openstack/net-virt-providers/src/test/java/org/opendaylight/ovsdb/openstack/netvirt/providers/openflow13/services/EgressAclServiceTest.java

   1 /*
   2  * Copyright (c) 2015 Inocybe and others.  All rights reserved.
   3  *
   4  * This program and the accompanying materials are made available under the
   5  * terms of the Eclipse Public License v1.0 which accompanies this distribution,
   6  * and is available at http://www.eclipse.org/legal/epl-v10.html
   7  */
   8
   9 package org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.services;
  10
  11 import static org.mockito.Matchers.any;
  12 import static org.mockito.Matchers.anyBoolean;
  13 import static org.mockito.Matchers.eq;
  14 import static org.mockito.Mockito.mock;
  15 import static org.mockito.Mockito.times;
  16 import static org.mockito.Mockito.verify;
  17 import static org.mockito.Mockito.when;
  18
  19 import java.util.ArrayList;
  20 import java.util.List;
  21
  22 import org.junit.Assert;
  23 import org.junit.Before;
  24 import org.junit.Test;
  25 import org.junit.runner.RunWith;
  26 import org.mockito.InjectMocks;
  27 import org.mockito.Mock;
  28 import org.mockito.invocation.InvocationOnMock;
  29 import org.mockito.stubbing.Answer;
  30 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
  31 import org.opendaylight.controller.md.sal.binding.api.WriteTransaction;
  32 import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
  33 import org.opendaylight.controller.md.sal.common.api.data.TransactionCommitFailedException;
  34 import org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronSecurityGroup;
  35 import org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronSecurityRule;
  36 import org.opendaylight.ovsdb.openstack.netvirt.translator.Neutron_IPs;
  37 import org.opendaylight.ovsdb.openstack.netvirt.api.SecurityGroupCacheManger;
  38 import org.opendaylight.ovsdb.openstack.netvirt.api.SecurityServicesManager;
  39 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.PipelineOrchestrator;
  40 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.Service;
  41 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.inventory.rev130819.tables.table.FlowBuilder;
  42 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.nodes.Node;
  43 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.nodes.NodeBuilder;
  44 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.Match;
  45 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.EthernetMatch;
  46 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.Icmpv4Match;
  47 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._4.match.TcpMatch;
  48 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._4.match.UdpMatch;
  49 import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
  50 import org.powermock.api.mockito.PowerMockito;
  51 import org.powermock.modules.junit4.PowerMockRunner;
  52
  53 import com.google.common.util.concurrent.CheckedFuture;
  54 /**
  55  * Unit test for {@link EgressAclService}
  56  */
  57 @RunWith(PowerMockRunner.class)
  58 @SuppressWarnings("unchecked")
  59 public class EgressAclServiceTest {
  60
  61     @InjectMocks private EgressAclService egressAclService = new EgressAclService();
  62     private EgressAclService egressAclServiceSpy;
  63
  64     @Mock private DataBroker dataBroker;
  65     @Mock private PipelineOrchestrator orchestrator;
  66
  67     @Mock private WriteTransaction writeTransaction;
  68     @Mock private CheckedFuture<Void, TransactionCommitFailedException> commitFuture;
  69
  70     @Mock private NeutronSecurityGroup securityGroup;
  71     @Mock private NeutronSecurityRule portSecurityRule;
  72
  73     @Mock private SecurityServicesManager securityServices;
  74     @Mock private SecurityGroupCacheManger securityGroupCacheManger;
  75
  76     private Neutron_IPs neutron_ip_src;
  77     private Neutron_IPs neutron_ip_dest_1;
  78     private Neutron_IPs neutron_ip_dest_2;
  79     private List<Neutron_IPs> neutronSrcIpList = new ArrayList<>();
  80     private List<Neutron_IPs> neutronDestIpList = new ArrayList<>();
  81     private static final String HOST_ADDRESS = "127.0.0.1/32";
  82     private static final String MAC_ADDRESS = "87:1D:5E:02:40:B7";
  83     private static final String SRC_IP = "192.168.0.1";
  84     private static final String DEST_IP_1 = "192.169.0.1";
  85     private static final String DEST_IP_2 = "192.169.0.2";
  86     private static final String DEST_IP_1_WITH_MASK = "192.169.0.1/32";
  87     private static final String DEST_IP_2_WITH_MASK = "192.169.0.2/32";
  88     private static final String SECURITY_GROUP_UUID = "85cc3048-abc3-43cc-89b3-377341426ac5";
  89     private static final String PORT_UUID = "95cc3048-abc3-43cc-89b3-377341426ac5";
  90     private static final String SEGMENT_ID = "2";
  91     private static final Long DP_ID_LONG = (long) 1554;
  92     private static final Long LOCAL_PORT = (long) 124;
  93     private static final int PORT_RANGE_MIN = 1;
  94     private static final int PORT_RANGE_MAX = 65535;
  95     private static FlowBuilder flowBuilder;
  96     private static NodeBuilder nodeBuilder;
  97
  98     private static Answer<Object> answer() {
  99         return new Answer<Object>() {
 100             @Override
 101             public CheckedFuture<Void, TransactionCommitFailedException> answer(InvocationOnMock invocation)
 102                     throws Throwable {
 103                 flowBuilder = (FlowBuilder) invocation.getArguments()[0];
 104                 nodeBuilder = (NodeBuilder) invocation.getArguments()[1];
 105                 return null;
 106             }
 107         };
 108     }
 109
 110     @Before
 111     public void setUp() {
 112         egressAclServiceSpy = PowerMockito.spy(egressAclService);
 113
 114         when(writeTransaction.submit()).thenReturn(commitFuture);
 115
 116         when(dataBroker.newWriteOnlyTransaction()).thenReturn(writeTransaction);
 117
 118         when(orchestrator.getNextServiceInPipeline(any(Service.class))).thenReturn(Service.ARP_RESPONDER);
