2 * Copyright (c) 2015 Inocybe and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
9 package org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.services;
11 import static org.mockito.Matchers.any;
12 import static org.mockito.Matchers.anyBoolean;
13 import static org.mockito.Matchers.anyInt;
14 import static org.mockito.Matchers.anyLong;
15 import static org.mockito.Matchers.anyString;
16 import static org.mockito.Matchers.eq;
17 import static org.mockito.Mockito.mock;
18 import static org.mockito.Mockito.times;
19 import static org.mockito.Mockito.verify;
20 import static org.mockito.Mockito.when;
22 import java.util.ArrayList;
23 import java.util.List;
25 import org.junit.Before;
26 import org.junit.Test;
27 import org.junit.runner.RunWith;
28 import org.mockito.InjectMocks;
29 import org.mockito.Mock;
30 import org.mockito.Mockito;
31 import org.mockito.Spy;
32 import org.mockito.internal.matchers.Equality;
33 import org.mockito.runners.MockitoJUnitRunner;
34 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
35 import org.opendaylight.controller.md.sal.binding.api.WriteTransaction;
36 import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
37 import org.opendaylight.controller.md.sal.common.api.data.TransactionCommitFailedException;
38 import org.opendaylight.neutron.spi.NeutronSecurityGroup;
39 import org.opendaylight.neutron.spi.NeutronSecurityRule;
40 import org.opendaylight.neutron.spi.Neutron_IPs;
41 import org.opendaylight.ovsdb.openstack.netvirt.api.Constants;
42 import org.opendaylight.ovsdb.openstack.netvirt.api.SecurityServicesManager;
43 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.PipelineOrchestrator;
44 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.Service;
45 import org.opendaylight.ovsdb.utils.mdsal.openflow.MatchUtils;
46 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.inventory.rev130819.FlowId;
47 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.inventory.rev130819.tables.table.FlowBuilder;
48 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.inventory.rev130819.tables.table.FlowKey;
49 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.types.rev131026.flow.MatchBuilder;
50 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.nodes.Node;
51 import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
53 import com.google.common.util.concurrent.CheckedFuture;
55 * Unit test for {@link EgressAclService}
57 @RunWith(MockitoJUnitRunner.class)
58 @SuppressWarnings("unchecked")
59 public class EgressAclServiceTest {
61 @InjectMocks private EgressAclService egressAclService = new EgressAclService();
62 @Spy private EgressAclService egressAclServiceSpy;
63 @Spy private MatchUtils matchUtil;
65 @Mock private DataBroker dataBroker;
66 @Mock private PipelineOrchestrator orchestrator;
68 @Mock private WriteTransaction writeTransaction;
69 @Mock private CheckedFuture<Void, TransactionCommitFailedException> commitFuture;
71 @Mock private NeutronSecurityGroup securityGroup;
72 @Mock private NeutronSecurityRule portSecurityRule;
74 @Mock private SecurityServicesManager securityServices;
76 private Neutron_IPs neutron_ip_src;
77 private Neutron_IPs neutron_ip_dest_1;
78 private Neutron_IPs neutron_ip_dest_2;
79 private List<Neutron_IPs> neutronSrcIpList = new ArrayList<Neutron_IPs>();
80 private List<Neutron_IPs> neutronDestIpList = new ArrayList<Neutron_IPs>();
81 private static final String HOST_ADDRESS = "127.0.0.1/32";
82 private static final String MAC_ADDRESS = "87:1D:5E:02:40:B7";
83 private static final String SRC_IP = "192.168.0.1";
84 private static final String DEST_IP_1 = "192.169.0.1";
85 private static final String DEST_IP_2 = "192.169.0.2";
86 private static final String DEST_IP_1_WITH_MASK = "192.169.0.1/32";
87 private static final String DEST_IP_2_WITH_MASK = "192.169.0.2/32";
88 private static final String SECURITY_GROUP_UUID = "85cc3048-abc3-43cc-89b3-377341426ac5";
92 egressAclServiceSpy = Mockito.spy(egressAclService);
94 when(writeTransaction.submit()).thenReturn(commitFuture);
96 when(dataBroker.newWriteOnlyTransaction()).thenReturn(writeTransaction);
98 when(orchestrator.getNextServiceInPipeline(any(Service.class))).thenReturn(Service.ARP_RESPONDER);
100 portSecurityRule = mock(NeutronSecurityRule.class);
102 when(portSecurityRule.getSecurityRuleEthertype()).thenReturn("IPv4");
103 when(portSecurityRule.getSecurityRuleDirection()).thenReturn("egress");
105 List<NeutronSecurityRule> portSecurityList = new ArrayList<NeutronSecurityRule>();
106 portSecurityList.add(portSecurityRule);
108 neutron_ip_src = new Neutron_IPs();
109 neutron_ip_src.setIpAddress(SRC_IP);
110 neutronSrcIpList.add(neutron_ip_src);
112 neutron_ip_dest_1 = new Neutron_IPs();
113 neutron_ip_dest_1.setIpAddress(DEST_IP_1);
114 neutronDestIpList.add(neutron_ip_dest_1);
116 neutron_ip_dest_2 = new Neutron_IPs();
117 neutron_ip_dest_2.setIpAddress(DEST_IP_2);
118 neutronDestIpList.add(neutron_ip_dest_2);
120 when(securityGroup.getSecurityRules()).thenReturn(portSecurityList);
121 when(securityServices.getVmListForSecurityGroup(neutronSrcIpList, SECURITY_GROUP_UUID)).thenReturn(neutronDestIpList);
125 * Rule 1: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (True), IP Prefix (True)
128 public void testProgramPortSecurityACLRule1() throws Exception {
129 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
130 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(1);
131 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
132 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
134 egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
135 verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
136 verify(egressAclServiceSpy, times(1)).egressACLTcpPortWithPrefix(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyString(), anyInt());
137 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
138 verify(writeTransaction, times(2)).submit();
139 verify(commitFuture, times(2)).get();
