2 * Copyright (c) 2015, 2016 Inocybe and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
8 package org.opendaylight.netvirt.openstack.netvirt.impl;
10 import static org.junit.Assert.assertEquals;
11 import static org.junit.Assert.assertTrue;
12 import static org.mockito.Matchers.any;
13 import static org.mockito.Matchers.anyString;
14 import static org.mockito.Matchers.eq;
15 import static org.mockito.Mockito.mock;
16 import static org.mockito.Mockito.times;
17 import static org.mockito.Mockito.verify;
18 import static org.mockito.Mockito.when;
20 import java.lang.reflect.Field;
21 import java.util.ArrayList;
22 import java.util.HashMap;
23 import java.util.List;
26 import org.junit.Before;
27 import org.junit.Test;
28 import org.junit.runner.RunWith;
29 import org.mockito.InjectMocks;
30 import org.mockito.Mock;
31 import org.mockito.runners.MockitoJUnitRunner;
32 import org.opendaylight.netvirt.openstack.netvirt.translator.crud.INeutronNetworkCRUD;
33 import org.opendaylight.netvirt.openstack.netvirt.api.ConfigurationService;
34 import org.opendaylight.netvirt.openstack.netvirt.api.EgressAclProvider;
35 import org.opendaylight.netvirt.openstack.netvirt.api.IngressAclProvider;
36 import org.opendaylight.netvirt.openstack.netvirt.api.Southbound;
37 import org.opendaylight.netvirt.openstack.netvirt.translator.NeutronNetwork;
38 import org.opendaylight.netvirt.openstack.netvirt.translator.NeutronPort;
39 import org.opendaylight.netvirt.openstack.netvirt.translator.NeutronSecurityGroup;
40 import org.opendaylight.netvirt.openstack.netvirt.translator.NeutronSecurityRule;
41 import org.opendaylight.netvirt.openstack.netvirt.translator.NeutronSubnet;
42 import org.opendaylight.netvirt.openstack.netvirt.translator.Neutron_IPs;
43 import org.opendaylight.netvirt.openstack.netvirt.translator.crud.INeutronPortCRUD;
44 import org.opendaylight.netvirt.openstack.netvirt.translator.crud.INeutronSubnetCRUD;
45 import org.opendaylight.netvirt.utils.servicehelper.ServiceHelper;
46 import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.ovsdb.rev150105
47 .OvsdbTerminationPointAugmentation;
48 import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.network.topology.topology
50 import org.osgi.framework.ServiceReference;
53 * Unit test for {@link SecurityServicesImpl}
55 @RunWith(MockitoJUnitRunner.class)
56 public class SecurityServicesImplTest {
58 @InjectMocks private SecurityServicesImpl securityServicesImpl;
60 INeutronNetworkCRUD neutronNetworkCache;
61 @Mock private INeutronPortCRUD neutronPortCache;
62 @Mock private INeutronSubnetCRUD subNetCache;
63 @Mock private Southbound southbound;
64 @Mock private ConfigurationService configurationService;
65 @Mock NeutronNetwork neutronNetwork;
66 @Mock NeutronPort neutronPort_Vm1;
67 @Mock NeutronPort neutronPort_Vm2;
68 @Mock NeutronPort neutronPort_Vm3;
69 @Mock NeutronSecurityGroup neutronSecurityGroup_1;
70 @Mock NeutronSecurityGroup neutronSecurityGroup_2;
71 @Mock NeutronSecurityGroup neutronSecurityGroup_3;
72 @Mock NeutronSecurityRule neutronSecurityRule_1;
73 @Mock NeutronSecurityRule neutronSecurityRule_2;
74 @Mock NeutronSecurityRule neutronSecurityRule_3;
75 @Mock NeutronPort neutronPort_Dhcp;
76 @Mock Neutron_IPs neutron_ip_1;
77 @Mock Neutron_IPs neutron_ip_2;
78 @Mock Neutron_IPs neutron_ip_3;
79 @Mock NeutronSubnet subnet;
81 @Mock OvsdbTerminationPointAugmentation tp;
82 @Mock IngressAclProvider ingressAclService;
83 @Mock EgressAclProvider egressAclService;