 119
 120         portSecurityRule = mock(NeutronSecurityRule.class);
 121
 122         when(portSecurityRule.getSecurityRuleEthertype()).thenReturn("IPv4");
 123         when(portSecurityRule.getSecurityRuleDirection()).thenReturn("egress");
 124
 125         List<NeutronSecurityRule> portSecurityList = new ArrayList<>();
 126         portSecurityList.add(portSecurityRule);
 127
 128         neutron_ip_src = new Neutron_IPs();
 129         neutron_ip_src.setIpAddress(SRC_IP);
 130         neutronSrcIpList.add(neutron_ip_src);
 131
 132         neutron_ip_dest_1 = new Neutron_IPs();
 133         neutron_ip_dest_1.setIpAddress(DEST_IP_1);
 134         neutronDestIpList.add(neutron_ip_dest_1);
 135
 136         neutron_ip_dest_2 = new Neutron_IPs();
 137         neutron_ip_dest_2.setIpAddress(DEST_IP_2);
 138         neutronDestIpList.add(neutron_ip_dest_2);
 139
 140         when(securityGroup.getSecurityRules()).thenReturn(portSecurityList);
 141         when(securityServices.getVmListForSecurityGroup(PORT_UUID, SECURITY_GROUP_UUID)).thenReturn(neutronDestIpList);
 142     }
 143
 144     /**
 145      * Rule 1: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (True), IP Prefix (True)
 146      */
 147     /*@Test
 148     public void testProgramPortSecurityACLRule1() throws Exception {
 149         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 150         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(1);
 151         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
 152         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
 153
 154         egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
 155         verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 156         verify(egressAclServiceSpy, times(1)).egressACLTcpPortWithPrefix(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyString(), anyInt());
 157         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 158         verify(writeTransaction, times(2)).submit();
 159         verify(commitFuture, times(2)).get();
 160     }
 161
 162     *//**
 163      * Rule 2: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (False), IP Prefix (True)
 164      *//*
 165     @Test
 166     public void testProgramPortSecurityACLRule2() throws Exception {
 167         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 168         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 169         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
 170         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
 171
 172         egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
 173         verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 174         verify(egressAclServiceSpy, times(1)).egressACLTcpPortWithPrefix(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyString(), anyInt());
 175         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 176         verify(writeTransaction, times(2)).submit();
 177         verify(commitFuture, times(2)).get();
 178     }
 179
 180     *//**
 181      * Rule 3: TCP Proto (True), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (True)
 182      *//*
 183     @Test
 184     public void testProgramPortSecurityACLRule3() throws Exception {
 185         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 186         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 187         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
 188         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
 189
 190         egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
 191         verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 192         verify(egressAclServiceSpy, times(1)).egressACLPermitAllProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
 193         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 194         verify(writeTransaction, times(2)).submit();
 195         verify(commitFuture, times(2)).get();
 196     }
 197
 198     *//**
 199      * Rule 4: TCP Proto (False), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (True)
 200      *//*
 201     @Test
 202     public void testProgramPortSecurityACLRule4() throws Exception {
 203         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
 204         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 205         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
 206         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
 207
 208         egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
 209         verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 210         verify(egressAclServiceSpy, times(1)).egressACLPermitAllProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
 211         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 212         verify(writeTransaction, times(2)).submit();
 213         verify(commitFuture, times(2)).get();
 214     }
 215
 216     *//**
 217      * Rule 5: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (True), IP Prefix (False)
 218      *//*
 219     @Test
 220     public void testProgramPortSecurityACLRule5() throws Exception {
 221         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 222         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(1);
 223         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
 224         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
 225
 226         egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
 227         verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 228         verify(egressAclServiceSpy, times(1)).egressACLTcpSyn(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyInt());
 229         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 230         verify(writeTransaction, times(2)).submit();
 231         verify(commitFuture, times(2)).get();
 232     }
 233
 234     *//**
 235      * Rule 6: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (False), IP Prefix (False)
 236      *//*
 237     @Test
 238     public void testProgramPortSecurityACLRule6() throws Exception {