143 * Rule 2: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (False), IP Prefix (True)
146 public void testProgramPortSecurityACLRule2() throws Exception {
147 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
148 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
149 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
150 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
152 egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
153 verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
154 verify(egressAclServiceSpy, times(1)).egressACLTcpPortWithPrefix(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyString(), anyInt());
155 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
156 verify(writeTransaction, times(2)).submit();
157 verify(commitFuture, times(2)).get();
161 * Rule 3: TCP Proto (True), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (True)
164 public void testProgramPortSecurityACLRule3() throws Exception {
165 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
166 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
167 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
168 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
170 egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
171 verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
172 verify(egressAclServiceSpy, times(1)).egressACLPermitAllProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
173 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
174 verify(writeTransaction, times(2)).submit();
175 verify(commitFuture, times(2)).get();
179 * Rule 4: TCP Proto (False), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (True)
182 public void testProgramPortSecurityACLRule4() throws Exception {
183 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
184 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
185 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
186 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
188 egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
189 verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
190 verify(egressAclServiceSpy, times(1)).egressACLPermitAllProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
191 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
192 verify(writeTransaction, times(2)).submit();
193 verify(commitFuture, times(2)).get();
197 * Rule 5: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (True), IP Prefix (False)
200 public void testProgramPortSecurityACLRule5() throws Exception {
201 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
202 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(1);
203 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
204 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
206 egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
207 verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
208 verify(egressAclServiceSpy, times(1)).egressACLTcpSyn(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyInt());
209 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
210 verify(writeTransaction, times(2)).submit();
211 verify(commitFuture, times(2)).get();
215 * Rule 6: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (False), IP Prefix (False)
218 public void testProgramPortSecurityACLRule6() throws Exception {
219 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
220 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
221 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
222 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
224 egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
225 verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
226 verify(egressAclServiceSpy, times(1)).egressACLTcpSyn(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyInt());
227 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
228 verify(writeTransaction, times(2)).submit();
229 verify(commitFuture, times(2)).get();
233 * Rule 7: TCP Proto (True), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (False or 0.0.0.0/0)
236 public void testProgramPortSecurityACLRule7() throws Exception {
237 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
238 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
239 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
240 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
242 egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
243 verify(egressAclServiceSpy, times(1)).egressAllowProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
244 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
245 verify(writeTransaction, times(1)).submit();
246 verify(commitFuture, times(1)).get();
250 * Test method {@link EgressAclService#egressACLDefaultTcpDrop(Long, String, String, int, boolean)}
253 public void testEgressACLDefaultTcpDrop() throws Exception {
254 egressAclService.egressACLDefaultTcpDrop(Long.valueOf(123), "2", MAC_ADDRESS, 1, true);
255 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
256 verify(writeTransaction, times(1)).submit();
257 verify(commitFuture, times(1)).get();
259 egressAclService.egressACLDefaultTcpDrop(Long.valueOf(123), "2", MAC_ADDRESS, 1, false);
260 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
261 verify(writeTransaction, times(2)).submit();
262 verify(commitFuture, times(2)).get(); // 1 + 1 above
266 * Test IPv4 add test case.
269 public void testProgramPortSecurityACLRuleAddIpv4() throws Exception {
270 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
271 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
272 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
273 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
275 egressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,true);
277 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
278 verify(writeTransaction, times(1)).submit();
279 verify(commitFuture, times(1)).get();
283 * Test IPv4 remove test case.
