2 * Copyright (c) 2015 - 2016 Inocybe and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
9 package org.opendaylight.netvirt.openstack.netvirt.providers.openflow13.services;
11 import static org.mockito.Matchers.any;
12 import static org.mockito.Matchers.eq;
13 import static org.mockito.Mockito.mock;
14 import static org.mockito.Mockito.times;
15 import static org.mockito.Mockito.verify;
16 import static org.mockito.Mockito.when;
18 import java.util.ArrayList;
19 import java.util.List;
20 import java.util.concurrent.atomic.AtomicBoolean;
22 import org.junit.Assert;
23 import org.junit.Before;
24 import org.junit.Test;
25 import org.junit.runner.RunWith;
26 import org.mockito.InjectMocks;
27 import org.mockito.Mock;
28 import org.mockito.invocation.InvocationOnMock;
29 import org.mockito.stubbing.Answer;
30 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
31 import org.opendaylight.controller.md.sal.binding.api.WriteTransaction;
32 import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
33 import org.opendaylight.controller.md.sal.common.api.data.TransactionCommitFailedException;
34 import org.opendaylight.netvirt.openstack.netvirt.api.SecurityServicesManager;
35 import org.opendaylight.netvirt.openstack.netvirt.providers.NetvirtProvidersProvider;
36 import org.opendaylight.netvirt.openstack.netvirt.providers.openflow13.PipelineOrchestrator;
37 import org.opendaylight.netvirt.openstack.netvirt.providers.openflow13.Service;
38 import org.opendaylight.netvirt.openstack.netvirt.translator.NeutronSecurityGroup;
39 import org.opendaylight.netvirt.openstack.netvirt.translator.NeutronSecurityRule;
40 import org.opendaylight.netvirt.openstack.netvirt.translator.Neutron_IPs;
41 import org.opendaylight.netvirt.openstack.netvirt.api.SecurityGroupCacheManger;
42 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.inventory.rev130819.tables.table.FlowBuilder;
43 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.nodes.Node;
44 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.nodes.NodeBuilder;
45 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.Match;
46 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.EthernetMatch;
47 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.Icmpv4Match;
48 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.Icmpv6Match;
49 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._4.match.TcpMatch;
50 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._4.match.UdpMatch;
51 import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
52 import org.powermock.api.mockito.PowerMockito;
53 import org.powermock.api.support.membermodification.MemberModifier;
54 import org.powermock.modules.junit4.PowerMockRunner;
56 import com.google.common.util.concurrent.CheckedFuture;
59 * Unit test fort {@link IngressAclService}
61 @RunWith(PowerMockRunner.class)
62 @SuppressWarnings("unchecked")
63 public class IngressAclServiceTest {
65 @InjectMocks private IngressAclService ingressAclService = new IngressAclService();
66 private IngressAclService ingressAclServiceSpy;
68 @Mock private DataBroker dataBroker;
69 @Mock private PipelineOrchestrator orchestrator;
71 @Mock private WriteTransaction writeTransaction;
72 @Mock private CheckedFuture<Void, TransactionCommitFailedException> commitFuture;
74 @Mock private NeutronSecurityGroup securityGroup;
75 @Mock private NeutronSecurityRule portSecurityRule;
76 @Mock private NeutronSecurityGroup securityGroupIpv6;
77 @Mock private NeutronSecurityRule portSecurityIpv6Rule;
78 @Mock private SecurityServicesManager securityServices;
79 @Mock private SecurityGroupCacheManger securityGroupCacheManger;
81 private List<Neutron_IPs> neutronSrcIpList = new ArrayList<>();
82 private List<Neutron_IPs> neutronDestIpList = new ArrayList<>();
83 private Neutron_IPs neutron_ip_src;
84 private Neutron_IPs neutron_ip_dest_1;
85 private Neutron_IPs neutron_ip_dest_2;
86 private Neutron_IPs neutron_ipv6_dest_1;
87 private Neutron_IPs neutron_ipv6_dest_2;
89 private static final String MAC_ADDRESS = "87:1D:5E:02:40:B8";
90 private static final String DHCP_MAC_ADDRESS = "87:1D:5E:02:40:B9";
91 private static final String SRC_IP = "192.168.0.1";
92 private static final String DEST_IP_1 = "192.169.0.1";
93 private static final String DEST_IP_2 = "192.169.0.2";
94 private static final String IPV6_DEST_IP_1 = "2001:db8:2::200";
95 private static final String IPV6_DEST_IP_2 = "2001:db8:2::201";
96 private static final Long IPV6_ETHER_TYPE = (long) 0x86DD;
97 private static final Long IPV4_ETHER_TYPE = (long) 0x0800;
98 private static final String SECURITY_GROUP_UUID = "85cc3048-abc3-43cc-89b3-377341426ac5";
99 private static final String PORT_UUID = "95cc3048-abc3-43cc-89b3-377341426ac5";
100 private static final String SEGMENT_ID = "2";
101 private static final Long DP_ID_LONG = (long) 1554;
102 private static final Long LOCAL_PORT = (long) 124;
103 private static final int PORT_RANGE_MIN = 1;
104 private static final int PORT_RANGE_MAX = 65535;
105 private static FlowBuilder flowBuilder;
106 private static NodeBuilder nodeBuilder;
108 private static Answer<Object> answer() {
109 return new Answer<Object>() {
111 public CheckedFuture<Void, TransactionCommitFailedException> answer(InvocationOnMock invocation)
113 flowBuilder = (FlowBuilder) invocation.getArguments()[0];
114 nodeBuilder = (NodeBuilder) invocation.getArguments()[1];
121 public void setUp() throws IllegalArgumentException, IllegalAccessException{
122 ingressAclServiceSpy = PowerMockito.spy(ingressAclService);
124 when(writeTransaction.submit()).thenReturn(commitFuture);
126 when(dataBroker.newWriteOnlyTransaction()).thenReturn(writeTransaction);
128 when(orchestrator.getNextServiceInPipeline(any(Service.class))).thenReturn(Service.ARP_RESPONDER);
130 portSecurityRule = mock(NeutronSecurityRule.class);
131 when(portSecurityRule.getSecurityRuleEthertype()).thenReturn(NeutronSecurityRule.ETHERTYPE_IPV4);
132 when(portSecurityRule.getSecurityRuleDirection()).thenReturn(NeutronSecurityRule.DIRECTION_INGRESS);
134 List<NeutronSecurityRule> portSecurityList = new ArrayList<>();
135 portSecurityList.add(portSecurityRule);
137 neutron_ip_src = new Neutron_IPs();
138 neutron_ip_src.setIpAddress(SRC_IP);
139 neutronSrcIpList.add(neutron_ip_src);
141 neutron_ip_dest_1 = new Neutron_IPs();
142 neutron_ip_dest_1.setIpAddress(DEST_IP_1);
143 neutronDestIpList.add(neutron_ip_dest_1);
145 neutron_ip_dest_2 = new Neutron_IPs();
146 neutron_ip_dest_2.setIpAddress(DEST_IP_2);
147 neutronDestIpList.add(neutron_ip_dest_2);
149 portSecurityIpv6Rule = mock(NeutronSecurityRule.class);
150 when(portSecurityIpv6Rule.getSecurityRuleEthertype()).thenReturn(NeutronSecurityRule.ETHERTYPE_IPV6);
