aclservice/impl/src/test/java/org/opendaylight/netvirt/aclservice/tests/AclServiceTestBase.java

   1 /*
   2  * Copyright © 2016, 2017 Red Hat, Inc. and others. All rights reserved.
   3  *
   4  * This program and the accompanying materials are made available under the
   5  * terms of the Eclipse Public License v1.0 which accompanies this distribution,
   6  * and is available at http://www.eclipse.org/legal/epl-v10.html
   7  */
   8 package org.opendaylight.netvirt.aclservice.tests;
   9
  10 import static org.opendaylight.mdsal.common.api.LogicalDatastoreType.CONFIGURATION;
  11 import static org.opendaylight.netvirt.aclservice.tests.StateInterfaceBuilderHelper.putNewStateInterface;
  12
  13 import java.math.BigInteger;
  14 import java.util.ArrayList;
  15 import java.util.Arrays;
  16 import java.util.Collections;
  17 import java.util.List;
  18 import java.util.stream.Collectors;
  19 import javax.inject.Inject;
  20 import org.eclipse.xtext.xbase.lib.Pair;
  21 import org.junit.Before;
  22 import org.junit.Rule;
  23 import org.junit.Test;
  24 import org.opendaylight.genius.datastoreutils.SingleTransactionDataBroker;
  25 import org.opendaylight.genius.datastoreutils.testutils.AsyncEventsWaiter;
  26 import org.opendaylight.genius.datastoreutils.testutils.JobCoordinatorEventsWaiter;
  27 import org.opendaylight.genius.interfacemanager.globals.InterfaceInfo;
  28 import org.opendaylight.genius.mdsalutil.FlowEntity;
  29 import org.opendaylight.genius.mdsalutil.NwConstants;
  30 import org.opendaylight.genius.mdsalutil.interfaces.testutils.TestIMdsalApiManager;
  31 import org.opendaylight.genius.testutils.TestInterfaceManager;
  32 import org.opendaylight.infrautils.testutils.LogCaptureRule;
  33 import org.opendaylight.infrautils.testutils.LogRule;
  34 import org.opendaylight.mdsal.binding.api.DataBroker;
  35 import org.opendaylight.mdsal.binding.api.DataTreeIdentifier;
  36 import org.opendaylight.mdsal.common.api.TransactionCommitFailedException;
  37 import org.opendaylight.netvirt.aclservice.tests.infra.DataBrokerPairsUtil;
  38 import org.opendaylight.netvirt.aclservice.utils.AclConstants;
  39 import org.opendaylight.netvirt.aclservice.utils.AclServiceUtils;
  40 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.Matches;
  41 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.MatchesBuilder;
  42 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.matches.ace.type.AceIpBuilder;
  43 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.matches.ace.type.ace.ip.ace.ip.version.AceIpv4Builder;
  44 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IpAddressBuilder;
  45 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IpPrefixBuilder;
  46 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Ipv4Prefix;
  47 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.PortNumber;
  48 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.Interface;
  49 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160218.acl.transport.header.fields.DestinationPortRangeBuilder;
  50 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.MacAddress;
  51 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.Uuid;
  52 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.DirectionEgress;
  53 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.DirectionIngress;
  54 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.IpPrefixOrAddress;
  55 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.IpPrefixOrAddressBuilder;
  56 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.IpVersionBase;
  57 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.IpVersionV4;
  58 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.interfaces._interface.AllowedAddressPairs;
  59 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.interfaces._interface.AllowedAddressPairsBuilder;
  60 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.interfaces._interface.SubnetInfo;
  61 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.interfaces._interface.SubnetInfoBuilder;
  62 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.interfaces._interface.SubnetInfoKey;
  63 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.elan.rev150602.elan.instances.ElanInstance;
  64 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.elan.rev150602.elan.instances.ElanInstanceBuilder;
  65 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.elan.rev150602.elan.interfaces.ElanInterface;
  66 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.elan.rev150602.elan.interfaces.ElanInterfaceBuilder;
  67 import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
  68 import org.opendaylight.yangtools.yang.common.Uint64;
  69 import org.slf4j.Logger;
  70 import org.slf4j.LoggerFactory;
  71
  72 public abstract class AclServiceTestBase {
  73     private static final Logger LOG = LoggerFactory.getLogger(AclServiceTestBase.class);
  74
  75     public @Rule LogRule logRule = new LogRule();
