2 * Copyright (c) 2015 - 2016 Inocybe and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
9 package org.opendaylight.netvirt.openstack.netvirt.providers.openflow13.services;
11 import static org.mockito.Matchers.any;
12 import static org.mockito.Matchers.eq;
13 import static org.mockito.Mockito.mock;
14 import static org.mockito.Mockito.times;
15 import static org.mockito.Mockito.verify;
16 import static org.mockito.Mockito.when;
18 import java.util.ArrayList;
19 import java.util.List;
20 import java.util.concurrent.atomic.AtomicBoolean;
22 import org.junit.Assert;
23 import org.junit.Before;
24 import org.junit.Test;
25 import org.junit.runner.RunWith;
26 import org.mockito.InjectMocks;
27 import org.mockito.Mock;
28 import org.mockito.invocation.InvocationOnMock;
29 import org.mockito.stubbing.Answer;
30 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
31 import org.opendaylight.controller.md.sal.binding.api.WriteTransaction;
32 import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
33 import org.opendaylight.controller.md.sal.common.api.data.TransactionCommitFailedException;
34 import org.opendaylight.netvirt.openstack.netvirt.providers.NetvirtProvidersProvider;
35 import org.opendaylight.netvirt.openstack.netvirt.providers.openflow13.Service;
36 import org.opendaylight.netvirt.openstack.netvirt.translator.NeutronSecurityGroup;
37 import org.opendaylight.netvirt.openstack.netvirt.translator.NeutronSecurityRule;
38 import org.opendaylight.netvirt.openstack.netvirt.translator.Neutron_IPs;
39 import org.opendaylight.netvirt.openstack.netvirt.api.SecurityGroupCacheManger;
40 import org.opendaylight.netvirt.openstack.netvirt.api.SecurityServicesManager;
41 import org.opendaylight.netvirt.openstack.netvirt.providers.openflow13.PipelineOrchestrator;
42 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.inventory.rev130819.tables.table.FlowBuilder;
43 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.nodes.Node;
44 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.nodes.NodeBuilder;
45 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.Match;
46 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.EthernetMatch;
47 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.Icmpv4Match;
48 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.Icmpv6Match;
49 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._4.match.TcpMatch;
50 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._4.match.UdpMatch;
51 import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
52 import org.powermock.api.mockito.PowerMockito;
53 import org.powermock.api.support.membermodification.MemberModifier;
54 import org.powermock.modules.junit4.PowerMockRunner;
56 import com.google.common.util.concurrent.CheckedFuture;
58 * Unit test for {@link EgressAclService}
60 @RunWith(PowerMockRunner.class)
61 @SuppressWarnings("unchecked")
62 public class EgressAclServiceTest {
64 @InjectMocks private EgressAclService egressAclService = new EgressAclService();
65 private EgressAclService egressAclServiceSpy;
67 @Mock private DataBroker dataBroker;
68 @Mock private PipelineOrchestrator orchestrator;
70 @Mock private WriteTransaction writeTransaction;
71 @Mock private CheckedFuture<Void, TransactionCommitFailedException> commitFuture;
73 @Mock private NeutronSecurityGroup securityGroup;
74 @Mock private NeutronSecurityRule portSecurityRule;
75 @Mock private NeutronSecurityGroup securityGroupIpv6;
76 @Mock private NeutronSecurityRule portSecurityIpv6Rule;
78 @Mock private SecurityServicesManager securityServices;
79 @Mock private SecurityGroupCacheManger securityGroupCacheManger;
81 private Neutron_IPs neutron_ip_src;
82 private Neutron_IPs neutron_ip_dest_1;
83 private Neutron_IPs neutron_ip_dest_2;
84 private Neutron_IPs neutron_ipv6_dest_1;
85 private Neutron_IPs neutron_ipv6_dest_2;
86 private List<Neutron_IPs> neutronSrcIpList = new ArrayList<>();
87 private List<Neutron_IPs> neutronDestIpList = new ArrayList<>();
88 private static final String MAC_ADDRESS = "87:1D:5E:02:40:B7";
89 private static final String SRC_IP = "192.168.0.1";
90 private static final String DEST_IP_1 = "192.169.0.1";
91 private static final String DEST_IP_2 = "192.169.0.2";
92 private static final String IPV6_DEST_IP_1 = "2001:db8:2::200";
93 private static final String IPV6_DEST_IP_2 = "2001:db8:2::201";
94 private static final String SECURITY_GROUP_UUID = "85cc3048-abc3-43cc-89b3-377341426ac5";
95 private static final String PORT_UUID = "95cc3048-abc3-43cc-89b3-377341426ac5";
96 private static final Long IPV6_ETHER_TYPE = (long) 0x86DD;
97 private static final Long IPV4_ETHER_TYPE = (long) 0x0800;
98 private static final String SEGMENT_ID = "2";
99 private static final Long DP_ID_LONG = (long) 1554;
100 private static final Long LOCAL_PORT = (long) 124;
101 private static final int PORT_RANGE_MIN = 1;
102 private static final int PORT_RANGE_MAX = 65535;
103 private static FlowBuilder flowBuilder;
104 private static NodeBuilder nodeBuilder;
106 private static Answer<Object> answer() {
107 return new Answer<Object>() {
109 public CheckedFuture<Void, TransactionCommitFailedException> answer(InvocationOnMock invocation)
111 flowBuilder = (FlowBuilder) invocation.getArguments()[0];
112 nodeBuilder = (NodeBuilder) invocation.getArguments()[1];
119 public void setUp() throws IllegalArgumentException, IllegalAccessException {
120 egressAclServiceSpy = PowerMockito.spy(egressAclService);
122 when(writeTransaction.submit()).thenReturn(commitFuture);
124 when(dataBroker.newWriteOnlyTransaction()).thenReturn(writeTransaction);
126 when(orchestrator.getNextServiceInPipeline(any(Service.class))).thenReturn(Service.ARP_RESPONDER);
128 portSecurityRule = mock(NeutronSecurityRule.class);
129 portSecurityIpv6Rule = mock(NeutronSecurityRule.class);
131 when(portSecurityRule.getSecurityRuleEthertype()).thenReturn(NeutronSecurityRule.ETHERTYPE_IPV4);
132 when(portSecurityRule.getSecurityRuleDirection()).thenReturn(NeutronSecurityRule.DIRECTION_EGRESS);
133 when(portSecurityIpv6Rule.getSecurityRuleEthertype()).thenReturn(NeutronSecurityRule.ETHERTYPE_IPV6);