 239         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 240         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 241         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
 242         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
 243
 244         egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
 245         verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 246         verify(egressAclServiceSpy, times(1)).egressACLTcpSyn(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyInt());
 247         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 248         verify(writeTransaction, times(2)).submit();
 249         verify(commitFuture, times(2)).get();
 250     }
 251
 252     *//**
 253      * Rule 7: TCP Proto (True), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (False or 0.0.0.0/0)
 254      *//*
 255     @Test
 256     public void testProgramPortSecurityACLRule7() throws Exception {
 257         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 258         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 259         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
 260         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
 261
 262         egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
 263         verify(egressAclServiceSpy, times(1)).egressAllowProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
 264         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 265         verify(writeTransaction, times(1)).submit();
 266         verify(commitFuture, times(1)).get();
 267     }
 268 */
 269     /**
 270      * Test method {@link EgressAclService#programPortSecurityGroup(java.lang.Long, java.lang.String,
 271      * java.lang.String, long, org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronSecurityGroup,
 272      * java.lang.String, boolean)} when portSecurityRule is incomplete
 273      */
 274     @Test
 275     public void testProgramPortSecurityGroupWithIncompleteRule() throws Exception {
 276         NeutronSecurityRule portSecurityRule1 = mock(NeutronSecurityRule.class);
 277         when(portSecurityRule1.getSecurityRuleEthertype()).thenReturn("IPv4");
 278         when(portSecurityRule1.getSecurityRuleDirection()).thenReturn("not_egress");  // other direction
 279
 280         NeutronSecurityRule portSecurityRule2 = mock(NeutronSecurityRule.class);
 281         when(portSecurityRule2.getSecurityRuleEthertype()).thenReturn(null);
 282         when(portSecurityRule2.getSecurityRuleDirection()).thenReturn("egress");
 283
 284         NeutronSecurityRule portSecurityRule3 = mock(NeutronSecurityRule.class);
 285         when(portSecurityRule3.getSecurityRuleEthertype()).thenReturn("IPv4");
 286         when(portSecurityRule3.getSecurityRuleDirection()).thenReturn(null);
 287
 288         NeutronSecurityRule portSecurityRule4 = mock(NeutronSecurityRule.class);
 289         when(portSecurityRule4.getSecurityRuleEthertype()).thenReturn(null);
 290         when(portSecurityRule4.getSecurityRuleDirection()).thenReturn(null);
 291
 292         List<NeutronSecurityRule> portSecurityList = new ArrayList<>();
 293         portSecurityList.add(null);
 294         portSecurityList.add(portSecurityRule1);
 295         portSecurityList.add(portSecurityRule2);
 296         portSecurityList.add(portSecurityRule3);
 297         portSecurityList.add(portSecurityRule4);
 298
 299         NeutronSecurityGroup localSecurityGroup = mock(NeutronSecurityGroup.class);
 300         when(localSecurityGroup.getSecurityRules()).thenReturn(portSecurityList);
 301
 302         egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT,
 303                 localSecurityGroup, PORT_UUID, true);
 304     }
 305
 306     /**
 307      * Test method {@link EgressAclService#egressACLDefaultTcpDrop(Long, String, String, int, boolean)}
 308      */
 309     @Test
 310     public void testEgressACLDefaultTcpDrop() throws Exception {
 311         egressAclService.egressACLDefaultTcpDrop(123L, "2", MAC_ADDRESS, 1, true);
 312         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 313         verify(writeTransaction, times(1)).submit();
 314         verify(commitFuture, times(1)).get();
 315
 316         egressAclService.egressACLDefaultTcpDrop(123L, "2", MAC_ADDRESS, 1, false);
 317         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 318         verify(writeTransaction, times(2)).submit();
 319         verify(commitFuture, times(2)).get(); // 1 + 1 above
 320     }
 321
 322     /**
 323      *  Test IPv4 add test case.
 324      */
 325     @Test
 326     public void testProgramPortSecurityACLRuleAddIpv4() throws Exception {
 327         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
 328         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 329         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
 330         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
 331
 332         egressAclServiceSpy.programPortSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,PORT_UUID,true);
 333
 334         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
 335         verify(writeTransaction, times(1)).submit();
 336         verify(commitFuture, times(1)).get();
 337     }
 338
 339     /**
 340      *  Test IPv4 remove test case.
 341      */
 342     @Test
 343     public void testProgramPortSecurityACLRuleRemoveIpv4() throws Exception {
 344         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
 345         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 346         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
 347         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
 348
 349         egressAclServiceSpy.programPortSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,PORT_UUID,false);
 350         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 351         verify(writeTransaction, times(1)).submit();
 352         verify(commitFuture, times(1)).get();
 353     }
 354
 355     /**
 356      *  Test TCP add with port no and CIDR selected.