  76     public @Rule LogCaptureRule logCaptureRule = new LogCaptureRule();
  77
  78     // public static @ClassRule RunUntilFailureClassRule classRepeater = new RunUntilFailureClassRule();
  79     // public @Rule RunUntilFailureRule repeater = new RunUntilFailureRule(classRepeater);
  80
  81     static final String PORT_MAC_1 = "0D:AA:D8:42:30:F3";
  82     static final String PORT_MAC_2 = "0D:AA:D8:42:30:F4";
  83     static final String PORT_MAC_3 = "0D:AA:D8:42:30:F5";
  84     static final String PORT_MAC_4 = "0D:AA:D8:42:30:F6";
  85     static final String PORT_1 = "port1";
  86     static final String PORT_2 = "port2";
  87     static final String PORT_3 = "port3";
  88     static final String PORT_4 = "port4";
  89     static String SG_UUID = "85cc3048-abc3-43cc-89b3-377341426ac5";
  90     static String SR_UUID_1 = "85cc3048-abc3-43cc-89b3-377341426ac6";
  91     static String SR_UUID_2 = "85cc3048-abc3-43cc-89b3-377341426ac7";
  92     static String SG_UUID_1 = "85cc3048-abc3-43cc-89b3-377341426ac5";
  93     static String SG_UUID_2 = "85cc3048-abc3-43cc-89b3-377341426ac8";
  94     static String SR_UUID_1_1 = "85cc3048-abc3-43cc-89b3-377341426ac6";
  95     static String SR_UUID_1_2 = "85cc3048-abc3-43cc-89b3-377341426ac7";
  96     static String SR_UUID_2_1 = "85cc3048-abc3-43cc-89b3-377341426a21";
  97     static String SR_UUID_2_2 = "85cc3048-abc3-43cc-89b3-377341426a22";
  98     static String ELAN = "elan1";
  99     static String IP_PREFIX_1 = "10.0.0.1/32";
 100     static String IP_PREFIX_2 = "10.0.0.2/32";
 101     static String IP_PREFIX_3 = "10.0.0.3/32";
 102     static String IP_PREFIX_4 = "10.0.0.4/32";
 103     static String IP_100_PREFIX = "10.0.0.100/32";
 104     static String IP_101_PREFIX = "10.0.0.101/32";
 105     static long ELAN_TAG = 5000L;
 106
 107     static String SUBNET_IP_PREFIX_1 = "10.0.0.0/24";
 108     static Uuid SUBNET_ID_1 = new Uuid("39add98b-63b7-42e6-8368-ff807eee165e");
 109     static SubnetInfo SUBNET_INFO_1 = buildSubnetInfo(SUBNET_ID_1, SUBNET_IP_PREFIX_1, IpVersionV4.class, "10.0.0.1");
 110
 111     static AllowedAddressPairs AAP_PORT_1;
 112     static AllowedAddressPairs AAP_PORT_2;
 113     static AllowedAddressPairs AAP_PORT_3;
 114     static AllowedAddressPairs AAP_PORT_4;
 115     static AllowedAddressPairs AAP_PORT_100;
 116     static AllowedAddressPairs AAP_PORT_101;
 117
 118     @Inject DataBroker dataBroker;
 119     @Inject DataBrokerPairsUtil dataBrokerUtil;
 120     SingleTransactionDataBroker singleTransactionDataBroker;
 121     @Inject TestIMdsalApiManager mdsalApiManager;
 122     @Inject AsyncEventsWaiter asyncEventsWaiter;
 123     @Inject JobCoordinatorEventsWaiter coordinatorEventsWaiter;
 124     @Inject TestInterfaceManager testInterfaceManager;
 125
 126     @Before
 127     public void beforeEachTest() throws Exception {
 128         singleTransactionDataBroker = new SingleTransactionDataBroker(dataBroker);
 129         setUpData();
 130     }
 131
 132     private InterfaceInfo newInterfaceInfo(String testInterfaceName) {
 133         InterfaceInfo interfaceInfo = new InterfaceInfo(Uint64.valueOf(BigInteger.valueOf(789)), "port1");
 134         interfaceInfo.setInterfaceName(testInterfaceName);
 135         return interfaceInfo;
 136     }
 137
 138     @Test
 139     public void newInterface() throws Exception {
 140         LOG.info("newInterface - start");
 141
 142         newAllowedAddressPair(PORT_1, Collections.singletonList(SG_UUID_1), Collections.singletonList(AAP_PORT_1),
 143                 Collections.singletonList(SUBNET_INFO_1));
 144         testInterfaceManager.addInterfaceInfo(newInterfaceInfo("port1"));
 145
 146         // When
 147         putNewStateInterface(dataBroker, "port1", PORT_MAC_1);
 148
 149         asyncEventsWaiter.awaitEventsConsumption();
 150         Thread.sleep(1000);
 151         // Then
 152         newInterfaceCheck();
 153         LOG.info("newInterface - end");
 154     }
 155
 156     abstract void newInterfaceCheck();
 157
 158     @Test
 159     public void newInterfaceWithEtherTypeAcl() throws Exception {
 160         LOG.info("newInterfaceWithEtherTypeAcl - start");
 161
 162         newAllowedAddressPair(PORT_1, Collections.singletonList(SG_UUID_1), Collections.singletonList(AAP_PORT_1),
 163                 Collections.singletonList(SUBNET_INFO_1));
 164         asyncEventsWaiter.awaitEventsConsumption();
 165         newAllowedAddressPair(PORT_2, Collections.singletonList(SG_UUID_1), Collections.singletonList(AAP_PORT_2),
 166                 Collections.singletonList(SUBNET_INFO_1));
 167         asyncEventsWaiter.awaitEventsConsumption();
 168
 169         Matches matches = newMatch(AclConstants.SOURCE_LOWER_PORT_UNSPECIFIED,
 170                 AclConstants.SOURCE_UPPER_PORT_UNSPECIFIED, AclConstants.DEST_LOWER_PORT_UNSPECIFIED,
 171                 AclConstants.DEST_UPPER_PORT_UNSPECIFIED, AclConstants.SOURCE_REMOTE_IP_PREFIX_UNSPECIFIED,