134 when(portSecurityIpv6Rule.getSecurityRuleDirection()).thenReturn(NeutronSecurityRule.DIRECTION_EGRESS);
136 List<NeutronSecurityRule> portSecurityList = new ArrayList<>();
137 portSecurityList.add(portSecurityRule);
139 neutron_ip_src = new Neutron_IPs();
140 neutron_ip_src.setIpAddress(SRC_IP);
141 neutronSrcIpList.add(neutron_ip_src);
143 neutron_ip_dest_1 = new Neutron_IPs();
144 neutron_ip_dest_1.setIpAddress(DEST_IP_1);
145 neutronDestIpList.add(neutron_ip_dest_1);
147 neutron_ip_dest_2 = new Neutron_IPs();
148 neutron_ip_dest_2.setIpAddress(DEST_IP_2);
149 neutronDestIpList.add(neutron_ip_dest_2);
151 List<NeutronSecurityRule> portSecurityIpv6List = new ArrayList<>();
152 portSecurityIpv6List.add(portSecurityIpv6Rule);
153 when(securityGroupIpv6.getSecurityRules()).thenReturn(portSecurityIpv6List);
155 neutron_ipv6_dest_1 = new Neutron_IPs();
156 neutron_ipv6_dest_1.setIpAddress(IPV6_DEST_IP_1);
157 neutronDestIpList.add(neutron_ipv6_dest_1);
159 neutron_ipv6_dest_2 = new Neutron_IPs();
160 neutron_ipv6_dest_2.setIpAddress(IPV6_DEST_IP_2);
161 neutronDestIpList.add(neutron_ipv6_dest_2);
163 when(securityGroup.getSecurityRules()).thenReturn(portSecurityList);
164 when(securityServices.getVmListForSecurityGroup(PORT_UUID, SECURITY_GROUP_UUID)).thenReturn(neutronDestIpList);
166 NetvirtProvidersProvider netvirtProvider = mock(NetvirtProvidersProvider.class);
167 MemberModifier.field(NetvirtProvidersProvider.class, "hasProviderEntityOwnership").set(netvirtProvider, new AtomicBoolean(true));
172 * Test method {@link EgressAclService#programPortSecurityGroup(java.lang.Long, java.lang.String,
173 * java.lang.String, long, NeutronSecurityGroup,
174 * java.lang.String, boolean)} when portSecurityRule is incomplete
177 public void testProgramPortSecurityGroupWithIncompleteRule() throws Exception {
178 NeutronSecurityRule portSecurityRule1 = mock(NeutronSecurityRule.class);
179 when(portSecurityRule1.getSecurityRuleEthertype()).thenReturn(NeutronSecurityRule.ETHERTYPE_IPV4);
180 when(portSecurityRule1.getSecurityRuleDirection()).thenReturn("not_egress"); // other direction
182 NeutronSecurityRule portSecurityRule2 = mock(NeutronSecurityRule.class);
183 when(portSecurityRule2.getSecurityRuleEthertype()).thenReturn(null);
184 when(portSecurityRule2.getSecurityRuleDirection()).thenReturn(NeutronSecurityRule.DIRECTION_EGRESS);
186 NeutronSecurityRule portSecurityRule3 = mock(NeutronSecurityRule.class);
187 when(portSecurityRule3.getSecurityRuleEthertype()).thenReturn(NeutronSecurityRule.ETHERTYPE_IPV4);
188 when(portSecurityRule3.getSecurityRuleDirection()).thenReturn(null);
190 NeutronSecurityRule portSecurityRule4 = mock(NeutronSecurityRule.class);
191 when(portSecurityRule4.getSecurityRuleEthertype()).thenReturn(null);
192 when(portSecurityRule4.getSecurityRuleDirection()).thenReturn(null);
194 List<NeutronSecurityRule> portSecurityList = new ArrayList<>();
195 portSecurityList.add(null);
196 portSecurityList.add(portSecurityRule1);
197 portSecurityList.add(portSecurityRule2);
198 portSecurityList.add(portSecurityRule3);
199 portSecurityList.add(portSecurityRule4);
201 NeutronSecurityGroup localSecurityGroup = mock(NeutronSecurityGroup.class);
202 when(localSecurityGroup.getSecurityRules()).thenReturn(portSecurityList);
204 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT,
205 localSecurityGroup, PORT_UUID, true);
209 * Test IPv4 add test case.
212 public void testProgramPortSecurityACLRuleAddIpv4() throws Exception {
213 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
214 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
215 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
216 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
218 egressAclServiceSpy.programPortSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,PORT_UUID,true);
220 verify(writeTransaction, times(1)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
221 verify(writeTransaction, times(1)).submit();
222 verify(commitFuture, times(1)).checkedGet();
226 * Test IPv6 add test case.
229 public void testProgramPortSecurityACLRuleAddIpv6() throws Exception {
230 when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn(null);
231 when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(null);
232 when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(null);
233 when(portSecurityIpv6Rule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
235 egressAclServiceSpy.programPortSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroupIpv6, PORT_UUID, true);
237 verify(writeTransaction, times(1)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
238 verify(writeTransaction, times(1)).submit();
239 verify(commitFuture, times(1)).checkedGet();
243 * Test IPv4 remove test case.
246 public void testProgramPortSecurityACLRuleRemoveIpv4() throws Exception {
247 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
248 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
249 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
250 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
252 egressAclServiceSpy.programPortSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,PORT_UUID,false);
253 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
254 verify(writeTransaction, times(1)).submit();
255 verify(commitFuture, times(1)).get();
259 * Test IPv6 remove test case.
262 public void testProgramPortSecurityACLRuleRemoveIpv6() throws Exception {
263 when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn(null);
264 when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(null);
265 when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(null);
266 when(portSecurityIpv6Rule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
268 egressAclServiceSpy.programPortSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroupIpv6, PORT_UUID, false);
269 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
270 verify(writeTransaction, times(1)).submit();
271 verify(commitFuture, times(1)).get();
275 * Test IPv4 TCP add with port no and CIDR selected.