151 when(portSecurityIpv6Rule.getSecurityRuleDirection()).thenReturn(NeutronSecurityRule.DIRECTION_INGRESS);
153 List<NeutronSecurityRule> portSecurityIpv6List = new ArrayList<>();
154 portSecurityIpv6List.add(portSecurityIpv6Rule);
155 when(securityGroupIpv6.getSecurityRules()).thenReturn(portSecurityIpv6List);
157 neutron_ipv6_dest_1 = new Neutron_IPs();
158 neutron_ipv6_dest_1.setIpAddress(IPV6_DEST_IP_1);
159 neutronDestIpList.add(neutron_ipv6_dest_1);
161 neutron_ipv6_dest_2 = new Neutron_IPs();
162 neutron_ipv6_dest_2.setIpAddress(IPV6_DEST_IP_2);
163 neutronDestIpList.add(neutron_ipv6_dest_2);
165 when(securityGroup.getSecurityRules()).thenReturn(portSecurityList);
166 when(securityServices.getVmListForSecurityGroup
167 (PORT_UUID, SECURITY_GROUP_UUID)).thenReturn(neutronDestIpList);
168 NetvirtProvidersProvider netvirtProvider = mock(NetvirtProvidersProvider.class);
169 MemberModifier.field(NetvirtProvidersProvider.class, "hasProviderEntityOwnership").set(netvirtProvider, new AtomicBoolean(true));
173 * Test method {@link EgressAclService#programPortSecurityGroup(java.lang.Long, java.lang.String,
174 * java.lang.String, long, NeutronSecurityGroup,
175 * java.lang.String, boolean)} when portSecurityRule is incomplete
178 public void testProgramPortSecurityGroupWithIncompleteRule() throws Exception {
179 NeutronSecurityRule portSecurityRule1 = mock(NeutronSecurityRule.class);
180 when(portSecurityRule1.getSecurityRuleEthertype()).thenReturn(NeutronSecurityRule.ETHERTYPE_IPV4);
181 when(portSecurityRule1.getSecurityRuleDirection()).thenReturn("not_ingress"); // other direction
183 NeutronSecurityRule portSecurityRule2 = mock(NeutronSecurityRule.class);
184 when(portSecurityRule2.getSecurityRuleEthertype()).thenReturn(null);
185 when(portSecurityRule2.getSecurityRuleDirection()).thenReturn(NeutronSecurityRule.DIRECTION_INGRESS);
187 NeutronSecurityRule portSecurityRule3 = mock(NeutronSecurityRule.class);
188 when(portSecurityRule3.getSecurityRuleEthertype()).thenReturn(NeutronSecurityRule.ETHERTYPE_IPV4);
189 when(portSecurityRule3.getSecurityRuleDirection()).thenReturn(null);
191 NeutronSecurityRule portSecurityRule4 = mock(NeutronSecurityRule.class);
192 when(portSecurityRule4.getSecurityRuleEthertype()).thenReturn(null);
193 when(portSecurityRule4.getSecurityRuleDirection()).thenReturn(null);
195 List<NeutronSecurityRule> portSecurityList = new ArrayList<>();
196 portSecurityList.add(null);
197 portSecurityList.add(portSecurityRule1);
198 portSecurityList.add(portSecurityRule2);
199 portSecurityList.add(portSecurityRule3);
200 portSecurityList.add(portSecurityRule4);
202 NeutronSecurityGroup localSecurityGroup = mock(NeutronSecurityGroup.class);
203 when(localSecurityGroup.getSecurityRules()).thenReturn(portSecurityList);
205 ingressAclServiceSpy.programPortSecurityGroup(
206 Long.valueOf(1554), "2", MAC_ADDRESS, 124, localSecurityGroup, PORT_UUID, false);
210 * Test IPv4 add test case.
213 public void testProgramPortSecurityACLRuleAddIpv4() throws Exception {
214 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
215 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
216 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
217 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
219 ingressAclServiceSpy.programPortSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,PORT_UUID,true);
221 verify(writeTransaction, times(1)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
222 verify(writeTransaction, times(1)).submit();
223 verify(commitFuture, times(1)).checkedGet();
227 * Test IPv6 add test case.
230 public void testProgramPortSecurityACLRuleAddIpv6() throws Exception {
231 when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn(null);
232 when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(null);
233 when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(null);
234 when(portSecurityIpv6Rule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
236 ingressAclServiceSpy.programPortSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroupIpv6, PORT_UUID, true);
238 verify(writeTransaction, times(1)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
239 verify(writeTransaction, times(1)).submit();
240 verify(commitFuture, times(1)).checkedGet();
244 * Test IPv4 remove test case.
247 public void testProgramPortSecurityACLRuleRemoveIpv4() throws Exception {
248 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
249 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
250 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
251 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
253 ingressAclServiceSpy.programPortSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,PORT_UUID,false);
255 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
256 verify(writeTransaction, times(1)).submit();
257 verify(commitFuture, times(1)).get();
261 * Test IPv6 remove test case.
264 public void testProgramPortSecurityACLRuleRemoveIpv6() throws Exception {
265 when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn(null);
266 when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(null);
267 when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(null);
268 when(portSecurityIpv6Rule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
270 ingressAclServiceSpy.programPortSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroupIpv6, PORT_UUID, false);
272 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
273 verify(writeTransaction, times(1)).submit();
274 verify(commitFuture, times(1)).get();
278 * Test IPv4 TCP add with port no and CIDR selected.
281 public void testProgramPortSecurityACLRuleAddTcp1() throws Exception {
282 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_TCP);
283 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(20);
284 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(20);
285 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
286 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
287 any(NodeBuilder.class));
289 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
292 Match match = flowBuilder.getMatch();
293 EthernetMatch ethMatch = match.getEthernetMatch();
294 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
295 Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
297 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
298 TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
299 Assert.assertEquals(20, layer4Match.getTcpDestinationPort().getValue().intValue());
300 int port = portSecurityRule.getSecurityRulePortMin();
301 Assert.assertEquals("Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
302 "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
306 * Test IPv6 TCP add with port no and CIDR selected.
