to (*) + 0. action: deny paths: src: (group = Dumbledore1) dst: (group = Slytherin) conn: All Connections + 1. action: deny paths: src: (group = Dumbledore2) dst: (group = Gryffindor) conn: All Connections + 2. action: allow paths: src: (group = Dumbledore1) dst: (*) conn: All Connections + 3. action: allow paths: src: (group = Dumbledore2) dst: (*) conn: All Connections + 4. action: deny paths: src: (*) dst: (*) conn: All Connections symbolic outbound rules: - 0. action: deny paths: All Connections from (group = Dumbledore1) to (group = Slytherin) - 1. action: deny paths: All Connections from (group = Dumbledore2) to (group = Gryffindor) - 2. action: allow paths: All Connections from (group = Dumbledore1) to (*) - 3. action: allow paths: All Connections from (group = Dumbledore2) to (*) - 4. action: deny paths: All Connections from (*) to (*) \ No newline at end of file + 0. action: deny paths: src: (group = Dumbledore1) dst: (group = Slytherin) conn: All Connections + 1. action: deny paths: src: (group = Dumbledore2) dst: (group = Gryffindor) conn: All Connections + 2. action: allow paths: src: (group = Dumbledore1) dst: (*) conn: All Connections + 3. action: allow paths: src: (group = Dumbledore2) dst: (*) conn: All Connections + 4. action: deny paths: src: (*) dst: (*) conn: All Connections \ No newline at end of file diff --git a/pkg/synthesis/tests_expected_output/ExampleHogwartsNoDumbledore_PreProcessing.txt b/pkg/synthesis/tests_expected_output/ExampleHogwartsNoDumbledore_PreProcessing.txt index 998393f1..d14ba438 100644 --- a/pkg/synthesis/tests_expected_output/ExampleHogwartsNoDumbledore_PreProcessing.txt +++ b/pkg/synthesis/tests_expected_output/ExampleHogwartsNoDumbledore_PreProcessing.txt @@ -1,24 +1,24 @@ category: Environment ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ symbolic inbound rules: - 0. action: jump_to_application paths: All Connections from (group = Gryffindor) to (group = Gryffindor) - 1. action: jump_to_application paths: All Connections from (group = Hufflepuff) to (group = Hufflepuff) - 2. action: jump_to_application paths: All Connections from (group = Slytherin) to (group = Slytherin) - 3. action: deny paths: All Connections from (*) to (*) + 0. action: jump_to_application paths: src: (group = Gryffindor) dst: (group = Gryffindor) conn: All Connections + 1. action: jump_to_application paths: src: (group = Hufflepuff) dst: (group = Hufflepuff) conn: All Connections + 2. action: jump_to_application paths: src: (group = Slytherin) dst: (group = Slytherin) conn: All Connections + 3. action: deny paths: src: (*) dst: (*) conn: All Connections symbolic outbound rules: - 0. action: jump_to_application paths: All Connections from (group = Gryffindor) to (group = Gryffindor) - 1. action: jump_to_application paths: All Connections from (group = Hufflepuff) to (group = Hufflepuff) - 2. action: jump_to_application paths: All Connections from (group = Slytherin) to (group = Slytherin) - 3. action: deny paths: All Connections from (*) to (*) + 0. action: jump_to_application paths: src: (group = Gryffindor) dst: (group = Gryffindor) conn: All Connections + 1. action: jump_to_application paths: src: (group = Hufflepuff) dst: (group = Hufflepuff) conn: All Connections + 2. action: jump_to_application paths: src: (group = Slytherin) dst: (group = Slytherin) conn: All Connections + 3. action: deny paths: src: (*) dst: (*) conn: All Connections category: Application ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ symbolic inbound rules: - 0. action: allow paths: All Connections from (*) to (group = Web) - 1. action: allow paths: All Connections from (group = Web) to (group = App) - 2. action: allow paths: All Connections from (group = App) to (group = DB) - 3. action: deny paths: All Connections from (*) to (*) + 0. action: allow paths: src: (*) dst: (group = Web) conn: All Connections + 1. action: allow paths: src: (group = Web) dst: (group = App) conn: All Connections + 2. action: allow paths: src: (group = App) dst: (group = DB) conn: All Connections + 3. action: deny paths: src: (*) dst: (*) conn: All Connections symbolic outbound rules: - 0. action: allow paths: All Connections from (*) to (group = Web) - 1. action: allow paths: All Connections from (group = Web) to (group = App) - 2. action: allow paths: All Connections from (group = App) to (group = DB) - 3. action: deny paths: All Connections from (*) to (*) \ No newline at end of file + 0. action: allow paths: src: (*) dst: (group = Web) conn: All Connections + 1. action: allow paths: src: (group = Web) dst: (group = App) conn: All Connections + 2. action: allow paths: src: (group = App) dst: (group = DB) conn: All Connections + 3. action: deny paths: src: (*) dst: (*) conn: All Connections \ No newline at end of file diff --git a/pkg/synthesis/tests_expected_output/ExampleHogwartsSimpler_PreProcessing.txt b/pkg/synthesis/tests_expected_output/ExampleHogwartsSimpler_PreProcessing.txt index 17982e7e..d70e79c5 100644 --- a/pkg/synthesis/tests_expected_output/ExampleHogwartsSimpler_PreProcessing.txt +++ b/pkg/synthesis/tests_expected_output/ExampleHogwartsSimpler_PreProcessing.txt @@ -1,20 +1,20 @@ category: Environment ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ symbolic inbound rules: - 0. action: jump_to_application paths: All Connections from (group = Gryffindor) to (group = Gryffindor) - 1. action: jump_to_application paths: All Connections from (group = Slytherin) to (group = Slytherin) - 2. action: deny paths: All Connections from (*) to (*) + 0. action: jump_to_application paths: src: (group = Gryffindor) dst: (group = Gryffindor) conn: All Connections + 1. action: jump_to_application paths: src: (group = Slytherin) dst: (group = Slytherin) conn: All Connections + 2. action: deny paths: src: (*) dst: (*) conn: All Connections symbolic outbound rules: - 0. action: jump_to_application paths: All Connections from (group = Gryffindor) to (group = Gryffindor) - 1. action: jump_to_application paths: All Connections from (group = Slytherin) to (group = Slytherin) - 2. action: deny paths: All Connections from (*) to (*) + 0. action: jump_to_application paths: src: (group = Gryffindor) dst: (group = Gryffindor) conn: All Connections + 1. action: jump_to_application paths: src: (group = Slytherin) dst: (group = Slytherin) conn: All Connections + 2. action: deny paths: src: (*) dst: (*) conn: All Connections category: Application ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ symbolic inbound rules: - 0. action: allow paths: All Connections from (*) to (group = Web) - 1. action: allow paths: All Connections from (group = Web) to (group = App) - 2. action: deny paths: All Connections from (*) to (*) + 0. action: allow paths: src: (*) dst: (group = Web) conn: All Connections + 1. action: allow paths: src: (group = Web) dst: (group = App) conn: All Connections + 2. action: deny paths: src: (*) dst: (*) conn: All Connections symbolic outbound rules: - 0. action: allow paths: All Connections from (*) to (group = Web) - 1. action: allow paths: All Connections from (group = Web) to (group = App) - 2. action: deny paths: All Connections from (*) to (*) \ No newline at end of file + 0. action: allow paths: src: (*) dst: (group = Web) conn: All Connections + 1. action: allow paths: src: (group = Web) dst: (group = App) conn: All Connections + 2. action: deny paths: src: (*) dst: (*) conn: All Connections \ No newline at end of file diff --git a/pkg/synthesis/tests_expected_output/ExampleHogwarts_PreProcessing.txt b/pkg/synthesis/tests_expected_output/ExampleHogwarts_PreProcessing.txt index 1ab2dbf3..3377b301 100644 --- a/pkg/synthesis/tests_expected_output/ExampleHogwarts_PreProcessing.txt +++ b/pkg/synthesis/tests_expected_output/ExampleHogwarts_PreProcessing.txt @@ -1,26 +1,26 @@ category: Environment ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ symbolic inbound rules: - 0. action: jump_to_application paths: All Connections from (group = Gryffindor) to (group = Gryffindor) - 1. action: jump_to_application paths: All Connections from (group = Hufflepuff) to (group = Hufflepuff) - 2. action: jump_to_application paths: All Connections from (group = Slytherin) to (group = Slytherin) - 3. action: jump_to_application paths: All Connections from (group = Dumbledore) to (group = Gryffindor) - 4. action: deny paths: All Connections from (*) to (*) + 0. action: jump_to_application paths: src: (group = Gryffindor) dst: (group = Gryffindor) conn: All Connections + 1. action: jump_to_application paths: src: (group = Hufflepuff) dst: (group = Hufflepuff) conn: All Connections + 2. action: jump_to_application paths: src: (group = Slytherin) dst: (group = Slytherin) conn: All Connections + 3. action: jump_to_application paths: src: (group = Dumbledore) dst: (group = Gryffindor) conn: All Connections + 4. action: deny paths: src: (*) dst: (*) conn: All Connections symbolic outbound rules: - 0. action: jump_to_application paths: All Connections from (group = Gryffindor) to (group = Gryffindor) - 1. action: jump_to_application paths: All Connections from (group = Hufflepuff) to (group = Hufflepuff) - 2. action: jump_to_application paths: All Connections from (group = Slytherin) to (group = Slytherin) - 3. action: jump_to_application paths: All Connections from (group = Dumbledore) to (group = Gryffindor) - 4. action: deny paths: All Connections from (*) to (*) + 0. action: jump_to_application paths: src: (group = Gryffindor) dst: (group = Gryffindor) conn: All Connections + 1. action: jump_to_application paths: src: (group = Hufflepuff) dst: (group = Hufflepuff) conn: All Connections + 2. action: jump_to_application paths: src: (group = Slytherin) dst: (group = Slytherin) conn: All Connections + 3. action: jump_to_application paths: src: (group = Dumbledore) dst: (group = Gryffindor) conn: All Connections + 4. action: deny paths: src: (*) dst: (*) conn: All Connections category: Application ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ symbolic inbound rules: - 0. action: allow paths: All Connections from (*) to (group = Web) - 1. action: allow paths: All Connections from (group = Web) to (group = App) - 2. action: allow paths: All Connections from (group = App) to (group = DB) - 3. action: deny paths: All Connections from (*) to (*) + 0. action: allow paths: src: (*) dst: (group = Web) conn: All Connections + 1. action: allow paths: src: (group = Web) dst: (group = App) conn: All Connections + 2. action: allow paths: src: (group = App) dst: (group = DB) conn: All Connections + 3. action: deny paths: src: (*) dst: (*) conn: All Connections symbolic outbound rules: - 0. action: allow paths: All Connections from (*) to (group = Web) - 1. action: allow paths: All Connections from (group = Web) to (group = App) - 2. action: allow paths: All Connections from (group = App) to (group = DB) - 3. action: deny paths: All Connections from (*) to (*) \ No newline at end of file + 0. action: allow paths: src: (*) dst: (group = Web) conn: All Connections + 1. action: allow paths: src: (group = Web) dst: (group = App) conn: All Connections + 2. action: allow paths: src: (group = App) dst: (group = DB) conn: All Connections + 3. action: deny paths: src: (*) dst: (*) conn: All Connections \ No newline at end of file diff --git a/pkg/synthesis/tests_expected_output/ExampleHogwarts_PreProcessing_Application.txt b/pkg/synthesis/tests_expected_output/ExampleHogwarts_PreProcessing_Application.txt index 1ab2dbf3..3377b301 100644 --- a/pkg/synthesis/tests_expected_output/ExampleHogwarts_PreProcessing_Application.txt +++ b/pkg/synthesis/tests_expected_output/ExampleHogwarts_PreProcessing_Application.txt @@ -1,26 +1,26 @@ category: Environment ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ symbolic inbound rules: - 0. action: jump_to_application paths: All Connections from (group = Gryffindor) to (group = Gryffindor) - 1. action: jump_to_application paths: All Connections from (group = Hufflepuff) to (group = Hufflepuff) - 2. action: jump_to_application paths: All Connections from (group = Slytherin) to (group = Slytherin) - 3. action: jump_to_application paths: All Connections from (group = Dumbledore) to (group = Gryffindor) - 4. action: deny paths: All Connections from (*) to (*) + 0. action: jump_to_application paths: src: (group = Gryffindor) dst: (group = Gryffindor) conn: All Connections + 1. action: jump_to_application paths: src: (group = Hufflepuff) dst: (group = Hufflepuff) conn: All Connections + 2. action: jump_to_application paths: src: (group = Slytherin) dst: (group = Slytherin) conn: All Connections + 3. action: jump_to_application paths: src: (group = Dumbledore) dst: (group = Gryffindor) conn: All Connections + 4. action: deny paths: src: (*) dst: (*) conn: All Connections symbolic outbound rules: - 0. action: jump_to_application paths: All Connections from (group = Gryffindor) to (group = Gryffindor) - 1. action: jump_to_application paths: All Connections from (group = Hufflepuff) to (group = Hufflepuff) - 2. action: jump_to_application paths: All Connections from (group = Slytherin) to (group = Slytherin) - 3. action: jump_to_application paths: All Connections from (group = Dumbledore) to (group = Gryffindor) - 4. action: deny paths: All Connections from (*) to (*) + 0. action: jump_to_application paths: src: (group = Gryffindor) dst: (group = Gryffindor) conn: All Connections + 1. action: jump_to_application paths: src: (group = Hufflepuff) dst: (group = Hufflepuff) conn: All Connections + 2. action: jump_to_application paths: src: (group = Slytherin) dst: (group = Slytherin) conn: All Connections + 3. action: jump_to_application paths: src: (group = Dumbledore) dst: (group = Gryffindor) conn: All Connections + 4. action: deny paths: src: (*) dst: (*) conn: All Connections category: Application ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ symbolic inbound rules: - 0. action: allow paths: All Connections from (*) to (group = Web) - 1. action: allow paths: All Connections from (group = Web) to (group = App) - 2. action: allow paths: All Connections from (group = App) to (group = DB) - 3. action: deny paths: All Connections from (*) to (*) + 0. action: allow paths: src: (*) dst: (group = Web) conn: All Connections + 1. action: allow paths: src: (group = Web) dst: (group = App) conn: All Connections + 2. action: allow paths: src: (group = App) dst: (group = DB) conn: All Connections + 3. action: deny paths: src: (*) dst: (*) conn: All Connections symbolic outbound rules: - 0. action: allow paths: All Connections from (*) to (group = Web) - 1. action: allow paths: All Connections from (group = Web) to (group = App) - 2. action: allow paths: All Connections from (group = App) to (group = DB) - 3. action: deny paths: All Connections from (*) to (*) \ No newline at end of file + 0. action: allow paths: src: (*) dst: (group = Web) conn: All Connections + 1. action: allow paths: src: (group = Web) dst: (group = App) conn: All Connections + 2. action: allow paths: src: (group = App) dst: (group = DB) conn: All Connections + 3. action: deny paths: src: (*) dst: (*) conn: All Connections \ No newline at end of file diff --git a/pkg/synthesis/tests_expected_output/ExampleTwoDeniesSimple_PreProcessing.txt b/pkg/synthesis/tests_expected_output/ExampleTwoDeniesSimple_PreProcessing.txt index 5ea5c2af..5edc79d2 100644 --- a/pkg/synthesis/tests_expected_output/ExampleTwoDeniesSimple_PreProcessing.txt +++ b/pkg/synthesis/tests_expected_output/ExampleTwoDeniesSimple_PreProcessing.txt @@ -1,14 +1,14 @@ category: Application ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ symbolic inbound rules: - 0. action: deny paths: All Connections from (*) to (group = Dumbledore1) - 1. action: deny paths: All Connections from (*) to (group = Dumbledore2) - 2. action: allow paths: All Connections from (group = Slytherin) to (*) - 3. action: allow paths: All Connections from (group = Gryffindor) to (*) - 4. action: deny paths: All Connections from (*) to (*) + 0. action: deny paths: src: (*) dst: (group = Dumbledore1) conn: All Connections + 1. action: deny paths: src: (*) dst: (group = Dumbledore2) conn: All Connections + 2. action: allow paths: src: (group = Slytherin) dst: (*) conn: All Connections + 3. action: allow paths: src: (group = Gryffindor) dst: (*) conn: All Connections + 4. action: deny paths: src: (*) dst: (*) conn: All Connections symbolic outbound rules: - 0. action: deny paths: All Connections from (*) to (group = Dumbledore1) - 1. action: deny paths: All Connections from (*) to (group = Dumbledore2) - 2. action: allow paths: All Connections from (group = Slytherin) to (*) - 3. action: allow paths: All Connections from (group = Gryffindor) to (*) - 4. action: deny paths: All Connections from (*) to (*) \ No newline at end of file + 0. action: deny paths: src: (*) dst: (group = Dumbledore1) conn: All Connections + 1. action: deny paths: src: (*) dst: (group = Dumbledore2) conn: All Connections + 2. action: allow paths: src: (group = Slytherin) dst: (*) conn: All Connections + 3. action: allow paths: src: (group = Gryffindor) dst: (*) conn: All Connections + 4. action: deny paths: src: (*) dst: (*) conn: All Connections \ No newline at end of file From c5737f745c142ad4d4b21cb9fd3f20c2bf0cf277 Mon Sep 17 00:00:00 2001 From: shirim Date: Wed, 5 Feb 2025 14:23:47 +0200 Subject: [PATCH 7/7] update tests --- .../Example1c_ConvertToAbstractNoHint.txt | 4 +- ...DenyPassSimple_ConvertToAbstractNoHint.txt | 8 ++-- ...mpleDumbeldore_ConvertToAbstractNoHint.txt | 8 ++-- .../ExampleExprAndConds_ConvertToAbstract.txt | 12 +++--- .../ExampleExprOrConds_ConvertToAbstract.txt | 24 +++++------ ...ampleExprSingleScope_ConvertToAbstract.txt | 16 ++++---- ...ExampleExprTwoScopes_ConvertToAbstract.txt | 36 ++++++++--------- ...eHintsDisjoint_ConvertToAbstractNoHint.txt | 16 ++++---- ...HogwartsNoDumbledore_ConvertToAbstract.txt | 36 ++++++++--------- ...ogwartsSimpler_ConvertToAbstractNoHint.txt | 16 ++++---- .../ExampleHogwarts_ConvertToAbstract.txt | 40 +++++++++---------- ...Hogwarts_ConvertToAbstract.txt_Application | 12 +++--- ...woDeniesSimple_ConvertToAbstractNoHint.txt | 8 ++-- .../Example1c_true_0/policies.yaml | 4 +- .../policies.yaml | 8 ++-- .../ExampleDumbeldore_true_0/policies.yaml | 8 ++-- .../ExampleExprAndConds_false_0/policies.yaml | 12 +++--- .../ExampleExprOrConds_false_0/policies.yaml | 24 +++++------ .../policies.yaml | 16 ++++---- .../policies.yaml | 36 ++++++++--------- .../ExampleHintsDisjoint_true_0/policies.yaml | 16 ++++---- .../policies.yaml | 36 ++++++++--------- .../policies.yaml | 16 ++++---- .../ExampleHogwarts_false_0/policies.yaml | 40 +++++++++---------- .../adminPolicies.yaml | 20 +++++----- .../ExampleHogwarts_false_4/policies.yaml | 12 +++--- .../policies.yaml | 8 ++-- 27 files changed, 246 insertions(+), 246 deletions(-) diff --git a/pkg/synthesis/tests_expected_output/Example1c_ConvertToAbstractNoHint.txt b/pkg/synthesis/tests_expected_output/Example1c_ConvertToAbstractNoHint.txt index a8143ced..ad431917 100644 --- a/pkg/synthesis/tests_expected_output/Example1c_ConvertToAbstractNoHint.txt +++ b/pkg/synthesis/tests_expected_output/Example1c_ConvertToAbstractNoHint.txt @@ -1,6 +1,6 @@ Allow Only Rules ~~~~~~~~~~~~~~~~~ inbound rules - TCP dst-ports: 445 from (group = frontend) to (group = backend) + src: (group = frontend) dst: (group = backend) conn: TCP dst-ports: 445 outbound rules - TCP dst-ports: 445 from (group = frontend) to (group = backend) \ No newline at end of file + src: (group = frontend) dst: (group = backend) conn: TCP dst-ports: 445 \ No newline at end of file diff --git a/pkg/synthesis/tests_expected_output/ExampleDenyPassSimple_ConvertToAbstractNoHint.txt b/pkg/synthesis/tests_expected_output/ExampleDenyPassSimple_ConvertToAbstractNoHint.txt index 8eced258..12be40ed 100644 --- a/pkg/synthesis/tests_expected_output/ExampleDenyPassSimple_ConvertToAbstractNoHint.txt +++ b/pkg/synthesis/tests_expected_output/ExampleDenyPassSimple_ConvertToAbstractNoHint.txt @@ -1,8 +1,8 @@ Allow Only Rules ~~~~~~~~~~~~~~~~~ inbound rules - All Connections from (*) to (group != Hufflepuff and group != Slytherin) - All Connections from (*) to (group = Dumbledore) + src: (*) dst: (group != Hufflepuff and group != Slytherin) conn: All Connections + src: (*) dst: (group = Dumbledore) conn: All Connections outbound rules - All Connections from (*) to (group != Hufflepuff and group != Slytherin) - All Connections from (*) to (group = Dumbledore) \ No newline at end of file + src: (*) dst: (group != Hufflepuff and group != Slytherin) conn: All Connections + src: (*) dst: (group = Dumbledore) conn: All Connections \ No newline at end of file diff --git a/pkg/synthesis/tests_expected_output/ExampleDumbeldore_ConvertToAbstractNoHint.txt b/pkg/synthesis/tests_expected_output/ExampleDumbeldore_ConvertToAbstractNoHint.txt index 9b2b3edd..83987cc8 100644 --- a/pkg/synthesis/tests_expected_output/ExampleDumbeldore_ConvertToAbstractNoHint.txt +++ b/pkg/synthesis/tests_expected_output/ExampleDumbeldore_ConvertToAbstractNoHint.txt @@ -1,8 +1,8 @@ Allow Only Rules ~~~~~~~~~~~~~~~~~ inbound rules - All Connections from (group = DumbledoreAll) to (*) - All Connections from (group = DumbledoreNoSly) to (group != Slytherin) + src: (group = DumbledoreAll) dst: (*) conn: All Connections + src: (group = DumbledoreNoSly) dst: (group != Slytherin) conn: All Connections outbound rules - All Connections from (group = DumbledoreAll) to (*) - All Connections from (group = DumbledoreNoSly) to (group != Slytherin) \ No newline at end of file + src: (group = DumbledoreAll) dst: (*) conn: All Connections + src: (group = DumbledoreNoSly) dst: (group != Slytherin) conn: All Connections \ No newline at end of file diff --git a/pkg/synthesis/tests_expected_output/ExampleExprAndConds_ConvertToAbstract.txt b/pkg/synthesis/tests_expected_output/ExampleExprAndConds_ConvertToAbstract.txt index cd40b70a..b8fc5fea 100644 --- a/pkg/synthesis/tests_expected_output/ExampleExprAndConds_ConvertToAbstract.txt +++ b/pkg/synthesis/tests_expected_output/ExampleExprAndConds_ConvertToAbstract.txt @@ -1,10 +1,10 @@ Allow Only Rules ~~~~~~~~~~~~~~~~~ inbound rules - All Connections from (*) to (tag = Slytherin and tag != DB) - All Connections from (*) to (tag = Gryffindor and tag != DB) - All Connections from (*) to (tag = Hufflepuff and tag != DB) + src: (*) dst: (tag = Slytherin and tag != DB) conn: All Connections + src: (*) dst: (tag = Gryffindor and tag != DB) conn: All Connections + src: (*) dst: (tag = Hufflepuff and tag != DB) conn: All Connections outbound rules - All Connections from (*) to (tag = Slytherin and tag != DB) - All Connections from (*) to (tag = Gryffindor and tag != DB) - All Connections from (*) to (tag = Hufflepuff and tag != DB) \ No newline at end of file + src: (*) dst: (tag = Slytherin and tag != DB) conn: All Connections + src: (*) dst: (tag = Gryffindor and tag != DB) conn: All Connections + src: (*) dst: (tag = Hufflepuff and tag != DB) conn: All Connections \ No newline at end of file diff --git a/pkg/synthesis/tests_expected_output/ExampleExprOrConds_ConvertToAbstract.txt b/pkg/synthesis/tests_expected_output/ExampleExprOrConds_ConvertToAbstract.txt index bf317c8b..605d80ae 100644 --- a/pkg/synthesis/tests_expected_output/ExampleExprOrConds_ConvertToAbstract.txt +++ b/pkg/synthesis/tests_expected_output/ExampleExprOrConds_ConvertToAbstract.txt @@ -1,16 +1,16 @@ Allow Only Rules ~~~~~~~~~~~~~~~~~ inbound rules - All Connections from (*) to (tag = Slytherin) - All Connections from (*) to (tag != DB) - All Connections from (*) to (tag = Gryffindor) - All Connections from (*) to (tag != DB) - All Connections from (*) to (tag = Hufflepuff) - All Connections from (*) to (tag != DB) + src: (*) dst: (tag = Slytherin) conn: All Connections + src: (*) dst: (tag != DB) conn: All Connections + src: (*) dst: (tag = Gryffindor) conn: All Connections + src: (*) dst: (tag != DB) conn: All Connections + src: (*) dst: (tag = Hufflepuff) conn: All Connections + src: (*) dst: (tag != DB) conn: All Connections outbound rules - All Connections from (*) to (tag = Slytherin) - All Connections from (*) to (tag != DB) - All Connections from (*) to (tag = Gryffindor) - All Connections from (*) to (tag != DB) - All Connections from (*) to (tag = Hufflepuff) - All Connections from (*) to (tag != DB) \ No newline at end of file + src: (*) dst: (tag = Slytherin) conn: All Connections + src: (*) dst: (tag != DB) conn: All Connections + src: (*) dst: (tag = Gryffindor) conn: All Connections + src: (*) dst: (tag != DB) conn: All Connections + src: (*) dst: (tag = Hufflepuff) conn: All Connections + src: (*) dst: (tag != DB) conn: All Connections \ No newline at end of file diff --git a/pkg/synthesis/tests_expected_output/ExampleExprSingleScope_ConvertToAbstract.txt b/pkg/synthesis/tests_expected_output/ExampleExprSingleScope_ConvertToAbstract.txt index d87c40c7..dec7510f 100644 --- a/pkg/synthesis/tests_expected_output/ExampleExprSingleScope_ConvertToAbstract.txt +++ b/pkg/synthesis/tests_expected_output/ExampleExprSingleScope_ConvertToAbstract.txt @@ -1,12 +1,12 @@ Allow Only Rules ~~~~~~~~~~~~~~~~~ inbound rules - All Connections from (tag = Dumbledore) to (tag != Slytherin) - All Connections from (tag = Gryffindor) to (tag != Hufflepuff) - All Connections from (tag = Hufflepuff) to (tag != Slytherin) - All Connections from (tag = Slytherin) to (tag != Gryffindor) + src: (tag = Dumbledore) dst: (tag != Slytherin) conn: All Connections + src: (tag = Gryffindor) dst: (tag != Hufflepuff) conn: All Connections + src: (tag = Hufflepuff) dst: (tag != Slytherin) conn: All Connections + src: (tag = Slytherin) dst: (tag != Gryffindor) conn: All Connections outbound rules - All Connections from (tag = Dumbledore) to (tag != Slytherin) - All Connections from (tag = Gryffindor) to (tag != Hufflepuff) - All Connections from (tag = Hufflepuff) to (tag != Slytherin) - All Connections from (tag = Slytherin) to (tag != Gryffindor) \ No newline at end of file + src: (tag = Dumbledore) dst: (tag != Slytherin) conn: All Connections + src: (tag = Gryffindor) dst: (tag != Hufflepuff) conn: All Connections + src: (tag = Hufflepuff) dst: (tag != Slytherin) conn: All Connections + src: (tag = Slytherin) dst: (tag != Gryffindor) conn: All Connections \ No newline at end of file diff --git a/pkg/synthesis/tests_expected_output/ExampleExprTwoScopes_ConvertToAbstract.txt b/pkg/synthesis/tests_expected_output/ExampleExprTwoScopes_ConvertToAbstract.txt index c7c2b7aa..659c820e 100644 --- a/pkg/synthesis/tests_expected_output/ExampleExprTwoScopes_ConvertToAbstract.txt +++ b/pkg/synthesis/tests_expected_output/ExampleExprTwoScopes_ConvertToAbstract.txt @@ -1,22 +1,22 @@ Allow Only Rules ~~~~~~~~~~~~~~~~~ inbound rules - All Connections from (tag = Gryffindor) to (tag = Web and tag = Gryffindor) - All Connections from (tag = Hufflepuff) to (tag = Web and tag = Hufflepuff) - All Connections from (tag = Slytherin) to (tag = Web and tag = Slytherin) - All Connections from (tag = Web and tag = Gryffindor) to (tag = App and tag = Gryffindor) - All Connections from (tag = Web and tag = Hufflepuff) to (tag = App and tag = Hufflepuff) - All Connections from (tag = Web and tag = Slytherin) to (tag = App and tag = Slytherin) - All Connections from (tag = App and tag = Gryffindor) to (tag = DB and tag = Gryffindor) - All Connections from (tag = App and tag = Hufflepuff) to (tag = DB and tag = Hufflepuff) - All Connections from (tag = App and tag = Slytherin) to (tag = DB and tag = Slytherin) + src: (tag = Gryffindor) dst: (tag = Web and tag = Gryffindor) conn: All Connections + src: (tag = Hufflepuff) dst: (tag = Web and tag = Hufflepuff) conn: All Connections + src: (tag = Slytherin) dst: (tag = Web and tag = Slytherin) conn: All Connections + src: (tag = Web and tag = Gryffindor) dst: (tag = App and tag = Gryffindor) conn: All Connections + src: (tag = Web and tag = Hufflepuff) dst: (tag = App and tag = Hufflepuff) conn: All Connections + src: (tag = Web and tag = Slytherin) dst: (tag = App and tag = Slytherin) conn: All Connections + src: (tag = App and tag = Gryffindor) dst: (tag = DB and tag = Gryffindor) conn: All Connections + src: (tag = App and tag = Hufflepuff) dst: (tag = DB and tag = Hufflepuff) conn: All Connections + src: (tag = App and tag = Slytherin) dst: (tag = DB and tag = Slytherin) conn: All Connections outbound rules - All Connections from (tag = Gryffindor) to (tag = Web and tag = Gryffindor) - All Connections from (tag = Hufflepuff) to (tag = Web and tag = Hufflepuff) - All Connections from (tag = Slytherin) to (tag = Web and tag = Slytherin) - All Connections from (tag = Web and tag = Gryffindor) to (tag = App and tag = Gryffindor) - All Connections from (tag = Web and tag = Hufflepuff) to (tag = App and tag = Hufflepuff) - All Connections from (tag = Web and tag = Slytherin) to (tag = App and tag = Slytherin) - All Connections from (tag = App and tag = Gryffindor) to (tag = DB and tag = Gryffindor) - All Connections from (tag = App and tag = Hufflepuff) to (tag = DB and tag = Hufflepuff) - All Connections from (tag = App and tag = Slytherin) to (tag = DB and tag = Slytherin) \ No newline at end of file + src: (tag = Gryffindor) dst: (tag = Web and tag = Gryffindor) conn: All Connections + src: (tag = Hufflepuff) dst: (tag = Web and tag = Hufflepuff) conn: All Connections + src: (tag = Slytherin) dst: (tag = Web and tag = Slytherin) conn: All Connections + src: (tag = Web and tag = Gryffindor) dst: (tag = App and tag = Gryffindor) conn: All Connections + src: (tag = Web and tag = Hufflepuff) dst: (tag = App and tag = Hufflepuff) conn: All Connections + src: (tag = Web and tag = Slytherin) dst: (tag = App and tag = Slytherin) conn: All Connections + src: (tag = App and tag = Gryffindor) dst: (tag = DB and tag = Gryffindor) conn: All Connections + src: (tag = App and tag = Hufflepuff) dst: (tag = DB and tag = Hufflepuff) conn: All Connections + src: (tag = App and tag = Slytherin) dst: (tag = DB and tag = Slytherin) conn: All Connections \ No newline at end of file diff --git a/pkg/synthesis/tests_expected_output/ExampleHintsDisjoint_ConvertToAbstractNoHint.txt b/pkg/synthesis/tests_expected_output/ExampleHintsDisjoint_ConvertToAbstractNoHint.txt index bc7dffe5..3e4b1466 100644 --- a/pkg/synthesis/tests_expected_output/ExampleHintsDisjoint_ConvertToAbstractNoHint.txt +++ b/pkg/synthesis/tests_expected_output/ExampleHintsDisjoint_ConvertToAbstractNoHint.txt @@ -1,12 +1,12 @@ Allow Only Rules ~~~~~~~~~~~~~~~~~ inbound rules - All Connections from (group = Dumbledore1 and group != Dumbledore2) to (group != Slytherin) - All Connections from (group = Dumbledore1) to (group != Slytherin and group != Gryffindor) - All Connections from (group = Dumbledore2 and group != Dumbledore1) to (group != Gryffindor) - All Connections from (group = Dumbledore2) to (group != Slytherin and group != Gryffindor) + src: (group = Dumbledore1 and group != Dumbledore2) dst: (group != Slytherin) conn: All Connections + src: (group = Dumbledore1) dst: (group != Slytherin and group != Gryffindor) conn: All Connections + src: (group = Dumbledore2 and group != Dumbledore1) dst: (group != Gryffindor) conn: All Connections + src: (group = Dumbledore2) dst: (group != Slytherin and group != Gryffindor) conn: All Connections outbound rules - All Connections from (group = Dumbledore1 and group != Dumbledore2) to (group != Slytherin) - All Connections from (group = Dumbledore1) to (group != Slytherin and group != Gryffindor) - All Connections from (group = Dumbledore2 and group != Dumbledore1) to (group != Gryffindor) - All Connections from (group = Dumbledore2) to (group != Slytherin and group != Gryffindor) \ No newline at end of file + src: (group = Dumbledore1 and group != Dumbledore2) dst: (group != Slytherin) conn: All Connections + src: (group = Dumbledore1) dst: (group != Slytherin and group != Gryffindor) conn: All Connections + src: (group = Dumbledore2 and group != Dumbledore1) dst: (group != Gryffindor) conn: All Connections + src: (group = Dumbledore2) dst: (group != Slytherin and group != Gryffindor) conn: All Connections \ No newline at end of file diff --git a/pkg/synthesis/tests_expected_output/ExampleHogwartsNoDumbledore_ConvertToAbstract.txt b/pkg/synthesis/tests_expected_output/ExampleHogwartsNoDumbledore_ConvertToAbstract.txt index 4c3185db..69c59891 100644 --- a/pkg/synthesis/tests_expected_output/ExampleHogwartsNoDumbledore_ConvertToAbstract.txt +++ b/pkg/synthesis/tests_expected_output/ExampleHogwartsNoDumbledore_ConvertToAbstract.txt @@ -1,22 +1,22 @@ Allow Only Rules ~~~~~~~~~~~~~~~~~ inbound rules - All Connections from (group = Gryffindor) to (group = Web and group = Gryffindor) - All Connections from (group = Hufflepuff) to (group = Web and group = Hufflepuff) - All Connections from (group = Slytherin) to (group = Web and group = Slytherin) - All Connections