Merge remote-tracking branch 'origin/dev' into 4.0.0-dev

tests/integration_tests/game_layer/observations/test_nic_observations.py

@@ -85,6 +85,14 @@ def test_nic(simulation):
     # in the NICObservation class so we set it now.
     nic_obs.capture_nmne = True
 
+    # The Simulation object created by the fixture also creates the
+    # NICObservation class with the NICObservation.capture_nmnme class variable
+    # set to False. Under normal (non-test) circumstances this class variable
+    # is set from a config file such as data_manipulation.yaml. So although
+    # capture_nmne is set to True in the NetworkInterface class it's still False
+    # in the NICObservation class so we set it now.
+    nic_obs.capture_nmne = True
+
     # Set the NMNE configuration to capture DELETE/ENCRYPT queries as MNEs
     nmne_config = {
         "capture_nmne": True,  # Enable the capture of MNEs

tests/integration_tests/game_layer/test_action_shapes.py

@@ -0,0 +1,21 @@
+# © Crown-owned copyright 2024, Defence Science and Technology Laboratory UK
+from typing import Tuple
+
+from primaite.game.agent.interface import ProxyAgent
+from primaite.game.game import PrimaiteGame
+from tests import TEST_ASSETS_ROOT
+
+FIREWALL_ACTIONS_NETWORK = TEST_ASSETS_ROOT / "configs/firewall_actions_network.yaml"
+
+
+def test_router_acl_add_rule_action_shape(game_and_agent: Tuple[PrimaiteGame, ProxyAgent]):
+    """Test to check ROUTER_ADD_ACL_RULE has the expected action shape."""
+    game, agent = game_and_agent
+
+    # assert that the shape of the actions is correct
+    router_acl_add_rule_action = agent.action_manager.actions.get("ROUTER_ACL_ADDRULE")
+    assert router_acl_add_rule_action.shape.get("source_ip_id") == len(agent.action_manager.ip_address_list)
+    assert router_acl_add_rule_action.shape.get("dest_ip_id") == len(agent.action_manager.ip_address_list)
+    assert router_acl_add_rule_action.shape.get("source_port_id") == len(agent.action_manager.ports)
+    assert router_acl_add_rule_action.shape.get("dest_port_id") == len(agent.action_manager.ports)
+    assert router_acl_add_rule_action.shape.get("protocol_id") == len(agent.action_manager.protocols)

tests/integration_tests/game_layer/test_actions.py

@@ -108,7 +108,7 @@ def test_router_acl_addrule_integration(game_and_agent: Tuple[PrimaiteGame, Prox
     """
     Test that the RouterACLAddRuleAction can form a request and that it is accepted by the simulation.
 
-    The ACL starts off with 4 rules, and we add a rule, and check that the ACL now has 5 rules.
+    The ACL starts off with 3 rules, and we add a rule, and check that the ACL now has 4 rules.
     """
     game, agent = game_and_agent
 
@@ -117,7 +117,7 @@ def test_router_acl_addrule_integration(game_and_agent: Tuple[PrimaiteGame, Prox
     server_1 = game.simulation.network.get_node_by_hostname("server_1")
     server_2 = game.simulation.network.get_node_by_hostname("server_2")
     router = game.simulation.network.get_node_by_hostname("router")
-    assert router.acl.num_rules == 4
+    assert router.acl.num_rules == 3
     assert client_1.ping("10.0.2.3")  # client_1 can ping server_2
     assert server_2.ping("10.0.1.2")  # server_2 can ping client_1
 
@@ -167,8 +167,8 @@ def test_router_acl_addrule_integration(game_and_agent: Tuple[PrimaiteGame, Prox
     agent.store_action(action)
     game.step()
 
-    # 5: Check that the ACL now has 6 rules, but that server_1 can still ping server_2
-    assert router.acl.num_rules == 6
+    # 5: Check that the ACL now has 5 rules, but that server_1 can still ping server_2
+    assert router.acl.num_rules == 5
     assert server_1.ping("10.0.2.3")  # Can ping server_2
 
 
@@ -198,8 +198,8 @@ def test_router_acl_removerule_integration(game_and_agent: Tuple[PrimaiteGame, P
     agent.store_action(action)
     game.step()
 
-    # 3: Check that the ACL now has 3 rules, and that client 1 cannot access example.com
-    assert router.acl.num_rules == 3
+    # 3: Check that the ACL now has 2 rules, and that client 1 cannot access example.com
+    assert router.acl.num_rules == 2
     assert not browser.get_webpage()
     client_1.software_manager.software.get("dns-client").dns_cache.clear()
     assert client_1.ping("10.0.2.2")  # pinging still works because ICMP is allowed