278 public void testProgramPortSecurityACLRuleAddTcp1() throws Exception {
279 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_TCP);
280 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(20);
281 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(20);
282 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
283 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
284 any(NodeBuilder.class));
285 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
288 Match match = flowBuilder.getMatch();
289 EthernetMatch ethMatch = match.getEthernetMatch();
290 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
291 Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
293 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
294 TcpMatch layer4Match=(TcpMatch) match.getLayer4Match();
295 Assert.assertEquals(20, layer4Match.getTcpDestinationPort().getValue().intValue());
296 int port=portSecurityRule.getSecurityRulePortMin();
297 Assert.assertEquals("Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
298 "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
302 * Test IPv6 TCP add with port no and CIDR selected.
305 public void testProgramPortSecurityACLRuleIpv6AddTcp1() throws Exception {
306 when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_TCP);
307 when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(20);
308 when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(20);
309 when(portSecurityIpv6Rule.getSecurityRuleRemoteIpPrefix()).thenReturn("::/64");
310 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
311 any(NodeBuilder.class));
312 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6,
315 Match match = flowBuilder.getMatch();
316 EthernetMatch ethMatch = match.getEthernetMatch();
317 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
318 Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
320 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
321 TcpMatch layer4Match=(TcpMatch) match.getLayer4Match();
322 Assert.assertEquals(20, layer4Match.getTcpDestinationPort().getValue().intValue());
323 int port=portSecurityIpv6Rule.getSecurityRulePortMin();
324 Assert.assertEquals("Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
325 "_" + port + "_::/64_Permit", flowBuilder.getFlowName());
329 * Test IPv4 TCP remove with port no and CIDR selected.
332 public void testProgramPortSecurityACLRuleRemoveTcp1() throws Exception {
333 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_TCP);
334 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(30);
335 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(30);
336 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
337 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
338 any(NodeBuilder.class));
340 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
343 Match match = flowBuilder.getMatch();
344 EthernetMatch ethMatch = match.getEthernetMatch();
345 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
346 Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
348 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
349 TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
350 Assert.assertEquals(30, layer4Match.getTcpDestinationPort().getValue().intValue());
351 int port=portSecurityRule.getSecurityRulePortMin();
352 Assert.assertEquals("Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
353 "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
357 * Test IPv6 TCP remove with port no and CIDR selected.
360 public void testProgramPortSecurityACLRuleIpv6RemoveTcp1() throws Exception {
361 when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_TCP);
362 when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(30);
363 when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(30);
364 when(portSecurityIpv6Rule.getSecurityRuleRemoteIpPrefix()).thenReturn("::/64");
365 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
366 any(NodeBuilder.class));
368 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6,
371 Match match = flowBuilder.getMatch();
372 EthernetMatch ethMatch = match.getEthernetMatch();
373 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
374 Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
376 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
377 TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
378 Assert.assertEquals(30, layer4Match.getTcpDestinationPort().getValue().intValue());
379 int port=portSecurityIpv6Rule.getSecurityRulePortMin();
380 Assert.assertEquals("Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
381 "_" + port + "_::/64_Permit", flowBuilder.getFlowName());
385 * Test IPv4 TCP add with port no and remote SG selected.
388 public void testProgramPortSecurityACLRuleAddTcp2() throws Exception {
389 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_TCP);
390 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(40);
391 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(40);
392 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
393 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
394 any(NodeBuilder.class));
395 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
398 Match match = flowBuilder.getMatch();
399 EthernetMatch ethMatch = match.getEthernetMatch();
400 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
401 Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
403 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
404 TcpMatch layer4Match=(TcpMatch) match.getLayer4Match();
405 int port=portSecurityRule.getSecurityRulePortMin();
406 String expectedFlowId1 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + DEST_IP_1 +
408 String expectedFlowId2 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + DEST_IP_2 +
410 String actualFlowId = flowBuilder.getFlowName();
411 if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
412 Assert.assertTrue(true);
414 Assert.assertTrue(false);
419 * Test IPv6 TCP add with port no and remote SG selected.
422 public void testProgramPortSecurityACLRuleIpv6AddTcp2() throws Exception {
423 when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_TCP);
424 when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(40);
425 when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(40);
426 when(portSecurityIpv6Rule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
427 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
428 any(NodeBuilder.class));
429 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6,
432 Match match = flowBuilder.getMatch();
433 EthernetMatch ethMatch = match.getEthernetMatch();
434 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
435 Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
437 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
438 TcpMatch layer4Match=(TcpMatch) match.getLayer4Match();
439 int port=portSecurityIpv6Rule.getSecurityRulePortMin();
440 String expectedFlowId1 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + IPV6_DEST_IP_1 +
442 String expectedFlowId2 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + IPV6_DEST_IP_2 +
444 String actualFlowId = flowBuilder.getFlowName();
445 if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
446 Assert.assertTrue(true);
448 Assert.assertTrue(false);
453 * Test IPv4 TCP remove with port no and remote SG selected.
456 public void testProgramPortSecurityACLRuleRemoveTcp2() throws Exception {
457 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_TCP);
458 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
459 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
460 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
461 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
462 any(NodeBuilder.class));
464 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
467 Match match = flowBuilder.getMatch();
468 EthernetMatch ethMatch = match.getEthernetMatch();
469 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
470 Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
472 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
473 TcpMatch layer4Match=(TcpMatch) match.getLayer4Match();
474 int port=portSecurityRule.getSecurityRulePortMin();
475 String expectedFlowId1 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_1 +
477 String expectedFlowId2 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_2 +
479 String actualFlowId = flowBuilder.getFlowName();
480 if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
481 Assert.assertTrue(true);
483 Assert.assertTrue(false);
488 * Test IPv6 TCP remove with port no and remote SG selected.
