[NetKAT] Temporarily add basic policy constructors to evaluator.h.

PiperOrigin-RevId: 702448376
google · Dec 3, 2024 · 4ef2697 · 4ef2697
1 parent 2850917
commit 4ef2697
Show file tree

Hide file tree

Showing 4 changed files with 121 additions and 2 deletions.
diff --git a/netkat/netkat.proto b/netkat/netkat.proto
@@ -96,6 +96,8 @@ message PredicateProto {
 }
 
 // The intermediate representation of a NetKAT policy.
+// By convention, uninitialized policies must be treated as "DENY" (i.e. the
+// false filter). We call the true filter "ACCEPT".
 message PolicyProto {
   // A policy is defined as some combination of actions and predicates.
   oneof policy {

diff --git a/netkat/netkat_proto_constructors.cc b/netkat/netkat_proto_constructors.cc
@@ -63,4 +63,51 @@ PredicateProto NotProto(PredicateProto negand) {
   return proto;
 }
 
+// -- Basic Policy constructors ------------------------------------------------
+
+PolicyProto FilterProto(PredicateProto filter) {
+  PolicyProto policy;
+  *policy.mutable_filter() = std::move(filter);
+  return policy;
+}
+
+PolicyProto ModificationProto(absl::string_view field, int value) {
+  PolicyProto policy;
+  policy.mutable_modification()->set_field(field);
+  policy.mutable_modification()->set_value(value);
+  return policy;
+}
+
+PolicyProto RecordProto() {
+  PolicyProto policy;
+  policy.mutable_record();
+  return policy;
+}
+
+PolicyProto SequenceProto(PolicyProto left, PolicyProto right) {
+  PolicyProto policy;
+  *policy.mutable_sequence_op()->mutable_left() = std::move(left);
+  *policy.mutable_sequence_op()->mutable_right() = std::move(right);
+  return policy;
+}
+
+PolicyProto UnionProto(PolicyProto left, PolicyProto right) {
+  PolicyProto policy;
+  *policy.mutable_union_op()->mutable_left() = std::move(left);
+  *policy.mutable_union_op()->mutable_right() = std::move(right);
+  return policy;
+}
+
+PolicyProto IterateProto(PolicyProto iterable) {
+  PolicyProto policy;
+  *policy.mutable_iterate_op()->mutable_iterable() = std::move(iterable);
+  return policy;
+}
+
+// -- Derived Policy constructors ----------------------------------------------
+
+PolicyProto DenyProto() { return FilterProto(FalseProto()); }
+
+PolicyProto AcceptProto() { return FilterProto(TrueProto()); }
+
 }  // namespace netkat
diff --git a/netkat/netkat_proto_constructors.h b/netkat/netkat_proto_constructors.h
@@ -36,9 +36,19 @@ PredicateProto AndProto(PredicateProto left, PredicateProto right);
 PredicateProto OrProto(PredicateProto left, PredicateProto right);
 PredicateProto NotProto(PredicateProto negand);
 
-// -- Policy constructors ------------------------------------------------------
+// -- Basic Policy constructors ------------------------------------------------
 
-// TODO - smolkaj: Add policy constructors when needed.
+PolicyProto FilterProto(PredicateProto filter);
+PolicyProto ModificationProto(absl::string_view field, int value);
+PolicyProto RecordProto();
+PolicyProto SequenceProto(PolicyProto left, PolicyProto right);
+PolicyProto UnionProto(PolicyProto left, PolicyProto right);
+PolicyProto IterateProto(PolicyProto iterable);
+
+// -- Derived Policy constructors ----------------------------------------------
+
+PolicyProto DenyProto();
+PolicyProto AcceptProto();
 
 }  // namespace netkat
 

diff --git a/netkat/netkat_proto_constructors_test.cc b/netkat/netkat_proto_constructors_test.cc
@@ -70,5 +70,65 @@ void NotProtoReturnsNot(PredicateProto negand) {
 }
 FUZZ_TEST(NotProtoTest, NotProtoReturnsNot);
 
+// -- Basic Policy constructors ------------------------------------------------
+
+void FilterProtoReturnsFilter(PredicateProto filter) {
+  PolicyProto expected_policy;
+  *expected_policy.mutable_filter() = filter;
+  EXPECT_THAT(FilterProto(filter), EqualsProto(expected_policy));
+}
+FUZZ_TEST(PolicyProtoTest, FilterProtoReturnsFilter);
+
+void ModificationProtoReturnsModification(std::string field, int value) {
+  PolicyProto expected_policy;
+  expected_policy.mutable_modification()->set_field(field);
+  expected_policy.mutable_modification()->set_value(value);
+
+  EXPECT_THAT(ModificationProto(field, value), EqualsProto(expected_policy));
+}
+FUZZ_TEST(PolicyProtoTest, ModificationProtoReturnsModification);
+
+TEST(PolicyProtoTest, RecordProtoReturnsRecordPolicy) {
+  EXPECT_THAT(RecordProto(), EqualsProto(R"pb(record {})pb"));
+}
+
+void SequenceProtoReturnsSequence(PolicyProto left, PolicyProto right) {
+  PolicyProto expected_policy;
+  *expected_policy.mutable_sequence_op()->mutable_left() = left;
+  *expected_policy.mutable_sequence_op()->mutable_right() = right;
+
+  EXPECT_THAT(SequenceProto(left, right), EqualsProto(expected_policy));
+}
+FUZZ_TEST(PolicyProtoTest, SequenceProtoReturnsSequence);
+
+void UnionProtoReturnsUnion(PolicyProto left, PolicyProto right) {
+  PolicyProto expected_policy;
+  *expected_policy.mutable_union_op()->mutable_left() = left;
+  *expected_policy.mutable_union_op()->mutable_right() = right;
+
+  EXPECT_THAT(UnionProto(left, right), EqualsProto(expected_policy));
+}
+FUZZ_TEST(PolicyProtoTest, UnionProtoReturnsUnion);
+
+void IterateProtoReturnsIterate(PolicyProto iterable) {
+  PolicyProto expected_policy;
+  *expected_policy.mutable_iterate_op()->mutable_iterable() = iterable;
+
+  EXPECT_THAT(IterateProto(iterable), EqualsProto(expected_policy));
+}
+FUZZ_TEST(PolicyProtoTest, IterateProtoReturnsIterate);
+
+// -- Derived Policy tests -----------------------------------------------------
+
+TEST(PolicyProtoTest, DenyProtoFiltersOnFalse) {
+  EXPECT_THAT(DenyProto(),
+              EqualsProto(R"pb(filter { bool_constant { value: false } })pb"));
+}
+
+TEST(PolicyProtoTest, AcceptProtoFiltersOnTrue) {
+  EXPECT_THAT(AcceptProto(),
+              EqualsProto(R"pb(filter { bool_constant { value: true } })pb"));
+}
+
 }  // namespace
 }  // namespace netkat