2 * Copyright (c) 2015, 2016 Hewlett-Packard Enterprise and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
8 package org.opendaylight.netvirt.openstack.netvirt.impl;
10 import static org.mockito.Matchers.eq;
11 import static org.mockito.Mockito.times;
12 import static org.mockito.Mockito.verify;
13 import static org.mockito.Mockito.when;
14 import static org.mockito.Matchers.any;
15 import static org.mockito.Matchers.anyBoolean;
17 import java.util.ArrayList;
18 import java.util.HashMap;
19 import java.util.List;
22 import org.junit.Before;
23 import org.junit.Test;
24 import org.junit.runner.RunWith;
25 import org.mockito.InjectMocks;
26 import org.mockito.Mock;
27 import org.mockito.runners.MockitoJUnitRunner;
28 import org.opendaylight.netvirt.openstack.netvirt.api.SecurityServicesManager;
29 import org.opendaylight.netvirt.openstack.netvirt.translator.NeutronPort;
30 import org.opendaylight.netvirt.openstack.netvirt.translator.NeutronSecurityGroup;
31 import org.opendaylight.netvirt.openstack.netvirt.translator.NeutronSecurityRule;
32 import org.opendaylight.netvirt.openstack.netvirt.translator.Neutron_IPs;
33 import org.opendaylight.netvirt.openstack.netvirt.translator.crud.INeutronPortCRUD;
34 import org.opendaylight.netvirt.openstack.netvirt.translator.crud.INeutronSecurityGroupCRUD;
35 import org.opendaylight.netvirt.openstack.netvirt.translator.crud.INeutronSecurityRuleCRUD;
36 import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.NodeId;
39 * Unit test fort {@link SecurityGroupCacheManagerImpl}
41 @RunWith(MockitoJUnitRunner.class)
42 public class SecurityGroupCacheManagerImplTest {
44 @InjectMocks private SecurityGroupCacheManagerImpl securityGroupCacheManagerImpl;
45 @Mock private INeutronPortCRUD neutronPortCache;
46 @Mock private INeutronSecurityGroupCRUD securityGroupCache;
47 @Mock private INeutronSecurityRuleCRUD neutronSecurityRuleCache;
48 @Mock NeutronPort neutronPort_Vm1;
49 @Mock NeutronPort neutronPort_Vm2;
50 @Mock NeutronPort neutronPort_Vm3;
51 @Mock NeutronPort neutronPort_Vm4;
52 @Mock NeutronPort neutronPort_Vm5;
53 @Mock SecurityServicesManager securityServicesManager;
54 @Mock NeutronSecurityGroup neutronSecurityGroup_1;
55 @Mock NeutronSecurityGroup neutronSecurityGroup_2;
56 @Mock NeutronSecurityGroup neutronSecurityGroup_3;
57 @Mock NeutronSecurityRule neutronSecurityRule_1;
58 @Mock NeutronSecurityRule neutronSecurityRule_2;
59 @Mock NeutronSecurityRule neutronSecurityRule_3;
60 @Mock Neutron_IPs neutron_ip_1;
61 @Mock Neutron_IPs neutron_ip_2;
62 @Mock Neutron_IPs neutron_ip_3;
63 @Mock Neutron_IPs neutron_ip_4;
64 @Mock Neutron_IPs neutron_ip_5;
65 @Mock NodeId nodeId_1;
66 @Mock NeutronL3Adapter neutronL3Adapter;
67 @Mock SecurityServicesImpl securityServicesImpl;
69 private static final String NEUTRON_PORT_ID_VM_1 = "neutronID_VM_1";
70 private static final String NEUTRON_PORT_ID_VM_2 = "neutronID_VM_2";