309 public void testProgramPortSecurityACLRuleIpv6AddTcp1() throws Exception {
310 when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_TCP);
311 when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(20);
312 when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(20);
313 when(portSecurityIpv6Rule.getSecurityRuleRemoteIpPrefix()).thenReturn("::/64");
314 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
315 any(NodeBuilder.class));
317 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6,
320 Match match = flowBuilder.getMatch();
321 EthernetMatch ethMatch = match.getEthernetMatch();
322 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
323 Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
325 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
326 TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
327 Assert.assertEquals(20, layer4Match.getTcpDestinationPort().getValue().intValue());
328 int port = portSecurityIpv6Rule.getSecurityRulePortMin();
329 Assert.assertEquals("Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
330 "_" + port + "_::/64_Permit", flowBuilder.getFlowName());
334 * Test IPv4 TCP remove with port no and CIDR selected.
337 public void testProgramPortSecurityACLRuleRemoveTcp1() throws Exception {
338 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_TCP);
339 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(15);
340 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(15);
341 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
342 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
343 any(NodeBuilder.class));
345 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
348 Match match = flowBuilder.getMatch();
349 EthernetMatch ethMatch = match.getEthernetMatch();
350 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
351 Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
353 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
354 TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
355 Assert.assertEquals(15, layer4Match.getTcpDestinationPort().getValue().intValue());
356 int port = portSecurityRule.getSecurityRulePortMin();
357 Assert.assertEquals("Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
358 "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
362 * Test IPv6 TCP remove with port no and CIDR selected.
365 public void testProgramPortSecurityACLRuleIpv6RemoveTcp1() throws Exception {
366 when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_TCP);
367 when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(15);
368 when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(15);
369 when(portSecurityIpv6Rule.getSecurityRuleRemoteIpPrefix()).thenReturn("::/64");
370 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
371 any(NodeBuilder.class));
373 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6,
376 Match match = flowBuilder.getMatch();
377 EthernetMatch ethMatch = match.getEthernetMatch();
378 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
379 Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
381 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
382 TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
383 Assert.assertEquals(15, layer4Match.getTcpDestinationPort().getValue().intValue());
384 int port = portSecurityIpv6Rule.getSecurityRulePortMin();
385 Assert.assertEquals("Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
386 "_" + port + "_::/64_Permit", flowBuilder.getFlowName());
390 * Test IPv4 TCP add with port no and remote SG selected.
393 public void testProgramPortSecurityACLRuleAddTcp2() throws Exception {
394 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_TCP);
395 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
396 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
397 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
398 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
399 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
400 any(NodeBuilder.class));
401 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
404 Match match = flowBuilder.getMatch();
405 EthernetMatch ethMatch = match.getEthernetMatch();
406 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
407 Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
409 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
410 TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
411 Assert.assertEquals(50, layer4Match.getTcpDestinationPort().getValue().intValue());
412 int port = portSecurityRule.getSecurityRulePortMin();
413 String expectedFlowId1 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_1 +
415 String expectedFlowId2 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_2 +
417 String actualFlowId = flowBuilder.getFlowName();
418 if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
419 Assert.assertTrue(true);
421 Assert.assertTrue(false);
426 * Test IPv6 TCP add with port no and remote SG selected.
429 public void testProgramPortSecurityACLRuleIpv6AddTcp2() throws Exception {
430 when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_TCP);
431 when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(50);
432 when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(50);
433 when(portSecurityIpv6Rule.getSecurityRuleRemoteIpPrefix()).thenReturn("::/64");
434 when(portSecurityIpv6Rule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
435 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
436 any(NodeBuilder.class));
437 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6,
440 Match match = flowBuilder.getMatch();
441 EthernetMatch ethMatch = match.getEthernetMatch();
442 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
443 Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
445 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
446 TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
447 Assert.assertEquals(50, layer4Match.getTcpDestinationPort().getValue().intValue());
448 int port = portSecurityIpv6Rule.getSecurityRulePortMin();
449 String expectedFlowId1 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + IPV6_DEST_IP_1 +
451 String expectedFlowId2 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + IPV6_DEST_IP_2 +
453 String actualFlowId = flowBuilder.getFlowName();
454 if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
455 Assert.assertTrue(true);
457 Assert.assertTrue(false);
462 * Test IPv4 TCP remove with port no and remote SG selected.
465 public void testProgramPortSecurityACLRuleRemoveTcp2() throws Exception {
466 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_TCP);
467 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
468 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
469 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
470 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
471 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
472 any(NodeBuilder.class));
474 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
477 Match match = flowBuilder.getMatch();
478 EthernetMatch ethMatch = match.getEthernetMatch();
479 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
480 Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
482 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
483 TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
484 Assert.assertEquals(50, layer4Match.getTcpDestinationPort().getValue().intValue());
485 int port = portSecurityRule.getSecurityRulePortMin();
486 String expectedFlowId1 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_1 +
488 String expectedFlowId2 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_2 +
490 String actualFlowId = flowBuilder.getFlowName();
491 if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
492 Assert.assertTrue(true);
494 Assert.assertTrue(false);
500 * Test IPv6 TCP remove with port no and remote SG selected.
503 public void testProgramPortSecurityACLRuleIpv6RemoveTcp2() throws Exception {
504 when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_TCP);
505 when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(50);
506 when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(50);
507 when(portSecurityIpv6Rule.getSecurityRuleRemoteIpPrefix()).thenReturn("::/64");
508 when(portSecurityIpv6Rule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
509 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
510 any(NodeBuilder.class));
512 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6,
515 Match match = flowBuilder.getMatch();
516 EthernetMatch ethMatch = match.getEthernetMatch();
517 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
518 Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
520 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
521 TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
522 Assert.assertEquals(50, layer4Match.getTcpDestinationPort().getValue().intValue());
523 int port = portSecurityIpv6Rule.getSecurityRulePortMin();
524 String expectedFlowId1 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + IPV6_DEST_IP_1 +
526 String expectedFlowId2 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + IPV6_DEST_IP_2 +
528 String actualFlowId = flowBuilder.getFlowName();
529 if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
530 Assert.assertTrue(true);
532 Assert.assertTrue(false);
537 * Test IPv4 TCP add with port (All TCP) and CIDR selected.
