2 * Copyright (c) 2015 Inocybe and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
9 package org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.services;
11 import static org.mockito.Matchers.any;
12 import static org.mockito.Matchers.anyBoolean;
13 import static org.mockito.Matchers.anyInt;
14 import static org.mockito.Matchers.anyLong;
15 import static org.mockito.Matchers.anyString;
16 import static org.mockito.Mockito.mock;
17 import static org.mockito.Mockito.times;
18 import static org.mockito.Mockito.verify;
19 import static org.mockito.Mockito.when;
21 import java.util.ArrayList;
22 import java.util.List;
24 import org.junit.Before;
25 import org.junit.Ignore;
26 import org.junit.Test;
27 import org.junit.runner.RunWith;
28 import org.mockito.InjectMocks;
29 import org.mockito.Mock;
30 import org.mockito.Mockito;
31 import org.mockito.Spy;
32 import org.mockito.runners.MockitoJUnitRunner;
33 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
34 import org.opendaylight.controller.md.sal.binding.api.ReadWriteTransaction;
35 import org.opendaylight.controller.md.sal.binding.api.WriteTransaction;
36 import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
37 import org.opendaylight.controller.md.sal.common.api.data.TransactionCommitFailedException;
38 import org.opendaylight.neutron.spi.NeutronSecurityGroup;
39 import org.opendaylight.neutron.spi.NeutronSecurityRule;
40 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.MdsalConsumer;
41 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.PipelineOrchestrator;
42 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.Service;
43 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.nodes.Node;
44 import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
46 import com.google.common.util.concurrent.CheckedFuture;
48 * Unit test for {@link EgressAclService}
50 @Ignore // TODO SB_MIGRATION
51 @RunWith(MockitoJUnitRunner.class)
52 public class EgressAclServiceTest {
54 @InjectMocks private EgressAclService egressAclService = new EgressAclService();
55 @Spy private EgressAclService egressAclServiceSpy;
57 @Mock private MdsalConsumer mdsalConsumer;
58 @Mock private PipelineOrchestrator orchestrator;
60 @Mock private ReadWriteTransaction readWriteTransaction;
61 @Mock private WriteTransaction writeTransaction;
62 @Mock private CheckedFuture<Void, TransactionCommitFailedException> commitFuture;
64 @Mock private NeutronSecurityGroup securityGroup;
65 @Mock private NeutronSecurityRule portSecurityRule;
67 private static final String HOST_ADDRESS = "127.0.0.1/32";
68 private static final String MAC_ADDRESS = "87:1D:5E:02:40:B7";
72 egressAclServiceSpy = Mockito.spy(egressAclService);
74 when(readWriteTransaction.submit()).thenReturn(commitFuture);
75 when(writeTransaction.submit()).thenReturn(commitFuture);
77 DataBroker dataBroker = mock(DataBroker.class);
78 when(dataBroker.newReadWriteTransaction()).thenReturn(readWriteTransaction);
79 when(dataBroker.newWriteOnlyTransaction()).thenReturn(writeTransaction);
81 when(mdsalConsumer.getDataBroker()).thenReturn(dataBroker);
83 when(orchestrator.getNextServiceInPipeline(any(Service.class))).thenReturn(Service.ARP_RESPONDER);
85 portSecurityRule = mock(NeutronSecurityRule.class);
86 when(portSecurityRule.getSecurityRuleEthertype()).thenReturn("IPv4");
87 when(portSecurityRule.getSecurityRuleDirection()).thenReturn("egress");
89 List<NeutronSecurityRule> portSecurityList = new ArrayList();
90 portSecurityList.add(portSecurityRule);
92 when(securityGroup.getSecurityRules()).thenReturn(portSecurityList);
96 * Rule 1: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (True), IP Prefix (True)
99 public void testProgramPortSecurityACLRule1() throws Exception {
100 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
101 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(1);
102 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
103 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
105 egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
106 verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
107 verify(egressAclServiceSpy, times(1)).egressACLTcpPortWithPrefix(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyString(), anyInt());
108 verify(readWriteTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
109 verify(readWriteTransaction, times(2)).submit();
110 verify(commitFuture, times(2)).get();
114 * Rule 2: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (False), IP Prefix (True)
117 public void testProgramPortSecurityACLRule2() throws Exception {
118 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
119 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
120 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
121 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
123 egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
124 verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
125 verify(egressAclServiceSpy, times(1)).egressACLTcpPortWithPrefix(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyString(), anyInt());
126 verify(readWriteTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
127 verify(readWriteTransaction, times(2)).submit();
128 verify(commitFuture, times(2)).get();
132 * Rule 3: TCP Proto (True), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (True)
135 public void testProgramPortSecurityACLRule3() throws Exception {
136 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
137 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
138 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
139 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
141 egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
142 verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
143 verify(egressAclServiceSpy, times(1)).egressACLPermitAllProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
144 verify(readWriteTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
145 verify(readWriteTransaction, times(2)).submit();
146 verify(commitFuture, times(2)).get();
150 * Rule 4: TCP Proto (False), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (True)
153 public void testProgramPortSecurityACLRule4() throws Exception {
154 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
155 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
156 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
