PaloAlto: don't require external zones to have interfaces (#3999)

batfish · May 31, 2019 · 0a7c4b5 · 0a7c4b5
1 parent 065aa98
commit 0a7c4b5
Show file tree

Hide file tree

Showing 5 changed files with 96 additions and 15 deletions.
diff --git a/...cts/batfish/src/main/java/org/batfish/representation/palo_alto/PaloAltoConfiguration.java b/...cts/batfish/src/main/java/org/batfish/representation/palo_alto/PaloAltoConfiguration.java
@@ -362,7 +362,9 @@ private IpAccessList generateCrossZoneFilter(
             computeObjectName(fromZone.getVsys().getName(), fromZone.getName()),
             computeObjectName(toZone.getVsys().getName(), toZone.getName()));
 
-    if (fromZone.getInterfaceNames().isEmpty() || toZone.getInterfaceNames().isEmpty()) {
+    if (fromZone.getType() != Type.EXTERNAL && fromZone.getInterfaceNames().isEmpty()
+        || toZone.getType() != Type.EXTERNAL && toZone.getInterfaceNames().isEmpty()) {
+      // Non-external zones must have interfaces.
       return IpAccessList.builder()
           .setName(crossZoneFilterName)
           .setLines(

diff --git a/tests/parsing-tests/networks/unit-tests/configs/palo_alto/zones b/tests/parsing-tests/networks/unit-tests/configs/palo_alto/zones
@@ -33,6 +33,11 @@ config {
             }
           }
           zone {
+            zext {
+              network {
+                external;
+              }
+            }
             zl2 {
               network {
                 layer2 [ ethernet1/1];

diff --git a/tests/parsing-tests/unit-tests-unused.ref b/tests/parsing-tests/unit-tests-unused.ref
@@ -3358,7 +3358,7 @@
       },
       {
         "Structure_Type" : "zone",
-        "Structure_Name" : "zl2~vsys10",
+        "Structure_Name" : "zext~vsys10",
         "Source_Lines" : {
           "filename" : "configs/palo_alto/zones",
           "lines" : [
@@ -3371,7 +3371,7 @@
       },
       {
         "Structure_Type" : "zone",
-        "Structure_Name" : "zl3~vsys10",
+        "Structure_Name" : "zl2~vsys10",
         "Source_Lines" : {
           "filename" : "configs/palo_alto/zones",
           "lines" : [
@@ -3384,7 +3384,7 @@
       },
       {
         "Structure_Type" : "zone",
-        "Structure_Name" : "ztap~vsys10",
+        "Structure_Name" : "zl3~vsys10",
         "Source_Lines" : {
           "filename" : "configs/palo_alto/zones",
           "lines" : [
@@ -3397,7 +3397,7 @@
       },
       {
         "Structure_Type" : "zone",
-        "Structure_Name" : "zvirtual-wire~vsys10",
+        "Structure_Name" : "ztap~vsys10",
         "Source_Lines" : {
           "filename" : "configs/palo_alto/zones",
           "lines" : [
@@ -3408,6 +3408,19 @@
           ]
         }
       },
+      {
+        "Structure_Type" : "zone",
+        "Structure_Name" : "zvirtual-wire~vsys10",
+        "Source_Lines" : {
+          "filename" : "configs/palo_alto/zones",
+          "lines" : [
+            35,
+            56,
+            57,
+            58
+          ]
+        }
+      },
       {
         "Structure_Type" : "ipv4 prefix-list",
         "Structure_Name" : "test",
@@ -3638,10 +3651,10 @@
       }
     ],
     "summary" : {
-      "notes" : "Found 245 results",
+      "notes" : "Found 246 results",
       "numFailed" : 0,
       "numPassed" : 0,
-      "numResults" : 245
+      "numResults" : 246
     }
   }
 ]
diff --git a/tests/parsing-tests/unit-tests-vimodel.ref b/tests/parsing-tests/unit-tests-vimodel.ref
@@ -30000,6 +30000,21 @@
           }
         },
         "ipAccessLists" : {
+          "zone~zext~vsys10~to~zone~zl2~vsys10" : {
+            "name" : "zone~zext~vsys10~to~zone~zl2~vsys10"
+          },
+          "zone~zext~vsys10~to~zone~zl3~vsys10" : {
+            "name" : "zone~zext~vsys10~to~zone~zl3~vsys10"
+          },
+          "zone~zext~vsys10~to~zone~ztap~vsys10" : {
+            "name" : "zone~zext~vsys10~to~zone~ztap~vsys10"
+          },
+          "zone~zext~vsys10~to~zone~zvirtual-wire~vsys10" : {
+            "name" : "zone~zext~vsys10~to~zone~zvirtual-wire~vsys10"
+          },
+          "zone~zl2~vsys10~to~zone~zext~vsys10" : {
+            "name" : "zone~zl2~vsys10~to~zone~zext~vsys10"
+          },
           "zone~zl2~vsys10~to~zone~zl2~vsys10" : {
             "name" : "zone~zl2~vsys10~to~zone~zl2~vsys10",
             "lines" : [
@@ -30012,6 +30027,9 @@
               }
             ]
           },
+          "zone~zl3~vsys10~to~zone~zext~vsys10" : {
+            "name" : "zone~zl3~vsys10~to~zone~zext~vsys10"
+          },
           "zone~zl3~vsys10~to~zone~zl3~vsys10" : {
             "name" : "zone~zl3~vsys10~to~zone~zl3~vsys10",
             "lines" : [
@@ -30024,6 +30042,9 @@
               }
             ]
           },
+          "zone~ztap~vsys10~to~zone~zext~vsys10" : {
+            "name" : "zone~ztap~vsys10~to~zone~zext~vsys10"
+          },
           "zone~ztap~vsys10~to~zone~ztap~vsys10" : {
             "name" : "zone~ztap~vsys10~to~zone~ztap~vsys10",
             "lines" : [
@@ -30036,6 +30057,9 @@
               }
             ]
           },
+          "zone~zvirtual-wire~vsys10~to~zone~zext~vsys10" : {
+            "name" : "zone~zvirtual-wire~vsys10~to~zone~zext~vsys10"
+          },
           "zone~zvirtual-wire~vsys10~to~zone~zvirtual-wire~vsys10" : {
             "name" : "zone~zvirtual-wire~vsys10~to~zone~zvirtual-wire~vsys10",
             "lines" : [
@@ -30048,6 +30072,9 @@
               }
             ]
           },
+          "~zext~vsys10~OUTGOING_FILTER~" : {
+            "name" : "~zext~vsys10~OUTGOING_FILTER~"
+          },
           "~zl2~vsys10~OUTGOING_FILTER~" : {
             "name" : "~zl2~vsys10~OUTGOING_FILTER~"
           },
@@ -30074,6 +30101,9 @@
           }
         },
         "zones" : {
+          "zext~vsys10" : {
+            "name" : "zext~vsys10"
+          },
           "zl2~vsys10" : {
             "name" : "zl2~vsys10",
             "interfaces" : [