from (group = Web and group = Gryffindor) to (group = App and group = Gryffindor) - All Connections from (group = Web and group = Hufflepuff) to (group = App and group = Hufflepuff) - All Connections from (group = Web and group = Slytherin) to (group = App and group = Slytherin) - All Connections from (group = App and group = Gryffindor) to (group = DB and group = Gryffindor) - All Connections from (group = App and group = Hufflepuff) to (group = DB and group = Hufflepuff) - All Connections from (group = App and group = Slytherin) to (group = DB and group = Slytherin) + src: (group = Gryffindor) dst: (group = Web and group = Gryffindor) conn: All Connections + src: (group = Hufflepuff) dst: (group = Web and group = Hufflepuff) conn: All Connections + src: (group = Slytherin) dst: (group = Web and group = Slytherin) conn: All Connections + src: (group = Web and group = Gryffindor) dst: (group = App and group = Gryffindor) conn: All Connections + src: (group = Web and group = Hufflepuff) dst: (group = App and group = Hufflepuff) conn: All Connections + src: (group = Web and group = Slytherin) dst: (group = App and group = Slytherin) conn: All Connections + src: (group = App and group = Gryffindor) dst: (group = DB and group = Gryffindor) conn: All Connections + src: (group = App and group = Hufflepuff) dst: (group = DB and group = Hufflepuff) conn: All Connections + src: (group = App and group = Slytherin) dst: (group = DB and group = Slytherin) conn: All Connections outbound rules - All Connections from (group = Gryffindor) to (group = Web and group = Gryffindor) - All Connections from (group = Hufflepuff) to (group = Web and group = Hufflepuff) - All Connections from (group = Slytherin) to (group = Web and group = Slytherin) - All Connections from (group = Web and group = Gryffindor) to (group = App and group = Gryffindor) - All Connections from (group = Web and group = Hufflepuff) to (group = App and group = Hufflepuff) - All Connections from (group = Web and group = Slytherin) to (group = App and group = Slytherin) - All Connections from (group = App and group = Gryffindor) to (group = DB and group = Gryffindor) - All Connections from (group = App and group = Hufflepuff) to (group = DB and group = Hufflepuff) - All Connections from (group = App and group = Slytherin) to (group = DB and group = Slytherin) \ No newline at end of file + src: (group = Gryffindor) dst: (group = Web and group = Gryffindor) conn: All Connections + src: (group = Hufflepuff) dst: (group = Web and group = Hufflepuff) conn: All Connections + src: (group = Slytherin) dst: (group = Web and group = Slytherin) conn: All Connections + src: (group = Web and group = Gryffindor) dst: (group = App and group = Gryffindor) conn: All Connections + src: (group = Web and group = Hufflepuff) dst: (group = App and group = Hufflepuff) conn: All Connections + src: (group = Web and group = Slytherin) dst: (group = App and group = Slytherin) conn: All Connections + src: (group = App and group = Gryffindor) dst: (group = DB and group = Gryffindor) conn: All Connections + src: (group = App and group = Hufflepuff) dst: (group = DB and group = Hufflepuff) conn: All Connections + src: (group = App and group = Slytherin) dst: (group = DB and group = Slytherin) conn: All Connections \ No newline at end of file diff --git a/pkg/synthesis/tests_expected_output/ExampleHogwartsSimpler_ConvertToAbstractNoHint.txt b/pkg/synthesis/tests_expected_output/ExampleHogwartsSimpler_ConvertToAbstractNoHint.txt index 5ad336b5..ff718da8 100644 --- a/pkg/synthesis/tests_expected_output/ExampleHogwartsSimpler_ConvertToAbstractNoHint.txt +++ b/pkg/synthesis/tests_expected_output/ExampleHogwartsSimpler_ConvertToAbstractNoHint.txt @@ -1,12 +1,12 @@ Allow Only Rules ~~~~~~~~~~~~~~~~~ inbound rules - All Connections from (group = Gryffindor) to (group = Web and group = Gryffindor) - All Connections from (group = Slytherin) to (group = Web and group = Slytherin) - All Connections from (group = Web and group = Gryffindor) to (group = App and group = Gryffindor) - All Connections from (group = Web and group = Slytherin) to (group = App and group = Slytherin) + src: (group = Gryffindor) dst: (group = Web and group = Gryffindor) conn: All Connections + src: (group = Slytherin) dst: (group = Web and group = Slytherin) conn: All Connections + src: (group = Web and group = Gryffindor) dst: (group = App and group = Gryffindor) conn: All Connections + src: (group = Web and group = Slytherin) dst: (group = App and group = Slytherin) conn: All Connections outbound rules - All Connections from (group = Gryffindor) to (group = Web and group = Gryffindor) - All Connections from (group = Slytherin) to (group = Web and group = Slytherin) - All Connections from (group = Web and group = Gryffindor) to (group = App and group = Gryffindor) - All Connections from (group = Web and group = Slytherin) to (group = App and group = Slytherin) \ No newline at end of file + src: (group = Gryffindor) dst: (group = Web and group = Gryffindor) conn: All Connections + src: (group = Slytherin) dst: (group = Web and group = Slytherin) conn: All Connections + src: (group = Web and group = Gryffindor) dst: (group = App and group = Gryffindor) conn: All Connections + src: (group = Web and group = Slytherin) dst: (group = App and group = Slytherin) conn: All Connections \ No newline at end of file diff --git a/pkg/synthesis/tests_expected_output/ExampleHogwarts_ConvertToAbstract.txt b/pkg/synthesis/tests_expected_output/ExampleHogwarts_ConvertToAbstract.txt index 2d0a5cfa..13f85e26 100644 --- a/pkg/synthesis/tests_expected_output/ExampleHogwarts_ConvertToAbstract.txt +++ b/pkg/synthesis/tests_expected_output/ExampleHogwarts_ConvertToAbstract.txt @@ -1,24 +1,24 @@ Allow Only Rules ~~~~~~~~~~~~~~~~~ inbound rules - All Connections from (group = Gryffindor) to (group = Web and group = Gryffindor) - All Connections from (group = Hufflepuff) to (group = Web and group = Hufflepuff) - All Connections from (group = Slytherin) to (group = Web and group = Slytherin) - All Connections from (group = Dumbledore) to (group = Web and group = Gryffindor) - All Connections from (group = Web and group = Gryffindor) to (group = App and group = Gryffindor) - All Connections from (group = Web and group = Hufflepuff) to (group = App and group = Hufflepuff) - All Connections from (group = Web and group = Slytherin) to (group = App and group = Slytherin) - All Connections from (group = App and group = Gryffindor) to (group = DB and group = Gryffindor) - All Connections from (group = App and group = Hufflepuff) to (group = DB and group = Hufflepuff) - All Connections from (group = App and group = Slytherin) to (group = DB and group = Slytherin) + src: (group = Gryffindor) dst: (group = Web and group = Gryffindor) conn: All Connections + src: (group = Hufflepuff) dst: (group = Web and group = Hufflepuff) conn: All Connections + src: (group = Slytherin) dst: (group = Web and group = Slytherin) conn: All Connections + src: (group = Dumbledore) dst: (group = Web and group = Gryffindor) conn: All Connections + src: (group = Web and group = Gryffindor) dst: (group = App and group = Gryffindor) conn: All Connections + src: (group = Web and group = Hufflepuff) dst: (group = App and group = Hufflepuff) conn: All Connections + src: (group = Web and group = Slytherin) dst: (group = App and group = Slytherin) conn: All Connections + src: (group = App and group = Gryffindor) dst: (group = DB and group = Gryffindor) conn: All Connections + src: (group = App and group = Hufflepuff) dst: (group = DB and group = Hufflepuff) conn: All Connections + src: (group = App and group = Slytherin) dst: (group = DB and group = Slytherin) conn: All Connections outbound rules - All Connections from (group = Gryffindor) to (group = Web and group = Gryffindor) - All Connections from (group = Hufflepuff) to (group = Web and group = Hufflepuff) - All Connections from (group = Slytherin) to (group = Web and group = Slytherin) - All Connections from (group = Dumbledore) to (group = Web and group = Gryffindor) - All Connections from (group = Web and group = Gryffindor) to (group = App and group = Gryffindor) - All Connections from (group = Web and group = Hufflepuff) to (group = App and group = Hufflepuff) - All Connections from (group = Web and group = Slytherin) to (group = App and group = Slytherin) - All Connections from (group = App and group = Gryffindor) to (group = DB and group = Gryffindor) - All Connections from (group = App and group = Hufflepuff) to (group = DB and group = Hufflepuff) - All Connections from (group = App and group = Slytherin) to (group = DB and group = Slytherin) \ No newline at end of file + src: (group = Gryffindor) dst: (group = Web and group = Gryffindor) conn: All Connections + src: (group = Hufflepuff) dst: (group = Web and group = Hufflepuff) conn: All Connections + src: (group = Slytherin) dst: (group = Web and group = Slytherin) conn: All Connections + src: (group = Dumbledore) dst: (group = Web and group = Gryffindor) conn: All Connections + src: (group = Web and group = Gryffindor) dst: (group = App and group = Gryffindor) conn: All Connections + src: (group = Web and group = Hufflepuff) dst: (group = App and group = Hufflepuff) conn: All Connections + src: (group = Web and group = Slytherin) dst: (group = App and group = Slytherin) conn: All Connections + src: (group = App and group = Gryffindor) dst: (group = DB and group = Gryffindor) conn: All Connections + src: (group = App and group = Hufflepuff) dst: (group = DB and group = Hufflepuff) conn: All Connections + src: (group = App and group = Slytherin) dst: (group = DB and group = Slytherin) conn: All Connections \ No newline at end of file diff --git a/pkg/synthesis/tests_expected_output/ExampleHogwarts_ConvertToAbstract.txt_Application b/pkg/synthesis/tests_expected_output/ExampleHogwarts_ConvertToAbstract.txt_Application index 51d1bc5a..d7e4b155 100644 --- a/pkg/synthesis/tests_expected_output/ExampleHogwarts_ConvertToAbstract.txt_Application +++ b/pkg/synthesis/tests_expected_output/ExampleHogwarts_ConvertToAbstract.txt_Application @@ -1,10 +1,10 @@ Allow Only Rules ~~~~~~~~~~~~~~~~~ inbound rules - All Connections from (*) to (group = Web) - All Connections from (group = Web) to (group = App) - All Connections from (group = App) to (group = DB) + src: (*) dst: (group = Web) conn: All Connections + src: (group = Web) dst: (group = App) conn: All Connections + src: (group = App) dst: (group = DB) conn: All Connections outbound rules - All Connections from (*) to (group = Web) - All Connections from (group = Web) to (group = App) - All Connections from (group = App) to (group = DB) \ No newline at end of file + src: (*) dst: (group = Web) conn: All Connections + src: (group = Web) dst: (group = App) conn: All Connections + src: (group = App) dst: (group = DB) conn: All Connections \ No newline at end of file diff --git a/pkg/synthesis/tests_expected_output/ExampleTwoDeniesSimple_ConvertToAbstractNoHint.txt