84 @Mock NeutronL3Adapter neutronL3Adapter;
86 private static final String NEUTRON_PORT_ID_VM_1 = "neutronID_VM_1";
87 private static final String NEUTRON_PORT_ID_VM_2 = "neutronID_VM_2";
88 private static final String NEUTRON_PORT_ID_VM_3 = "neutronID_VM_3";
89 private static final String NEUTRON_PORT_ID_DHCP = "neutronID_VM_DHCP";
90 private static final String SECURITY_GROUP_ID_1 = "securityGroupId_1";
91 private static final String SECURITY_GROUP_ID_2 = "securityGroupId_2";
92 private static final String SECURITY_GROUP_ID_3 = "securityGroupId_3";
93 private static final String DEVICE_OWNER_VM = "compute";
94 private static final String DEVICE_OWNER_DHCP = "dhcp";
95 private static final String SUBNET_UUID = "subnet_uuid";
96 private static final List<Neutron_IPs> neutron_IPs_1 = new ArrayList<>();
97 private static final List<Neutron_IPs> neutron_IPs_2 = new ArrayList<>();
98 private static final List<Neutron_IPs> neutron_IPs_3 = new ArrayList<>();
102 List<NeutronSecurityGroup> securityGroups_1 = new ArrayList<>();
103 securityGroups_1.add(neutronSecurityGroup_1);
104 List<NeutronSecurityGroup> securityGroups_2 = new ArrayList<>();
105 securityGroups_2.add(neutronSecurityGroup_2);
106 List<NeutronSecurityGroup> securityGroups_3 = new ArrayList<>();
107 securityGroups_3.add(neutronSecurityGroup_3);
108 List<NeutronSecurityRule> securityRule_1 = new ArrayList<>();
109 securityRule_1.add(neutronSecurityRule_1);
110 List<NeutronSecurityRule> securityRule_2 = new ArrayList<>();
111 securityRule_1.add(neutronSecurityRule_2);
112 List<NeutronSecurityRule> securityRule_3 = new ArrayList<>();
113 securityRule_1.add(neutronSecurityRule_3);
115 neutron_IPs_1.add(neutron_ip_1);
116 neutron_IPs_2.add(neutron_ip_2);
117 neutron_IPs_3.add(neutron_ip_3);
119 when(neutronPort_Vm1.getID()).thenReturn(NEUTRON_PORT_ID_VM_1);
120 when(neutronPort_Vm2.getID()).thenReturn(NEUTRON_PORT_ID_VM_2);
121 when(neutronPort_Vm3.getID()).thenReturn(NEUTRON_PORT_ID_VM_3);
122 when(neutronPort_Vm1.getSecurityGroups()).thenReturn(securityGroups_1);
123 when(neutronPort_Vm2.getSecurityGroups()).thenReturn(securityGroups_2);
124 when(neutronPort_Vm3.getSecurityGroups()).thenReturn(securityGroups_3);
125 when(neutronSecurityGroup_1.getSecurityRules()).thenReturn(securityRule_1);
126 when(neutronSecurityGroup_2.getSecurityRules()).thenReturn(securityRule_2);
127 when(neutronSecurityGroup_3.getSecurityRules()).thenReturn(securityRule_3);
128 when(neutronSecurityGroup_1.getSecurityGroupUUID()).thenReturn(SECURITY_GROUP_ID_1);
129 when(neutronSecurityGroup_2.getSecurityGroupUUID()).thenReturn(SECURITY_GROUP_ID_2);
130 when(neutronSecurityGroup_3.getSecurityGroupUUID()).thenReturn(SECURITY_GROUP_ID_3);
131 when(neutronPort_Vm1.getDeviceOwner()).thenReturn(DEVICE_OWNER_VM);
132 when(neutronPort_Vm2.getDeviceOwner()).thenReturn(DEVICE_OWNER_VM);
133 when(neutronPort_Vm3.getDeviceOwner()).thenReturn(DEVICE_OWNER_VM);
134 when(neutronPort_Dhcp.getDeviceOwner()).thenReturn(DEVICE_OWNER_DHCP);
135 when(neutronPort_Vm1.getFixedIPs()).thenReturn(neutron_IPs_1);
136 when(neutronPort_Vm2.getFixedIPs()).thenReturn(neutron_IPs_2);
137 when(neutronPort_Vm3.getFixedIPs()).thenReturn(neutron_IPs_3);
138 when(neutron_ip_1.getSubnetUUID()).thenReturn(SUBNET_UUID);
139 List<NeutronPort> portList = new ArrayList<>();
140 portList.add(neutronPort_Vm1);
141 portList.add(neutronPort_Dhcp);
142 when(subnet.getPortsInSubnet()).thenReturn(portList);
144 List<Node> nodeList = new ArrayList<>();