491 public void testProgramPortSecurityACLRuleIpv6RemoveTcp2() throws Exception {
492 when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_TCP);
493 when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(50);
494 when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(50);
495 when(portSecurityIpv6Rule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
496 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
497 any(NodeBuilder.class));
499 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6,
502 Match match = flowBuilder.getMatch();
503 EthernetMatch ethMatch = match.getEthernetMatch();
504 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
505 Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
507 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
508 TcpMatch layer4Match=(TcpMatch) match.getLayer4Match();
509 int port=portSecurityIpv6Rule.getSecurityRulePortMin();
510 String expectedFlowId1 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + IPV6_DEST_IP_1 +
512 String expectedFlowId2 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + IPV6_DEST_IP_2 +
514 String actualFlowId = flowBuilder.getFlowName();
515 if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
516 Assert.assertTrue(true);
518 Assert.assertTrue(false);
523 * Test IPv4 TCP add with port range (All TCP) and CIDR selected.
526 public void testProgramPortSecurityACLRuleAddTcpAll1() throws Exception {
527 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_TCP);
528 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
529 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
530 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
531 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
532 any(NodeBuilder.class));
533 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
536 Match match = flowBuilder.getMatch();
537 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
538 TcpMatch layer4Match=(TcpMatch) match.getLayer4Match();
539 EthernetMatch ethMatch = match.getEthernetMatch();
540 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
541 Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
545 * Test IPv6 TCP add with port range (All TCP) and CIDR selected.
548 public void testProgramPortSecurityACLRuleIpv6AddTcpAll1() throws Exception {
549 when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_TCP);
550 when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
551 when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
552 when(portSecurityIpv6Rule.getSecurityRuleRemoteIpPrefix()).thenReturn("::/64");
553 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
554 any(NodeBuilder.class));
555 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6,
558 Match match = flowBuilder.getMatch();
559 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
560 TcpMatch layer4Match=(TcpMatch) match.getLayer4Match();
561 EthernetMatch ethMatch = match.getEthernetMatch();
562 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
563 Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
567 * Test IPv4 TCP remove with port range (All TCP) and CIDR selected.
570 public void testProgramPortSecurityACLRuleRemoveTcpAll1() throws Exception {
571 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_TCP);
572 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
573 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
574 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
575 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
576 any(NodeBuilder.class));
578 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
581 Match match = flowBuilder.getMatch();
582 EthernetMatch ethMatch = match.getEthernetMatch();
583 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
584 Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
585 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
586 Assert.assertEquals("Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
587 PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
591 * Test IPv6 TCP remove with port range (All TCP) and CIDR selected.
594 public void testProgramPortSecurityACLRuleIpv6RemoveTcpAll1() throws Exception {
595 when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_TCP);
596 when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
597 when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
598 when(portSecurityIpv6Rule.getSecurityRuleRemoteIpPrefix()).thenReturn("::/64");
599 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
600 any(NodeBuilder.class));
602 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6,
605 Match match = flowBuilder.getMatch();
606 EthernetMatch ethMatch = match.getEthernetMatch();
607 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
608 Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
609 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
610 Assert.assertEquals("Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
611 PORT_RANGE_MAX + "_::/64_Permit", flowBuilder.getFlowName());
615 * Test IPv4 TCP add with port range (All TCP) and remote SG selected.
618 public void testProgramPortSecurityACLRuleAddTcpAll2() throws Exception {
619 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_TCP);
620 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
621 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
622 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
623 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
624 any(NodeBuilder.class));
625 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
628 Match match = flowBuilder.getMatch();
629 EthernetMatch ethMatch = match.getEthernetMatch();
630 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
631 Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
633 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
634 String expectedFlowId1 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
635 PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
636 String expectedFlowId2 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
637 PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
638 String actualFlowId = flowBuilder.getFlowName();
639 if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
640 Assert.assertTrue(true);
642 Assert.assertTrue(false);
647 * Test IPv6 TCP add with port range (All TCP) and remote SG selected.
650 public void testProgramPortSecurityACLRuleIpv6AddTcpAll2() throws Exception {
651 when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_TCP);
652 when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
653 when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
654 when(portSecurityIpv6Rule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
655 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
656 any(NodeBuilder.class));
657 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6,
660 Match match = flowBuilder.getMatch();
661 EthernetMatch ethMatch = match.getEthernetMatch();
662 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
663 Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
665 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
666 String expectedFlowId1 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
667 PORT_RANGE_MAX + "_" + IPV6_DEST_IP_1 + "_Permit";
668 String expectedFlowId2 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
669 PORT_RANGE_MAX + "_" + IPV6_DEST_IP_2 + "_Permit";
670 String actualFlowId = flowBuilder.getFlowName();
671 if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
672 Assert.assertTrue(true);
674 Assert.assertTrue(false);
679 * Test IPv4 TCP remove with port range (All TCP) and remote SG selected.
682 public void testProgramPortSecurityACLRuleRemoveTcpAll2() throws Exception {
683 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_TCP);
684 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
685 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
686 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
687 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
688 any(NodeBuilder.class));
690 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
693 Match match = flowBuilder.getMatch();
694 EthernetMatch ethMatch = match.getEthernetMatch();
695 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
696 Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
698 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
699 String expectedFlowId1 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
700 PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
701 String expectedFlowId2 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
702 PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
703 String actualFlowId = flowBuilder.getFlowName();
704 if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
705 Assert.assertTrue(true);
707 Assert.assertTrue(false);
712 * Test IPv6 TCP remove with port range (All TCP) and remote SG selected.
715 public void testProgramPortSecurityACLRuleIpv6RemoveTcpAll2() throws Exception {
716 when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_TCP);
717 when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
718 when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
719 when(portSecurityIpv6Rule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
720 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
721 any(NodeBuilder.class));
723 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6,
726 Match match = flowBuilder.getMatch();
727 EthernetMatch ethMatch = match.getEthernetMatch();
728 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
729 Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
731 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
732 String expectedFlowId1 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
733 PORT_RANGE_MAX + "_" + IPV6_DEST_IP_1 + "_Permit";
734 String expectedFlowId2 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
735 PORT_RANGE_MAX + "_" + IPV6_DEST_IP_2 + "_Permit";
736 String actualFlowId = flowBuilder.getFlowName();
737 if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
738 Assert.assertTrue(true);
740 Assert.assertTrue(false);
745 * Test IPv4 UDP add with port no and CIDR selected.
748 public void testProgramPortSecurityACLRuleAddUdp1() throws Exception {
749 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_UDP);
750 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
751 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
752 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
753 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
754 any(NodeBuilder.class));
755 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
758 Match match = flowBuilder.getMatch();
759 EthernetMatch ethMatch = match.getEthernetMatch();
760 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
761 Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
763 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
764 UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
765 Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
766 int port = portSecurityRule.getSecurityRulePortMin();
767 Assert.assertEquals("Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
768 "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
772 * Test IPv6 UDP add with port no and CIDR selected.