157 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
159 egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
160 verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
161 verify(egressAclServiceSpy, times(1)).egressACLPermitAllProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
162 verify(readWriteTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
163 verify(readWriteTransaction, times(2)).submit();
164 verify(commitFuture, times(2)).get();
168 * Rule 5: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (True), IP Prefix (False)
171 public void testProgramPortSecurityACLRule5() throws Exception {
172 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
173 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(1);
174 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
175 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
177 egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
178 verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
179 verify(egressAclServiceSpy, times(1)).egressACLTcpSyn(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyInt());
180 verify(readWriteTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
181 verify(readWriteTransaction, times(2)).submit();
182 verify(commitFuture, times(2)).get();
186 * Rule 6: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (False), IP Prefix (False)
189 public void testProgramPortSecurityACLRule6() throws Exception {
190 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
191 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
192 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
193 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
195 egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
196 verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
197 verify(egressAclServiceSpy, times(1)).egressACLTcpSyn(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyInt());
198 verify(readWriteTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
199 verify(readWriteTransaction, times(2)).submit();
200 verify(commitFuture, times(2)).get();
204 * Rule 7: TCP Proto (True), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (False or 0.0.0.0/0)
207 public void testProgramPortSecurityACLRule7() throws Exception {
208 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
209 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
210 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
211 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
213 egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
214 verify(egressAclServiceSpy, times(1)).egressAllowProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
215 verify(readWriteTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
216 verify(readWriteTransaction, times(1)).submit();
217 verify(commitFuture, times(1)).get();
221 * Test method {@link EgressAclService#egressACLDefaultTcpDrop(Long, String, String, int, boolean)}
224 public void testEgressACLDefaultTcpDrop() throws Exception {
225 egressAclService.egressACLDefaultTcpDrop(Long.valueOf(123), "2", MAC_ADDRESS, 1, true);
226 verify(readWriteTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
227 verify(readWriteTransaction, times(1)).submit();
228 verify(commitFuture, times(1)).get();
230 egressAclService.egressACLDefaultTcpDrop(Long.valueOf(123), "2", MAC_ADDRESS, 1, false);
231 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
232 verify(readWriteTransaction, times(1)).submit();
233 verify(commitFuture, times(2)).get(); // 1 + 1 above
237 * Test method {@link EgressAclService#egressACLTcpPortWithPrefix(Long, String, String, boolean, Integer, String, Integer)}
240 public void testEgressACLTcpPortWithPrefix() throws Exception {
241 egressAclService.egressACLTcpPortWithPrefix(Long.valueOf(123), "2", MAC_ADDRESS, true, 1, HOST_ADDRESS, 1);
242 verify(readWriteTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
243 verify(readWriteTransaction, times(1)).submit();
244 verify(commitFuture, times(1)).get();
246 egressAclService.egressACLTcpPortWithPrefix(Long.valueOf(123), "2", MAC_ADDRESS, false, 1, HOST_ADDRESS, 1);
247 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
248 verify(readWriteTransaction, times(1)).submit();
249 verify(commitFuture, times(2)).get(); // 1 + 1 above
253 * Test method {@link EgressAclService#egressAllowProto(Long, String, String, boolean, String, Integer)}
256 public void testEgressAllowProto() throws Exception {
257 egressAclService.egressAllowProto(Long.valueOf(123), "2", MAC_ADDRESS, true, HOST_ADDRESS, 1);
258 verify(readWriteTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
259 verify(readWriteTransaction, times(1)).submit();
260 verify(commitFuture, times(1)).get();
262 egressAclService.egressAllowProto(Long.valueOf(123), "2", MAC_ADDRESS, false, HOST_ADDRESS, 1);
263 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
264 verify(readWriteTransaction, times(1)).submit();
265 verify(commitFuture, times(2)).get(); // 1 + 1 above
269 * Test method {@link EgressAclService#egressACLPermitAllProto(Long, String, String, boolean, String, Integer)}
272 public void testEgressACLPermitAllProto() throws Exception {
273 egressAclService.egressACLPermitAllProto(Long.valueOf(123), "2", MAC_ADDRESS, true, HOST_ADDRESS, 1);
274 verify(readWriteTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
275 verify(readWriteTransaction, times(1)).submit();
276 verify(commitFuture, times(1)).get();
278 egressAclService.egressACLPermitAllProto(Long.valueOf(123), "2", MAC_ADDRESS, false, HOST_ADDRESS, 1);
279 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
280 verify(readWriteTransaction, times(1)).submit();
281 verify(commitFuture, times(2)).get(); // 1 + 1 above
285 * Test method {@link EgressAclService#egressACLTcpSyn(Long, String, String, boolean, Integer, Integer)}
288 public void testEgressACLTcpSyn() throws Exception {
289 egressAclService.egressACLTcpSyn(Long.valueOf(123), "2", MAC_ADDRESS, true, 1, 1);
290 verify(readWriteTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
291 verify(readWriteTransaction, times(1)).submit();
292 verify(commitFuture, times(1)).get();
294 egressAclService.egressACLTcpSyn(Long.valueOf(123), "2", MAC_ADDRESS, false, 1, 1);
295 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
296 verify(readWriteTransaction, times(1)).submit();
297 verify(commitFuture, times(2)).get(); // 1 + 1 above