 172                 AclConstants.DEST_REMOTE_IP_PREFIX_SPECIFIED, (short) -1);
 173         dataBrokerUtil.put(new IdentifiedAceBuilder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_1)
 174                 .newMatches(matches).newDirection(DirectionEgress.class).build());
 175         asyncEventsWaiter.awaitEventsConsumption();
 176         matches = newMatch(AclConstants.SOURCE_LOWER_PORT_UNSPECIFIED, AclConstants.SOURCE_UPPER_PORT_UNSPECIFIED,
 177                 AclConstants.DEST_LOWER_PORT_UNSPECIFIED, AclConstants.DEST_UPPER_PORT_UNSPECIFIED,
 178                 AclConstants.SOURCE_REMOTE_IP_PREFIX_SPECIFIED, AclConstants.DEST_REMOTE_IP_PREFIX_UNSPECIFIED,
 179                 (short) -1);
 180         dataBrokerUtil.put(
 181                 new IdentifiedAceBuilder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_2).newMatches(matches)
 182                         .newDirection(DirectionIngress.class).newRemoteGroupId(new Uuid(SG_UUID_1)).build());
 183         asyncEventsWaiter.awaitEventsConsumption();
 184         // When
 185         putNewStateInterface(dataBroker, PORT_1, PORT_MAC_1);
 186         asyncEventsWaiter.awaitEventsConsumption();
 187         putNewStateInterface(dataBroker, PORT_2, PORT_MAC_2);
 188         asyncEventsWaiter.awaitEventsConsumption();
 189
 190         asyncEventsWaiter.awaitEventsConsumption();
 191         Thread.sleep(1000);
 192         // Then
 193         newInterfaceWithEtherTypeAclCheck();
 194         LOG.info("newInterfaceWithEtherTypeAcl - end");
 195     }
 196
 197     abstract void newInterfaceWithEtherTypeAclCheck();
 198
 199     @Test
 200     public void newInterfaceWithMultipleAcl() throws Exception {
 201         LOG.info("newInterfaceWithEtherTypeAcl - start");
 202
 203         newAllowedAddressPair(PORT_1, Collections.singletonList(SG_UUID_1), Collections.singletonList(AAP_PORT_1),
 204                 Collections.singletonList(SUBNET_INFO_1));
 205         asyncEventsWaiter.awaitEventsConsumption();
 206         newAllowedAddressPair(PORT_2, Collections.singletonList(SG_UUID_1), Collections.singletonList(AAP_PORT_2),
 207                 Collections.singletonList(SUBNET_INFO_1));
 208         asyncEventsWaiter.awaitEventsConsumption();
 209
 210         Matches matches = newMatch(AclConstants.SOURCE_LOWER_PORT_UNSPECIFIED,
 211                 AclConstants.SOURCE_UPPER_PORT_UNSPECIFIED, AclConstants.DEST_LOWER_PORT_UNSPECIFIED,
 212                 AclConstants.DEST_UPPER_PORT_UNSPECIFIED, AclConstants.SOURCE_REMOTE_IP_PREFIX_UNSPECIFIED,
 213                 AclConstants.DEST_REMOTE_IP_PREFIX_SPECIFIED, (short) -1);
 214         dataBrokerUtil.put(new IdentifiedAceBuilder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_1)
 215                 .newMatches(matches).newDirection(DirectionEgress.class).build());
 216         asyncEventsWaiter.awaitEventsConsumption();
 217         matches = newMatch(AclConstants.SOURCE_LOWER_PORT_UNSPECIFIED, AclConstants.SOURCE_UPPER_PORT_UNSPECIFIED,
 218                 AclConstants.DEST_LOWER_PORT_UNSPECIFIED, AclConstants.DEST_UPPER_PORT_UNSPECIFIED,
 219                 AclConstants.SOURCE_REMOTE_IP_PREFIX_SPECIFIED, AclConstants.DEST_REMOTE_IP_PREFIX_UNSPECIFIED,
 220                 (short) -1);
 221         dataBrokerUtil.put(
 222                 new IdentifiedAceBuilder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_2).newMatches(matches)
 223                         .newDirection(DirectionIngress.class).newRemoteGroupId(new Uuid(SG_UUID_1)).build());
 224         asyncEventsWaiter.awaitEventsConsumption();
 225         // When
 226         putNewStateInterface(dataBroker, PORT_1, PORT_MAC_1);
 227         asyncEventsWaiter.awaitEventsConsumption();
 228         putNewStateInterface(dataBroker, PORT_2, PORT_MAC_2);
 229         asyncEventsWaiter.awaitEventsConsumption();
 230
 231         asyncEventsWaiter.awaitEventsConsumption();
 232         Thread.sleep(1000);
 233         // Then
 234         newInterfaceWithEtherTypeAclCheck();
 235
 236         LOG.info("newInterfaceWithEtherTypeAcl - end");
 237
 238         // Given
 239         matches = newMatch(AclConstants.SOURCE_LOWER_PORT_UNSPECIFIED,
 240                 AclConstants.SOURCE_UPPER_PORT_UNSPECIFIED, AclConstants.DEST_LOWER_PORT_HTTP,
 241                 AclConstants.DEST_UPPER_PORT_HTTP, AclConstants.SOURCE_REMOTE_IP_PREFIX_UNSPECIFIED,
 242                 AclConstants.DEST_REMOTE_IP_PREFIX_SPECIFIED, (short) NwConstants.IP_PROT_TCP);
 243         dataBrokerUtil.put(new IdentifiedAceBuilder().sgUuid(SG_UUID_2).newRuleName(SR_UUID_2_1)
 244                 .newMatches(matches).newDirection(DirectionEgress.class).newRemoteGroupId(new Uuid(SG_UUID_2)).build());
 245         asyncEventsWaiter.awaitEventsConsumption();
 246         matches = newMatch(AclConstants.SOURCE_LOWER_PORT_UNSPECIFIED, AclConstants.SOURCE_UPPER_PORT_UNSPECIFIED,
 247                 AclConstants.DEST_LOWER_PORT_HTTP, AclConstants.DEST_UPPER_PORT_HTTP,