diff --git a/tests/parsing-tests/unit-tests.ref b/tests/parsing-tests/unit-tests.ref
@@ -70635,6 +70635,28 @@
             "            (s_zone",
             "              ZONE:'zone'",
             "              name = (variable",
+            "                VARIABLE:'zext')",
+            "              (sz_network",
+            "                NETWORK:'network'",
+            "                (szn_external",
+            "                  EXTERNAL:'external')))))))",
+            "    NEWLINE:'\\n')",
+            "  (set_line",
+            "    SET:'set'",
+            "    (set_line_tail",
+            "      (set_line_config_devices",
+            "        CONFIG:'config'",
+            "        DEVICES:'devices'",
+            "        name = (variable",
+            "          VARIABLE:'localhost.localdomain')",
+            "        (statement_config_devices",
+            "          (s_vsys",
+            "            VSYS:'vsys'",
+            "            name = (variable",
+            "              VARIABLE:'vsys10')",
+            "            (s_zone",
+            "              ZONE:'zone'",
+            "              name = (variable",
             "                VARIABLE:'zl2')",
             "              (sz_network",
             "                NETWORK:'network'",
@@ -82126,7 +82148,7 @@
             }
           },
           "zone" : {
-            "zl2~vsys10" : {
+            "zext~vsys10" : {
               "definitionLines" : [
                 35,
                 36,
@@ -82135,7 +82157,7 @@
               ],
               "numReferrers" : 0
             },
-            "zl3~vsys10" : {
+            "zl2~vsys10" : {
               "definitionLines" : [
                 35,
                 41,
@@ -82144,7 +82166,7 @@
               ],
               "numReferrers" : 0
             },
-            "ztap~vsys10" : {
+            "zl3~vsys10" : {
               "definitionLines" : [
                 35,
                 46,
@@ -82153,14 +82175,23 @@
               ],
               "numReferrers" : 0
             },
-            "zvirtual-wire~vsys10" : {
+            "ztap~vsys10" : {
               "definitionLines" : [
                 35,
                 51,
                 52,
                 53
               ],
               "numReferrers" : 0
+            },
+            "zvirtual-wire~vsys10" : {
+              "definitionLines" : [
+                35,
+                56,
+                57,
+                58
+              ],
+              "numReferrers" : 0
             }
           }
         },
@@ -87611,31 +87642,31 @@
                 32
               ],
               "zone network layer3" : [
-                38
+                43
               ]
             },
             "ethernet1/2" : {
               "vsys import interface" : [
                 32
               ],
               "zone network layer3" : [
-                43
+                48
               ]
             },
             "ethernet1/3" : {
               "vsys import interface" : [
                 32
               ],
               "zone network layer3" : [
-                48
+                53
               ]
             },
             "ethernet1/4" : {
               "vsys import interface" : [
                 32
               ],
               "zone network layer3" : [
-                53
+                58
               ]
             }
           }