146 List<OvsdbTerminationPointAugmentation> tpList = new ArrayList<>();
148 when(southbound.getInterfaceExternalIdsValue(any(OvsdbTerminationPointAugmentation.class), eq("iface-id"))).thenReturn(NEUTRON_PORT_ID_VM_1);
149 when(southbound.readOvsdbTopologyNodes()).thenReturn(nodeList);
150 when(southbound.getBridgeNode(any(Node.class), anyString())).thenReturn(node);
151 when(southbound.getTerminationPointsOfBridge(node)).thenReturn(tpList);
152 when(southbound.getDataPathId(node)).thenReturn(1L);
153 when(southbound.getBridgeName(node)).thenReturn("br-int");
154 when(southbound.getOFPort(any(OvsdbTerminationPointAugmentation.class))).thenReturn(2L);
155 when(southbound.getInterfaceExternalIdsValue(any(OvsdbTerminationPointAugmentation.class),eq("attached-mac"))).thenReturn("attached-mac");
156 when(configurationService.getIntegrationBridgeName()).thenReturn("br-int");
157 when(neutronNetworkCache.getNetwork(anyString())).thenReturn(neutronNetwork);
158 when(neutronNetwork.getProviderSegmentationID()).thenReturn("1000");
159 when(neutronPortCache.getPort(eq(NEUTRON_PORT_ID_VM_1))).thenReturn(neutronPort_Vm1);
160 when(neutronPortCache.getPort(eq(NEUTRON_PORT_ID_DHCP))).thenReturn(neutronPort_Dhcp);
161 when(neutronPortCache.getAllPorts()).thenReturn(portList);
162 when(subNetCache.getSubnet(eq(SUBNET_UUID))).thenReturn(subnet);
166 * Test method {@link SecurityServicesImpl#isPortSecurityReady(OvsdbTerminationPointAugmentation)}
169 public void testIsPortSecurityReady(){
170 assertTrue("Error, did not return expected boolean for isPortSecurityReady", securityServicesImpl.isPortSecurityReady(mock(OvsdbTerminationPointAugmentation.class)));
174 * Test method {@link SecurityServicesImpl#getSecurityGroupInPortList(OvsdbTerminationPointAugmentation)}
177 public void testSecurityGroupInPort(){
178 assertEquals("Error, did not return the good neutronSecurityGroup of securityGroups",
179 neutronSecurityGroup_1, securityServicesImpl.getSecurityGroupInPortList(mock(OvsdbTerminationPointAugmentation.class)).get(0));
183 * Test getDhcpServerPort returning a valid port.
186 public void testGetDhcpServerPort() {
187 NeutronPort dhcpPort = securityServicesImpl.getDhcpServerPort(mock(OvsdbTerminationPointAugmentation.class));
188 assertEquals(dhcpPort,neutronPort_Dhcp);
192 * Test getDhcpServerPort with null port id returned by the southbound.
195 public void testGetDhcpServerPortWithNullPortId() {
196 when(southbound.getInterfaceExternalIdsValue(any(OvsdbTerminationPointAugmentation.class), anyString())).thenReturn(null);
197 NeutronPort dhcpPort = securityServicesImpl.getDhcpServerPort(mock(OvsdbTerminationPointAugmentation.class));
198 assertEquals(dhcpPort,null);
202 * Test getDhcpServerPort with port not present in cache.
205 public void testGetDhcpServerPortWithNullPort() {
206 when(neutronPortCache.getPort(eq(NEUTRON_PORT_ID_VM_1))).thenReturn(null);
207 NeutronPort dhcpPort = securityServicesImpl.getDhcpServerPort(mock(OvsdbTerminationPointAugmentation.class));
208 assertEquals(dhcpPort,null);
212 * Test getDhcpServerPort with a dhcp port as the input port.
215 public void testGetDhcpServerPortWithDhcpPort() {
216 when(neutronPortCache.getPort(eq(NEUTRON_PORT_ID_VM_1))).thenReturn(neutronPort_Dhcp);
217 NeutronPort dhcpPort = securityServicesImpl.getDhcpServerPort(mock(OvsdbTerminationPointAugmentation.class));
218 assertEquals(dhcpPort,neutronPort_Dhcp);
222 * Test getDhcpServerPort with a dhcp port with fixed ip null
223 * for the input port..