540 public void testProgramPortSecurityACLRuleAddTcpAll1() throws Exception {
541 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_TCP);
542 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
543 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
544 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
545 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
546 any(NodeBuilder.class));
548 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
551 Match match = flowBuilder.getMatch();
552 EthernetMatch ethMatch = match.getEthernetMatch();
553 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
554 Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
556 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
557 Assert.assertEquals("Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
558 PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
562 * Test IPv6 TCP add with port (All TCP) and CIDR selected.
565 public void testProgramPortSecurityACLRuleIpv6AddTcpAll1() throws Exception {
566 when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_TCP);
567 when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
568 when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
569 when(portSecurityIpv6Rule.getSecurityRuleRemoteIpPrefix()).thenReturn("::/64");
570 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
571 any(NodeBuilder.class));
573 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6,
576 Match match = flowBuilder.getMatch();
577 EthernetMatch ethMatch = match.getEthernetMatch();
578 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
579 Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
581 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
582 Assert.assertEquals("Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
583 PORT_RANGE_MAX + "_::/64_Permit", flowBuilder.getFlowName());
587 * Test IPv4 TCP remove with port (All TCP) and CIDR selected.
590 public void testProgramPortSecurityACLRuleRemoveTcpAll1() throws Exception {
591 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_TCP);
592 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
593 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
594 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
595 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
596 any(NodeBuilder.class));
598 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
601 Match match = flowBuilder.getMatch();
602 EthernetMatch ethMatch = match.getEthernetMatch();
603 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
604 Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
606 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
607 Assert.assertEquals("Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
608 PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
612 * Test IPv6 TCP remove with port (All TCP) and CIDR selected.
615 public void testProgramPortSecurityACLRuleIpv6RemoveTcpAll1() throws Exception {
616 when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_TCP);
617 when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
618 when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
619 when(portSecurityIpv6Rule.getSecurityRuleRemoteIpPrefix()).thenReturn("::/64");
620 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
621 any(NodeBuilder.class));
623 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6,
626 Match match = flowBuilder.getMatch();
627 EthernetMatch ethMatch = match.getEthernetMatch();
628 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
629 Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
631 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
632 Assert.assertEquals("Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
633 PORT_RANGE_MAX + "_::/64_Permit", flowBuilder.getFlowName());
637 * Test IPv4 TCP add with port (All TCP) and remote SG selected.
640 public void testProgramPortSecurityACLRuleAddTcpAll2() throws Exception {
641 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_TCP);
642 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
643 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
644 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
645 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
646 any(NodeBuilder.class));
647 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
650 Match match = flowBuilder.getMatch();
651 EthernetMatch ethMatch = match.getEthernetMatch();
652 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
653 Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
655 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
656 String expectedFlowId1 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
657 PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
658 String expectedFlowId2 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
659 PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
660 String actualFlowId = flowBuilder.getFlowName();
661 if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
662 Assert.assertTrue(true);
664 Assert.assertTrue(false);
669 * Test IPv6 TCP add with port (All TCP) and remote SG selected.
672 public void testProgramPortSecurityACLRuleIpv6AddTcpAll2() throws Exception {
673 when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_TCP);
674 when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
675 when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
676 when(portSecurityIpv6Rule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
677 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
678 any(NodeBuilder.class));
679 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6,
682 Match match = flowBuilder.getMatch();
683 EthernetMatch ethMatch = match.getEthernetMatch();
684 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
685 Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
687 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
688 String expectedFlowId1 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
689 PORT_RANGE_MAX + "_" + IPV6_DEST_IP_1 + "_Permit";
690 String expectedFlowId2 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
691 PORT_RANGE_MAX + "_" + IPV6_DEST_IP_2 + "_Permit";
692 String actualFlowId = flowBuilder.getFlowName();
693 if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
694 Assert.assertTrue(true);
696 Assert.assertTrue(false);
701 * Test IPv4 TCP remove with port (All TCP) and remote SG selected.
704 public void testProgramPortSecurityACLRuleRemoveTcpAll2() throws Exception {
705 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_TCP);
706 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
707 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
708 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
709 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
710 any(NodeBuilder.class));
712 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
715 Match match = flowBuilder.getMatch();
716 EthernetMatch ethMatch = match.getEthernetMatch();
717 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
718 Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
720 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
721 TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
722 String expectedFlowId1 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + PORT_RANGE_MIN + "_" +
723 PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
724 String expectedFlowId2 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + PORT_RANGE_MIN + "_" +
725 PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
726 String actualFlowId = flowBuilder.getFlowName();
727 if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
728 Assert.assertTrue(true);
730 Assert.assertTrue(false);
735 * Test IPv6 TCP remove with port (All TCP) and remote SG selected.
738 public void testProgramPortSecurityACLRuleIpv6RemoveTcpAll2() throws Exception {
739 when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_TCP);
740 when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
741 when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
742 when(portSecurityIpv6Rule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
743 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
744 any(NodeBuilder.class));
746 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6,
749 Match match = flowBuilder.getMatch();
750 EthernetMatch ethMatch = match.getEthernetMatch();
751 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
752 Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
754 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
755 TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
756 String expectedFlowId1 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + PORT_RANGE_MIN + "_" +
757 PORT_RANGE_MAX + "_" + IPV6_DEST_IP_1 + "_Permit";
758 String expectedFlowId2 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + PORT_RANGE_MIN + "_" +
759 PORT_RANGE_MAX + "_" + IPV6_DEST_IP_2 + "_Permit";
760 String actualFlowId = flowBuilder.getFlowName();
761 if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
762 Assert.assertTrue(true);
764 Assert.assertTrue(false);
769 * Test IPv4 UDP add with port no and CIDR selected.
772 public void testProgramPortSecurityACLRuleAddUdp1() throws Exception {
773 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_UDP);
774 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
775 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
776 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
777 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
778 any(NodeBuilder.class));
780 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
783 Match match = flowBuilder.getMatch();
784 EthernetMatch ethMatch = match.getEthernetMatch();
785 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
786 Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
788 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
789 UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
790 Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
791 int port = portSecurityRule.getSecurityRulePortMin();
792 Assert.assertEquals("Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
793 "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
797 * Test IPv6 UDP add with port no and CIDR selected.
800 public void testProgramPortSecurityACLRuleIpv6AddUdp1() throws Exception {
801 when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_UDP);
802 when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(50);
803 when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(50);
804 when(portSecurityIpv6Rule.getSecurityRuleRemoteIpPrefix()).thenReturn("::/64");
805 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
806 any(NodeBuilder.class));
808 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6,
811 Match match = flowBuilder.getMatch();
812 EthernetMatch ethMatch = match.getEthernetMatch();
813 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
814 Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
816 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
817 UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
818 Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
819 int port = portSecurityIpv6Rule.getSecurityRulePortMin();
820 Assert.assertEquals("Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
821 "_" + port + "_::/64_Permit", flowBuilder.getFlowName());
825 * Test IPv4 UDP remove with port no and CIDR selected.