 357      */
 358     @Test
 359     public void testProgramPortSecurityACLRuleAddTcp1() throws Exception {
 360         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 361         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(20);
 362         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(20);
 363         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 364         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 365                                              any(NodeBuilder.class));
 366         egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 367                                                      PORT_UUID, true);
 368
 369         Match match = flowBuilder.getMatch();
 370         EthernetMatch ethMatch = match.getEthernetMatch();
 371         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 372
 373         Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
 374         TcpMatch layer4Match=(TcpMatch) match.getLayer4Match();
 375         Assert.assertEquals(20, layer4Match.getTcpDestinationPort().getValue().intValue());
 376         int port=portSecurityRule.getSecurityRulePortMin();
 377         Assert.assertEquals("Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
 378                             "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
 379     }
 380
 381     /**
 382      *  Test TCP remove with port no and CIDR selected.
 383      */
 384     @Test
 385     public void testProgramPortSecurityACLRuleRemoveTcp1() throws Exception {
 386         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 387         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(30);
 388         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(30);
 389         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 390         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 391                                              any(NodeBuilder.class));
 392
 393         egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 394                                                      PORT_UUID, false);
 395
 396         Match match = flowBuilder.getMatch();
 397         EthernetMatch ethMatch = match.getEthernetMatch();
 398         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 399
 400         Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
 401         TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
 402         Assert.assertEquals(30, layer4Match.getTcpDestinationPort().getValue().intValue());
 403         int port=portSecurityRule.getSecurityRulePortMin();
 404         Assert.assertEquals("Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
 405                             "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
 406     }
 407
 408     /**
 409      *  Test TCP add with port no and remote SG selected.
 410      */
 411     @Test
 412     public void testProgramPortSecurityACLRuleAddTcp2() throws Exception {
 413         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 414         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(40);
 415         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(40);
 416         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 417         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 418                                              any(NodeBuilder.class));
 419         egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 420                                                      PORT_UUID, true);
 421
 422         Match match = flowBuilder.getMatch();
 423         EthernetMatch ethMatch = match.getEthernetMatch();
 424         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 425
 426         Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
 427         TcpMatch layer4Match=(TcpMatch) match.getLayer4Match();
 428         int port=portSecurityRule.getSecurityRulePortMin();
 429         String expectedFlowId1 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + DEST_IP_1 +
 430                 "_Permit";
 431         String expectedFlowId2 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + DEST_IP_2 +
 432                 "_Permit";
 433         String actualFlowId = flowBuilder.getFlowName();
 434         if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 435             Assert.assertTrue(true);
 436         } else {
 437             Assert.assertTrue(false);
 438         }
 439     }
 440
 441     /**
 442      *  Test TCP remove with port no and remote SG selected.
 443      */
 444     @Test
 445     public void testProgramPortSecurityACLRuleRemoveTcp2() throws Exception {
 446         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 447         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
 448         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
 449         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 450         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 451                                              any(NodeBuilder.class));
 452
 453         egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 454                                                      PORT_UUID, false);
 455
 456         Match match = flowBuilder.getMatch();
 457         EthernetMatch ethMatch = match.getEthernetMatch();
 458         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 459
 460         Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
 461         TcpMatch layer4Match=(TcpMatch) match.getLayer4Match();
 462         int port=portSecurityRule.getSecurityRulePortMin();
 463         String expectedFlowId1 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_1 +
 464                 "_Permit";
 465         String expectedFlowId2 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_2 +
 466                 "_Permit";
 467         String actualFlowId = flowBuilder.getFlowName();
 468         if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 469             Assert.assertTrue(true);
 470         } else {
 471             Assert.assertTrue(false);
 472         }
 473     }
 474
 475     /**
 476      *  Test TCP add with port range (All TCP) and CIDR selected.
 477      */
 478     @Test
 479     public void testProgramPortSecurityACLRuleAddTcpAll1() throws Exception {
 480         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 481         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
 482         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
 483         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 484         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 485                                              any(NodeBuilder.class));
 486         egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 487                                                      PORT_UUID, true);
 488
 489         Match match = flowBuilder.getMatch();
 490         Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
 491         TcpMatch layer4Match=(TcpMatch) match.getLayer4Match();
 492         EthernetMatch ethMatch = match.getEthernetMatch();
 493         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 494     }
 495
 496     /**
 497      *  Test TCP remove with port range (All TCP) and CIDR selected.
 498      */
 499     @Test
 500     public void testProgramPortSecurityACLRuleRemoveTcpAll1() throws Exception {
 501         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 502         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
 503         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
 504         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 505         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 506                                              any(NodeBuilder.class));
 507
 508         egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 509                                                      PORT_UUID, false);
 510
 511         Match match = flowBuilder.getMatch();
 512         EthernetMatch ethMatch = match.getEthernetMatch();
 513         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 514
 515         Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
 516         Assert.assertEquals("Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
 517                             PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
 518     }
 519
 520     /**
 521      *  Test TCP add with port range (All TCP) and remote SG selected.