226 public void testGetDhcpServerPortWithFixedIpNull() {
227 when(neutronPort_Vm1.getFixedIPs()).thenReturn(null);
228 NeutronPort dhcpPort = securityServicesImpl.getDhcpServerPort(mock(OvsdbTerminationPointAugmentation.class));
229 assertEquals(dhcpPort,null);
233 * Test getDhcpServerPort with a dhcp port with fixed ip empty
234 * for the input port.
237 public void testGetDhcpServerPortWithFixedIpEmpty() {
238 when(neutronPort_Vm1.getFixedIPs()).thenReturn(new ArrayList<Neutron_IPs>());
239 NeutronPort dhcpPort = securityServicesImpl.getDhcpServerPort(mock(OvsdbTerminationPointAugmentation.class));
240 assertEquals(dhcpPort,null);
244 * Test getDhcpServerPort with a dhcp port with no port in subnet.
247 public void testGetDhcpServerPortWithNoPortinSubnet() {
248 when(subnet.getPortsInSubnet()).thenReturn(new ArrayList<NeutronPort>());
249 NeutronPort dhcpPort = securityServicesImpl.getDhcpServerPort(mock(OvsdbTerminationPointAugmentation.class));
250 assertEquals(dhcpPort,null);
254 * Test getNeutronPortFromDhcpIntf with port not present in cache.
257 public void testGetNeutronPortFromDhcpIntfWithNullPort() {
258 when(neutronPortCache.getPort(eq(NEUTRON_PORT_ID_VM_1))).thenReturn(null);
259 NeutronPort dhcpPort = securityServicesImpl.getNeutronPortFromDhcpIntf(mock(OvsdbTerminationPointAugmentation.class));
260 assertEquals(dhcpPort,null);
264 * Test getNeutronPortFromDhcpIntf with port id returned null
265 * from the southbound.
268 public void testGetNeutronPortFromDhcpIntfWithNullPortId() {
269 when(southbound.getInterfaceExternalIdsValue(any(OvsdbTerminationPointAugmentation.class), anyString())).thenReturn(null);
270 NeutronPort dhcpPort = securityServicesImpl.getNeutronPortFromDhcpIntf(mock(OvsdbTerminationPointAugmentation.class));
271 assertEquals(dhcpPort,null);
275 * Test getNeutronPortFromDhcpIntf valid
278 public void testGetNeutronPortFromDhcpIntfWithDhcpPort() {
279 when(neutronPortCache.getPort(eq(NEUTRON_PORT_ID_VM_1))).thenReturn(neutronPort_Dhcp);
280 NeutronPort dhcpPort = securityServicesImpl.getNeutronPortFromDhcpIntf(mock(OvsdbTerminationPointAugmentation.class));
281 assertEquals(dhcpPort,neutronPort_Dhcp);
285 * Test getNeutronPortFromDhcpIntf with the port passed
289 public void testGetNeutronPortFromDhcpIntfWithVmPort() {
290 NeutronPort dhcpPort = securityServicesImpl.getNeutronPortFromDhcpIntf(mock(OvsdbTerminationPointAugmentation.class));
291 assertEquals(dhcpPort,null);
295 * Test isComputePort with the port passed a vm port.
298 public void testIsComputePortWithComputePort() {
299 boolean isComputePort = securityServicesImpl.isComputePort(mock(OvsdbTerminationPointAugmentation.class));
300 assertEquals(isComputePort,true);
304 * Test isComputePort with the port passed a dhcp port.
307 public void testIsComputePortWithDhcpPort() {
308 when(neutronPortCache.getPort(eq(NEUTRON_PORT_ID_VM_1))).thenReturn(neutronPort_Dhcp);
309 boolean isComputePort = securityServicesImpl.isComputePort(mock(OvsdbTerminationPointAugmentation.class));
310 assertEquals(isComputePort,false);
314 * Test isComputePort with port id null from southbound.
317 public void testIsComputePortWithNullPortId() {
318 when(southbound.getInterfaceExternalIdsValue(any(OvsdbTerminationPointAugmentation.class), anyString())).thenReturn(null);
319 boolean isComputePort = securityServicesImpl.isComputePort(mock(OvsdbTerminationPointAugmentation.class));
320 assertEquals(isComputePort,false);
324 * Test isComputePort with port not present in cache.