775 public void testProgramPortSecurityACLRuleIpv6AddUdp1() throws Exception {
776 when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_UDP);
777 when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(50);
778 when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(50);
779 when(portSecurityIpv6Rule.getSecurityRuleRemoteIpPrefix()).thenReturn("::/64");
780 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
781 any(NodeBuilder.class));
782 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6,
785 Match match = flowBuilder.getMatch();
786 EthernetMatch ethMatch = match.getEthernetMatch();
787 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
788 Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
790 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
791 UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
792 Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
793 int port = portSecurityIpv6Rule.getSecurityRulePortMin();
794 Assert.assertEquals("Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
795 "_" + port + "_::/64_Permit", flowBuilder.getFlowName());
799 * Test IPv4 UDP remove with port no and CIDR selected.
802 public void testProgramPortSecurityACLRuleRemoveUdp1() throws Exception {
803 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_UDP);
804 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
805 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
806 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
807 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
808 any(NodeBuilder.class));
809 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
812 Match match = flowBuilder.getMatch();
813 EthernetMatch ethMatch = match.getEthernetMatch();
814 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
815 Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
817 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
818 UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
819 Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
820 int port = portSecurityRule.getSecurityRulePortMin();
821 Assert.assertEquals("Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
822 "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
826 * Test IPv6 UDP remove with port no and CIDR selected.
829 public void testProgramPortSecurityACLRuleIpv6RemoveUdp1() throws Exception {
830 when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_UDP);
831 when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(50);
832 when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(50);
833 when(portSecurityIpv6Rule.getSecurityRuleRemoteIpPrefix()).thenReturn("::/64");
834 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
835 any(NodeBuilder.class));
836 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6,
839 Match match = flowBuilder.getMatch();
840 EthernetMatch ethMatch = match.getEthernetMatch();
841 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
842 Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
844 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
845 UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
846 Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
847 int port = portSecurityIpv6Rule.getSecurityRulePortMin();
848 Assert.assertEquals("Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
849 "_" + port + "_::/64_Permit", flowBuilder.getFlowName());
853 * Test IPv4 UDP add with port no and remote SG selected.
856 public void testProgramPortSecurityACLRuleAddUdp2() throws Exception {
857 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_UDP);
858 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
859 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
860 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
861 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
862 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
863 any(NodeBuilder.class));
864 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
867 Match match = flowBuilder.getMatch();
868 EthernetMatch ethMatch = match.getEthernetMatch();
869 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
870 Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
872 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
873 UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
874 Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
875 int port = portSecurityRule.getSecurityRulePortMin();
876 String expectedFlowId1 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + DEST_IP_1 +
878 String expectedFlowId2 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + DEST_IP_2 +
880 String actualFlowId = flowBuilder.getFlowName();
881 if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
882 Assert.assertTrue(true);
884 Assert.assertTrue(false);
889 * Test IPv6 UDP add with port no and remote SG selected.
892 public void testProgramPortSecurityACLRuleIpv6AddUdp2() throws Exception {
893 when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_UDP);
894 when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(50);
895 when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(50);
896 when(portSecurityIpv6Rule.getSecurityRuleRemoteIpPrefix()).thenReturn("::/64");
897 when(portSecurityIpv6Rule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
898 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
899 any(NodeBuilder.class));
900 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6,
903 Match match = flowBuilder.getMatch();
904 EthernetMatch ethMatch = match.getEthernetMatch();
905 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
906 Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
908 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
909 UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
910 Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
911 int port = portSecurityIpv6Rule.getSecurityRulePortMin();
912 String expectedFlowId1 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + IPV6_DEST_IP_1 +
914 String expectedFlowId2 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + IPV6_DEST_IP_2 +
916 String actualFlowId = flowBuilder.getFlowName();
917 if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
918 Assert.assertTrue(true);
920 Assert.assertTrue(false);
925 * Test IPv4 UDP remove with port no and remote SG selected.
928 public void testProgramPortSecurityACLRuleRemoveUdp2() throws Exception {
929 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_UDP);
930 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
931 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
932 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
933 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
934 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
935 any(NodeBuilder.class));
936 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
939 Match match = flowBuilder.getMatch();
940 EthernetMatch ethMatch = match.getEthernetMatch();
941 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
942 Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
944 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
945 UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
946 Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
947 int port = portSecurityRule.getSecurityRulePortMin();
948 String expectedFlowId1 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + DEST_IP_1 +
950 String expectedFlowId2 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + DEST_IP_2 +
952 String actualFlowId = flowBuilder.getFlowName();
953 if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
954 Assert.assertTrue(true);
956 Assert.assertTrue(false);
961 * Test IPv6 UDP remove with port no and remote SG selected.
964 public void testProgramPortSecurityACLRuleIpv6RemoveUdp2() throws Exception {
965 when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_UDP);
966 when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(50);
967 when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(50);
968 when(portSecurityIpv6Rule.getSecurityRuleRemoteIpPrefix()).thenReturn("::/64");
969 when(portSecurityIpv6Rule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
970 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
971 any(NodeBuilder.class));
972 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6,
975 Match match = flowBuilder.getMatch();
976 EthernetMatch ethMatch = match.getEthernetMatch();
977 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
978 Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
980 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
981 UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
982 Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
983 int port = portSecurityIpv6Rule.getSecurityRulePortMin();
984 String expectedFlowId1 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + IPV6_DEST_IP_1 +
986 String expectedFlowId2 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + IPV6_DEST_IP_2 +
988 String actualFlowId = flowBuilder.getFlowName();
989 if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
990 Assert.assertTrue(true);
992 Assert.assertTrue(false);
997 * Test IPv4 UDP add with port (All UDP) and CIDR selected.
1000 public void testProgramPortSecurityACLRuleAddUdpAll1() throws Exception {
1001 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_UDP);
1002 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
1003 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
1004 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
1005 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
1006 any(NodeBuilder.class));
1007 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
1010 Match match = flowBuilder.getMatch();
1011 EthernetMatch ethMatch = match.getEthernetMatch();
1012 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
1013 Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
1015 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
1016 Assert.assertEquals("Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
1017 PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
1021 * Test IPv6 UDP add with port (All UDP) and CIDR selected.