 522      */
 523     @Test
 524     public void testProgramPortSecurityACLRuleAddTcpAll2() throws Exception {
 525         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 526         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
 527         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
 528         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 529         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 530                                              any(NodeBuilder.class));
 531         egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 532                                                      PORT_UUID, true);
 533
 534         Match match = flowBuilder.getMatch();
 535         EthernetMatch ethMatch = match.getEthernetMatch();
 536         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 537
 538         Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
 539         String expectedFlowId1 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
 540                                 PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
 541         String expectedFlowId2 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
 542                                 PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
 543         String actualFlowId = flowBuilder.getFlowName();
 544         if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 545             Assert.assertTrue(true);
 546         } else {
 547             Assert.assertTrue(false);
 548         }
 549     }
 550
 551     /**
 552      *  Test TCP remove with port range (All TCP) and remote SG selected.
 553      */
 554     @Test
 555     public void testProgramPortSecurityACLRuleRemoveTcpAll2() throws Exception {
 556         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 557         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
 558         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
 559         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 560         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 561                                              any(NodeBuilder.class));
 562
 563         egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 564                                                      PORT_UUID, false);
 565
 566         Match match = flowBuilder.getMatch();
 567         EthernetMatch ethMatch = match.getEthernetMatch();
 568         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 569
 570         Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
 571         String expectedFlowId1 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
 572                                 PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
 573         String expectedFlowId2 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
 574                                 PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
 575         String actualFlowId = flowBuilder.getFlowName();
 576         if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 577             Assert.assertTrue(true);
 578         } else {
 579             Assert.assertTrue(false);
 580         }
 581     }
 582
 583     /**
 584      *  Test UDP add with port no and CIDR selected.
 585      */
 586     @Test
 587     public void testProgramPortSecurityACLRuleAddUdp1() throws Exception {
 588         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
 589         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
 590         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
 591         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 592         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 593                                              any(NodeBuilder.class));
 594         egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 595                                                      PORT_UUID, true);
 596
 597         Match match = flowBuilder.getMatch();
 598         EthernetMatch ethMatch = match.getEthernetMatch();
 599         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 600
 601         Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
 602         UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
 603         Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
 604         int port = portSecurityRule.getSecurityRulePortMin();
 605         Assert.assertEquals("Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
 606                             "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
 607     }
 608
 609     /**
 610      *  Test UDP remove with port no and CIDR selected.
 611      */
 612     @Test
 613     public void testProgramPortSecurityACLRuleRemoveUdp1() throws Exception {
 614         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
 615         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
 616         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
 617         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 618         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 619                                              any(NodeBuilder.class));
 620         egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 621                                                      PORT_UUID, false);
 622
 623         Match match = flowBuilder.getMatch();
 624         EthernetMatch ethMatch = match.getEthernetMatch();
 625         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 626
 627         Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
 628         UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
 629         Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
 630         int port = portSecurityRule.getSecurityRulePortMin();
 631         Assert.assertEquals("Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
 632                             "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
 633     }
 634
 635     /**
 636      *  Test UDP add with port no and remote SG selected.
 637      */
 638     @Test
 639     public void testProgramPortSecurityACLRuleAddUdp2() throws Exception {
 640         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
 641         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
 642         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
 643         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 644         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 645         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 646                                              any(NodeBuilder.class));
 647         egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 648                                                      PORT_UUID, true);
 649
 650         Match match = flowBuilder.getMatch();
 651         EthernetMatch ethMatch = match.getEthernetMatch();
 652         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 653
 654         Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
 655         UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
 656         Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
 657         int port = portSecurityRule.getSecurityRulePortMin();
 658         String expectedFlowId1 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + DEST_IP_1 +
 659                 "_Permit";
 660         String expectedFlowId2 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + DEST_IP_2 +
 661                 "_Permit";
 662         String actualFlowId = flowBuilder.getFlowName();
 663         if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 664             Assert.assertTrue(true);
 665         } else {
 666             Assert.assertTrue(false);
 667         }
 668     }
 669
 670     /**
 671      *  Test UDP remove with port no and remote SG selected.
 672      */
 673     @Test
 674     public void testProgramPortSecurityACLRuleRemoveUdp2() throws Exception {
 675         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
 676         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
 677         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
 678         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 679         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 680         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 681                                              any(NodeBuilder.class));
 682         egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 683                                                      PORT_UUID, false);
 684
 685         Match match = flowBuilder.getMatch();
 686         EthernetMatch ethMatch = match.getEthernetMatch();
 687         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 688
 689         Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
 690         UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
 691         Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
 692         int port = portSecurityRule.getSecurityRulePortMin();
 693         String expectedFlowId1 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + DEST_IP_1 +
 694                 "_Permit";
 695         String expectedFlowId2 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + DEST_IP_2 +
 696                 "_Permit";
 697         String actualFlowId = flowBuilder.getFlowName();
 698         if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 699             Assert.assertTrue(true);
 700         } else {
 701             Assert.assertTrue(false);
 702         }
 703     }
 704
 705
 706     /**
 707      *  Test UDP add with port (All UDP) and CIDR selected.