327 public void testIsComputePortWithNullPort() {
328 when(neutronPortCache.getPort(eq(NEUTRON_PORT_ID_VM_1))).thenReturn(null);
329 boolean isComputePort = securityServicesImpl.isComputePort(mock(OvsdbTerminationPointAugmentation.class));
330 assertEquals(isComputePort,false);
334 * Test getIpAddressList valid.
337 public void testGetIpAddressList() {
338 List<Neutron_IPs> ipList = securityServicesImpl.getIpAddressList(mock(OvsdbTerminationPointAugmentation.class));
339 assertEquals(ipList,neutron_IPs_1);
343 * Test getIpAddressList with port not present in cache..
346 public void testGetIpAddressListWithNullPort() {
347 when(neutronPortCache.getPort(eq(NEUTRON_PORT_ID_VM_1))).thenReturn(null);
348 List<Neutron_IPs> ipList = securityServicesImpl.getIpAddressList(mock(OvsdbTerminationPointAugmentation.class));
349 assertEquals(ipList,null);
354 * Test getIpAddressList with port id null from southbound.
357 public void testGetIpAddressListWithNullPortId() {
358 when(southbound.getInterfaceExternalIdsValue(any(OvsdbTerminationPointAugmentation.class), anyString())).thenReturn(null);
359 List<Neutron_IPs> ipList = securityServicesImpl.getIpAddressList(mock(OvsdbTerminationPointAugmentation.class));
360 assertEquals(ipList,null);
364 * Test getVmListForSecurityGroup valid.
367 public void testGetVmListForSecurityGroup() {
368 Map<String,NeutronPort> portMap = new HashMap<>();
369 portMap.put("Uuid1",neutronPort_Vm1);
370 portMap.put("Uuid2",neutronPort_Vm2);
371 portMap.put("Uuid3",neutronPort_Vm3);
372 portMap.put("Uuid4",neutronPort_Dhcp);
373 when(neutronL3Adapter.getPortCleanupCache()).thenReturn(portMap);
374 List<Neutron_IPs> ipList = securityServicesImpl.getVmListForSecurityGroup(NEUTRON_PORT_ID_VM_1, SECURITY_GROUP_ID_2);
375 assertEquals(ipList,neutron_IPs_2);
379 * Test getVmListForSecurityGroup with no vm with the
383 public void testGetVmListForSecurityGroupWithNoVm() {
384 List<NeutronPort> portList = new ArrayList<>();
385 portList.add(neutronPort_Vm1);
386 portList.add(neutronPort_Vm2);
387 portList.add(neutronPort_Vm3);
388 portList.add(neutronPort_Dhcp);
389 when(neutronPortCache.getAllPorts()).thenReturn(portList);
390 List<Neutron_IPs> ipList = securityServicesImpl.getVmListForSecurityGroup(NEUTRON_PORT_ID_VM_1, SECURITY_GROUP_ID_1);
391 assert(ipList.isEmpty());
395 * Test syncSecurityGroup addition
398 public void testSyncSecurityGroupAddition() {
399 List<NeutronSecurityGroup> securityGroupsList = new ArrayList<>();
400 securityGroupsList.add(neutronSecurityGroup_1);
401 securityServicesImpl.syncSecurityGroup(neutronPort_Vm1, securityGroupsList, true);
402 verify(ingressAclService, times(1)).programPortSecurityGroup(eq(new Long(1)), eq("1000"), eq("attached-mac"), eq(2L), eq(neutronSecurityGroup_1), eq(NEUTRON_PORT_ID_VM_1), eq(true));
403 verify(egressAclService, times(1)).programPortSecurityGroup(eq(new Long(1)), eq("1000"), eq("attached-mac"), eq(2L), eq(neutronSecurityGroup_1), eq(NEUTRON_PORT_ID_VM_1), eq(true));
407 * Test syncSecurityGroup deletion
410 public void testSyncSecurityGroupDeletion() {
411 List<NeutronSecurityGroup> securityGroupsList = new ArrayList<>();
412 securityGroupsList.add(neutronSecurityGroup_1);
413 securityServicesImpl.syncSecurityGroup(neutronPort_Vm1, securityGroupsList, false);