71 private static final String NEUTRON_PORT_ID_VM_3 = "neutronID_VM_3";
72 private static final String NEUTRON_PORT_ID_VM_4 = "neutronID_VM_4";
73 private static final String NEUTRON_PORT_ID_VM_5 = "neutronID_VM_5";
74 private static final String SECURITY_GROUP_ID_1 = "securityGroupId_1";
75 private static final String SECURITY_GROUP_ID_2 = "securityGroupId_2";
76 private static final String SECURITY_GROUP_ID_3 = "securityGroupId_3";
77 private static final List<Neutron_IPs> neutron_IPs_1 = new ArrayList<>();
78 private static final List<Neutron_IPs> neutron_IPs_2 = new ArrayList<>();
79 private static final List<Neutron_IPs> neutron_IPs_3 = new ArrayList<>();
80 private static final List<Neutron_IPs> neutron_IPs_4 = new ArrayList<>();
81 private static final List<Neutron_IPs> neutron_IPs_5 = new ArrayList<>();
84 public void setUp() throws Exception {
86 List<NeutronSecurityGroup> securityGroups_Vm_1 = new ArrayList<>();
87 securityGroups_Vm_1.add(neutronSecurityGroup_1);
88 List<NeutronSecurityGroup> securityGroups_Vm_2 = new ArrayList<>();
89 securityGroups_Vm_2.add(neutronSecurityGroup_2);
90 List<NeutronSecurityGroup> securityGroups_Vm_3 = new ArrayList<>();
91 securityGroups_Vm_3.add(neutronSecurityGroup_3);
92 List<NeutronSecurityRule> securityRule = new ArrayList<>();
93 securityRule.add(neutronSecurityRule_1);
94 securityRule.add(neutronSecurityRule_2);
95 securityRule.add(neutronSecurityRule_3);
97 neutron_IPs_1.add(neutron_ip_1);
98 neutron_IPs_2.add(neutron_ip_2);
99 neutron_IPs_3.add(neutron_ip_3);
100 neutron_IPs_4.add(neutron_ip_4);
101 neutron_IPs_5.add(neutron_ip_5);
103 when(neutronPort_Vm1.getID()).thenReturn(NEUTRON_PORT_ID_VM_1);
104 when(neutronPort_Vm2.getID()).thenReturn(NEUTRON_PORT_ID_VM_2);
105 when(neutronPort_Vm3.getID()).thenReturn(NEUTRON_PORT_ID_VM_3);
106 when(neutronPort_Vm4.getID()).thenReturn(NEUTRON_PORT_ID_VM_4);
107 when(neutronPort_Vm5.getID()).thenReturn(NEUTRON_PORT_ID_VM_5);
108 when(neutronPort_Vm1.getSecurityGroups()).thenReturn(securityGroups_Vm_1);
109 when(neutronPort_Vm2.getSecurityGroups()).thenReturn(securityGroups_Vm_1);
110 when(neutronPort_Vm3.getSecurityGroups()).thenReturn(securityGroups_Vm_3);
111 when(neutronPort_Vm4.getSecurityGroups()).thenReturn(securityGroups_Vm_1);
112 when(neutronPort_Vm5.getSecurityGroups()).thenReturn(securityGroups_Vm_3);
113 when(neutronSecurityRuleCache.getAllNeutronSecurityRules()).thenReturn(securityRule);
114 when(neutronSecurityGroup_1.getSecurityGroupUUID()).thenReturn(SECURITY_GROUP_ID_1);
115 when(neutronSecurityGroup_2.getSecurityGroupUUID()).thenReturn(SECURITY_GROUP_ID_2);
116 when(neutronSecurityGroup_3.getSecurityGroupUUID()).thenReturn(SECURITY_GROUP_ID_3);
117 when(neutronSecurityGroup_1.getID()).thenReturn(SECURITY_GROUP_ID_1);
118 when(neutronSecurityGroup_2.getID()).thenReturn(SECURITY_GROUP_ID_2);
119 when(neutronSecurityGroup_3.getID()).thenReturn(SECURITY_GROUP_ID_3);