828 public void testProgramPortSecurityACLRuleRemoveUdp1() throws Exception {
829 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_UDP);
830 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
831 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
832 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
833 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
834 any(NodeBuilder.class));
836 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
839 Match match = flowBuilder.getMatch();
840 EthernetMatch ethMatch = match.getEthernetMatch();
841 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
842 Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
844 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
845 UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
846 Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
847 int port = portSecurityRule.getSecurityRulePortMin();
848 Assert.assertEquals("Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
849 "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
853 * Test IPv6 UDP remove with port no and CIDR selected.
856 public void testProgramPortSecurityACLRuleIpv6RemoveUdp1() throws Exception {
857 when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_UDP);
858 when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(50);
859 when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(50);
860 when(portSecurityIpv6Rule.getSecurityRuleRemoteIpPrefix()).thenReturn("::/64");
861 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
862 any(NodeBuilder.class));
864 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6,
867 Match match = flowBuilder.getMatch();
868 EthernetMatch ethMatch = match.getEthernetMatch();
869 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
870 Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
872 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
873 UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
874 Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
875 int port = portSecurityIpv6Rule.getSecurityRulePortMin();
876 Assert.assertEquals("Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
877 "_" + port + "_::/64_Permit", flowBuilder.getFlowName());
881 * Test IPv4 UDP add with port no and remote SG selected.
884 public void testProgramPortSecurityACLRuleAddUdp2() throws Exception {
885 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_UDP);
886 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
887 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
888 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
889 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
890 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
891 any(NodeBuilder.class));
892 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
895 Match match = flowBuilder.getMatch();
896 EthernetMatch ethMatch = match.getEthernetMatch();
897 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
898 Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
900 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
901 UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
902 Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
903 int port = portSecurityRule.getSecurityRulePortMin();
904 String expectedFlowId1 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_1 +
906 String expectedFlowId2 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_2 +
908 String actualFlowId = flowBuilder.getFlowName();
909 if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
910 Assert.assertTrue(true);
912 Assert.assertTrue(false);
917 * Test IPv6 UDP add with port no and remote SG selected.
920 public void testProgramPortSecurityACLRuleIpv6AddUdp2() throws Exception {
921 when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_UDP);
922 when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(50);
923 when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(50);
924 when(portSecurityIpv6Rule.getSecurityRuleRemoteIpPrefix()).thenReturn("::/64");
925 when(portSecurityIpv6Rule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
926 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
927 any(NodeBuilder.class));
928 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6,
931 Match match = flowBuilder.getMatch();
932 EthernetMatch ethMatch = match.getEthernetMatch();
933 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
934 Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
936 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
937 UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
938 Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
939 int port = portSecurityIpv6Rule.getSecurityRulePortMin();
940 String expectedFlowId1 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + IPV6_DEST_IP_1 +
942 String expectedFlowId2 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + IPV6_DEST_IP_2 +
944 String actualFlowId = flowBuilder.getFlowName();
945 if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
946 Assert.assertTrue(true);
948 Assert.assertTrue(false);
953 * Test IPv4 UDP remove with port no and remote SG selected.
956 public void testProgramPortSecurityACLRuleRemoveUdp2() throws Exception {
957 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_UDP);
958 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
959 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
960 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
961 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
962 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
963 any(NodeBuilder.class));
964 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
967 Match match = flowBuilder.getMatch();
968 EthernetMatch ethMatch = match.getEthernetMatch();
969 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
970 Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
972 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
973 UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
974 Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
975 int port = portSecurityRule.getSecurityRulePortMin();
976 String expectedFlowId1 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_1 +
978 String expectedFlowId2 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_2 +
980 String actualFlowId = flowBuilder.getFlowName();
981 if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
982 Assert.assertTrue(true);
984 Assert.assertTrue(false);
989 * Test IPv6 UDP remove with port no and remote SG selected.
992 public void testProgramPortSecurityACLRuleIpv6RemoveUdp2() throws Exception {
993 when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_UDP);
994 when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(50);
995 when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(50);
996 when(portSecurityIpv6Rule.getSecurityRuleRemoteIpPrefix()).thenReturn("::/64");
997 when(portSecurityIpv6Rule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
998 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
999 any(NodeBuilder.class));
1000 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6,
1003 Match match = flowBuilder.getMatch();
1004 EthernetMatch ethMatch = match.getEthernetMatch();
1005 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
1006 Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
1008 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
1009 UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
1010 Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
1011 int port = portSecurityIpv6Rule.getSecurityRulePortMin();
1012 String expectedFlowId1 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + IPV6_DEST_IP_1 +
1014 String expectedFlowId2 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + IPV6_DEST_IP_2 +
1016 String actualFlowId = flowBuilder.getFlowName();
1017 if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
1018 Assert.assertTrue(true);
1020 Assert.assertTrue(false);
1025 * Test IPv4 UDP add with ports (All UDP) and CIDR selected.
1028 public void testProgramPortSecurityACLRuleAddUdpAll1() throws Exception {
1029 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_UDP);
1030 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
1031 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
1032 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
1033 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
1034 any(NodeBuilder.class));
1036 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
1039 Match match = flowBuilder.getMatch();
1040 EthernetMatch ethMatch = match.getEthernetMatch();
1041 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
1042 Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
1044 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
1045 Assert.assertEquals("Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
1046 PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
1050 * Test IPv6 UDP add with ports (All UDP) and CIDR selected.
1053 public void testProgramPortSecurityACLRuleIPv6AddUdpAll1() throws Exception {
1054 when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_UDP);
1055 when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
1056 when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
1057 when(portSecurityIpv6Rule.getSecurityRuleRemoteIpPrefix()).thenReturn("::/64");
1058 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
1059 any(NodeBuilder.class));
1061 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6,
1064 Match match = flowBuilder.getMatch();
1065 EthernetMatch ethMatch = match.getEthernetMatch();
1066 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
1067 Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
1069 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
1070 Assert.assertEquals("Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
1071 PORT_RANGE_MAX + "_::/64_Permit", flowBuilder.getFlowName());
1075 * Test IPv4 UDP remove with ports (All UDP) and CIDR selected.
1078 public void testProgramPortSecurityACLRuleRemoveUdpAll1() throws Exception {
1079 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_UDP);
1080 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
1081 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
1082 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
1083 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
1084 any(NodeBuilder.class));
1086 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
1089 Match match = flowBuilder.getMatch();
1090 EthernetMatch ethMatch = match.getEthernetMatch();
1091 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
1092 Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
1094 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
1095 Assert.assertEquals("Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
1096 PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
1100 * Test IPv6 UDP remove with ports (All UDP) and CIDR selected.