 248                 AclConstants.SOURCE_REMOTE_IP_PREFIX_SPECIFIED, AclConstants.DEST_REMOTE_IP_PREFIX_UNSPECIFIED,
 249                 (short) NwConstants.IP_PROT_TCP);
 250
 251         dataBrokerUtil.put(new IdentifiedAceBuilder().sgUuid(SG_UUID_2).newRuleName(SR_UUID_2_2)
 252                 .newMatches(matches).newDirection(DirectionIngress.class).build());
 253         asyncEventsWaiter.awaitEventsConsumption();
 254         List<String> sgList = new ArrayList<>();
 255         sgList.add(SG_UUID_1);
 256         sgList.add(SG_UUID_2);
 257         newAllowedAddressPair(PORT_1, sgList, Collections.singletonList(AAP_PORT_1),
 258                 Collections.singletonList(SUBNET_INFO_1));
 259         asyncEventsWaiter.awaitEventsConsumption();
 260         newAllowedAddressPair(PORT_2, sgList, Collections.singletonList(AAP_PORT_2),
 261                 Collections.singletonList(SUBNET_INFO_1));
 262         asyncEventsWaiter.awaitEventsConsumption();
 263
 264         asyncEventsWaiter.awaitEventsConsumption();
 265         Thread.sleep(1000);
 266         newInterfaceWithMultipleAclCheck();
 267     }
 268
 269     abstract void newInterfaceWithMultipleAclCheck();
 270
 271     @Test
 272     public void newInterfaceWithTcpDstAcl() throws Exception {
 273         LOG.info("newInterfaceWithTcpDstAcl - start");
 274
 275         newAllowedAddressPair(PORT_1, Collections.singletonList(SG_UUID_1), Collections.singletonList(AAP_PORT_1),
 276                 Collections.singletonList(SUBNET_INFO_1));
 277         asyncEventsWaiter.awaitEventsConsumption();
 278         newAllowedAddressPair(PORT_2, Collections.singletonList(SG_UUID_1), Collections.singletonList(AAP_PORT_2),
 279                 Collections.singletonList(SUBNET_INFO_1));
 280         asyncEventsWaiter.awaitEventsConsumption();
 281
 282         // Given
 283         Matches matches = newMatch(AclConstants.SOURCE_LOWER_PORT_UNSPECIFIED,
 284                 AclConstants.SOURCE_UPPER_PORT_UNSPECIFIED, AclConstants.DEST_LOWER_PORT_HTTP,
 285                 AclConstants.DEST_UPPER_PORT_HTTP, AclConstants.SOURCE_REMOTE_IP_PREFIX_UNSPECIFIED,
 286                 AclConstants.DEST_REMOTE_IP_PREFIX_SPECIFIED, (short) NwConstants.IP_PROT_TCP);
 287         dataBrokerUtil.put(new IdentifiedAceBuilder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_1)
 288                 .newMatches(matches).newDirection(DirectionEgress.class).newRemoteGroupId(new Uuid(SG_UUID_1)).build());
 289         asyncEventsWaiter.awaitEventsConsumption();
 290         matches = newMatch(AclConstants.SOURCE_LOWER_PORT_UNSPECIFIED, AclConstants.SOURCE_UPPER_PORT_UNSPECIFIED,
 291                 AclConstants.DEST_LOWER_PORT_HTTP, AclConstants.DEST_UPPER_PORT_HTTP,
 292                 AclConstants.SOURCE_REMOTE_IP_PREFIX_SPECIFIED, AclConstants.DEST_REMOTE_IP_PREFIX_UNSPECIFIED,
 293                 (short) NwConstants.IP_PROT_TCP);
 294
 295         dataBrokerUtil.put(new IdentifiedAceBuilder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_2)
 296                 .newMatches(matches).newDirection(DirectionIngress.class).build());
 297         asyncEventsWaiter.awaitEventsConsumption();
 298
 299         // When
 300         putNewStateInterface(dataBroker, PORT_1, PORT_MAC_1);
 301         asyncEventsWaiter.awaitEventsConsumption();
 302         putNewStateInterface(dataBroker, PORT_2, PORT_MAC_2);
 303         asyncEventsWaiter.awaitEventsConsumption();
 304
 305         asyncEventsWaiter.awaitEventsConsumption();
 306         Thread.sleep(1000);
 307         // Then
 308         newInterfaceWithTcpDstAclCheck();
 309         LOG.info("newInterfaceWithTcpDstAcl - end");
 310     }
 311
 312     abstract void newInterfaceWithTcpDstAclCheck();
 313
 314     @Test
 315     public void newInterfaceWithUdpDstAcl() throws Exception {
 316         LOG.info("newInterfaceWithUdpDstAcl - start");
 317
 318         newAllowedAddressPair(PORT_1, Collections.singletonList(SG_UUID_1), Collections.singletonList(AAP_PORT_1),
 319                 Collections.singletonList(SUBNET_INFO_1));
 320         asyncEventsWaiter.awaitEventsConsumption();
 321         newAllowedAddressPair(PORT_2, Collections.singletonList(SG_UUID_1), Collections.singletonList(AAP_PORT_2),
 322                 Collections.singletonList(SUBNET_INFO_1));
 323         asyncEventsWaiter.awaitEventsConsumption();
 324
 325         // Given
 326         Matches matches = newMatch(AclConstants.SOURCE_LOWER_PORT_UNSPECIFIED,
 327                 AclConstants.SOURCE_UPPER_PORT_UNSPECIFIED, AclConstants.DEST_LOWER_PORT_HTTP,
 328                 AclConstants.DEST_UPPER_PORT_HTTP, AclConstants.SOURCE_REMOTE_IP_PREFIX_UNSPECIFIED,
 329                 AclConstants.DEST_REMOTE_IP_PREFIX_SPECIFIED, (short) NwConstants.IP_PROT_UDP);
 330         dataBrokerUtil.put(new IdentifiedAceBuilder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_1)
 331                 .newMatches(matches).newDirection(DirectionEgress.class).build());