120 when(neutronSecurityRule_1.getSecurityRuleGroupID()).thenReturn(SECURITY_GROUP_ID_1);
121 when(neutronSecurityRule_2.getSecurityRuleGroupID()).thenReturn(SECURITY_GROUP_ID_2);
122 when(neutronSecurityRule_3.getSecurityRuleGroupID()).thenReturn(SECURITY_GROUP_ID_3);
123 when(neutronSecurityRule_1.getSecurityRemoteGroupID()).thenReturn(SECURITY_GROUP_ID_1);
124 when(neutronSecurityRule_3.getSecurityRemoteGroupID()).thenReturn(SECURITY_GROUP_ID_2);
125 when(neutronPort_Vm1.getFixedIPs()).thenReturn(neutron_IPs_1);
126 when(neutronPort_Vm2.getFixedIPs()).thenReturn(neutron_IPs_2);
127 when(neutronPort_Vm3.getFixedIPs()).thenReturn(neutron_IPs_3);
128 when(neutronPortCache.getPort(eq(NEUTRON_PORT_ID_VM_1))).thenReturn(neutronPort_Vm1);
129 when(neutronPortCache.getPort(eq(NEUTRON_PORT_ID_VM_2))).thenReturn(neutronPort_Vm2);
130 when(neutronPortCache.getPort(eq(NEUTRON_PORT_ID_VM_3))).thenReturn(neutronPort_Vm3);
131 when(neutronL3Adapter.getPortPreferablyFromCleanupCache(NEUTRON_PORT_ID_VM_1)).thenReturn(neutronPort_Vm1);
135 * Remote Cache is empty a new port is added.
138 public void testPortAddedWithNoRemoteSGInCache() {
139 securityGroupCacheManagerImpl.portAdded(SECURITY_GROUP_ID_1, NEUTRON_PORT_ID_VM_1);
140 verify(securityServicesManager, times(0)).syncSecurityRule(any(NeutronPort.class), any(NeutronSecurityRule.class), any(Neutron_IPs.class), any(NodeId.class), any(NeutronSecurityGroup.class), anyBoolean());
144 * Remote Cache is empty a new port is removed.
147 public void testPortRemovedWithNoRemoteSGInCache() {
148 securityGroupCacheManagerImpl.addToCache(SECURITY_GROUP_ID_1, NEUTRON_PORT_ID_VM_1, nodeId_1);
149 securityGroupCacheManagerImpl.portRemoved(SECURITY_GROUP_ID_1, NEUTRON_PORT_ID_VM_1);
150 verify(securityServicesManager, times(0)).syncSecurityRule(any(NeutronPort.class), any(NeutronSecurityRule.class), any(Neutron_IPs.class), any(NodeId.class), any(NeutronSecurityGroup.class), anyBoolean());
154 * neutronSecurityGroup_1 has a rule which has neutronSecurityGroup_1 as remote SG.
155 * A port with neutronSecurityGroup_1 is present in cache and new one is added.
158 public void testPortAddedWithSelfInCache() {
159 securityGroupCacheManagerImpl.addToCache(SECURITY_GROUP_ID_1, NEUTRON_PORT_ID_VM_1, nodeId_1);
160 securityGroupCacheManagerImpl.portAdded(SECURITY_GROUP_ID_1, NEUTRON_PORT_ID_VM_1);
161 securityGroupCacheManagerImpl.addToCache(SECURITY_GROUP_ID_1, NEUTRON_PORT_ID_VM_2, nodeId_1);
162 securityGroupCacheManagerImpl.portAdded(SECURITY_GROUP_ID_1, NEUTRON_PORT_ID_VM_2);
163 securityServicesManager.syncSecurityRule(neutronPort_Vm1, neutronSecurityRule_1, neutron_ip_2, nodeId_1, neutronSecurityGroup_1, true);
164 verify(securityServicesManager, times(1)).syncSecurityRule(eq(neutronPort_Vm1), eq(neutronSecurityRule_1), eq(neutron_ip_2), eq(nodeId_1), eq(neutronSecurityGroup_1), eq(true));
168 * neutronSecurityGroup_1 has a rule which has neutronSecurityGroup_1 as remote SG.