414 verify(ingressAclService, times(1)).programPortSecurityGroup(eq(new Long(1)), eq("1000"), eq("attached-mac"), eq(2L), eq(neutronSecurityGroup_1), eq(NEUTRON_PORT_ID_VM_1), eq(false));
415 verify(egressAclService, times(1)).programPortSecurityGroup(eq(new Long(1)), eq("1000"), eq("attached-mac"), eq(2L), eq(neutronSecurityGroup_1), eq(NEUTRON_PORT_ID_VM_1), eq(false));
419 * Test syncSecurityGroup deletion with port null
422 public void testSyncSecurityGroupPortNull() {
423 List<NeutronSecurityGroup> securityGroupsList = new ArrayList<>();
424 securityGroupsList.add(neutronSecurityGroup_1);
425 securityServicesImpl.syncSecurityGroup(null, securityGroupsList, false);
426 verify(ingressAclService, times(0)).programPortSecurityGroup(eq(new Long(1)), eq("1000"), eq("attached-mac"), eq(2L), eq(neutronSecurityGroup_1), eq(NEUTRON_PORT_ID_VM_1), eq(false));
427 verify(egressAclService, times(0)).programPortSecurityGroup(eq(new Long(1)), eq("1000"), eq("attached-mac"), eq(2L), eq(neutronSecurityGroup_1), eq(NEUTRON_PORT_ID_VM_1), eq(false));
431 * Test syncSecurityGroup deletion with Sg null
434 public void testSyncSecurityGroupSgNull() {
435 List<NeutronSecurityGroup> securityGroupsList = new ArrayList<>();
436 securityGroupsList.add(neutronSecurityGroup_1);
437 when(neutronPort_Vm1.getSecurityGroups()).thenReturn(null);
438 securityServicesImpl.syncSecurityGroup(neutronPort_Vm1, null, false);
439 verify(ingressAclService, times(0)).programPortSecurityGroup(eq(new Long(1)), eq("1000"), eq("attached-mac"), eq(2L), eq(neutronSecurityGroup_1), eq(NEUTRON_PORT_ID_VM_1), eq(false));
440 verify(egressAclService, times(0)).programPortSecurityGroup(eq(new Long(1)), eq("1000"), eq("attached-mac"), eq(2L), eq(neutronSecurityGroup_1), eq(NEUTRON_PORT_ID_VM_1), eq(false));
444 * Test syncSecurityGroup deletion with Mac null
447 public void testSyncSecurityGroupAttachedMacNull() {
448 List<NeutronSecurityGroup> securityGroupsList = new ArrayList<>();
449 securityGroupsList.add(neutronSecurityGroup_1);
450 when(southbound.getInterfaceExternalIdsValue(any(OvsdbTerminationPointAugmentation.class),eq("attached-mac"))).thenReturn(null);
451 securityServicesImpl.syncSecurityGroup(neutronPort_Vm1, securityGroupsList, false);
452 verify(ingressAclService, times(0)).programPortSecurityGroup(eq(new Long(1)), eq("1000"), eq("attached-mac"), eq(2L), eq(neutronSecurityGroup_1), eq(NEUTRON_PORT_ID_VM_1), eq(false));
453 verify(egressAclService, times(0)).programPortSecurityGroup(eq(new Long(1)), eq("1000"), eq("attached-mac"), eq(2L), eq(neutronSecurityGroup_1), eq(NEUTRON_PORT_ID_VM_1), eq(false));
457 * Test syncSecurityRule addition of egress rule.
460 public void testSyncSecurityRuleAdditionEgress() {
461 List<NeutronSecurityRule> securityRuleList = new ArrayList<>();
462 securityRuleList.add(neutronSecurityRule_1);
463 when(neutronSecurityRule_1.getSecurityRuleDirection()).thenReturn(NeutronSecurityRule.DIRECTION_EGRESS);
464 when(neutronSecurityRule_1.getSecurityRuleEthertype()).thenReturn(NeutronSecurityRule.ETHERTYPE_IPV4);
465 securityServicesImpl.syncSecurityRule(neutronPort_Vm1, neutronSecurityRule_1, neutron_ip_1, true);
466 verify(egressAclService, times(1)).programPortSecurityRule(eq(new Long(1)), eq("1000"), eq("attached-mac"), eq(2L), eq(neutronSecurityRule_1), eq(neutron_ip_1), eq(true));
470 * Test syncSecurityRule addition of ingress rule.