286 public void testProgramPortSecurityACLRuleRemoveIpv4() throws Exception {
287 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
288 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
289 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
290 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
292 egressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false);
293 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
294 verify(writeTransaction, times(1)).submit();
295 verify(commitFuture, times(1)).get();
299 * Test TCP add with port no and CIDR selected.
302 public void testProgramPortSecurityACLRuleAddTcp1() throws Exception {
303 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
304 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
305 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
306 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
308 egressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,true);
310 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
311 verify(writeTransaction, times(1)).submit();
312 verify(commitFuture, times(1)).get();
316 * Test TCP remove with port no and CIDR selected.
319 public void testProgramPortSecurityACLRuleRemoveTcp1() throws Exception {
320 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
321 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
322 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
323 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
325 egressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false);
327 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
328 verify(writeTransaction, times(1)).submit();
329 verify(commitFuture, times(1)).get();
333 * Test TCP add with port no and remote SG selected.
336 public void testProgramPortSecurityACLRuleAddTcp2() throws Exception {
337 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
338 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
339 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
340 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
341 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
343 egressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,true);
345 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
346 verify(writeTransaction, times(2)).submit();
347 verify(commitFuture, times(2)).get();
351 * Test TCP remove with port no and remote SG selected.
354 public void testProgramPortSecurityACLRuleRemoveTcp2() throws Exception {
355 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
356 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
357 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
358 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
359 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
361 egressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false);
363 verify(writeTransaction, times(2)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
364 verify(writeTransaction, times(2)).submit();
365 verify(commitFuture, times(2)).get();
369 * Test UDP add with port no and CIDR selected.
372 public void testProgramPortSecurityACLRuleAddUdp1() throws Exception {
373 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
374 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
375 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
376 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
378 egressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,true);
380 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
381 verify(writeTransaction, times(1)).submit();
382 verify(commitFuture, times(1)).get();
386 * Test UDP add with port no and CIDR selected.
389 public void testProgramPortSecurityACLRuleRemoveUdp1() throws Exception {
390 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
391 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
392 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
393 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
395 egressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false);
397 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
398 verify(writeTransaction, times(1)).submit();
399 verify(commitFuture, times(1)).get();
403 * Test UDP add with port no and remote SG selected.
406 public void testProgramPortSecurityACLRuleAddUdp2() throws Exception {
407 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
408 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
409 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
410 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
411 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
413 egressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,true);
415 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
416 verify(writeTransaction, times(2)).submit();
417 verify(commitFuture, times(2)).get();
421 * Test UDP add with port no and remote SG selected.
424 public void testProgramPortSecurityACLRuleRemoveUdp2() throws Exception {
425 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
426 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
427 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
428 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
429 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
431 egressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false);
433 verify(writeTransaction, times(2)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
434 verify(writeTransaction, times(2)).submit();
435 verify(commitFuture, times(2)).get();
439 * Test IPv4 invalid ether type test case.
442 public void testProgramPortSecurityACLRuleInvalidEther() throws Exception {
443 when(portSecurityRule.getSecurityRuleEthertype()).thenReturn("IPV6");
445 egressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false);
447 verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
448 verify(writeTransaction, times(0)).submit();
449 verify(commitFuture, times(0)).get();
453 * Test IPv4 invalid direction type test case.
