Code Review / netvirt.git / blob
? search:


28ecd03002ab16c00fc410767a14f7516bba5b66
[netvirt.git] / openstack / net-virt-providers / src / test / java / org / opendaylight / ovsdb / openstack / netvirt / providers / openflow13 / services / EgressAclServiceTest.java
1 /*
2  * Copyright (c) 2015 Inocybe and others.  All rights reserved.
3  *
4  * This program and the accompanying materials are made available under the
5  * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6  * and is available at http://www.eclipse.org/legal/epl-v10.html
7  */
8
9 package org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.services;
10
11 import static org.mockito.Matchers.any;
12 import static org.mockito.Matchers.anyBoolean;
13 import static org.mockito.Matchers.anyInt;
14 import static org.mockito.Matchers.anyLong;
15 import static org.mockito.Matchers.anyString;
16 import static org.mockito.Mockito.mock;
17 import static org.mockito.Mockito.times;
18 import static org.mockito.Mockito.verify;
19 import static org.mockito.Mockito.when;
20
21 import java.util.ArrayList;
22 import java.util.List;
23
24 import org.junit.Before;
25 import org.junit.Ignore;
26 import org.junit.Test;
27 import org.junit.runner.RunWith;
28 import org.mockito.InjectMocks;
29 import org.mockito.Mock;
30 import org.mockito.Mockito;
31 import org.mockito.Spy;
32 import org.mockito.runners.MockitoJUnitRunner;
33 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
34 import org.opendaylight.controller.md.sal.binding.api.ReadWriteTransaction;
35 import org.opendaylight.controller.md.sal.binding.api.WriteTransaction;
36 import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
37 import org.opendaylight.controller.md.sal.common.api.data.TransactionCommitFailedException;
38 import org.opendaylight.neutron.spi.NeutronSecurityGroup;
39 import org.opendaylight.neutron.spi.NeutronSecurityRule;
40 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.MdsalConsumer;
41 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.PipelineOrchestrator;
42 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.Service;
43 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.nodes.Node;
44 import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
45
46 import com.google.common.util.concurrent.CheckedFuture;
47 /**
48  * Unit test for {@link EgressAclService}
49  */
50 @Ignore // TODO SB_MIGRATION
51 @RunWith(MockitoJUnitRunner.class)
52 public class EgressAclServiceTest {
53
54     @InjectMocks private EgressAclService egressAclService = new EgressAclService();
55     @Spy private EgressAclService egressAclServiceSpy;
56
57     @Mock private MdsalConsumer mdsalConsumer;
58     @Mock private PipelineOrchestrator orchestrator;
59
60     @Mock private ReadWriteTransaction readWriteTransaction;
61     @Mock private WriteTransaction writeTransaction;
62     @Mock private CheckedFuture<Void, TransactionCommitFailedException> commitFuture;
63
64     @Mock private NeutronSecurityGroup securityGroup;
65     @Mock private NeutronSecurityRule portSecurityRule;
66
67     private static final String HOST_ADDRESS = "127.0.0.1/32";
68     private static final String MAC_ADDRESS = "87:1D:5E:02:40:B7";
69
70     @Before
71     public void setUp() {
72         egressAclServiceSpy = Mockito.spy(egressAclService);
73
74         when(readWriteTransaction.submit()).thenReturn(commitFuture);
75         when(writeTransaction.submit()).thenReturn(commitFuture);
76
77         DataBroker dataBroker = mock(DataBroker.class);
78         when(dataBroker.newReadWriteTransaction()).thenReturn(readWriteTransaction);
79         when(dataBroker.newWriteOnlyTransaction()).thenReturn(writeTransaction);
80
81         when(mdsalConsumer.getDataBroker()).thenReturn(dataBroker);
82
83         when(orchestrator.getNextServiceInPipeline(any(Service.class))).thenReturn(Service.ARP_RESPONDER);
84
85         portSecurityRule = mock(NeutronSecurityRule.class);
86         when(portSecurityRule.getSecurityRuleEthertype()).thenReturn("IPv4");
87         when(portSecurityRule.getSecurityRuleDirection()).thenReturn("egress");
88
89         List<NeutronSecurityRule> portSecurityList = new ArrayList();
90         portSecurityList.add(portSecurityRule);
91
92         when(securityGroup.getSecurityRules()).thenReturn(portSecurityList);
93     }
94
95     /**
96      * Rule 1: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (True), IP Prefix (True)
97      */
98     @Test
99     public void testProgramPortSecurityACLRule1() throws Exception {
100         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
101         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(1);
102         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
103         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
104
105         egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
106         verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
107         verify(egressAclServiceSpy, times(1)).egressACLTcpPortWithPrefix(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyString(), anyInt());