 708      */
 709     @Test
 710     public void testProgramPortSecurityACLRuleAddUdpAll1() throws Exception {
 711         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
 712         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
 713         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
 714         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 715         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 716                                              any(NodeBuilder.class));
 717         egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 718                                                      PORT_UUID, true);
 719
 720         Match match = flowBuilder.getMatch();
 721         EthernetMatch ethMatch = match.getEthernetMatch();
 722         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 723
 724         Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
 725         Assert.assertEquals("Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
 726                             PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
 727     }
 728
 729     /**
 730      *  Test UDP remove with port (All UDP) and CIDR selected.
 731      */
 732     @Test
 733     public void testProgramPortSecurityACLRuleRemoveUdpAll1() throws Exception {
 734         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
 735         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
 736         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
 737         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 738         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 739                                              any(NodeBuilder.class));
 740         egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 741                                                      PORT_UUID, false);
 742
 743         Match match = flowBuilder.getMatch();
 744         EthernetMatch ethMatch = match.getEthernetMatch();
 745         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 746
 747         Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
 748         Assert.assertEquals("Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
 749                             PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
 750     }
 751
 752     /**
 753      *  Test UDP add with port (All UDP) and remote SG selected.
 754      */
 755     @Test
 756     public void testProgramPortSecurityACLRuleAddUdpAll2() throws Exception {
 757         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
 758         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
 759         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
 760         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 761         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 762                                              any(NodeBuilder.class));
 763         egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 764                                                      PORT_UUID, true);
 765
 766         Match match = flowBuilder.getMatch();
 767         EthernetMatch ethMatch = match.getEthernetMatch();
 768         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 769
 770         Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
 771         String expectedFlowId1 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
 772                                 PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
 773         String expectedFlowId2 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
 774                                 PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
 775         String actualFlowId = flowBuilder.getFlowName();
 776         if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 777             Assert.assertTrue(true);
 778         } else {
 779             Assert.assertTrue(false);
 780         }
 781     }
 782
 783     /**
 784      *  Test UDP remove with port (All UDP) and remote SG selected.
 785      */
 786     @Test
 787     public void testProgramPortSecurityACLRuleRemoveUdpAll2() throws Exception {
 788         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
 789         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
 790         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
 791         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 792         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 793                                              any(NodeBuilder.class));
 794         egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 795                                                      PORT_UUID, false);
 796
 797         Match match = flowBuilder.getMatch();
 798         EthernetMatch ethMatch = match.getEthernetMatch();
 799         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 800
 801         Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
 802         String expectedFlowId1 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
 803                 PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
 804         String expectedFlowId2 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
 805                 PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
 806         String actualFlowId = flowBuilder.getFlowName();
 807         if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 808             Assert.assertTrue(true);
 809         } else {
 810             Assert.assertTrue(false);
 811         }
 812     }
 813
 814     /**
 815      *  Test ICMP add with code, type and CIDR selected.
 816      */
 817     @Test
 818     public void testProgramPortSecurityACLRuleAddIcmp1() throws Exception {
 819         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
 820         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(10);
 821         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(10);
 822         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 823         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 824                                              any(NodeBuilder.class));
 825
 826         egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 827                                                      PORT_UUID, true);
 828
 829         Match match = flowBuilder.getMatch();
 830         Icmpv4Match icmpv4Match = match.getIcmpv4Match();
 831         Assert.assertEquals(10, icmpv4Match.getIcmpv4Type().shortValue());
 832         Assert.assertEquals(10, icmpv4Match.getIcmpv4Code().shortValue());
 833         EthernetMatch ethMatch = match.getEthernetMatch();
 834         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 835         Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
 836         Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
 837         Assert.assertEquals("Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
 838                             "_" + type + "_" + code + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
 839     }
 840
 841     /**
 842      *  Test ICMP remove with code, type and CIDR selected.
 843      */
 844     @Test
 845     public void testProgramPortSecurityACLRuleRemoveIcmp1() throws Exception {
 846         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
 847         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(20);
 848         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(20);
 849         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 850         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 851                                              any(NodeBuilder.class));
 852
 853         egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 854                                                      PORT_UUID, false);
 855
 856         Match match = flowBuilder.getMatch();
 857         Icmpv4Match icmpv4Match = match.getIcmpv4Match();
 858         Assert.assertEquals(20, icmpv4Match.getIcmpv4Type().shortValue());
 859         Assert.assertEquals(20, icmpv4Match.getIcmpv4Code().shortValue());
 860         EthernetMatch ethMatch = match.getEthernetMatch();
 861         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 862         Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
 863         Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
 864         Assert.assertEquals("Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
 865                             "_" + type + "_" + code + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
 866     }
 867
 868     /**
 869      *  Test ICMP add with code, type and remote SG selected.