 332         asyncEventsWaiter.awaitEventsConsumption();
 333
 334         matches = newMatch(AclConstants.SOURCE_LOWER_PORT_UNSPECIFIED, AclConstants.SOURCE_UPPER_PORT_UNSPECIFIED,
 335                 AclConstants.DEST_LOWER_PORT_HTTP, AclConstants.DEST_UPPER_PORT_HTTP,
 336                 AclConstants.SOURCE_REMOTE_IP_PREFIX_SPECIFIED, AclConstants.DEST_REMOTE_IP_PREFIX_UNSPECIFIED,
 337                 (short) NwConstants.IP_PROT_UDP);
 338         dataBrokerUtil.put(
 339                 new IdentifiedAceBuilder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_2).newMatches(matches)
 340                         .newDirection(DirectionIngress.class).newRemoteGroupId(new Uuid(SG_UUID_1)).build());
 341         asyncEventsWaiter.awaitEventsConsumption();
 342
 343         // When
 344         putNewStateInterface(dataBroker, PORT_1, PORT_MAC_1);
 345         asyncEventsWaiter.awaitEventsConsumption();
 346         putNewStateInterface(dataBroker, PORT_2, PORT_MAC_2);
 347         asyncEventsWaiter.awaitEventsConsumption();
 348
 349         asyncEventsWaiter.awaitEventsConsumption();
 350         Thread.sleep(1000);
 351         // Then
 352         newInterfaceWithUdpDstAclCheck();
 353         LOG.info("newInterfaceWithUdpDstAcl - end");
 354     }
 355
 356     abstract void newInterfaceWithUdpDstAclCheck();
 357
 358     @Test
 359     public void newInterfaceWithIcmpAcl() throws Exception {
 360         LOG.info("newInterfaceWithIcmpAcl - start");
 361
 362         newAllowedAddressPair(PORT_1, Collections.singletonList(SG_UUID_1), Collections.singletonList(AAP_PORT_1),
 363                 Collections.singletonList(SUBNET_INFO_1));
 364         asyncEventsWaiter.awaitEventsConsumption();
 365         newAllowedAddressPair(PORT_2, Collections.singletonList(SG_UUID_1), Collections.singletonList(AAP_PORT_2),
 366                 Collections.singletonList(SUBNET_INFO_1));
 367         asyncEventsWaiter.awaitEventsConsumption();
 368         // Given
 369         prepareInterfaceWithIcmpAcl();
 370
 371         // When
 372         putNewStateInterface(dataBroker, PORT_1, PORT_MAC_1);
 373         asyncEventsWaiter.awaitEventsConsumption();
 374         putNewStateInterface(dataBroker, PORT_2, PORT_MAC_2);
 375         asyncEventsWaiter.awaitEventsConsumption();
 376
 377         asyncEventsWaiter.awaitEventsConsumption();
 378         Thread.sleep(1000);
 379         // Then
 380         newInterfaceWithIcmpAclCheck();
 381         LOG.info("newInterfaceWithIcmpAcl - end");
 382     }
 383
 384     abstract void newInterfaceWithIcmpAclCheck();
 385
 386     @Test
 387     public void newInterfaceWithDstPortRange() throws Exception {
 388         LOG.info("newInterfaceWithDstPortRange - start");
 389
 390         newAllowedAddressPair(PORT_1, Collections.singletonList(SG_UUID_1), Collections.singletonList(AAP_PORT_1),
 391                 Collections.singletonList(SUBNET_INFO_1));
 392         asyncEventsWaiter.awaitEventsConsumption();
 393         // Given
 394         Matches matches = newMatch(AclConstants.SOURCE_LOWER_PORT_UNSPECIFIED,
 395                 AclConstants.SOURCE_UPPER_PORT_UNSPECIFIED, 333, 777, AclConstants.SOURCE_REMOTE_IP_PREFIX_UNSPECIFIED,
 396                 AclConstants.DEST_REMOTE_IP_PREFIX_SPECIFIED, (short) NwConstants.IP_PROT_TCP);
 397         dataBrokerUtil.put(new IdentifiedAceBuilder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_1)
 398                 .newMatches(matches).newDirection(DirectionEgress.class).build());
 399         asyncEventsWaiter.awaitEventsConsumption();
 400         matches = newMatch(AclConstants.SOURCE_LOWER_PORT_UNSPECIFIED, AclConstants.SOURCE_UPPER_PORT_UNSPECIFIED, 2000,
 401                 2003, AclConstants.SOURCE_REMOTE_IP_PREFIX_SPECIFIED, AclConstants.DEST_REMOTE_IP_PREFIX_UNSPECIFIED,
 402                 (short) NwConstants.IP_PROT_UDP);
 403
 404         dataBrokerUtil.put(new IdentifiedAceBuilder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_2)
 405                 .newMatches(matches).newDirection(DirectionIngress.class).build());
 406         asyncEventsWaiter.awaitEventsConsumption();
 407
 408         // When
 409         putNewStateInterface(dataBroker, PORT_1, PORT_MAC_1);
 410         asyncEventsWaiter.awaitEventsConsumption();
 411
 412         asyncEventsWaiter.awaitEventsConsumption();
 413         Thread.sleep(1000);
 414         // Then
 415         newInterfaceWithDstPortRangeCheck();
 416         LOG.info("newInterfaceWithDstPortRange - end");
 417     }
 418
 419     abstract void newInterfaceWithDstPortRangeCheck();
 420
 421     @Test
 422     public void newInterfaceWithDstAllPorts() throws Exception {
 423         LOG.info("newInterfaceWithDstAllPorts - start");
 424
 425         newAllowedAddressPair(PORT_1, Collections.singletonList(SG_UUID_1), Collections.singletonList(AAP_PORT_1),
 426                 Collections.singletonList(SUBNET_INFO_1));