1024 public void testProgramPortSecurityACLRuleIpv6AddUdpAll1() throws Exception {
1025 when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_UDP);
1026 when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
1027 when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
1028 when(portSecurityIpv6Rule.getSecurityRuleRemoteIpPrefix()).thenReturn("::/64");
1029 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
1030 any(NodeBuilder.class));
1031 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6,
1034 Match match = flowBuilder.getMatch();
1035 EthernetMatch ethMatch = match.getEthernetMatch();
1036 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
1037 Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
1039 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
1040 Assert.assertEquals("Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
1041 PORT_RANGE_MAX + "_::/64_Permit", flowBuilder.getFlowName());
1045 * Test IPv4 UDP remove with port (All UDP) and CIDR selected.
1048 public void testProgramPortSecurityACLRuleRemoveUdpAll1() throws Exception {
1049 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_UDP);
1050 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
1051 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
1052 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
1053 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
1054 any(NodeBuilder.class));
1055 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
1058 Match match = flowBuilder.getMatch();
1059 EthernetMatch ethMatch = match.getEthernetMatch();
1060 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
1061 Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
1063 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
1064 Assert.assertEquals("Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
1065 PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
1069 * Test IPv6 UDP remove with port (All UDP) and CIDR selected.
1072 public void testProgramPortSecurityACLRuleIpv6RemoveUdpAll1() throws Exception {
1073 when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_UDP);
1074 when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
1075 when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
1076 when(portSecurityIpv6Rule.getSecurityRuleRemoteIpPrefix()).thenReturn("::/64");
1077 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
1078 any(NodeBuilder.class));
1079 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6,
1082 Match match = flowBuilder.getMatch();
1083 EthernetMatch ethMatch = match.getEthernetMatch();
1084 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
1085 Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
1087 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
1088 Assert.assertEquals("Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
1089 PORT_RANGE_MAX + "_::/64_Permit", flowBuilder.getFlowName());
1093 * Test IPv4 UDP add with port (All UDP) and remote SG selected.
1096 public void testProgramPortSecurityACLRuleAddUdpAll2() throws Exception {
1097 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_UDP);
1098 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
1099 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
1100 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
1101 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
1102 any(NodeBuilder.class));
1103 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
1106 Match match = flowBuilder.getMatch();
1107 EthernetMatch ethMatch = match.getEthernetMatch();
1108 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
1109 Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
1111 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
1112 String expectedFlowId1 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
1113 PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
1114 String expectedFlowId2 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
1115 PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
1116 String actualFlowId = flowBuilder.getFlowName();
1117 if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
1118 Assert.assertTrue(true);
1120 Assert.assertTrue(false);
1125 * Test IPv6 UDP add with port (All UDP) and remote SG selected.
1128 public void testProgramPortSecurityACLRuleIpv6AddUdpAll2() throws Exception {
1129 when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_UDP);
1130 when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
1131 when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
1132 when(portSecurityIpv6Rule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
1133 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
1134 any(NodeBuilder.class));
1135 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6,
1138 Match match = flowBuilder.getMatch();
1139 EthernetMatch ethMatch = match.getEthernetMatch();
1140 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
1141 Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
1143 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
1144 String expectedFlowId1 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
1145 PORT_RANGE_MAX + "_" + IPV6_DEST_IP_1 + "_Permit";
1146 String expectedFlowId2 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
1147 PORT_RANGE_MAX + "_" + IPV6_DEST_IP_2 + "_Permit";
1148 String actualFlowId = flowBuilder.getFlowName();
1149 if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
1150 Assert.assertTrue(true);
1152 Assert.assertTrue(false);
1157 * Test IPv4 UDP remove with port (All UDP) and remote SG selected.
1160 public void testProgramPortSecurityACLRuleRemoveUdpAll2() throws Exception {
1161 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_UDP);
1162 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
1163 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
1164 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
1165 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
1166 any(NodeBuilder.class));
1167 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
1170 Match match = flowBuilder.getMatch();
1171 EthernetMatch ethMatch = match.getEthernetMatch();
1172 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
1173 Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
1175 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
1176 String expectedFlowId1 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
1177 PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
1178 String expectedFlowId2 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
1179 PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
1180 String actualFlowId = flowBuilder.getFlowName();
1181 if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
1182 Assert.assertTrue(true);
1184 Assert.assertTrue(false);
1189 * Test IPv6 UDP remove with port (All UDP) and remote SG selected.
1192 public void testProgramPortSecurityACLRuleIpv6RemoveUdpAll2() throws Exception {
1193 when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_UDP);
1194 when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
1195 when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
1196 when(portSecurityIpv6Rule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
1197 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
1198 any(NodeBuilder.class));
1199 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6,
1202 Match match = flowBuilder.getMatch();
1203 EthernetMatch ethMatch = match.getEthernetMatch();
1204 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
1205 Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
1207 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
1208 String expectedFlowId1 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
1209 PORT_RANGE_MAX + "_" + IPV6_DEST_IP_1 + "_Permit";
1210 String expectedFlowId2 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
1211 PORT_RANGE_MAX + "_" + IPV6_DEST_IP_2 + "_Permit";
1212 String actualFlowId = flowBuilder.getFlowName();
1213 if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
1214 Assert.assertTrue(true);
1216 Assert.assertTrue(false);
1221 * Test ICMP add with code, type and CIDR selected.
1224 public void testProgramPortSecurityACLRuleAddIcmp1() throws Exception {
1225 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_ICMP);
1226 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(10);
1227 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(10);
1228 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
1229 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
1230 any(NodeBuilder.class));
1232 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
1235 Match match = flowBuilder.getMatch();
1236 Icmpv4Match icmpv4Match = match.getIcmpv4Match();
1237 Assert.assertEquals(10, icmpv4Match.getIcmpv4Type().shortValue());
1238 Assert.assertEquals(10, icmpv4Match.getIcmpv4Code().shortValue());
1239 EthernetMatch ethMatch = match.getEthernetMatch();
1240 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
1241 Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
1242 Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
1243 Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
1244 Assert.assertEquals("Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
1245 "_" + type + "_" + code + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
1249 * Test ICMPv6 add with code, type and CIDR selected.