b/pkg/synthesis/tests_expected_output/ExampleTwoDeniesSimple_ConvertToAbstractNoHint.txt index f22e2a29..025f1caf 100644 --- a/pkg/synthesis/tests_expected_output/ExampleTwoDeniesSimple_ConvertToAbstractNoHint.txt +++ b/pkg/synthesis/tests_expected_output/ExampleTwoDeniesSimple_ConvertToAbstractNoHint.txt @@ -1,8 +1,8 @@ Allow Only Rules ~~~~~~~~~~~~~~~~~ inbound rules - All Connections from (group = Slytherin) to (group != Dumbledore1 and group != Dumbledore2) - All Connections from (group = Gryffindor) to (group != Dumbledore1 and group != Dumbledore2) + src: (group = Slytherin) dst: (group != Dumbledore1 and group != Dumbledore2) conn: All Connections + src: (group = Gryffindor) dst: (group != Dumbledore1 and group != Dumbledore2) conn: All Connections outbound rules - All Connections from (group = Slytherin) to (group != Dumbledore1 and group != Dumbledore2) - All Connections from (group = Gryffindor) to (group != Dumbledore1 and group != Dumbledore2) \ No newline at end of file + src: (group = Slytherin) dst: (group != Dumbledore1 and group != Dumbledore2) conn: All Connections + src: (group = Gryffindor) dst: (group != Dumbledore1 and group != Dumbledore2) conn: All Connections \ No newline at end of file diff --git a/pkg/synthesis/tests_expected_output/k8s_resources/Example1c_true_0/policies.yaml b/pkg/synthesis/tests_expected_output/k8s_resources/Example1c_true_0/policies.yaml index 91bee4d7..d2735f0f 100644 --- a/pkg/synthesis/tests_expected_output/k8s_resources/Example1c_true_0/policies.yaml +++ b/pkg/synthesis/tests_expected_output/k8s_resources/Example1c_true_0/policies.yaml @@ -2,7 +2,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: 'TCP dst-ports: 445 from (group = frontend) to (group = backend)' + description: 'src: (group = frontend) dst: (group = backend) conn: TCP dst-ports: 445' nsx-id: "1004" creationTimestamp: null name: policy_0 @@ -27,7 +27,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: 'TCP dst-ports: 445 from (group = frontend) to (group = backend)' + description: 'src: (group = frontend) dst: (group = backend) conn: TCP dst-ports: 445' nsx-id: "1004" creationTimestamp: null name: policy_1 diff --git a/pkg/synthesis/tests_expected_output/k8s_resources/ExampleDenyPassSimple_true_0/policies.yaml b/pkg/synthesis/tests_expected_output/k8s_resources/ExampleDenyPassSimple_true_0/policies.yaml index 5e42ada2..845c4d02 100644 --- a/pkg/synthesis/tests_expected_output/k8s_resources/ExampleDenyPassSimple_true_0/policies.yaml +++ b/pkg/synthesis/tests_expected_output/k8s_resources/ExampleDenyPassSimple_true_0/policies.yaml @@ -2,7 +2,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (*) to (group != Hufflepuff and group != Slytherin) + description: 'src: (*) dst: (group != Hufflepuff and group != Slytherin) conn: All Connections' nsx-id: "10230" creationTimestamp: null name: policy_0 @@ -23,7 +23,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (*) to (group = Dumbledore) + description: 'src: (*) dst: (group = Dumbledore) conn: All Connections' nsx-id: "10230" creationTimestamp: null name: policy_1 @@ -42,7 +42,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (*) to (group != Hufflepuff and group != Slytherin) + description: 'src: (*) dst: (group != Hufflepuff and group != Slytherin) conn: All Connections' nsx-id: "10230" creationTimestamp: null name: policy_2 @@ -63,7 +63,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (*) to (group = Dumbledore) + description: 'src: (*) dst: (group = Dumbledore) conn: All Connections' nsx-id: "10230" creationTimestamp: null name: policy_3 diff --git a/pkg/synthesis/tests_expected_output/k8s_resources/ExampleDumbeldore_true_0/policies.yaml b/pkg/synthesis/tests_expected_output/k8s_resources/ExampleDumbeldore_true_0/policies.yaml index 27d6b27e..94251d0a 100644 --- a/pkg/synthesis/tests_expected_output/k8s_resources/ExampleDumbeldore_true_0/policies.yaml +++ b/pkg/synthesis/tests_expected_output/k8s_resources/ExampleDumbeldore_true_0/policies.yaml @@ -2,7 +2,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (group = DumbledoreAll) to (*) + description: 'src: (group = DumbledoreAll) dst: (*) conn: All Connections' nsx-id: "1925" creationTimestamp: null name: policy_0 @@ -21,7 +21,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (group = DumbledoreAll) to (*) + description: 'src: (group = DumbledoreAll) dst: (*) conn: All Connections' nsx-id: "1925" creationTimestamp: null name: policy_1 @@ -40,7 +40,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (group = DumbledoreNoSly) to (group != Slytherin) + description: 'src: (group = DumbledoreNoSly) dst: (group != Slytherin) conn: All Connections' nsx-id: "1927" creationTimestamp: null name: policy_2 @@ -62,7 +62,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (group = DumbledoreNoSly) to (group != Slytherin) + description: 'src: (group = DumbledoreNoSly) dst: (group != Slytherin) conn: All Connections' nsx-id: "1927" creationTimestamp: null name: policy_3 diff --git a/pkg/synthesis/tests_expected_output/k8s_resources/ExampleExprAndConds_false_0/policies.yaml b/pkg/synthesis/tests_expected_output/k8s_resources/ExampleExprAndConds_false_0/policies.yaml index d46665bb..277c3941 100644 --- a/pkg/synthesis/tests_expected_output/k8s_resources/ExampleExprAndConds_false_0/policies.yaml +++ b/pkg/synthesis/tests_expected_output/k8s_resources/ExampleExprAndConds_false_0/policies.yaml @@ -2,7 +2,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (*) to (tag = Slytherin and tag != DB) + description: 'src: (*) dst: (tag = Slytherin and tag != DB) conn: All Connections' nsx-id: "1925" creationTimestamp: null name: policy_0 @@ -23,7 +23,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (*) to (tag = Slytherin and tag != DB) + description: 'src: (*) dst: (tag = Slytherin and tag != DB) conn: All Connections' nsx-id: "1925" creationTimestamp: null name: policy_1 @@ -44,7 +44,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (*) to (tag = Gryffindor and tag != DB) + description: 'src: (*) dst: (tag = Gryffindor and tag != DB) conn: All Connections' nsx-id: "1926" creationTimestamp: null name: policy_2 @@ -65,7 +65,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (*) to (tag = Gryffindor and tag != DB) + description: 'src: (*) dst: (tag = Gryffindor and tag != DB) conn: All Connections' nsx-id: "1926" creationTimestamp: null name: policy_3 @@ -86,7 +86,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (*) to (tag = Hufflepuff and tag != DB) + description: 'src: (*) dst: (tag = Hufflepuff and tag != DB) conn: All Connections' nsx-id: "1927" creationTimestamp: null name: policy_4 @@ -107,7 +107,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (*) to (tag = Hufflepuff and tag != DB) + description: 'src: (*) dst: (tag = Hufflepuff and tag != DB) conn: All Connections' nsx-id: "1927" creationTimestamp: null name: policy_5 diff --git a/pkg/synthesis/tests_expected_output/k8s_resources/ExampleExprOrConds_false_0/policies.yaml b/pkg/synthesis/tests_expected_output/k8s_resources/ExampleExprOrConds_false_0/policies.yaml index 3e0e93c6..e1b04077 100644 --- a/pkg/synthesis/tests_expected_output/k8s_resources/ExampleExprOrConds_false_0/policies.yaml +++ b/pkg/synthesis/tests_expected_output/k8s_resources/ExampleExprOrConds_false_0/policies.yaml @@ -2,7 +2,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (*) to (tag = Slytherin) + description: 'src: (*) dst: (tag = Slytherin) conn: All Connections' nsx-id: "1925" creationTimestamp: null name: policy_0 @@ -21,7 +21,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (*) to (tag != DB) + description: 'src: (*) dst: (tag != DB) conn: All Connections' nsx-id: "1925" creationTimestamp: null name: policy_1 @@ -40,7 +40,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (*) to (tag = Slytherin) + description: 'src: (*) dst: (tag = Slytherin) conn: All Connections' nsx-id: "1925" creationTimestamp: null name: policy_2 @@ -59,7 +59,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (*) to (tag != DB) + description: 'src: (*) dst: (tag != DB) conn: All Connections' nsx-id: "1925" creationTimestamp: null name: policy_3 @@ -78,7 +78,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (*) to (tag = Gryffindor) + description: 'src: (*) dst: (tag = Gryffindor) conn: All Connections' nsx-id: "1926" creationTimestamp: null name: policy_4 @@ -97,7 +97,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (*) to (tag != DB) + description: 'src: (*) dst: (tag != DB) conn: All Connections' nsx-id: "1926" creationTimestamp: null name: policy_5 @@ -116,7 +116,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (*) to (tag = Gryffindor) + description: 'src: (*) dst: (tag = Gryffindor) conn: All Connections' nsx-id: "1926" creationTimestamp: null name: policy_6 @@ -135,7 +135,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (*) to (tag != DB) + description: 'src: (*) dst: (tag != DB) conn: All Connections' nsx-id: "1926" creationTimestamp: null name: policy_7 @@ -154,7 +154,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (*) to (tag = Hufflepuff) + description: 'src: (*) dst: (tag = Hufflepuff) conn: All Connections' nsx-id: "1927" creationTimestamp: null name: policy_8 @@ -173,7 +173,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (*) to (tag != DB) + description: 'src: (*) dst: (tag != DB) conn: All Connections' nsx-id: "1927" creationTimestamp: null name: policy_9 @@ -192,7 +192,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (*) to (tag = Hufflepuff) + description: 'src: (*) dst: (tag = Hufflepuff) conn: All Connections' nsx-id: "1927" creationTimestamp: null name: policy_10 @@ -211,7 +211,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (*) to (tag != DB) + description: 'src: (*) dst: (tag != DB) conn: All Connections' nsx-id: "1927" creationTimestamp: null name: policy_11 diff --git a/pkg/synthesis/tests_expected_output/k8s_resources/ExampleExprSingleScope_false_0/policies.yaml b/pkg/synthesis/tests_expected_output/k8s_resources/ExampleExprSingleScope_false_0/policies.yaml index 7ab21f88..b8f71e25 100644 --- a/pkg/synthesis/tests_expected_output/k8s_resources/ExampleExprSingleScope_false_0/policies.yaml +++ b/pkg/synthesis/tests_expected_output/k8s_resources/ExampleExprSingleScope_false_0/policies.yaml @@ -2,7 +2,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (tag = Dumbledore) to (tag != Slytherin) + description: 'src: (tag = Dumbledore) dst: (tag != Slytherin) conn: All Connections' nsx-id: "1926" creationTimestamp: null name: policy_0 @@ -24,7 +24,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (tag = Dumbledore) to (tag != Slytherin) + description: 'src: (tag = Dumbledore) dst: (tag != Slytherin) conn: All Connections' nsx-id: "1926" creationTimestamp: null name: policy_1 @@ -46,7 +46,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (tag = Gryffindor) to (tag != Hufflepuff) + description: 'src: (tag = Gryffindor) dst: (tag != Hufflepuff) conn: All Connections' nsx-id: "1928" creationTimestamp: null name: policy_2 @@ -68,7 +68,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (tag = Gryffindor) to (tag != Hufflepuff) + description: 'src: (tag = Gryffindor) dst: (tag != Hufflepuff) conn: All Connections' nsx-id: "1928" creationTimestamp: null name: policy_3 @@ -90,7 +90,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (tag = Hufflepuff) to (tag != Slytherin) + description: 'src: (tag = Hufflepuff) dst: (tag != Slytherin) conn: All Connections' nsx-id: "1930" creationTimestamp: null name: policy_4 @@ -112,7 +112,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (tag = Hufflepuff) to (tag != Slytherin) + description: 'src: (tag = Hufflepuff) dst: (tag != Slytherin) conn: All Connections' nsx-id: "1930" creationTimestamp: null name: policy_5 @@ -134,7 +134,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (tag = Slytherin) to (tag != Gryffindor) + description: 'src: (tag = Slytherin) dst: (tag != Gryffindor) conn: All Connections' nsx-id: "1932" creationTimestamp: null name: policy_6 @@ -156,7 +156,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (tag = Slytherin) to (tag != Gryffindor) + description: 'src: (tag = Slytherin) dst: (tag != Gryffindor) conn: All Connections' nsx-id: "1932" creationTimestamp: null name: policy_7 diff --git a/pkg/synthesis/tests_expected_output/k8s_resources/ExampleExprTwoScopes_false_0/policies.yaml b/pkg/synthesis/tests_expected_output/k8s_resources/ExampleExprTwoScopes_false_0/policies.yaml index 83076204..ef8bd571 100644 --- a/pkg/synthesis/tests_expected_output/k8s_resources/ExampleExprTwoScopes_false_0/policies.yaml +++ b/pkg/synthesis/tests_expected_output/k8s_resources/ExampleExprTwoScopes_false_0/policies.yaml @@ -2,7 +2,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (tag = Gryffindor) to (tag = Web and tag = Gryffindor) + description: 'src: (tag = Gryffindor) dst: (tag = Web and tag = Gryffindor) conn: All Connections' nsx-id: "9195" creationTimestamp: null name: policy_0 @@ -26,7 +26,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (tag = Hufflepuff) to (tag = Web and tag = Hufflepuff) + description: 'src: (tag = Hufflepuff) dst: (tag = Web and tag = Hufflepuff) conn: All Connections' nsx-id: "9195" creationTimestamp: null name: policy_1 @@ -50,7 +50,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (tag = Slytherin) to (tag = Web and tag = Slytherin) + description: 'src: (tag = Slytherin) dst: (tag = Web and tag = Slytherin) conn: All Connections' nsx-id: "9195" creationTimestamp: null name: policy_2 @@ -74,7 +74,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (tag = Gryffindor) to (tag = Web and tag = Gryffindor) + description: 'src: (tag = Gryffindor) dst: (tag = Web and tag = Gryffindor) conn: All Connections' nsx-id: "9195" creationTimestamp: null name: policy_3 @@ -98,7 +98,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (tag = Hufflepuff) to (tag = Web and tag = Hufflepuff) + description: 'src: (tag = Hufflepuff) dst: (tag = Web and tag = Hufflepuff) conn: All Connections' nsx-id: "9195" creationTimestamp: null name: policy_4 @@ -122,7 +122,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (tag = Slytherin) to (tag = Web and tag = Slytherin) + description: 'src: (tag = Slytherin) dst: (tag = Web and tag = Slytherin) conn: All Connections' nsx-id: "9195" creationTimestamp: null name: policy_5 @@ -146,7 +146,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (tag = Web and tag = Gryffindor) to (tag = App and tag = Gryffindor) + description: 'src: (tag = Web and tag = Gryffindor) dst: (tag = App and tag = Gryffindor) conn: All Connections' nsx-id: "9196" creationTimestamp: null name: policy_6 @@ -172,7 +172,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (tag = Web and tag = Hufflepuff) to (tag = App and tag = Hufflepuff) + description: 'src: (tag = Web and tag = Hufflepuff) dst: (tag = App and tag = Hufflepuff) conn: All Connections' nsx-id: "9196" creationTimestamp: null name: policy_7 @@ -198,7 +198,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (tag = Web and tag = Slytherin) to (tag = App and tag = Slytherin) + description: 'src: (tag = Web and tag = Slytherin) dst: (tag = App and tag = Slytherin) conn: All Connections' nsx-id: "9196" creationTimestamp: null name: policy_8 @@ -224,7 +224,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (tag = Web and tag = Gryffindor) to (tag = App and tag = Gryffindor) + description: 'src: (tag = Web and tag = Gryffindor) dst: (tag = App and tag = Gryffindor) conn: All Connections' nsx-id: "9196" creationTimestamp: null name: policy_9 @@ -250,7 +250,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (tag = Web and tag = Hufflepuff) to (tag = App and tag = Hufflepuff) + description: 'src: (tag = Web and tag = Hufflepuff) dst: (tag = App and tag = Hufflepuff) conn: All Connections' nsx-id: "9196" creationTimestamp: null name: policy_10 @@ -276,7 +276,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (tag = Web and tag = Slytherin) to (tag = App and tag = Slytherin) + description: 'src: (tag = Web and tag = Slytherin) dst: (tag = App and tag = Slytherin) conn: All Connections' nsx-id: "9196" creationTimestamp: null name: policy_11 @@ -302,7 +302,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (tag = App and tag = Gryffindor) to (tag = DB and tag = Gryffindor) + description: 'src: (tag = App and tag = Gryffindor) dst: (tag = DB and tag = Gryffindor) conn: All Connections' nsx-id: "9197" creationTimestamp: null name: policy_12 @@ -328,7 +328,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (tag = App and tag = Hufflepuff) to (tag = DB and tag = Hufflepuff) + description: 'src: (tag = App and tag = Hufflepuff) dst: (tag = DB and tag = Hufflepuff) conn: All Connections' nsx-id: "9197" creationTimestamp: null name: policy_13 @@ -354,7 +354,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (tag = App and tag = Slytherin) to (tag = DB and tag = Slytherin) + description: 'src: (tag = App and tag = Slytherin) dst: (tag = DB and tag = Slytherin) conn: All Connections' nsx-id: "9197" creationTimestamp: null name: policy_14 @@ -380,7 +380,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (tag = App and tag = Gryffindor) to (tag = DB and tag = Gryffindor) + description: 'src: (tag = App and tag = Gryffindor) dst: (tag = DB and tag = Gryffindor) conn: All Connections' nsx-id: "9197" creationTimestamp: null name: policy_15 @@ -406,7 +406,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (tag = App and tag = Hufflepuff) to (tag = DB and tag = Hufflepuff) + description: 'src: (tag = App and tag = Hufflepuff) dst: (tag = DB and tag = Hufflepuff) conn: All Connections' nsx-id: "9197" creationTimestamp: null name: policy_16 @@ -432,7 +432,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (tag = App and tag = Slytherin) to (tag = DB and tag = Slytherin) + description: 'src: (tag = App and tag = Slytherin) dst: (tag = DB and tag = Slytherin) conn: All Connections' nsx-id: "9197" creationTimestamp: null name: policy_17 diff --git a/pkg/synthesis/tests_expected_output/k8s_resources/ExampleHintsDisjoint_true_0/policies.yaml b/pkg/synthesis/tests_expected_output/k8s_resources/ExampleHintsDisjoint_true_0/policies.yaml index 391822c8..27ea074d 100644 --- a/pkg/synthesis/tests_expected_output/k8s_resources/ExampleHintsDisjoint_true_0/policies.yaml +++ b/pkg/synthesis/tests_expected_output/k8s_resources/ExampleHintsDisjoint_true_0/policies.yaml @@ -2,7 +2,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (group = Dumbledore1 and group != Dumbledore2) to (group != Slytherin) + description: 'src: (group = Dumbledore1 and group != Dumbledore2) dst: (group != Slytherin) conn: All Connections' nsx-id: "1927" creationTimestamp: null name: policy_0 @@ -26,7 +26,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (group = Dumbledore1) to (group != Slytherin and group != Gryffindor) + description: 'src: (group = Dumbledore1) dst: (group != Slytherin and group != Gryffindor) conn: All Connections' nsx-id: "1927" creationTimestamp: null name: policy_1 @@ -50,7 +50,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (group = Dumbledore1 and group != Dumbledore2) to (group != Slytherin) + description: 'src: (group = Dumbledore1 and group != Dumbledore2) dst: (group != Slytherin) conn: All Connections' nsx-id: "1927" creationTimestamp: null name: policy_2 @@ -74,7 +74,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (group = Dumbledore1) to (group != Slytherin and group != Gryffindor) + description: 'src: (group = Dumbledore1) dst: (group != Slytherin and group != Gryffindor) conn: All Connections' nsx-id: "1927" creationTimestamp: null name: policy_3 @@ -98,7 +98,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (group = Dumbledore2 and group != Dumbledore1) to (group != Gryffindor) + description: 'src: (group = Dumbledore2 and group != Dumbledore1) dst: (group != Gryffindor) conn: All Connections' nsx-id: "1928" creationTimestamp: null name: policy_4 @@ -122,7 +122,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (group = Dumbledore2) to (group != Slytherin and group != Gryffindor) + description: 'src: (group = Dumbledore2) dst: (group != Slytherin and group != Gryffindor) conn: All Connections' nsx-id: "1928" creationTimestamp: null name: policy_5 @@ -146,7 +146,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (group = Dumbledore2 and group != Dumbledore1) to (group != Gryffindor) + description: 'src: (group = Dumbledore2 and group != Dumbledore1) dst: (group != Gryffindor) conn: All Connections' nsx-id: "1928" creationTimestamp: null name: policy_6 @@ -170,7 +170,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (group = Dumbledore2) to (group != Slytherin and group != Gryffindor) + description: 'src: (group = Dumbledore2) dst: (group != Slytherin and group != Gryffindor) conn: All Connections' nsx-id: "1928" creationTimestamp: null name: policy_7 diff --git a/pkg/synthesis/tests_expected_output/k8s_resources/ExampleHogwartsNoDumbledore_false_0/policies.yaml b/pkg/synthesis/tests_expected_output/k8s_resources/ExampleHogwartsNoDumbledore_false_0/policies.yaml index 4614910a..5d3a9718 100644 --- a/pkg/synthesis/tests_expected_output/k8s_resources/ExampleHogwartsNoDumbledore_false_0/policies.yaml +++ b/pkg/synthesis/tests_expected_output/k8s_resources/ExampleHogwartsNoDumbledore_false_0/policies.yaml @@ -2,7 +2,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (group = Gryffindor) to (group = Web and group = Gryffindor) + description: 'src: (group = Gryffindor) dst: (group = Web and group = Gryffindor) conn: All Connections' nsx-id: "9195" creationTimestamp: null name: policy_0 @@ -26,7 +26,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (group = Hufflepuff) to (group = Web and group = Hufflepuff) + description: 'src: (group = Hufflepuff) dst: (group = Web and group = Hufflepuff) conn: All Connections' nsx-id: "9195" creationTimestamp: null name: policy_1 @@ -50,7 +50,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (group = Slytherin) to (group = Web and group = Slytherin) + description: 'src: (group = Slytherin) dst: (group = Web and group = Slytherin) conn: All Connections' nsx-id: "9195" creationTimestamp: null name: policy_2 @@ -74,7 +74,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (group = Gryffindor) to (group = Web and group = Gryffindor) + description: 'src: (group = Gryffindor) dst: (group = Web and group = Gryffindor) conn: All Connections' nsx-id: "9195" creationTimestamp: null name: policy_3 @@ -98,7 +98,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (group = Hufflepuff) to (group = Web and group = Hufflepuff) + description: 'src: (group = Hufflepuff) dst: (group = Web and group = Hufflepuff) conn: All Connections' nsx-id: "9195" creationTimestamp: null name: policy_4 @@ -122,7 +122,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (group = Slytherin) to (group = Web and group = Slytherin) + description: 'src: (group = Slytherin) dst: (group = Web and group = Slytherin) conn: All Connections' nsx-id: "9195" creationTimestamp: null name: policy_5 @@ -146,7 +146,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (group = Web and group = Gryffindor) to (group = App and group = Gryffindor) + description: 'src: (group = Web and group = Gryffindor) dst: (group = App and group = Gryffindor) conn: All Connections' nsx-id: "9196" creationTimestamp: null name: policy_6 @@ -172,7 +172,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (group = Web and group = Hufflepuff) to (group = App and group = Hufflepuff) + description: 'src: (group = Web and group = Hufflepuff) dst: (group = App and group = Hufflepuff) conn: All Connections' nsx-id: "9196" creationTimestamp: null name: policy_7 @@ -198,7 +198,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (group = Web and group = Slytherin) to (group = App and group = Slytherin) + description: 'src: (group = Web and group = Slytherin) dst: (group = App and group = Slytherin) conn: All Connections' nsx-id: "9196" creationTimestamp: null name: policy_8 @@ -224,7 +224,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (group = Web and group = Gryffindor) to (group = App and group = Gryffindor) + description: 'src: (group = Web and group = Gryffindor) dst: (group = App and group = Gryffindor) conn: All Connections' nsx-id: "9196" creationTimestamp: null name: policy_9 @@ -250,7 +250,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (group = Web and group = Hufflepuff) to (group = App and group = Hufflepuff) + description: 'src: (group = Web and group = Hufflepuff) dst: (group = App and group = Hufflepuff) conn: All Connections' nsx-id: "9196" creationTimestamp: null name: policy_10 @@ -276,7 +276,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (group = Web and group = Slytherin) to (group = App and group = Slytherin) + description: 'src: (group = Web and group = Slytherin) dst: (group = App and group = Slytherin) conn: All Connections' nsx-id: "9196" creationTimestamp: null name: policy_11 @@ -302,7 +302,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (group = App and group = Gryffindor) to (group = DB and group = Gryffindor) + description: 'src: (group = App and group = Gryffindor) dst: (group = DB and group = Gryffindor) conn: All Connections' nsx-id: "9197" creationTimestamp: null name: policy_12 @@ -328,7 +328,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (group = App and group = Hufflepuff) to (group = DB and group = Hufflepuff) + description: 'src: (group = App and group = Hufflepuff) dst: (group = DB and group = Hufflepuff) conn: All Connections' nsx-id: "9197" creationTimestamp: null name: policy_13 @@ -354,7 +354,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (group = App and group = Slytherin) to (group = DB and group = Slytherin) + description: 'src: (group = App and group = Slytherin) dst: (group = DB and group = Slytherin) conn: All Connections' nsx-id: "9197" creationTimestamp: null name: policy_14 @@ -380,7 +380,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (group = App and group = Gryffindor) to (group = DB and group = Gryffindor) + description: 'src: (group = App and group = Gryffindor) dst: (group = DB and group = Gryffindor) conn: All Connections' nsx-id: "9197" creationTimestamp: null name: policy_15 @@ -406,7 +406,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (group = App and group = Hufflepuff) to (group = DB and group = Hufflepuff) + description: 'src: (group = App and group = Hufflepuff) dst: (group = DB and group = Hufflepuff) conn: All Connections' nsx-id: "9197" creationTimestamp: null name: policy_16 @@ -432,7 +432,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (group = App and group = Slytherin) to (group = DB and group = Slytherin) + description: 'src: (group = App and group = Slytherin) dst: (group = DB and group = Slytherin) conn: All Connections' nsx-id: "9197" creationTimestamp: null name: policy_17 diff --git a/pkg/synthesis/tests_expected_output/k8s_resources/ExampleHogwartsSimpler_true_0/policies.yaml b/pkg/synthesis/tests_expected_output/k8s_resources/ExampleHogwartsSimpler_true_0/policies.yaml index 2e0a3a89..1edbb374 100644 --- a/pkg/synthesis/tests_expected_output/k8s_resources/ExampleHogwartsSimpler_true_0/policies.yaml +++ b/pkg/synthesis/tests_expected_output/k8s_resources/ExampleHogwartsSimpler_true_0/policies.yaml @@ -2,7 +2,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (group = Gryffindor) to (group = Web and group = Gryffindor) + description: 'src: (group = Gryffindor) dst: (group = Web and group = Gryffindor) conn: All Connections' nsx-id: "9195" creationTimestamp: null name: policy_0 @@ -26,7 +26,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (group = Slytherin) to (group = Web and group = Slytherin) + description: 'src: (group = Slytherin) dst: (group = Web and group = Slytherin) conn: All Connections' nsx-id: "9195" creationTimestamp: null name: policy_1 @@ -50,7 +50,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (group = Gryffindor) to (group = Web and group = Gryffindor) + description: 'src: (group = Gryffindor) dst: (group = Web and group = Gryffindor) conn: All Connections' nsx-id: "9195" creationTimestamp: null name: policy_2 @@ -74,7 +74,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (group = Slytherin) to (group = Web and group = Slytherin) + description: 'src: (group = Slytherin) dst: (group = Web and group = Slytherin) conn: All Connections' nsx-id: "9195" creationTimestamp: null name: policy_3 @@ -98,7 +98,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (group = Web and group = Gryffindor) to (group = App and group = Gryffindor) + description: 'src: (group = Web and group = Gryffindor) dst: (group = App and group = Gryffindor) conn: All Connections' nsx-id: "9196" creationTimestamp: null name: policy_4 @@ -124,7 +124,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (group = Web and group = Slytherin) to (group = App and group = Slytherin) + description: 'src: (group = Web and group = Slytherin) dst: (group = App and group = Slytherin) conn: All Connections' nsx-id: "9196" creationTimestamp: null name: policy_5 @@ -150,7 +150,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (group = Web and group = Gryffindor) to (group = App and group = Gryffindor) + description: 'src: (group = Web and group = Gryffindor) dst: (group = App and group = Gryffindor) conn: All Connections' nsx-id: "9196" creationTimestamp: null name: policy_6 @@ -176,7 +176,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (group = Web and group = Slytherin) to (group = App and group = Slytherin) + description: 'src: (group = Web and group = Slytherin) dst: (group = App and group = Slytherin) conn: All Connections' nsx-id: "9196" creationTimestamp: null name: policy_7 diff --git a/pkg/synthesis/tests_expected_output/k8s_resources/ExampleHogwarts_false_0/policies.yaml b/pkg/synthesis/tests_expected_output/k8s_resources/ExampleHogwarts_false_0/policies.yaml index cbf217fd..352063a7 100644 --- a/pkg/synthesis/tests_expected_output/k8s_resources/ExampleHogwarts_false_0/policies.yaml +++ b/pkg/synthesis/tests_expected_output/k8s_resources/ExampleHogwarts_false_0/policies.yaml @@ -2,7 +2,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (group = Gryffindor) to (group = Web and group = Gryffindor) + description: 'src: (group = Gryffindor) dst: (group = Web and group = Gryffindor) conn: All Connections' nsx-id: "10400" creationTimestamp: null name: policy_0 @@ -26,7 +26,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (group = Hufflepuff) to (group = Web and group = Hufflepuff) + description: 'src: (group = Hufflepuff) dst: (group = Web and group = Hufflepuff) conn: All Connections' nsx-id: "10400" creationTimestamp: null name: policy_1 @@ -50,7 +50,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (group = Slytherin) to (group = Web and group = Slytherin) + description: 'src: (group = Slytherin) dst: (group = Web and group = Slytherin) conn: All Connections' nsx-id: "10400" creationTimestamp: null name: policy_2 @@ -74,7 +74,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (group = Dumbledore) to (group = Web and group = Gryffindor) + description: 'src: (group = Dumbledore) dst: (group = Web and group = Gryffindor) conn: All Connections' nsx-id: "10400" creationTimestamp: null name: policy_3 @@ -98,7 +98,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (group = Gryffindor) to (group = Web and group = Gryffindor) + description: 'src: (group = Gryffindor) dst: (group = Web and group = Gryffindor) conn: All Connections' nsx-id: "10400" creationTimestamp: null name: policy_4 @@ -122,7 +122,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (group = Hufflepuff) to (group = Web and group = Hufflepuff) + description: 'src: (group = Hufflepuff) dst: (group = Web and group = Hufflepuff) conn: All Connections' nsx-id: "10400" creationTimestamp: null name: policy_5 @@ -146,7 +146,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (group = Slytherin) to (group = Web and group = Slytherin) + description: 'src: (group = Slytherin) dst: (group = Web and group = Slytherin) conn: All Connections' nsx-id: "10400" creationTimestamp: null name: policy_6 @@ -170,7 +170,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (group = Dumbledore) to (group = Web and group = Gryffindor) + description: 'src: (group = Dumbledore) dst: (group = Web and group = Gryffindor) conn: All Connections' nsx-id: "10400" creationTimestamp: null name: policy_7 @@ -194,7 +194,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (group = Web and group = Gryffindor) to (group = App and group = Gryffindor) + description: 'src: (group = Web and group = Gryffindor) dst: (group = App and group = Gryffindor) conn: All Connections' nsx-id: "10401" creationTimestamp: null name: policy_8 @@ -220,7 +220,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (group = Web and group = Hufflepuff) to (group = App and group = Hufflepuff) + description: 'src: (group = Web and group = Hufflepuff) dst: (group = App and group = Hufflepuff) conn: All Connections' nsx-id: "10401" creationTimestamp: null name: policy_9 @@ -246,7 +246,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (group = Web and group = Slytherin) to (group = App and group = Slytherin) + description: 'src: (group = Web and group = Slytherin) dst: (group = App and group = Slytherin) conn: All Connections' nsx-id: "10401" creationTimestamp: null name: policy_10 @@ -272,7 +272,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (group = Web and group = Gryffindor) to (group = App and group = Gryffindor) + description: 'src: (group = Web and group = Gryffindor) dst: (group = App and group = Gryffindor) conn: All Connections' nsx-id: "10401" creationTimestamp: null name: policy_11 @@ -298,7 +298,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (group = Web and group = Hufflepuff) to (group = App and group = Hufflepuff) + description: 'src: (group = Web and group = Hufflepuff) dst: (group = App and group = Hufflepuff) conn: All Connections' nsx-id: "10401" creationTimestamp: null name: policy_12 @@ -324,7 +324,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (group = Web and group = Slytherin) to (group = App and group = Slytherin) + description: 'src: (group = Web and group = Slytherin) dst: (group = App and group = Slytherin) conn: All Connections' nsx-id: "10401" creationTimestamp: null name: policy_13 @@ -350,7 +350,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (group = App and group = Gryffindor) to (group = DB and group = Gryffindor) + description: 'src: (group = App and group = Gryffindor) dst: (group = DB and group = Gryffindor) conn: All Connections' nsx-id: "10405" creationTimestamp: null name: policy_14 @@ -376,7 +376,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (group = App and group = Hufflepuff) to (group = DB and group = Hufflepuff) + description: 'src: (group = App and group = Hufflepuff) dst: (group = DB and group = Hufflepuff) conn: All Connections' nsx-id: "10405" creationTimestamp: null name: policy_15 @@ -402,7 +402,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (group = App and group = Slytherin) to (group = DB and group = Slytherin) + description: 'src: (group = App and group = Slytherin) dst: (group = DB and group = Slytherin) conn: All Connections' nsx-id: "10405" creationTimestamp: null name: policy_16 @@ -428,7 +428,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (group = App and group = Gryffindor) to (group = DB and group = Gryffindor) + description: 'src: (group = App and group = Gryffindor) dst: (group = DB and group = Gryffindor) conn: All Connections' nsx-id: "10405" creationTimestamp: null name: policy_17 @@ -454,7 +454,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (group = App and group = Hufflepuff) to (group = DB and group = Hufflepuff) + description: 'src: (group = App and group = Hufflepuff) dst: (group = DB and group = Hufflepuff) conn: All Connections' nsx-id: "10405" creationTimestamp: null name: policy_18 @@ -480,7 +480,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (group = App and group = Slytherin) to (group = DB and group = Slytherin) + description: 'src: (group = App and group = Slytherin) dst: (group = DB and group = Slytherin) conn: All Connections' nsx-id: "10405" creationTimestamp: null name: policy_19 diff --git a/pkg/synthesis/tests_expected_output/k8s_resources/ExampleHogwarts_false_4/adminPolicies.yaml b/pkg/synthesis/tests_expected_output/k8s_resources/ExampleHogwarts_false_4/adminPolicies.yaml index 55c4b993..50f9e247 100644 --- a/pkg/synthesis/tests_expected_output/k8s_resources/ExampleHogwarts_false_4/adminPolicies.yaml +++ b/pkg/synthesis/tests_expected_output/k8s_resources/ExampleHogwarts_false_4/adminPolicies.yaml @@ -2,7 +2,7 @@ apiVersion: policy.networking.k8s.io/v1alpha1 kind: AdminNetworkPolicy metadata: annotations: - description: '(jump_to_application: (All Connections from (group = Gryffindor) to (group = Gryffindor))' + description: '(jump_to_application: (src: (group = Gryffindor) dst: (group = Gryffindor) conn: All Connections)' nsx-id: "10218" creationTimestamp: null name: admin_policy_0 @@ -32,7 +32,7 @@ apiVersion: policy.networking.k8s.io/v1alpha1 kind: AdminNetworkPolicy metadata: annotations: - description: '(jump_to_application: (All Connections from (group = Gryffindor) to (group = Gryffindor))' + description: '(jump_to_application: (src: (group = Gryffindor) dst: (group = Gryffindor) conn: All Connections)' nsx-id: "10218" creationTimestamp: null name: admin_policy_1 @@ -62,7 +62,7 @@ apiVersion: policy.networking.k8s.io/v1alpha1 kind: AdminNetworkPolicy metadata: annotations: - description: '(jump_to_application: (All Connections from (group = Hufflepuff) to (group = Hufflepuff))' + description: '(jump_to_application: (src: (group = Hufflepuff) dst: (group = Hufflepuff) conn: All Connections)' nsx-id: "10219" creationTimestamp: null name: admin_policy_2 @@ -92,7 +92,7 @@ apiVersion: policy.networking.k8s.io/v1alpha1 kind: AdminNetworkPolicy metadata: annotations: - description: '(jump_to_application: (All Connections from (group = Hufflepuff) to (group = Hufflepuff))' + description: '(jump_to_application: (src: (group = Hufflepuff) dst: (group = Hufflepuff) conn: All Connections)' nsx-id: "10219" creationTimestamp: null name: admin_policy_3 @@ -122,7 +122,7 @@ apiVersion: policy.networking.k8s.io/v1alpha1 kind: AdminNetworkPolicy metadata: annotations: - description: '(jump_to_application: (All Connections from (group = Slytherin) to (group = Slytherin))' + description: '(jump_to_application: (src: (group = Slytherin) dst: (group = Slytherin) conn: All Connections)' nsx-id: "10220" creationTimestamp: null name: admin_policy_4 @@ -152,7 +152,7 @@ apiVersion: policy.networking.k8s.io/v1alpha1 kind: AdminNetworkPolicy metadata: annotations: - description: '(jump_to_application: (All Connections from (group = Slytherin) to (group = Slytherin))' + description: '(jump_to_application: (src: (group = Slytherin) dst: (group = Slytherin) conn: All Connections)' nsx-id: "10220" creationTimestamp: null name: admin_policy_5 @@ -182,7 +182,7 @@ apiVersion: policy.networking.k8s.io/v1alpha1 kind: AdminNetworkPolicy metadata: annotations: - description: '(jump_to_application: (All Connections from (group = Dumbledore) to (group = Gryffindor))' + description: '(jump_to_application: (src: (group = Dumbledore) dst: (group = Gryffindor) conn: All Connections)' nsx-id: "10221" creationTimestamp: null name: admin_policy_6 @@ -212,7 +212,7 @@ apiVersion: policy.networking.k8s.io/v1alpha1 kind: AdminNetworkPolicy metadata: annotations: - description: '(jump_to_application: (All Connections from (group = Dumbledore) to (group = Gryffindor))' + description: '(jump_to_application: (src: (group = Dumbledore) dst: (group = Gryffindor) conn: All Connections)' nsx-id: "10221" creationTimestamp: null name: admin_policy_7 @@ -242,7 +242,7 @@ apiVersion: policy.networking.k8s.io/v1alpha1 kind: AdminNetworkPolicy metadata: annotations: - description: '(deny: (All Connections from (*) to (*))' + description: '(deny: (src: (*) dst: (*) conn: All Connections)' nsx-id: "10300" creationTimestamp: null name: admin_policy_8 @@ -266,7 +266,7 @@ apiVersion: policy.networking.k8s.io/v1alpha1 kind: AdminNetworkPolicy metadata: annotations: - description: '(deny: (All Connections from (*) to (*))' + description: '(deny: (src: (*) dst: (*) conn: All Connections)' nsx-id: "10300" creationTimestamp: null name: admin_policy_9 diff --git a/pkg/synthesis/tests_expected_output/k8s_resources/ExampleHogwarts_false_4/policies.yaml b/pkg/synthesis/tests_expected_output/k8s_resources/ExampleHogwarts_false_4/policies.yaml index f9f592a0..c2252546 100644 --- a/pkg/synthesis/tests_expected_output/k8s_resources/ExampleHogwarts_false_4/policies.yaml +++ b/pkg/synthesis/tests_expected_output/k8s_resources/ExampleHogwarts_false_4/policies.yaml @@ -2,7 +2,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (*) to (group = Web) + description: 'src: (*) dst: (group = Web) conn: All Connections' nsx-id: "10400" creationTimestamp: null name: policy_0 @@ -21,7 +21,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (*) to (group = Web) + description: 'src: (*) dst: (group = Web) conn: All Connections' nsx-id: "10400" creationTimestamp: null name: policy_1 @@ -40,7 +40,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (group = Web) to (group = App) + description: 'src: (group = Web) dst: (group = App) conn: All Connections' nsx-id: "10401" creationTimestamp: null name: policy_2 @@ -62,7 +62,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (group = Web) to (group = App) + description: 'src: (group = Web) dst: (group = App) conn: All Connections' nsx-id: "10401" creationTimestamp: null name: policy_3 @@ -84,7 +84,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (group = App) to (group = DB) + description: 'src: (group = App) dst: (group = DB) conn: All Connections' nsx-id: "10405" creationTimestamp: null name: policy_4 @@ -106,7 +106,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (group = App) to (group = DB) + description: 'src: (group = App) dst: (group = DB) conn: All Connections' nsx-id: "10405" creationTimestamp: null name: policy_5 diff --git a/pkg/synthesis/tests_expected_output/k8s_resources/ExampleTwoDeniesSimple_true_0/policies.yaml b/pkg/synthesis/tests_expected_output/k8s_resources/ExampleTwoDeniesSimple_true_0/policies.yaml index f1295c6e..abaa88ee 100644 --- a/pkg/synthesis/tests_expected_output/k8s_resources/ExampleTwoDeniesSimple_true_0/policies.yaml +++ b/pkg/synthesis/tests_expected_output/k8s_resources/ExampleTwoDeniesSimple_true_0/policies.yaml @@ -2,7 +2,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (group = Slytherin) to (group != Dumbledore1 and group != Dumbledore2) + description: 'src: (group = Slytherin) dst: (group != Dumbledore1 and group != Dumbledore2) conn: All Connections' nsx-id: "3" creationTimestamp: null name: policy_0 @@ -26,7 +26,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (group = Slytherin) to (group != Dumbledore1 and group != Dumbledore2) + description: 'src: (group = Slytherin) dst: (group != Dumbledore1 and group != Dumbledore2) conn: All Connections' nsx-id: "3" creationTimestamp: null name: policy_1 @@ -50,7 +50,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (group = Gryffindor) to (group != Dumbledore1 and group != Dumbledore2) + description: 'src: (group = Gryffindor) dst: (group != Dumbledore1 and group != Dumbledore2) conn: All Connections' nsx-id: "4" creationTimestamp: null name: policy_2 @@ -74,7 +74,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: annotations: - description: All Connections from (group = Gryffindor) to (group != Dumbledore1 and group != Dumbledore2) + description: 'src: (group = Gryffindor) dst: (group != Dumbledore1 and group != Dumbledore2) conn: All Connections' nsx-id: "4" creationTimestamp: null name: policy_3