1103 public void testProgramPortSecurityACLRuleIpv6RemoveUdpAll1() throws Exception {
1104 when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_UDP);
1105 when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
1106 when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
1107 when(portSecurityIpv6Rule.getSecurityRuleRemoteIpPrefix()).thenReturn("::/64");
1108 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
1109 any(NodeBuilder.class));
1111 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6,
1114 Match match = flowBuilder.getMatch();
1115 EthernetMatch ethMatch = match.getEthernetMatch();
1116 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
1117 Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
1119 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
1120 Assert.assertEquals("Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
1121 PORT_RANGE_MAX + "_::/64_Permit", flowBuilder.getFlowName());
1125 * Test IPv4 UDP add with ports (All UDP) and remote SG selected.
1128 public void testProgramPortSecurityACLRuleAddUdpAll2() throws Exception {
1129 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_UDP);
1130 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
1131 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
1132 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
1133 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
1134 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
1135 any(NodeBuilder.class));
1136 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
1139 Match match = flowBuilder.getMatch();
1140 EthernetMatch ethMatch = match.getEthernetMatch();
1141 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
1142 Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
1144 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
1145 String expectedFlowId1 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + PORT_RANGE_MIN + "_" +
1146 PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
1147 String expectedFlowId2 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + PORT_RANGE_MIN + "_" +
1148 PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
1149 String actualFlowId = flowBuilder.getFlowName();
1150 if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
1151 Assert.assertTrue(true);
1153 Assert.assertTrue(false);
1158 * Test IPv6 UDP add with ports (All UDP) and remote SG selected.
1161 public void testProgramPortSecurityACLRuleIpv6AddUdpAll2() throws Exception {
1162 when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_UDP);
1163 when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
1164 when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
1165 when(portSecurityIpv6Rule.getSecurityRuleRemoteIpPrefix()).thenReturn("::/64");
1166 when(portSecurityIpv6Rule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
1167 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
1168 any(NodeBuilder.class));
1169 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6,
1172 Match match = flowBuilder.getMatch();
1173 EthernetMatch ethMatch = match.getEthernetMatch();
1174 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
1175 Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
1177 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
1178 String expectedFlowId1 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + PORT_RANGE_MIN + "_" +
1179 PORT_RANGE_MAX + "_" + IPV6_DEST_IP_1 + "_Permit";
1180 String expectedFlowId2 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + PORT_RANGE_MIN + "_" +
1181 PORT_RANGE_MAX + "_" + IPV6_DEST_IP_2 + "_Permit";
1182 String actualFlowId = flowBuilder.getFlowName();
1183 if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
1184 Assert.assertTrue(true);
1186 Assert.assertTrue(false);
1191 * Test IPv4 UDP remove with ports (All UDP) and remote SG selected.
1194 public void testProgramPortSecurityACLRuleRemoveUdpAll2() throws Exception {
1195 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_UDP);
1196 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
1197 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
1198 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
1199 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
1200 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
1201 any(NodeBuilder.class));
1202 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
1205 Match match = flowBuilder.getMatch();
1206 EthernetMatch ethMatch = match.getEthernetMatch();
1207 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
1208 Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
1210 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
1211 String expectedFlowId1 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + PORT_RANGE_MIN + "_" +
1212 PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
1213 String expectedFlowId2 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + PORT_RANGE_MIN + "_" +
1214 PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
1215 String actualFlowId = flowBuilder.getFlowName();
1216 if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
1217 Assert.assertTrue(true);
1219 Assert.assertTrue(false);
1224 * Test IPv6 UDP remove with ports (All UDP) and remote SG selected.
1227 public void testProgramPortSecurityACLRuleIpv6RemoveUdpAll2() throws Exception {
1228 when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_UDP);
1229 when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
1230 when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
1231 when(portSecurityIpv6Rule.getSecurityRuleRemoteIpPrefix()).thenReturn("::/64");
1232 when(portSecurityIpv6Rule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
1233 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
1234 any(NodeBuilder.class));
1235 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6,
1238 Match match = flowBuilder.getMatch();
1239 EthernetMatch ethMatch = match.getEthernetMatch();
1240 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
1241 Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
1243 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
1244 String expectedFlowId1 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + PORT_RANGE_MIN + "_" +
1245 PORT_RANGE_MAX + "_" + IPV6_DEST_IP_1 + "_Permit";
1246 String expectedFlowId2 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + PORT_RANGE_MIN + "_" +
1247 PORT_RANGE_MAX + "_" + IPV6_DEST_IP_2 + "_Permit";
1248 String actualFlowId = flowBuilder.getFlowName();
1249 if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
1250 Assert.assertTrue(true);
1252 Assert.assertTrue(false);
1257 * Test ICMP add with code, type and CIDR selected.
1260 public void testProgramPortSecurityACLRuleAddIcmp1() throws Exception {
1261 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_ICMP);
1262 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(10);
1263 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(10);
1264 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
1266 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
1267 any(NodeBuilder.class));
1268 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID,
1269 MAC_ADDRESS, LOCAL_PORT, securityGroup, PORT_UUID, true);
1270 Match match = flowBuilder.getMatch();
1271 Icmpv4Match icmpv4Match = match.getIcmpv4Match();
1272 Assert.assertEquals(10, icmpv4Match.getIcmpv4Type().shortValue());
1273 Assert.assertEquals(10, icmpv4Match.getIcmpv4Code().shortValue());
1274 EthernetMatch ethMatch = match.getEthernetMatch();
1275 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
1276 Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
1277 Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
1278 Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
1279 Assert.assertEquals("Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code
1280 + "_0.0.0.0/24_Permit",
1281 flowBuilder.getFlowName());
1285 * Test ICMPv6 add with code, type and CIDR selected.
1288 public void testProgramPortSecurityACLRuleIpv6AddIcmp1() throws Exception {
1289 when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_ICMPV6);
1290 when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(10);
1291 when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(10);
1292 when(portSecurityIpv6Rule.getSecurityRuleRemoteIpPrefix()).thenReturn("::/64");
1294 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
1295 any(NodeBuilder.class));
1296 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID,
1297 MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6, PORT_UUID, true);
1299 Match match = flowBuilder.getMatch();
1300 Icmpv6Match icmpv6Match = match.getIcmpv6Match();
1301 Assert.assertEquals(10, icmpv6Match.getIcmpv6Type().shortValue());
1302 Assert.assertEquals(10, icmpv6Match.getIcmpv6Code().shortValue());
1303 EthernetMatch ethMatch = match.getEthernetMatch();
1304 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
1305 Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
1306 Short type = portSecurityIpv6Rule.getSecurityRulePortMin().shortValue();
1307 Short code = portSecurityIpv6Rule.getSecurityRulePortMax().shortValue();
1308 Assert.assertEquals("Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code
1310 flowBuilder.getFlowName());
1314 * Test ICMP remove with code, type and CIDR selected.