 870      */
 871     @Test
 872     public void testProgramPortSecurityACLRuleAddIcmp2() throws Exception {
 873         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
 874         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(30);
 875         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(30);
 876         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 877         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 878         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 879                                              any(NodeBuilder.class));
 880
 881         egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 882                                                      PORT_UUID, true);
 883
 884         Match match = flowBuilder.getMatch();
 885         Icmpv4Match icmpv4Match = match.getIcmpv4Match();
 886         Assert.assertEquals(30, icmpv4Match.getIcmpv4Type().shortValue());
 887         Assert.assertEquals(30, icmpv4Match.getIcmpv4Code().shortValue());
 888         EthernetMatch ethMatch = match.getEthernetMatch();
 889         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 890         Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
 891         Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
 892         String expectedFlowId1 = "Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code + "_"
 893                                 + DEST_IP_1 + "_Permit";
 894         String expectedFlowId2 = "Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code + "_"
 895                                 + DEST_IP_2 + "_Permit";
 896         String actualFlowId = flowBuilder.getFlowName();
 897         if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 898             Assert.assertTrue(true);
 899         } else {
 900             Assert.assertTrue(false);
 901         }
 902     }
 903
 904     /**
 905      *  Test ICMP remove with code, type and remote SG selected.
 906      */
 907     @Test
 908     public void testProgramPortSecurityACLRuleRemoveIcmp2() throws Exception {
 909         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
 910         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(40);
 911         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(40);
 912         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 913         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 914                                              any(NodeBuilder.class));
 915
 916         egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 917                                                      PORT_UUID, false);
 918
 919         Match match = flowBuilder.getMatch();
 920         Icmpv4Match icmpv4Match = match.getIcmpv4Match();
 921         Assert.assertEquals(40, icmpv4Match.getIcmpv4Type().shortValue());
 922         Assert.assertEquals(40, icmpv4Match.getIcmpv4Code().shortValue());
 923         EthernetMatch ethMatch = match.getEthernetMatch();
 924         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 925         Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
 926         Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
 927         String expectedFlowId1 = "Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code + "_"
 928                                 + DEST_IP_1 + "_Permit";
 929         String expectedFlowId2 = "Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code + "_"
 930                                 + DEST_IP_2 + "_Permit";
 931         String actualFlowId = flowBuilder.getFlowName();
 932         if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 933             Assert.assertTrue(true);
 934         } else {
 935             Assert.assertTrue(false);
 936         }
 937     }
 938
 939     /**
 940      *  Test IPv4 invalid ether type test case.
 941      */
 942     @Test
 943     public void testProgramPortSecurityACLRuleInvalidEther() throws Exception {
 944         when(portSecurityRule.getSecurityRuleEthertype()).thenReturn("IPV6");
 945
 946         egressAclServiceSpy.programPortSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,PORT_UUID,false);
 947
 948         verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 949         verify(writeTransaction, times(0)).submit();
 950         verify(commitFuture, times(0)).get();
 951     }
 952
 953     /**
 954      *  Test IPv4 invalid direction type test case.
 955      */
 956     @Test
 957     public void testProgramPortSecurityACLRuleInvalidDirection() throws Exception {
 958         when(portSecurityRule.getSecurityRuleDirection()).thenReturn("ingress");
 959
 960         egressAclServiceSpy.programPortSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,PORT_UUID,false);
 961
 962         verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 963         verify(writeTransaction, times(0)).submit();
 964         verify(commitFuture, times(0)).get();
 965     }
 966
 967     /**
 968      *  Test With isLastPortInBridge false isComputeNode false
 969      */
 970     @Test
 971     public void testProgramFixedSecurityACLAdd1() throws Exception {
 972         egressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, false, false, true);
 973
 974         verify(writeTransaction, times(0)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
 975         verify(writeTransaction, times(0)).submit();
 976         verify(commitFuture, times(0)).get();
 977     }
 978     /**
 979      *  Test With isLastPortInBridge false isComputeNode false
 980      */
 981     @Test
 982     public void testProgramFixedSecurityACLRemove1() throws Exception {
 983
 984         egressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, false, false, false);
 985
 986         verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 987         verify(writeTransaction, times(0)).submit();
 988         verify(commitFuture, times(0)).get();
 989     }
 990
 991     /**
 992      *  Test With isLastPortInBridge false isComputeNode true
 993      */
 994     @Test
 995     public void testProgramFixedSecurityACLAdd2() throws Exception {
 996