169 * Two port with neutronSecurityGroup_1 is present in cache and one of them is removed.
172 public void testPortRemovedWithSelfInCache() {
173 securityGroupCacheManagerImpl.addToCache(SECURITY_GROUP_ID_1, NEUTRON_PORT_ID_VM_1, nodeId_1);
174 securityGroupCacheManagerImpl.addToCache(SECURITY_GROUP_ID_1, NEUTRON_PORT_ID_VM_2, nodeId_1);
175 securityGroupCacheManagerImpl.portRemoved(SECURITY_GROUP_ID_1, NEUTRON_PORT_ID_VM_2);
176 securityServicesManager.syncSecurityRule(neutronPort_Vm1, neutronSecurityRule_1, neutron_ip_2, nodeId_1, neutronSecurityGroup_1, false);
177 verify(securityServicesManager, times(1)).syncSecurityRule(eq(neutronPort_Vm1), eq(neutronSecurityRule_1), eq(neutron_ip_2), eq(nodeId_1), eq(neutronSecurityGroup_1), eq(false));
181 * neutronSecurityGroup_3 has a rule which has neutronSecurityGroup_2 as remote SG.
182 * A port with neutronSecurityGroup_3 is present in cache. A new port is added with
183 * neutronSecurityGroup_2 as security group.
186 public void testPortAddedWithCidrInCache() {
187 securityGroupCacheManagerImpl.addToCache(SECURITY_GROUP_ID_2, NEUTRON_PORT_ID_VM_3, nodeId_1);
188 securityGroupCacheManagerImpl.portAdded(SECURITY_GROUP_ID_2, NEUTRON_PORT_ID_VM_2);
189 securityServicesManager.syncSecurityRule(neutronPort_Vm3, neutronSecurityRule_3, neutron_ip_2, nodeId_1, neutronSecurityGroup_1, true);
190 verify(securityServicesManager, times(1)).syncSecurityRule(eq(neutronPort_Vm3), eq(neutronSecurityRule_3), eq(neutron_ip_2), eq(nodeId_1), eq(neutronSecurityGroup_1), eq(true));
194 * neutronSecurityGroup_3 has a rule which has neutronSecurityGroup_2 as remote SG.
195 * A port with neutronSecurityGroup_3 is present in cache. A port with
196 * neutronSecurityGroup_2 as security group is removed..
199 public void testPortRemovedWithCidrInCache() {
200 securityGroupCacheManagerImpl.addToCache(SECURITY_GROUP_ID_2, NEUTRON_PORT_ID_VM_3, nodeId_1);
201 securityGroupCacheManagerImpl.portRemoved(SECURITY_GROUP_ID_2, NEUTRON_PORT_ID_VM_2);
202 securityServicesManager.syncSecurityRule(neutronPort_Vm3, neutronSecurityRule_3, neutron_ip_2, nodeId_1, neutronSecurityGroup_1, false);
203 verify(securityServicesManager, times(1)).syncSecurityRule(eq(neutronPort_Vm3), eq(neutronSecurityRule_3), eq(neutron_ip_2), eq(nodeId_1), eq(neutronSecurityGroup_1), eq(false));
207 * A port is removed from the cache.
210 public void testPortRemovedFromCache() {
211 securityGroupCacheManagerImpl.addToCache(SECURITY_GROUP_ID_2, NEUTRON_PORT_ID_VM_3, nodeId_1);
212 securityGroupCacheManagerImpl.removeFromCache(SECURITY_GROUP_ID_2, NEUTRON_PORT_ID_VM_3);
213 securityGroupCacheManagerImpl.portRemoved(SECURITY_GROUP_ID_2, NEUTRON_PORT_ID_VM_2);
214 verify(securityServicesManager, times(0)).syncSecurityRule(any(NeutronPort.class), any(NeutronSecurityRule.class), any(Neutron_IPs.class),any(NodeId.class), any(NeutronSecurityGroup.class), anyBoolean());