 427         asyncEventsWaiter.awaitEventsConsumption();
 428         // Given
 429         Matches matches = newMatch(AclConstants.SOURCE_LOWER_PORT_UNSPECIFIED,
 430                 AclConstants.SOURCE_UPPER_PORT_UNSPECIFIED, 1, 65535, AclConstants.SOURCE_REMOTE_IP_PREFIX_UNSPECIFIED,
 431                 AclConstants.DEST_REMOTE_IP_PREFIX_SPECIFIED, (short) NwConstants.IP_PROT_TCP);
 432         dataBrokerUtil.put(new IdentifiedAceBuilder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_1)
 433                 .newMatches(matches).newDirection(DirectionEgress.class).build());
 434         asyncEventsWaiter.awaitEventsConsumption();
 435         matches = newMatch(AclConstants.SOURCE_LOWER_PORT_UNSPECIFIED, AclConstants.SOURCE_UPPER_PORT_UNSPECIFIED, 1,
 436                 65535, AclConstants.SOURCE_REMOTE_IP_PREFIX_SPECIFIED, AclConstants.DEST_REMOTE_IP_PREFIX_UNSPECIFIED,
 437                 (short) NwConstants.IP_PROT_UDP);
 438
 439         dataBrokerUtil.put(new IdentifiedAceBuilder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_2)
 440                 .newMatches(matches).newDirection(DirectionIngress.class).build());
 441         asyncEventsWaiter.awaitEventsConsumption();
 442
 443         // When
 444         putNewStateInterface(dataBroker, PORT_1, PORT_MAC_1);
 445         asyncEventsWaiter.awaitEventsConsumption();
 446
 447         asyncEventsWaiter.awaitEventsConsumption();
 448         Thread.sleep(1000);
 449         // Then
 450         newInterfaceWithDstAllPortsCheck();
 451         LOG.info("newInterfaceWithDstAllPorts - end");
 452     }
 453
 454     abstract void newInterfaceWithDstAllPortsCheck();
 455
 456     @Test
 457     public void newInterfaceWithTwoAclsHavingSameRules() throws Exception {
 458         LOG.info("newInterfaceWithTwoAclsHavingSameRules - start");
 459
 460         newAllowedAddressPair(PORT_3, Arrays.asList(SG_UUID_1, SG_UUID_2), Collections.singletonList(AAP_PORT_3),
 461                 Collections.singletonList(SUBNET_INFO_1));
 462         asyncEventsWaiter.awaitEventsConsumption();
 463         // Given
 464         Matches icmpEgressMatches = newMatch(AclConstants.SOURCE_LOWER_PORT_UNSPECIFIED,
 465                 AclConstants.SOURCE_UPPER_PORT_UNSPECIFIED, AclConstants.DEST_LOWER_PORT_2,
 466                 AclConstants.DEST_UPPER_PORT_3, AclConstants.SOURCE_REMOTE_IP_PREFIX_UNSPECIFIED,
 467                 AclConstants.DEST_REMOTE_IP_PREFIX_SPECIFIED, (short) NwConstants.IP_PROT_ICMP);
 468         Matches icmpIngressMatches = newMatch(AclConstants.SOURCE_LOWER_PORT_UNSPECIFIED,
 469                 AclConstants.SOURCE_UPPER_PORT_UNSPECIFIED, AclConstants.DEST_LOWER_PORT_2,
 470                 AclConstants.DEST_UPPER_PORT_3, AclConstants.SOURCE_REMOTE_IP_PREFIX_SPECIFIED,
 471                 AclConstants.DEST_REMOTE_IP_PREFIX_UNSPECIFIED, (short) NwConstants.IP_PROT_ICMP);
 472
 473         dataBrokerUtil.put(new IdentifiedAceBuilder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_1)
 474                 .newMatches(icmpEgressMatches).newDirection(DirectionEgress.class).build());
 475         asyncEventsWaiter.awaitEventsConsumption();
 476
 477         dataBrokerUtil.put(new IdentifiedAceBuilder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_2)
 478                 .newMatches(icmpIngressMatches).newDirection(DirectionIngress.class).build());
 479         asyncEventsWaiter.awaitEventsConsumption();
 480
 481         dataBrokerUtil.put(new IdentifiedAceBuilder().sgUuid(SG_UUID_2).newRuleName(SR_UUID_2_1)
 482                 .newMatches(icmpEgressMatches).newDirection(DirectionEgress.class).build());
 483         asyncEventsWaiter.awaitEventsConsumption();
 484
 485         dataBrokerUtil.put(new IdentifiedAceBuilder().sgUuid(SG_UUID_2).newRuleName(SR_UUID_2_2)
 486                 .newMatches(icmpIngressMatches).newDirection(DirectionIngress.class).build());
 487         asyncEventsWaiter.awaitEventsConsumption();
 488
 489         // When
 490         putNewStateInterface(dataBroker, PORT_3, PORT_MAC_3);
 491         asyncEventsWaiter.awaitEventsConsumption();
 492
 493         asyncEventsWaiter.awaitEventsConsumption();
 494         Thread.sleep(1000);
 495         // Then
 496         newInterfaceWithTwoAclsHavingSameRulesCheck();
 497         LOG.info("newInterfaceWithTwoAclsHavingSameRules - end");
 498     }
 499
 500     abstract void newInterfaceWithTwoAclsHavingSameRulesCheck();
 501
 502     @Test
 503     public void newInterfaceWithIcmpAclHavingOverlappingMac() throws Exception {
 504         newAllowedAddressPair(PORT_1, Collections.singletonList(SG_UUID_1), Collections.singletonList(AAP_PORT_1),
 505                 Collections.singletonList(SUBNET_INFO_1));
 506         asyncEventsWaiter.awaitEventsConsumption();
 507         newAllowedAddressPair(PORT_2, Collections.singletonList(SG_UUID_1), Collections.singletonList(AAP_PORT_2),
 508                 Collections.singletonList(SUBNET_INFO_1));