1252 public void testProgramPortSecurityACLRuleIpv6AddIcmp1() throws Exception {
1253 when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_ICMPV6);
1254 when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(10);
1255 when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(10);
1256 when(portSecurityIpv6Rule.getSecurityRuleRemoteIpPrefix()).thenReturn("::/64");
1257 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
1258 any(NodeBuilder.class));
1260 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6,
1263 Match match = flowBuilder.getMatch();
1264 Icmpv6Match icmpv6Match = match.getIcmpv6Match();
1265 Assert.assertEquals(10, icmpv6Match.getIcmpv6Type().shortValue());
1266 Assert.assertEquals(10, icmpv6Match.getIcmpv6Code().shortValue());
1267 EthernetMatch ethMatch = match.getEthernetMatch();
1268 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
1269 Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
1270 Short type = portSecurityIpv6Rule.getSecurityRulePortMin().shortValue();
1271 Short code = portSecurityIpv6Rule.getSecurityRulePortMax().shortValue();
1272 Assert.assertEquals("Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
1273 "_" + type + "_" + code + "_::/64_Permit", flowBuilder.getFlowName());
1277 * Test ICMP remove with code, type and CIDR selected.
1280 public void testProgramPortSecurityACLRuleRemoveIcmp1() throws Exception {
1281 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_ICMP);
1282 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(20);
1283 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(20);
1284 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
1285 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
1286 any(NodeBuilder.class));
1288 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
1291 Match match = flowBuilder.getMatch();
1292 Icmpv4Match icmpv4Match = match.getIcmpv4Match();
1293 Assert.assertEquals(20, icmpv4Match.getIcmpv4Type().shortValue());
1294 Assert.assertEquals(20, icmpv4Match.getIcmpv4Code().shortValue());
1295 EthernetMatch ethMatch = match.getEthernetMatch();
1296 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
1297 Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
1298 Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
1299 Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
1300 Assert.assertEquals("Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
1301 "_" + type + "_" + code + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
1305 * Test ICMPv6 remove with code, type and CIDR selected.
1308 public void testProgramPortSecurityACLRuleIpv6RemoveIcmp1() throws Exception {
1309 when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_ICMPV6);
1310 when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(20);
1311 when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(20);
1312 when(portSecurityIpv6Rule.getSecurityRuleRemoteIpPrefix()).thenReturn("::/64");
1313 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
1314 any(NodeBuilder.class));
1316 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6,
1319 Match match = flowBuilder.getMatch();
1320 Icmpv6Match icmpv6Match = match.getIcmpv6Match();
1321 Assert.assertEquals(20, icmpv6Match.getIcmpv6Type().shortValue());
1322 Assert.assertEquals(20, icmpv6Match.getIcmpv6Code().shortValue());
1323 EthernetMatch ethMatch = match.getEthernetMatch();
1324 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
1325 Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
1326 Short type = portSecurityIpv6Rule.getSecurityRulePortMin().shortValue();
1327 Short code = portSecurityIpv6Rule.getSecurityRulePortMax().shortValue();
1328 Assert.assertEquals("Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
1329 "_" + type + "_" + code + "_::/64_Permit", flowBuilder.getFlowName());
1333 * Test ICMP add with code, type and remote SG selected.
1336 public void testProgramPortSecurityACLRuleAddIcmp2() throws Exception {
1337 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_ICMP);
1338 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(30);
1339 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(30);
1340 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
1341 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
1342 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
1343 any(NodeBuilder.class));
1345 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
1348 Match match = flowBuilder.getMatch();
1349 Icmpv4Match icmpv4Match = match.getIcmpv4Match();
1350 Assert.assertEquals(30, icmpv4Match.getIcmpv4Type().shortValue());
1351 Assert.assertEquals(30, icmpv4Match.getIcmpv4Code().shortValue());
1352 EthernetMatch ethMatch = match.getEthernetMatch();
1353 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
1354 Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
1355 Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
1356 Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
1357 String expectedFlowId1 = "Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code + "_"
1358 + DEST_IP_1 + "_Permit";
1359 String expectedFlowId2 = "Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code + "_"
1360 + DEST_IP_2 + "_Permit";
1361 String actualFlowId = flowBuilder.getFlowName();
1362 if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
1363 Assert.assertTrue(true);
1365 Assert.assertTrue(false);
1370 * Test ICMPv6 add with code, type and remote SG selected.
1373 public void testProgramPortSecurityACLRuleIpv6AddIcmp2() throws Exception {
1374 when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_ICMPV6);
1375 when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(30);
1376 when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(30);
1377 when(portSecurityIpv6Rule.getSecurityRuleRemoteIpPrefix()).thenReturn("::/64");
1378 when(portSecurityIpv6Rule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
1379 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
1380 any(NodeBuilder.class));
1382 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6,
1385 Match match = flowBuilder.getMatch();
1386 Icmpv6Match icmpv6Match = match.getIcmpv6Match();
1387 Assert.assertEquals(30, icmpv6Match.getIcmpv6Type().shortValue());
1388 Assert.assertEquals(30, icmpv6Match.getIcmpv6Code().shortValue());
1389 EthernetMatch ethMatch = match.getEthernetMatch();
1390 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
1391 Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
1392 Short type = portSecurityIpv6Rule.getSecurityRulePortMin().shortValue();
1393 Short code = portSecurityIpv6Rule.getSecurityRulePortMax().shortValue();
1394 String expectedFlowId1 = "Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code + "_"
1395 + IPV6_DEST_IP_1 + "_Permit";
1396 String expectedFlowId2 = "Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code + "_"
1397 + IPV6_DEST_IP_2 + "_Permit";
1398 String actualFlowId = flowBuilder.getFlowName();
1399 if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
1400 Assert.assertTrue(true);
1402 Assert.assertTrue(false);
1407 * Test ICMP remove with code, type and remote SG selected.