456 public void testProgramPortSecurityACLRuleInvalidDirection() throws Exception {
457 when(portSecurityRule.getSecurityRuleDirection()).thenReturn("ingress");
459 egressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false);
461 verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
462 verify(writeTransaction, times(0)).submit();
463 verify(commitFuture, times(0)).get();
467 * Test With isLastPortInBridge false isComputeNode false
470 public void testProgramFixedSecurityACLAdd1() throws Exception {
471 egressAclServiceSpy.programFixedSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, false, false, true);
473 verify(writeTransaction, times(0)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
474 verify(writeTransaction, times(0)).submit();
475 verify(commitFuture, times(0)).get();
478 * Test With isLastPortInBridge false isComputeNode false
481 public void testProgramFixedSecurityACLRemove1() throws Exception {
483 egressAclServiceSpy.programFixedSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, false, false, false);
485 verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
486 verify(writeTransaction, times(0)).submit();
487 verify(commitFuture, times(0)).get();
491 * Test With isLastPortInBridge false isComputeNode true
494 public void testProgramFixedSecurityACLAdd2() throws Exception {
496 egressAclServiceSpy.programFixedSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, false, true, true);
498 verify(writeTransaction, times(6)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
499 verify(writeTransaction, times(3)).submit();
500 verify(commitFuture, times(3)).get();
504 * Test With isLastPortInBridge false isComputeNode true
507 public void testProgramFixedSecurityACLRemove2() throws Exception {
509 egressAclServiceSpy.programFixedSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, false, true, false);
511 verify(writeTransaction, times(3)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
512 verify(writeTransaction, times(3)).submit();
513 verify(commitFuture, times(3)).get();
517 * Test With isLastPortInBridge true isComputeNode false
520 public void testProgramFixedSecurityACLAdd3() throws Exception {
522 egressAclServiceSpy.programFixedSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, true, false, true);
524 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
525 verify(writeTransaction, times(1)).submit();
526 verify(commitFuture, times(1)).get();
530 * Test With isLastPortInBridge true isComputeNode false
533 public void testProgramFixedSecurityACLRemove3() throws Exception {
535 egressAclServiceSpy.programFixedSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, true, false, false);
537 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
538 verify(writeTransaction, times(1)).submit();
539 verify(commitFuture, times(1)).get();
543 * Test With isLastPortInBridge true isComputeNode true
546 public void testProgramFixedSecurityACLAdd4() throws Exception {
548 egressAclServiceSpy.programFixedSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, true, true, true);
550 verify(writeTransaction, times(8)).put(any(LogicalDatastoreType.class),
551 any(InstanceIdentifier.class), any(Node.class), eq(true));
552 verify(writeTransaction, times(4)).submit();
553 verify(commitFuture, times(4)).get();
557 * Test With isLastPortInBridge true isComputeNode true
560 public void testProgramFixedSecurityACLRemove4() throws Exception {
562 egressAclServiceSpy.programFixedSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, true, true, false);
564 verify(writeTransaction, times(4)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
565 verify(writeTransaction, times(4)).submit();
566 verify(commitFuture, times(4)).get();
570 * Test method {@link EgressAclService#egressACLTcpPortWithPrefix(Long, String, String, boolean, Integer, String, Integer)}
573 public void testEgressACLTcpPortWithPrefix() throws Exception {
574 egressAclService.egressACLTcpPortWithPrefix(Long.valueOf(123), "2", MAC_ADDRESS, true, 1, HOST_ADDRESS, 1);
575 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
576 verify(writeTransaction, times(1)).submit();
577 verify(commitFuture, times(1)).get();
579 egressAclService.egressACLTcpPortWithPrefix(Long.valueOf(123), "2", MAC_ADDRESS, false, 1, HOST_ADDRESS, 1);
580 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
581 verify(writeTransaction, times(2)).submit();
582 verify(commitFuture, times(2)).get(); // 1 + 1 above
586 * Test method {@link EgressAclService#egressAllowProto(Long, String, String, boolean, String, Integer)}
589 public void testEgressAllowProto() throws Exception {
590 egressAclService.egressAllowProto(Long.valueOf(123), "2", MAC_ADDRESS, true, HOST_ADDRESS, 1);
591 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
592 verify(writeTransaction, times(1)).submit();
593 verify(commitFuture, times(1)).get();
595 egressAclService.egressAllowProto(Long.valueOf(123), "2", MAC_ADDRESS, false, HOST_ADDRESS, 1);
596 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
597 verify(writeTransaction, times(2)).submit();
598 verify(commitFuture, times(2)).get(); // 1 + 1 above
602 * Test method {@link EgressAclService#egressACLPermitAllProto(Long, String, String, boolean, String, Integer)}
605 public void testEgressACLPermitAllProto() throws Exception {
606 egressAclService.egressACLPermitAllProto(Long.valueOf(123), "2", MAC_ADDRESS, true, HOST_ADDRESS, 1);
607 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
608 verify(writeTransaction, times(1)).submit();
609 verify(commitFuture, times(1)).get();
611 egressAclService.egressACLPermitAllProto(Long.valueOf(123), "2", MAC_ADDRESS, false, HOST_ADDRESS, 1);
612 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
613 verify(writeTransaction, times(2)).submit();
614 verify(commitFuture, times(2)).get(); // 1 + 1 above
618 * Test method {@link EgressAclService#egressACLTcpSyn(Long, String, String, boolean, Integer, Integer)}
621 public void testEgressACLTcpSyn() throws Exception {
622 egressAclService.egressACLTcpSyn(Long.valueOf(123), "2", MAC_ADDRESS, true, 1, 1);
623 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
624 verify(writeTransaction, times(1)).submit();
625 verify(commitFuture, times(1)).get();
627 egressAclService.egressACLTcpSyn(Long.valueOf(123), "2", MAC_ADDRESS, false, 1, 1);
628 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
629 verify(writeTransaction, times(2)).submit();
630 verify(commitFuture, times(2)).get(); // 1 + 1 above