108         verify(readWriteTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
109         verify(readWriteTransaction, times(2)).submit();
110         verify(commitFuture, times(2)).get();
111     }
112
113     /**
114      * Rule 2: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (False), IP Prefix (True)
115      */
116     @Test
117     public void testProgramPortSecurityACLRule2() throws Exception {
118         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
119         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
120         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
121         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
122
123         egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
124         verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
125         verify(egressAclServiceSpy, times(1)).egressACLTcpPortWithPrefix(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyString(), anyInt());
126         verify(readWriteTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
127         verify(readWriteTransaction, times(2)).submit();
128         verify(commitFuture, times(2)).get();
129     }
130
131     /**
132      * Rule 3: TCP Proto (True), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (True)
133      */
134     @Test
135     public void testProgramPortSecurityACLRule3() throws Exception {
136         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
137         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
138         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
139         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
140
141         egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
142         verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
143         verify(egressAclServiceSpy, times(1)).egressACLPermitAllProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
144         verify(readWriteTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
145         verify(readWriteTransaction, times(2)).submit();
146         verify(commitFuture, times(2)).get();
147     }
148
149     /**
150      * Rule 4: TCP Proto (False), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (True)
151      */
152     @Test
153     public void testProgramPortSecurityACLRule4() throws Exception {
154         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
155         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
156         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
157         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
158
159         egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
160         verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
161         verify(egressAclServiceSpy, times(1)).egressACLPermitAllProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
162         verify(readWriteTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
163         verify(readWriteTransaction, times(2)).submit();
164         verify(commitFuture, times(2)).get();
165     }
166
167     /**
168      * Rule 5: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (True), IP Prefix (False)
169      */
170     @Test
171     public void testProgramPortSecurityACLRule5() throws Exception {
172         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
173         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(1);
174         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
175         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
176
177         egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
178         verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
179         verify(egressAclServiceSpy, times(1)).egressACLTcpSyn(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyInt());
180         verify(readWriteTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
181         verify(readWriteTransaction, times(2)).submit();
182         verify(commitFuture, times(2)).get();
183     }
184
185     /**
186      * Rule 6: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (False), IP Prefix (False)
187      */
188     @Test
189     public void testProgramPortSecurityACLRule6() throws Exception {
190         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
191         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
192         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
193         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
194
195         egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
196         verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
197         verify(egressAclServiceSpy, times(1)).egressACLTcpSyn(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyInt());
198         verify(readWriteTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
199         verify(readWriteTransaction, times(2)).submit();
200         verify(commitFuture, times(2)).get();
201     }
202
203     /**