473 public void testSyncSecurityRuleAdditionIngress() {
474 List<NeutronSecurityRule> securityRuleList = new ArrayList<>();
475 securityRuleList.add(neutronSecurityRule_1);
476 when(neutronSecurityRule_1.getSecurityRuleDirection()).thenReturn(NeutronSecurityRule.DIRECTION_INGRESS);
477 when(neutronSecurityRule_1.getSecurityRuleEthertype()).thenReturn(NeutronSecurityRule.ETHERTYPE_IPV4);
478 securityServicesImpl.syncSecurityRule(neutronPort_Vm1, neutronSecurityRule_1, neutron_ip_1, true);
479 verify(ingressAclService, times(1)).programPortSecurityRule(eq(new Long(1)), eq("1000"), eq("attached-mac"), eq(2L), eq(neutronSecurityRule_1), eq(neutron_ip_1), eq(true));
483 * Test syncSecurityRule deletion of egress rule.
486 public void testSyncSecurityRuleDeletionEgress() {
487 List<NeutronSecurityRule> securityRuleList = new ArrayList<>();
488 securityRuleList.add(neutronSecurityRule_1);
489 when(neutronSecurityRule_1.getSecurityRuleDirection()).thenReturn(NeutronSecurityRule.DIRECTION_EGRESS);
490 when(neutronSecurityRule_1.getSecurityRuleEthertype()).thenReturn(NeutronSecurityRule.ETHERTYPE_IPV4);
491 securityServicesImpl.syncSecurityRule(neutronPort_Vm1, neutronSecurityRule_1, neutron_ip_1, false);
492 verify(egressAclService, times(1)).programPortSecurityRule(eq(new Long(1)), eq("1000"), eq("attached-mac"), eq(2L), eq(neutronSecurityRule_1), eq(neutron_ip_1), eq(false));
496 * Test syncSecurityRule deletion of ingress rule.
499 public void testSyncSecurityRuleDeletionIngress() {
500 List<NeutronSecurityRule> securityRuleList = new ArrayList<>();
501 securityRuleList.add(neutronSecurityRule_1);
502 when(neutronSecurityRule_1.getSecurityRuleDirection()).thenReturn(NeutronSecurityRule.DIRECTION_INGRESS);
503 when(neutronSecurityRule_1.getSecurityRuleEthertype()).thenReturn(NeutronSecurityRule.ETHERTYPE_IPV4);
504 securityServicesImpl.syncSecurityRule(neutronPort_Vm1, neutronSecurityRule_1, neutron_ip_1, false);
505 verify(ingressAclService, times(1)).programPortSecurityRule(eq(new Long(1)), eq("1000"), eq("attached-mac"), eq(2L), eq(neutronSecurityRule_1), eq(neutron_ip_1), eq(false));
509 * Test syncSecurityRule deletion of ingress rule with port null.
512 public void testSyncSecurityRuleDeletionIngressPortNull() {
513 List<NeutronSecurityRule> securityRuleList = new ArrayList<>();
514 securityRuleList.add(neutronSecurityRule_1);
515 when(neutronSecurityRule_1.getSecurityRuleDirection()).thenReturn(NeutronSecurityRule.DIRECTION_INGRESS);
516 when(neutronSecurityRule_1.getSecurityRuleEthertype()).thenReturn(NeutronSecurityRule.ETHERTYPE_IPV4);
517 securityServicesImpl.syncSecurityRule(null, neutronSecurityRule_1, neutron_ip_1, false);
518 verify(ingressAclService, times(0)).programPortSecurityRule(eq(new Long(1)), eq("1000"), eq("attached-mac"), eq(2L), eq(neutronSecurityRule_1), eq(neutron_ip_1), eq(false));
522 * Test syncSecurityRule deletion of ingress rule with sg null.
525 public void testSyncSecurityRuleDeletionIngressSgNull() {
526 List<NeutronSecurityRule> securityRuleList = new ArrayList<>();
527 securityRuleList.add(neutronSecurityRule_1);
528 when(neutronPort_Vm1.getSecurityGroups()).thenReturn(null);
529 when(neutronSecurityRule_1.getSecurityRuleDirection()).thenReturn(NeutronSecurityRule.DIRECTION_INGRESS);
530 when(neutronSecurityRule_1.getSecurityRuleEthertype()).thenReturn(NeutronSecurityRule.ETHERTYPE_IPV4);
531 securityServicesImpl.syncSecurityRule(neutronPort_Vm1, neutronSecurityRule_1, neutron_ip_1, false);
532 verify(ingressAclService, times(0)).programPortSecurityRule(eq(new Long(1)), eq("1000"), eq("attached-mac"), eq(2L), eq(neutronSecurityRule_1), eq(neutron_ip_1), eq(false));
536 * Test syncSecurityRule deletion of ingress rule with mac null.