 509         asyncEventsWaiter.awaitEventsConsumption();
 510         // Given
 511         prepareInterfaceWithIcmpAcl();
 512
 513         // When
 514         putNewStateInterface(dataBroker, PORT_1, PORT_MAC_1);
 515         asyncEventsWaiter.awaitEventsConsumption();
 516         putNewStateInterface(dataBroker, PORT_2, PORT_MAC_1);
 517         asyncEventsWaiter.awaitEventsConsumption();
 518
 519         asyncEventsWaiter.awaitEventsConsumption();
 520         Thread.sleep(1000);
 521         // Then
 522         newInterfaceWithIcmpAclCheck();
 523     }
 524
 525     @Test
 526     public void newInterfaceWithAapIpv4All() throws Exception {
 527         LOG.info("newInterfaceWithAapIpv4All test - start");
 528         newAllowedAddressPair(PORT_1, Collections.singletonList(SG_UUID_1), Collections.singletonList(AAP_PORT_1),
 529                 Collections.singletonList(SUBNET_INFO_1));
 530         asyncEventsWaiter.awaitEventsConsumption();
 531         List<AllowedAddressPairs> aapList = new ArrayList<>();
 532         aapList.add(AAP_PORT_2);
 533         aapList.add(buildAap("0.0.0.0/0", PORT_MAC_2));
 534         newAllowedAddressPair(PORT_2, Collections.singletonList(SG_UUID_1), aapList,
 535                 Collections.singletonList(SUBNET_INFO_1));
 536         asyncEventsWaiter.awaitEventsConsumption();
 537
 538         prepareInterfaceWithIcmpAcl();
 539         // When
 540         putNewStateInterface(dataBroker, PORT_1, PORT_MAC_1);
 541         asyncEventsWaiter.awaitEventsConsumption();
 542         putNewStateInterface(dataBroker, PORT_2, PORT_MAC_2);
 543         asyncEventsWaiter.awaitEventsConsumption();
 544
 545         asyncEventsWaiter.awaitEventsConsumption();
 546         Thread.sleep(1000);
 547         // Then
 548         newInterfaceWithAapIpv4AllCheck();
 549         LOG.info("newInterfaceWithAapIpv4All test - end");
 550     }
 551
 552     abstract void newInterfaceWithAapIpv4AllCheck();
 553
 554     @Test
 555     public void newInterfaceWithAap() throws Exception {
 556         LOG.info("newInterfaceWithAap test - start");
 557
 558         newAllowedAddressPair(PORT_1, Collections.singletonList(SG_UUID_1), Collections.singletonList(AAP_PORT_1),
 559                 Collections.singletonList(SUBNET_INFO_1));
 560         asyncEventsWaiter.awaitEventsConsumption();
 561         newAllowedAddressPair(PORT_2, Collections.singletonList(SG_UUID_1),
 562                 Arrays.asList(AAP_PORT_2, AAP_PORT_100, AAP_PORT_101), Collections.singletonList(SUBNET_INFO_1));
 563         asyncEventsWaiter.awaitEventsConsumption();
 564
 565         prepareInterfaceWithIcmpAcl();
 566         // When
 567         putNewStateInterface(dataBroker, PORT_1, PORT_MAC_1);
 568         asyncEventsWaiter.awaitEventsConsumption();
 569         putNewStateInterface(dataBroker, PORT_2, PORT_MAC_2);
 570         asyncEventsWaiter.awaitEventsConsumption();
 571
 572         asyncEventsWaiter.awaitEventsConsumption();
 573         Thread.sleep(1000);
 574         // Then
 575         newInterfaceWithAapCheck();
 576         LOG.info("newInterfaceWithAap test - end");
 577     }
 578
 579     abstract void newInterfaceWithAapCheck();
 580
 581     protected void assertFlowsInAnyOrder(Iterable<FlowEntity> expectedFlows) {
 582         coordinatorEventsWaiter.awaitEventsConsumption();
 583         asyncEventsWaiter.awaitEventsConsumption();
 584         mdsalApiManager.assertFlowsInAnyOrder(expectedFlows);
 585     }
 586
 587     protected void prepareInterfaceWithIcmpAcl() throws TransactionCommitFailedException {
 588         // Given
 589         Matches matches = newMatch(AclConstants.SOURCE_LOWER_PORT_UNSPECIFIED,
 590                 AclConstants.SOURCE_UPPER_PORT_UNSPECIFIED, AclConstants.DEST_LOWER_PORT_2,
 591                 AclConstants.DEST_UPPER_PORT_3, AclConstants.SOURCE_REMOTE_IP_PREFIX_UNSPECIFIED,
 592                 AclConstants.DEST_REMOTE_IP_PREFIX_SPECIFIED, (short) NwConstants.IP_PROT_ICMP);
 593         dataBrokerUtil.put(new IdentifiedAceBuilder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_1)
 594                 .newMatches(matches).newDirection(DirectionEgress.class).newRemoteGroupId(new Uuid(SG_UUID_1)).build());
 595         asyncEventsWaiter.awaitEventsConsumption();
 596
 597         matches = newMatch(AclConstants.SOURCE_LOWER_PORT_UNSPECIFIED, AclConstants.SOURCE_UPPER_PORT_UNSPECIFIED,
 598                 AclConstants.DEST_LOWER_PORT_2, AclConstants.DEST_UPPER_PORT_3,
 599                 AclConstants.SOURCE_REMOTE_IP_PREFIX_SPECIFIED, AclConstants.DEST_REMOTE_IP_PREFIX_UNSPECIFIED,
 600                 (short) NwConstants.IP_PROT_ICMP);
 601         dataBrokerUtil.put(new IdentifiedAceBuilder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_2)
 602                 .newMatches(matches).newDirection(DirectionIngress.class).build());
 603         asyncEventsWaiter.awaitEventsConsumption();
 604     }
 605