204      * Rule 7: TCP Proto (True), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (False or 0.0.0.0/0)
205      */
206     @Test
207     public void testProgramPortSecurityACLRule7() throws Exception {
208         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
209         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
210         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
211         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
212
213         egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
214         verify(egressAclServiceSpy, times(1)).egressAllowProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
215         verify(readWriteTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
216         verify(readWriteTransaction, times(1)).submit();
217         verify(commitFuture, times(1)).get();
218     }
219
220     /**
221      * Test method {@link EgressAclService#egressACLDefaultTcpDrop(Long, String, String, int, boolean)}
222      */
223     @Test
224     public void testEgressACLDefaultTcpDrop() throws Exception {
225         egressAclService.egressACLDefaultTcpDrop(Long.valueOf(123), "2", MAC_ADDRESS, 1, true);
226         verify(readWriteTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
227         verify(readWriteTransaction, times(1)).submit();
228         verify(commitFuture, times(1)).get();
229
230         egressAclService.egressACLDefaultTcpDrop(Long.valueOf(123), "2", MAC_ADDRESS, 1, false);
231         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
232         verify(readWriteTransaction, times(1)).submit();
233         verify(commitFuture, times(2)).get(); // 1 + 1 above
234     }
235
236     /**
237      * Test method {@link EgressAclService#egressACLTcpPortWithPrefix(Long, String, String, boolean, Integer, String, Integer)}
238      */
239     @Test
240     public void testEgressACLTcpPortWithPrefix() throws Exception {
241         egressAclService.egressACLTcpPortWithPrefix(Long.valueOf(123), "2", MAC_ADDRESS, true, 1, HOST_ADDRESS, 1);
242         verify(readWriteTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
243         verify(readWriteTransaction, times(1)).submit();
244         verify(commitFuture, times(1)).get();
245
246         egressAclService.egressACLTcpPortWithPrefix(Long.valueOf(123), "2", MAC_ADDRESS, false, 1, HOST_ADDRESS, 1);
247         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
248         verify(readWriteTransaction, times(1)).submit();
249         verify(commitFuture, times(2)).get(); // 1 + 1 above
250     }
251
252     /**
253      * Test method {@link EgressAclService#egressAllowProto(Long, String, String, boolean, String, Integer)}
254      */
255     @Test
256     public void testEgressAllowProto() throws Exception {
257         egressAclService.egressAllowProto(Long.valueOf(123), "2", MAC_ADDRESS, true, HOST_ADDRESS, 1);
258         verify(readWriteTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
259         verify(readWriteTransaction, times(1)).submit();
260         verify(commitFuture, times(1)).get();
261
262         egressAclService.egressAllowProto(Long.valueOf(123), "2", MAC_ADDRESS, false, HOST_ADDRESS, 1);
263         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
264         verify(readWriteTransaction, times(1)).submit();
265         verify(commitFuture, times(2)).get(); // 1 + 1 above
266     }
267
268     /**
269      * Test method {@link EgressAclService#egressACLPermitAllProto(Long, String, String, boolean, String, Integer)}
270      */
271     @Test
272     public void testEgressACLPermitAllProto() throws Exception {
273         egressAclService.egressACLPermitAllProto(Long.valueOf(123), "2", MAC_ADDRESS, true, HOST_ADDRESS, 1);
274         verify(readWriteTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
275         verify(readWriteTransaction, times(1)).submit();
276         verify(commitFuture, times(1)).get();
277
278         egressAclService.egressACLPermitAllProto(Long.valueOf(123), "2", MAC_ADDRESS, false, HOST_ADDRESS, 1);
279         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
280         verify(readWriteTransaction, times(1)).submit();
281         verify(commitFuture, times(2)).get(); // 1 + 1 above
282     }
283
284     /**
285      * Test method {@link EgressAclService#egressACLTcpSyn(Long, String, String, boolean, Integer, Integer)}
286      */
287     @Test
288     public void testEgressACLTcpSyn() throws Exception {
289         egressAclService.egressACLTcpSyn(Long.valueOf(123), "2", MAC_ADDRESS, true, 1, 1);
290         verify(readWriteTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
291         verify(readWriteTransaction, times(1)).submit();
292         verify(commitFuture, times(1)).get();
293
294         egressAclService.egressACLTcpSyn(Long.valueOf(123), "2", MAC_ADDRESS, false, 1, 1);
295         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
296         verify(readWriteTransaction, times(1)).submit();
297         verify(commitFuture, times(2)).get(); // 1 + 1 above
298     }
299 }
NetVirt - Archived