From 2c743005cd4800f68a90462259393128483fc21c Mon Sep 17 00:00:00 2001 From: Czar Echavez Date: Mon, 12 Feb 2024 18:58:10 +0000 Subject: [PATCH] #2257: moved config tests into its own directory + added dmz_network.yaml to use in tests --- .../configs/basic_switched_network.yaml | 7 + tests/assets/configs/dmz_network.yaml | 230 ++++++++++++++++++ .../configuration_file_parsing/__init__.py | 0 .../router_game_configuration.py | 58 +++++ ...oftware_installation_and_configuration.py} | 0 5 files changed, 295 insertions(+) create mode 100644 tests/assets/configs/dmz_network.yaml create mode 100644 tests/integration_tests/configuration_file_parsing/__init__.py create mode 100644 tests/integration_tests/configuration_file_parsing/router_game_configuration.py rename tests/integration_tests/{game_configuration.py => configuration_file_parsing/software_installation_and_configuration.py} (100%) diff --git a/tests/assets/configs/basic_switched_network.yaml b/tests/assets/configs/basic_switched_network.yaml index d1cec079..a248065c 100644 --- a/tests/assets/configs/basic_switched_network.yaml +++ b/tests/assets/configs/basic_switched_network.yaml @@ -1,3 +1,10 @@ +# Basic Switched network +# +# -------------- -------------- -------------- +# | client_1 |------| switch_1 |------| client_2 | +# -------------- -------------- -------------- +# + training_config: rl_framework: SB3 rl_algorithm: PPO diff --git a/tests/assets/configs/dmz_network.yaml b/tests/assets/configs/dmz_network.yaml new file mode 100644 index 00000000..ddf8fb36 --- /dev/null +++ b/tests/assets/configs/dmz_network.yaml @@ -0,0 +1,230 @@ +# Network with DMZ +# +# An example network configuration with an internal network, a DMZ network and a couple of external networks. +# +# ............................................................................ +# . . +# . Internal Network . +# . . +# . -------------- -------------- -------------- . +# . | client_1 |------| switch_1 |------| router_1 | . +# . -------------- -------------- -------------- . +# . (Computer) | . +# ......................................................|..................... +# | +# | +# ......................................................|..................... +# . | . +# . DMZ Network | . +# . | . +# . -------------- -------------- -------------- . +# . | client_2 |------| switch_2 |------| router_2 | . +# . -------------- -------------- -------------- . +# . (Computer) | . +# ......................................................|..................... +# | +# External Network | +# | +# | +# ----------------------- -------------- --------------------- +# | external_computer |------| switch_3 |------| external_server | +# ----------------------- -------------- --------------------- +# +training_config: + rl_framework: SB3 + rl_algorithm: PPO + seed: 333 + n_learn_episodes: 1 + n_eval_episodes: 5 + max_steps_per_episode: 128 + deterministic_eval: false + n_agents: 1 + agent_references: + - defender + +io_settings: + save_checkpoints: true + checkpoint_interval: 5 + save_step_metadata: false + save_pcap_logs: true + save_sys_logs: true + + +game: + max_episode_length: 256 + ports: + - ARP + - DNS + - HTTP + - POSTGRES_SERVER + protocols: + - ICMP + - TCP + - UDP + +agents: + - ref: client_2_green_user + team: GREEN + type: GreenWebBrowsingAgent + observation_space: + type: UC2GreenObservation + action_space: + action_list: + - type: DONOTHING + - type: NODE_APPLICATION_EXECUTE + options: + nodes: + - node_name: client_2 + applications: + - application_name: WebBrowser + max_folders_per_node: 1 + max_files_per_folder: 1 + max_services_per_node: 1 + max_applications_per_node: 1 + + reward_function: + reward_components: + - type: DUMMY + + agent_settings: + start_settings: + start_step: 5 + frequency: 4 + variance: 3 + + +simulation: + network: + nodes: + - ref: client_1 + type: computer + hostname: client_1 + ip_address: 192.168.0.10 + subnet_mask: 255.255.255.0 + default_gateway: 192.168.0.1 + dns_server: 192.168.20.10 + + - ref: switch_1 + type: switch + hostname: switch_1 + num_ports: 8 + + - ref: router_1 + type: router + hostname: router_1 + num_ports: 5 + ports: + 1: + ip_address: 192.168.0.1 + subnet_mask: 255.255.255.0 + 2: + ip_address: 192.168.1.1 + subnet_mask: 255.255.255.0 + acl: + 22: + action: PERMIT + src_port: ARP + dst_port: ARP + 23: + action: PERMIT + protocol: ICMP + + - ref: client_2 + type: computer + hostname: client_2 + ip_address: 192.168.10.10 + subnet_mask: 255.255.255.0 + default_gateway: 192.168.10.1 + dns_server: 192.168.20.10 + + - ref: switch_2 + type: switch + hostname: switch_2 + num_ports: 8 + + - ref: router_2 + type: router + hostname: router_2 + num_ports: 5 + ports: + 1: + ip_address: 192.168.10.1 + subnet_mask: 255.255.255.0 + 2: + ip_address: 192.168.11.1 + subnet_mask: 255.255.255.0 + 3: + ip_address: 192.168.20.1 + subnet_mask: 255.255.255.0 + acl: + 22: + action: PERMIT + src_port: ARP + dst_port: ARP + 23: + action: PERMIT + protocol: ICMP + + - ref: switch_3 + type: switch + hostname: switch_3 + num_ports: 8 + + - ref: external_computer + type: computer + hostname: external_computer + ip_address: 192.168.20.10 + subnet_mask: 255.255.255.0 + default_gateway: 192.168.20.1 + dns_server: 192.168.20.10 + + - ref: external_server + type: server + hostname: external_server + ip_address: 192.168.20.10 + subnet_mask: 255.255.255.0 + default_gateway: 192.168.20.1 + services: + - ref: domain_controller_dns_server + type: DNSServer + links: + - ref: client_1___switch_1 + endpoint_a_ref: client_1 + endpoint_a_port: 1 + endpoint_b_ref: switch_1 + endpoint_b_port: 1 + - ref: router_1___switch_1 + endpoint_a_ref: router_1 + endpoint_a_port: 1 + endpoint_b_ref: switch_1 + endpoint_b_port: 8 + - ref: router_1___router_2 + endpoint_a_ref: router_1 + endpoint_a_port: 2 + endpoint_b_ref: router_2 + endpoint_b_port: 2 + - ref: router_2___switch_2 + endpoint_a_ref: router_2 + endpoint_a_port: 1 + endpoint_b_ref: switch_2 + endpoint_b_port: 8 + - ref: client_2___switch_2 + endpoint_a_ref: client_2 + endpoint_a_port: 1 + endpoint_b_ref: switch_2 + endpoint_b_port: 1 + - ref: router_2___switch_3 + endpoint_a_ref: router_2 + endpoint_a_port: 3 + endpoint_b_ref: switch_3 + endpoint_b_port: 8 + - ref: external_computer___switch_3 + endpoint_a_ref: external_computer + endpoint_a_port: 1 + endpoint_b_ref: switch_3 + endpoint_b_port: 1 + - ref: external_server___switch_3 + endpoint_a_ref: external_server + endpoint_a_port: 1 + endpoint_b_ref: switch_3 + endpoint_b_port: 2 diff --git a/tests/integration_tests/configuration_file_parsing/__init__.py b/tests/integration_tests/configuration_file_parsing/__init__.py new file mode 100644 index 00000000..e69de29b diff --git a/tests/integration_tests/configuration_file_parsing/router_game_configuration.py b/tests/integration_tests/configuration_file_parsing/router_game_configuration.py new file mode 100644 index 00000000..49b889d7 --- /dev/null +++ b/tests/integration_tests/configuration_file_parsing/router_game_configuration.py @@ -0,0 +1,58 @@ +from pathlib import Path +from typing import Union + +import yaml + +from primaite.game.game import PrimaiteGame +from primaite.simulator.network.container import Network +from tests import TEST_ASSETS_ROOT + +DMZ_NETWORK = TEST_ASSETS_ROOT / "configs/dmz_network.yaml" + + +def load_config(config_path: Union[str, Path]) -> PrimaiteGame: + """Returns a PrimaiteGame object which loads the contents of a given yaml path.""" + with open(config_path, "r") as f: + cfg = yaml.safe_load(f) + + return PrimaiteGame.from_config(cfg) + + +def test_dmz_config(): + """Test that the DMZ network config can be parsed properly.""" + game = load_config(DMZ_NETWORK) + + network: Network = game.simulation.network + + assert len(network.nodes) == 9 # 9 nodes in network + assert len(network.routers) == 2 # 2 routers in network + assert len(network.switches) == 3 # 3 switches in network + assert len(network.servers) == 1 # 1 server in network + + +def test_router_routes_are_correctly_added(): + """Test that makes sure that router routes have been added from the configuration file.""" + pass + + +def test_firewall_node_added_to_network(): + """Test that the firewall has been correctly added to and configured in the network.""" + pass + + +def test_router_acl_rules_correctly_added(): + """Test that makes sure that the router ACLs have been configured onto the router node via configuration file.""" + pass + + +def test_firewall_routes_are_correctly_added(): + """Test that the firewall routes have been correctly added to and configured in the network.""" + pass + + +def test_firewall_acl_rules_correctly_added(): + """ + Test that makes sure that the firewall ACLs have been configured onto the firewall + node via configuration file. + """ + pass diff --git a/tests/integration_tests/game_configuration.py b/tests/integration_tests/configuration_file_parsing/software_installation_and_configuration.py similarity index 100% rename from tests/integration_tests/game_configuration.py rename to tests/integration_tests/configuration_file_parsing/software_installation_and_configuration.py