 997         egressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, false, true, true);
 998
 999         verify(writeTransaction, times(6)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
1000         verify(writeTransaction, times(3)).submit();
1001         verify(commitFuture, times(3)).get();
1002     }
1003
1004     /**
1005      *  Test With isLastPortInBridge false isComputeNode true
1006      */
1007     @Test
1008     public void testProgramFixedSecurityACLRemove2() throws Exception {
1009
1010         egressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, false, true, false);
1011
1012         verify(writeTransaction, times(3)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1013         verify(writeTransaction, times(3)).submit();
1014         verify(commitFuture, times(3)).get();
1015     }
1016
1017     /**
1018      *  Test With isLastPortInBridge true isComputeNode false
1019      */
1020     @Test
1021     public void testProgramFixedSecurityACLAdd3() throws Exception {
1022
1023         egressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, true, false, true);
1024
1025         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
1026         verify(writeTransaction, times(1)).submit();
1027         verify(commitFuture, times(1)).get();
1028     }
1029
1030     /**
1031      *  Test With isLastPortInBridge true isComputeNode false
1032      */
1033     @Test
1034     public void testProgramFixedSecurityACLRemove3() throws Exception {
1035
1036         egressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, true, false, false);
1037
1038         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1039         verify(writeTransaction, times(1)).submit();
1040         verify(commitFuture, times(1)).get();
1041     }
1042
1043     /**
1044      *  Test With isLastPortInBridge true isComputeNode true
1045      */
1046     @Test
1047     public void testProgramFixedSecurityACLAdd4() throws Exception {
1048
1049         egressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, true, true, true);
1050
1051         verify(writeTransaction, times(8)).put(any(LogicalDatastoreType.class),
1052                                                any(InstanceIdentifier.class), any(Node.class), eq(true));
1053         verify(writeTransaction, times(4)).submit();
1054         verify(commitFuture, times(4)).get();
1055     }
1056
1057     /**
1058      *  Test With isLastPortInBridge true isComputeNode true
1059      */
1060     @Test
1061     public void testProgramFixedSecurityACLRemove4() throws Exception {
1062
1063         egressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, true, true, false);
1064
1065         verify(writeTransaction, times(4)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1066         verify(writeTransaction, times(4)).submit();
1067         verify(commitFuture, times(4)).get();
1068     }
1069
1070     /**
1071      * Test method {@link EgressAclService#egressACLTcpPortWithPrefix(Long, String, String, boolean, Integer, String, Integer)}
1072      */
1073     @Test
1074     public void testEgressACLTcpPortWithPrefix() throws Exception {
1075         egressAclService.egressACLTcpPortWithPrefix(123L, "2", MAC_ADDRESS, true, 1, HOST_ADDRESS, 1);
1076         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
1077         verify(writeTransaction, times(1)).submit();
1078         verify(commitFuture, times(1)).get();
1079
1080         egressAclService.egressACLTcpPortWithPrefix(123L, "2", MAC_ADDRESS, false, 1, HOST_ADDRESS, 1);
1081         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1082         verify(writeTransaction, times(2)).submit();
1083         verify(commitFuture, times(2)).get(); // 1 + 1 above
1084     }
1085
1086     /**
1087      * Test method {@link EgressAclService#egressAllowProto(Long, String, String, boolean, String, Integer)}
1088      */
1089     @Test
1090     public void testEgressAllowProto() throws Exception {
1091         egressAclService.egressAllowProto(123L, "2", MAC_ADDRESS, true, HOST_ADDRESS, 1);
1092         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
1093         verify(writeTransaction, times(1)).submit();
1094         verify(commitFuture, times(1)).get();
1095
1096         egressAclService.egressAllowProto(123L, "2", MAC_ADDRESS, false, HOST_ADDRESS, 1);
1097         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1098         verify(writeTransaction, times(2)).submit();
1099         verify(commitFuture, times(2)).get(); // 1 + 1 above
1100     }
1101
1102     /**
1103      * Test method {@link EgressAclService#egressACLPermitAllProto(Long, String, String, boolean, String, Integer)}
1104      */
1105     @Test
1106     public void testEgressACLPermitAllProto() throws Exception {
1107         egressAclService.egressACLPermitAllProto(123L, "2", MAC_ADDRESS, true, HOST_ADDRESS, 1);
1108         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
1109         verify(writeTransaction, times(1)).submit();
1110         verify(commitFuture, times(1)).get();
1111
1112         egressAclService.egressACLPermitAllProto(123L, "2", MAC_ADDRESS, false, HOST_ADDRESS, 1);
1113         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1114         verify(writeTransaction, times(2)).submit();
1115         verify(commitFuture, times(2)).get(); // 1 + 1 above
1116     }
1117
1118     /**
1119      * Test method {@link EgressAclService#egressACLTcpSyn(Long, String, String, boolean, Integer, Integer)}
1120      */
1121     @Test
1122     public void testEgressACLTcpSyn() throws Exception {
1123         egressAclService.egressACLTcpSyn(123L, "2", MAC_ADDRESS, true, 1, 1);
1124         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
1125         verify(writeTransaction, times(1)).submit();
1126         verify(commitFuture, times(1)).get();
1127
1128         egressAclService.egressACLTcpSyn(123L, "2", MAC_ADDRESS, false, 1, 1);
1129         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1130         verify(writeTransaction, times(2)).submit();
1131         verify(commitFuture, times(2)).get(); // 1 + 1 above
1132     }
1133 }