539 public void testSyncSecurityRuleDeletionIngressAttachedMacNull() {
540 List<NeutronSecurityRule> securityRuleList = new ArrayList<>();
541 securityRuleList.add(neutronSecurityRule_1);
542 when(neutronSecurityRule_1.getSecurityRuleDirection()).thenReturn(NeutronSecurityRule.DIRECTION_INGRESS);
543 when(neutronSecurityRule_1.getSecurityRuleEthertype()).thenReturn(NeutronSecurityRule.ETHERTYPE_IPV4);
544 when(southbound.getInterfaceExternalIdsValue(any(OvsdbTerminationPointAugmentation.class),eq("attached-mac"))).thenReturn(null);
545 securityServicesImpl.syncSecurityRule(neutronPort_Vm1, neutronSecurityRule_1, neutron_ip_1, false);
546 verify(ingressAclService, times(0)).programPortSecurityRule(eq(new Long(1)), eq("1000"), eq("attached-mac"), eq(2L), eq(neutronSecurityRule_1), eq(neutron_ip_1), eq(false));
551 * Test syncSecurityRule deletion of ingress rule no ipv4 ether.
554 public void testSyncSecurityRuleDeletionIngressNonIpV4() {
555 List<NeutronSecurityRule> securityRuleList = new ArrayList<>();
556 securityRuleList.add(neutronSecurityRule_1);
557 when(neutronSecurityRule_1.getSecurityRuleDirection()).thenReturn(NeutronSecurityRule.DIRECTION_INGRESS);
558 when(neutronSecurityRule_1.getSecurityRuleEthertype()).thenReturn(NeutronSecurityRule.ETHERTYPE_IPV6);
559 securityServicesImpl.syncSecurityRule(neutronPort_Vm1, neutronSecurityRule_1, neutron_ip_1, false);
560 verify(ingressAclService, times(0)).programPortSecurityRule(eq(new Long(1)), eq("1000"), eq("attached-mac"), eq(2L), eq(neutronSecurityRule_1), eq(neutron_ip_1), eq(false));
564 * Test syncSecurityRule deletion of ingress rule with invalid direction.
567 public void testSyncSecurityRuleDeletionInvalidDirection() {
568 List<NeutronSecurityRule> securityRuleList = new ArrayList<>();
569 securityRuleList.add(neutronSecurityRule_1);
570 when(neutronSecurityRule_1.getSecurityRuleDirection()).thenReturn("outgress");
571 when(neutronSecurityRule_1.getSecurityRuleEthertype()).thenReturn(NeutronSecurityRule.ETHERTYPE_IPV4);
572 securityServicesImpl.syncSecurityRule(neutronPort_Vm1, neutronSecurityRule_1, neutron_ip_1, false);
573 verify(ingressAclService, times(0)).programPortSecurityRule(eq(new Long(1)), eq("1000"), eq("attached-mac"), eq(2L), eq(neutronSecurityRule_1), eq(neutron_ip_1), eq(false));
577 public void testSetDependencies() throws Exception {
578 Southbound southbound = mock(Southbound.class);
580 ServiceHelper.overrideGlobalInstance(Southbound.class, southbound);
582 securityServicesImpl.setDependencies(mock(ServiceReference.class));
584 assertEquals("Error, did not return the correct object", getField("southbound"), southbound);
588 public void testSetDependenciesObject() throws Exception{
589 INeutronPortCRUD neutronPortCache = mock(INeutronPortCRUD.class);
590 securityServicesImpl.setDependencies(neutronPortCache);
591 assertEquals("Error, did not return the correct object", getField("neutronPortCache"), neutronPortCache);
594 private Object getField(String fieldName) throws Exception {
595 Field field = SecurityServicesImpl.class.getDeclaredField(fieldName);
596 field.setAccessible(true);
597 return field.get(securityServicesImpl);