1410 public void testProgramPortSecurityACLRuleRemoveIcmp2() throws Exception {
1411 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_ICMP);
1412 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(40);
1413 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(40);
1414 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
1415 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
1416 any(NodeBuilder.class));
1418 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
1421 Match match = flowBuilder.getMatch();
1422 Icmpv4Match icmpv4Match = match.getIcmpv4Match();
1423 Assert.assertEquals(40, icmpv4Match.getIcmpv4Type().shortValue());
1424 Assert.assertEquals(40, icmpv4Match.getIcmpv4Code().shortValue());
1425 EthernetMatch ethMatch = match.getEthernetMatch();
1426 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
1427 Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
1428 Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
1429 Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
1430 String expectedFlowId1 = "Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code + "_"
1431 + DEST_IP_1 + "_Permit";
1432 String expectedFlowId2 = "Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code + "_"
1433 + DEST_IP_2 + "_Permit";
1434 String actualFlowId = flowBuilder.getFlowName();
1435 if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
1436 Assert.assertTrue(true);
1438 Assert.assertTrue(false);
1443 * Test ICMPv6 remove with code, type and remote SG selected.
1446 public void testProgramPortSecurityACLRuleIpv6RemoveIcmp2() throws Exception {
1447 when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_ICMPV6);
1448 when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(40);
1449 when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(40);
1450 when(portSecurityIpv6Rule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
1451 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
1452 any(NodeBuilder.class));
1454 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6,
1457 Match match = flowBuilder.getMatch();
1458 Icmpv6Match icmpv6Match = match.getIcmpv6Match();
1459 Assert.assertEquals(40, icmpv6Match.getIcmpv6Type().shortValue());
1460 Assert.assertEquals(40, icmpv6Match.getIcmpv6Code().shortValue());
1461 EthernetMatch ethMatch = match.getEthernetMatch();
1462 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
1463 Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
1464 Short type = portSecurityIpv6Rule.getSecurityRulePortMin().shortValue();
1465 Short code = portSecurityIpv6Rule.getSecurityRulePortMax().shortValue();
1466 String expectedFlowId1 = "Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code + "_"
1467 + IPV6_DEST_IP_1 + "_Permit";
1468 String expectedFlowId2 = "Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code + "_"
1469 + IPV6_DEST_IP_2 + "_Permit";
1470 String actualFlowId = flowBuilder.getFlowName();
1471 if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
1472 Assert.assertTrue(true);
1474 Assert.assertTrue(false);
1479 * Test IPv4 invalid ether type test case.
1482 public void testProgramPortSecurityACLRuleInvalidEther() throws Exception {
1483 when(portSecurityRule.getSecurityRuleEthertype()).thenReturn("IP");
1485 egressAclServiceSpy.programPortSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,PORT_UUID,false);
1487 verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1488 verify(writeTransaction, times(0)).submit();
1489 verify(commitFuture, times(0)).get();
1493 * Test IPv4 invalid direction type test case.
1496 public void testProgramPortSecurityACLRuleInvalidDirection() throws Exception {
1497 when(portSecurityRule.getSecurityRuleDirection()).thenReturn(NeutronSecurityRule.DIRECTION_INGRESS);
1499 egressAclServiceSpy.programPortSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,PORT_UUID,false);
1501 verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1502 verify(writeTransaction, times(0)).submit();
1503 verify(commitFuture, times(0)).get();
1507 * Test With isConntrackEnabled false isComputeNode false
1510 public void testProgramFixedSecurityACLAdd1() throws Exception {
1511 when(securityServices.isConntrackEnabled()).thenReturn(false);
1513 egressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, false, false, true);
1515 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
1516 verify(writeTransaction, times(2)).submit();
1517 verify(commitFuture, times(2)).checkedGet();
1520 * Test With isConntrackEnabled false isComputeNode false
1523 public void testProgramFixedSecurityACLRemove1() throws Exception {
1524 when(securityServices.isConntrackEnabled()).thenReturn(false);
1526 egressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, false, false, false);
1528 verify(writeTransaction, times(2)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1529 verify(writeTransaction, times(2)).submit();
1530 verify(commitFuture, times(2)).get();
1534 * Test With isConntrackEnabled false isComputeNode true
1537 public void testProgramFixedSecurityACLAdd2() throws Exception {
1538 when(securityServices.isConntrackEnabled()).thenReturn(false);
1540 egressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, false, true, true);
1542 verify(writeTransaction, times(9)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
1543 verify(writeTransaction, times(9)).submit();
1544 verify(commitFuture, times(9)).checkedGet();
1548 * Test With isConntrackEnabled false isComputeNode true
1551 public void testProgramFixedSecurityACLRemove2() throws Exception {
1552 when(securityServices.isConntrackEnabled()).thenReturn(false);
1554 egressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, false, true, false);
1556 verify(writeTransaction, times(9)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1557 verify(writeTransaction, times(9)).submit();
1558 verify(commitFuture, times(9)).get();
1562 * Test With isConntrackEnabled true isComputeNode false
1565 public void testProgramFixedSecurityACLAdd3() throws Exception {
1566 when(securityServices.isConntrackEnabled()).thenReturn(true);
1568 egressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, false, false, true);
1570 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
1571 verify(writeTransaction, times(2)).submit();
1572 verify(commitFuture, times(2)).checkedGet();
1576 * Test With isConntrackEnabled true isComputeNode false
1579 public void testProgramFixedSecurityACLRemove3() throws Exception {
1580 when(securityServices.isConntrackEnabled()).thenReturn(true);
1582 egressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, false, false, false);
1584 verify(writeTransaction, times(2)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1585 verify(writeTransaction, times(2)).submit();
1586 verify(commitFuture, times(2)).get();
1590 * Test With isConntrackEnabled true isComputeNode true
1593 public void testProgramFixedSecurityACLAdd4() throws Exception {
1594 when(securityServices.isConntrackEnabled()).thenReturn(true);
1596 egressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, false, true, true);
1598 verify(writeTransaction, times(14)).put(any(LogicalDatastoreType.class),
1599 any(InstanceIdentifier.class), any(Node.class), eq(true));
1600 verify(writeTransaction, times(14)).submit();
1601 verify(commitFuture, times(14)).checkedGet();
1605 * Test With isConntrackEnabled true isComputeNode true
1608 public void testProgramFixedSecurityACLRemove4() throws Exception {
1609 when(securityServices.isConntrackEnabled()).thenReturn(true);
1611 egressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, false, true, false);
1613 verify(writeTransaction, times(14)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1614 verify(writeTransaction, times(14)).submit();
1615 verify(commitFuture, times(14)).get();