1317 public void testProgramPortSecurityACLRuleRemoveIcmp1() throws Exception {
1318 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_ICMP);
1319 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(20);
1320 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(20);
1321 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
1322 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
1323 any(NodeBuilder.class));
1325 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID,
1326 MAC_ADDRESS, LOCAL_PORT, securityGroup, PORT_UUID, false);
1327 Match match = flowBuilder.getMatch();
1328 Icmpv4Match icmpv4Match = match.getIcmpv4Match();
1329 Assert.assertEquals(20, icmpv4Match.getIcmpv4Type().shortValue());
1330 Assert.assertEquals(20, icmpv4Match.getIcmpv4Code().shortValue());
1331 EthernetMatch ethMatch = match.getEthernetMatch();
1332 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
1333 Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
1334 Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
1335 Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
1336 Assert.assertEquals("Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code
1337 + "_0.0.0.0/24_Permit",
1338 flowBuilder.getFlowName());
1342 * Test ICMPv6 remove with code, type and CIDR selected.
1345 public void testProgramPortSecurityACLRuleIpv6RemoveIcmp1() throws Exception {
1346 when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_ICMPV6);
1347 when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(20);
1348 when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(20);
1349 when(portSecurityIpv6Rule.getSecurityRuleRemoteIpPrefix()).thenReturn("::/64");
1350 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
1351 any(NodeBuilder.class));
1353 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID,
1354 MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6, PORT_UUID, false);
1355 Match match = flowBuilder.getMatch();
1356 Icmpv6Match icmpv6Match = match.getIcmpv6Match();
1357 Assert.assertEquals(20, icmpv6Match.getIcmpv6Type().shortValue());
1358 Assert.assertEquals(20, icmpv6Match.getIcmpv6Code().shortValue());
1359 EthernetMatch ethMatch = match.getEthernetMatch();
1360 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
1361 Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
1362 Short type = portSecurityIpv6Rule.getSecurityRulePortMin().shortValue();
1363 Short code = portSecurityIpv6Rule.getSecurityRulePortMax().shortValue();
1364 Assert.assertEquals("Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code
1366 flowBuilder.getFlowName());
1370 * Test ICMP add with code, type and remote SG selected.
1373 public void testProgramPortSecurityACLRuleAddIcmp2() throws Exception {
1374 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_ICMP);
1375 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(30);
1376 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(30);
1377 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
1378 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
1379 any(NodeBuilder.class));
1381 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID,
1382 MAC_ADDRESS, LOCAL_PORT, securityGroup, PORT_UUID, true);
1383 Match match = flowBuilder.getMatch();
1384 Icmpv4Match icmpv4Match =match.getIcmpv4Match();
1385 Assert.assertEquals(30, icmpv4Match.getIcmpv4Type().shortValue());
1386 Assert.assertEquals(30, icmpv4Match.getIcmpv4Code().shortValue());
1387 EthernetMatch ethMatch = match.getEthernetMatch();
1388 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
1389 Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
1390 Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
1391 Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
1392 String expectedFlowId1 = "Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + type + "_" + code + "_"
1393 + DEST_IP_1 + "_Permit";
1394 String expectedFlowId2 = "Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + type + "_" + code + "_"
1395 + DEST_IP_2 + "_Permit";
1396 String actualFlowId = flowBuilder.getFlowName();
1397 if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
1398 Assert.assertTrue(true);
1400 Assert.assertTrue(false);
1405 * Test ICMPv6 add with code, type and remote SG selected.
1408 public void testProgramPortSecurityACLRuleIpv6AddIcmp2() throws Exception {
1409 when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_ICMPV6);
1410 when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(30);
1411 when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(30);
1412 when(portSecurityIpv6Rule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
1413 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
1414 any(NodeBuilder.class));
1416 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID,
1417 MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6, PORT_UUID, true);
1418 Match match = flowBuilder.getMatch();
1419 Icmpv6Match icmpv6Match =match.getIcmpv6Match();
1420 Assert.assertEquals(30, icmpv6Match.getIcmpv6Type().shortValue());
1421 Assert.assertEquals(30, icmpv6Match.getIcmpv6Code().shortValue());
1422 EthernetMatch ethMatch = match.getEthernetMatch();
1423 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
1424 Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
1426 Short type = portSecurityIpv6Rule.getSecurityRulePortMin().shortValue();
1427 Short code = portSecurityIpv6Rule.getSecurityRulePortMax().shortValue();
1428 String expectedFlowId1 = "Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + type + "_" + code + "_"
1429 + IPV6_DEST_IP_1 + "_Permit";
1430 String expectedFlowId2 = "Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + type + "_" + code + "_"
1431 + IPV6_DEST_IP_2 + "_Permit";
1432 String actualFlowId = flowBuilder.getFlowName();
1433 if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
1434 Assert.assertTrue(true);
1436 Assert.assertTrue(false);
1441 * Test ICMP remove with code, type and remote SG selected.
1444 public void testProgramPortSecurityACLRuleRemoveIcmp2() throws Exception {
1445 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_ICMP);
1446 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(40);
1447 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(40);
1448 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
1449 PowerMockito.doAnswer(answer())
1450 .when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class), any(NodeBuilder.class));
1452 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID,
1453 MAC_ADDRESS, LOCAL_PORT, securityGroup, PORT_UUID, false);
1454 Match match = flowBuilder.getMatch();
1455 Icmpv4Match icmpv4Match = match.getIcmpv4Match();
1456 Assert.assertEquals(40, icmpv4Match.getIcmpv4Type().shortValue());
1457 Assert.assertEquals(40, icmpv4Match.getIcmpv4Code().shortValue());
1458 EthernetMatch ethMatch = match.getEthernetMatch();
1459 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
1460 Assert.assertEquals((long) IPV4_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
1461 Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
1462 Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
1463 String expectedFlowId1 = "Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + type + "_" + code + "_"
1464 + DEST_IP_1 + "_Permit";
1465 String expectedFlowId2 = "Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + type + "_" + code + "_"
1466 + DEST_IP_2 + "_Permit";
1467 String actualFlowId = flowBuilder.getFlowName();
1468 if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
1469 Assert.assertTrue(true);
1471 Assert.assertTrue(false);
1476 * Test ICMPv6 remove with code, type and remote SG selected.