 606     protected void newAllowedAddressPair(String portName, List<String> sgUuidList, List<AllowedAddressPairs> aapList,
 607             List<SubnetInfo> subnetInfo)
 608             throws TransactionCommitFailedException {
 609         List<Uuid> sgList = sgUuidList.stream().map(Uuid::new).collect(Collectors.toList());
 610         Pair<DataTreeIdentifier<Interface>, Interface> port = new IdentifiedInterfaceWithAclBuilder()
 611                 .interfaceName(portName)
 612                 .portSecurity(true)
 613                 .addAllNewSecurityGroups(sgList)
 614                 .addAllIfAllowedAddressPairs(aapList)
 615                 .addAllIfSubnetInfo(subnetInfo).build();
 616         dataBrokerUtil.put(port);
 617         testInterfaceManager.addInterface(port.getValue());
 618     }
 619
 620     protected void newElan(String elanName, long elanId) throws TransactionCommitFailedException {
 621         ElanInstance elan = new ElanInstanceBuilder().setElanInstanceName(elanName).setElanTag(5000L).build();
 622         singleTransactionDataBroker.syncWrite(CONFIGURATION,
 623                 AclServiceUtils.getElanInstanceConfigurationDataPath(elanName), elan);
 624     }
 625
 626     protected void newElanInterface(String elanName, String portName, boolean isWrite)
 627             throws TransactionCommitFailedException {
 628         ElanInterface elanInterface =
 629                 new ElanInterfaceBuilder().setName(portName).setElanInstanceName(elanName).build();
 630         InstanceIdentifier<ElanInterface> id = AclServiceUtils.getElanInterfaceConfigurationDataPathId(portName);
 631         if (isWrite) {
 632             singleTransactionDataBroker.syncWrite(CONFIGURATION, id, elanInterface);
 633         } else {
 634             singleTransactionDataBroker.syncDelete(CONFIGURATION, id);
 635         }
 636     }
 637
 638     // TODO refactor this instead of stealing it from org.opendaylight.netvirt.neutronvpn.NeutronSecurityRuleListener
 639     protected Matches newMatch(int srcLowerPort, int srcUpperPort, int destLowerPort, int destupperPort,
 640             int srcRemoteIpPrefix, int dstRemoteIpPrefix, short protocol) {
 641
 642         AceIpBuilder aceIpBuilder = new AceIpBuilder();
 643         if (destLowerPort != -1) {
 644             DestinationPortRangeBuilder destinationPortRangeBuilder = new DestinationPortRangeBuilder();
 645             destinationPortRangeBuilder.setLowerPort(new PortNumber(destLowerPort));
 646             destinationPortRangeBuilder.setUpperPort(new PortNumber(destupperPort));
 647             aceIpBuilder.setDestinationPortRange(destinationPortRangeBuilder.build());
 648         }
 649         AceIpv4Builder aceIpv4Builder = new AceIpv4Builder();
 650         if (srcRemoteIpPrefix == AclConstants.SOURCE_REMOTE_IP_PREFIX_SPECIFIED) {
 651             aceIpv4Builder.setSourceIpv4Network(new Ipv4Prefix(AclConstants.IPV4_ALL_NETWORK));
 652         }
 653         if (dstRemoteIpPrefix == AclConstants.DEST_REMOTE_IP_PREFIX_SPECIFIED) {
 654             aceIpv4Builder.setSourceIpv4Network(new Ipv4Prefix(AclConstants.IPV4_ALL_NETWORK));
 655         }
 656         if (protocol != -1) {
 657             aceIpBuilder.setProtocol(protocol);
 658         }
 659         aceIpBuilder.setAceIpVersion(aceIpv4Builder.build());
 660
 661         MatchesBuilder matchesBuilder = new MatchesBuilder();
 662         matchesBuilder.setAceType(aceIpBuilder.build());
 663         return matchesBuilder.build();
 664     }
 665
 666     protected static AllowedAddressPairs buildAap(String ipAddress, String macAddress) {
 667         return new AllowedAddressPairsBuilder()
 668                 .setIpAddress(new IpPrefixOrAddress(IpPrefixBuilder.getDefaultInstance(ipAddress)))
 669                 .setMacAddress(new MacAddress(macAddress)).build();
 670     }
 671
 672     protected static SubnetInfo buildSubnetInfo(Uuid subnetId, String ipPrefix,
 673             Class<? extends IpVersionBase> ipVersion, String gwIp) {
 674         return new SubnetInfoBuilder().withKey(new SubnetInfoKey(subnetId)).setIpVersion(ipVersion)
 675                 .setIpPrefix(IpPrefixOrAddressBuilder.getDefaultInstance(ipPrefix))
 676                 .setGatewayIp(IpAddressBuilder.getDefaultInstance(gwIp)).build();
 677     }
 678
 679     protected void setUpData() throws Exception {
 680         newElan(ELAN, ELAN_TAG);
 681         newElanInterface(ELAN, PORT_1, true);
 682         newElanInterface(ELAN, PORT_2, true);
 683         newElanInterface(ELAN, PORT_3, true);
 684         newElanInterface(ELAN, PORT_4, true);
 685
 686         AAP_PORT_1 = buildAap(IP_PREFIX_1, PORT_MAC_1);
 687         AAP_PORT_2 = buildAap(IP_PREFIX_2, PORT_MAC_2);
 688         AAP_PORT_3 = buildAap(IP_PREFIX_3, PORT_MAC_3);
 689         AAP_PORT_4 = buildAap(IP_PREFIX_4, PORT_MAC_4);
 690         AAP_PORT_100 = buildAap(IP_100_PREFIX, PORT_MAC_2);
 691         AAP_PORT_101 = buildAap(IP_101_PREFIX, "0D:AA:D8:42:30:A4");
 692     }
 693
 694 }