1479 public void testProgramPortSecurityACLRuleIpv6RemoveIcmp2() throws Exception {
1480 when(portSecurityIpv6Rule.getSecurityRuleProtocol()).thenReturn(NeutronSecurityRule.PROTOCOL_ICMPV6);
1481 when(portSecurityIpv6Rule.getSecurityRulePortMax()).thenReturn(40);
1482 when(portSecurityIpv6Rule.getSecurityRulePortMin()).thenReturn(40);
1483 when(portSecurityIpv6Rule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
1484 PowerMockito.doAnswer(answer())
1485 .when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class), any(NodeBuilder.class));
1487 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID,
1488 MAC_ADDRESS, LOCAL_PORT, securityGroupIpv6, PORT_UUID, false);
1489 Match match = flowBuilder.getMatch();
1490 Icmpv6Match icmpv6Match = match.getIcmpv6Match();
1491 Assert.assertEquals(40, icmpv6Match.getIcmpv6Type().shortValue());
1492 Assert.assertEquals(40, icmpv6Match.getIcmpv6Code().shortValue());
1493 EthernetMatch ethMatch = match.getEthernetMatch();
1494 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
1495 Assert.assertEquals((long) IPV6_ETHER_TYPE, (long) ethMatch.getEthernetType().getType().getValue());
1496 Short type = portSecurityIpv6Rule.getSecurityRulePortMin().shortValue();
1497 Short code = portSecurityIpv6Rule.getSecurityRulePortMax().shortValue();
1498 String expectedFlowId1 = "Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + type + "_" + code + "_"
1499 + IPV6_DEST_IP_1 + "_Permit";
1500 String expectedFlowId2 = "Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + type + "_" + code + "_"
1501 + IPV6_DEST_IP_2 + "_Permit";
1502 String actualFlowId = flowBuilder.getFlowName();
1503 if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
1504 Assert.assertTrue(true);
1506 Assert.assertTrue(false);
1511 * Test IPv4 invalid ether type test case.
1514 public void testProgramPortSecurityACLRuleInvalidEther() throws Exception {
1515 when(portSecurityRule.getSecurityRuleEthertype()).thenReturn("IP");
1517 ingressAclServiceSpy.programPortSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,PORT_UUID,false);
1519 verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1520 verify(writeTransaction, times(0)).submit();
1521 verify(commitFuture, times(0)).get();
1525 * Test IPv4 invalid direction type test case.
1528 public void testProgramPortSecurityACLRuleInvalidDirection() throws Exception {
1529 when(portSecurityRule.getSecurityRuleDirection()).thenReturn("edgress");
1531 ingressAclServiceSpy.programPortSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,PORT_UUID,false);
1533 verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1534 verify(writeTransaction, times(0)).submit();
1535 verify(commitFuture, times(0)).get();
1539 * Test With isConntrackEnabled false isComputeNode false
1542 public void testProgramFixedSecurityACLAdd1() throws Exception {
1543 when(securityServices.isConntrackEnabled()).thenReturn(false);
1545 ingressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", DHCP_MAC_ADDRESS, 1, false, false, MAC_ADDRESS, true);
1547 verify(writeTransaction, times(0)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
1548 verify(writeTransaction, times(0)).submit();
1549 verify(commitFuture, times(0)).get();
1552 * Test With isConntrackEnabled false isComputeNode false
1555 public void testProgramFixedSecurityACLRemove1() throws Exception {
1556 when(securityServices.isConntrackEnabled()).thenReturn(false);
1558 ingressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", DHCP_MAC_ADDRESS, 1, false, false, MAC_ADDRESS, false);
1560 verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1561 verify(writeTransaction, times(0)).submit();
1562 verify(commitFuture, times(0)).get();
1565 * Test With isConntrackEnabled false isComputeNode false
1568 public void testProgramFixedSecurityACLAdd2() throws Exception {
1569 when(securityServices.isConntrackEnabled()).thenReturn(false);
1571 ingressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", DHCP_MAC_ADDRESS, 1, false, true, MAC_ADDRESS, true);
1573 verify(writeTransaction, times(1)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
1574 verify(writeTransaction, times(1)).submit();
1575 verify(commitFuture, times(1)).checkedGet();
1578 * Test With isConntrackEnabled false isComputeNode false
1581 public void testProgramFixedSecurityACLRemove2() throws Exception {
1582 when(securityServices.isConntrackEnabled()).thenReturn(false);
1584 ingressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", DHCP_MAC_ADDRESS, 1, false, true, MAC_ADDRESS, false);
1586 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1587 verify(writeTransaction, times(1)).submit();
1588 verify(commitFuture, times(1)).get();
1591 * Test With isConntrackEnabled true isComputeNode false
1594 public void testProgramFixedSecurityACLAdd3() throws Exception {
1595 when(securityServices.isConntrackEnabled()).thenReturn(true);
1597 ingressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", DHCP_MAC_ADDRESS, 1, false, false, MAC_ADDRESS, true);
1599 verify(writeTransaction, times(0)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
1600 verify(writeTransaction, times(0)).submit();
1601 verify(commitFuture, times(0)).get();
1604 * Test With isConntrackEnabled true isComputeNode false
1607 public void testProgramFixedSecurityACLRemove3() throws Exception {
1608 when(securityServices.isConntrackEnabled()).thenReturn(true);
1610 ingressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", DHCP_MAC_ADDRESS, 1, false, false, MAC_ADDRESS, false);
1612 verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1613 verify(writeTransaction, times(0)).submit();
1614 verify(commitFuture, times(0)).get();
1617 * Test With isConntrackEnabled true isComputeNode true
1620 public void testProgramFixedSecurityACLAdd4() throws Exception {
1621 when(securityServices.isConntrackEnabled()).thenReturn(true);
1623 ingressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", DHCP_MAC_ADDRESS, 1, false, true, MAC_ADDRESS, true);
1625 verify(writeTransaction, times(6)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
1626 verify(writeTransaction, times(6)).submit();
1627 verify(commitFuture, times(6)).checkedGet();
1630 * Test With isConntrackEnabled true isComputeNode true
1633 public void testProgramFixedSecurityACLRemove4() throws Exception {
1634 when(securityServices.isConntrackEnabled()).thenReturn(true);
1636 ingressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", DHCP_MAC_ADDRESS, 1, false, true, MAC_ADDRESS, false);
1638 verify(writeTransaction, times(6)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1639 verify(writeTransaction, times(6)).submit();
1640 verify(commitFuture, times(6)).get();
Code Review / netvirt.git / blob