2 * Copyright (c) 2015 Inocybe and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
9 package org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.services;
11 import static org.mockito.Matchers.any;
12 import static org.mockito.Matchers.anyBoolean;
13 import static org.mockito.Matchers.eq;
14 import static org.mockito.Mockito.mock;
15 import static org.mockito.Mockito.times;
16 import static org.mockito.Mockito.verify;
17 import static org.mockito.Mockito.when;
19 import java.util.ArrayList;
20 import java.util.List;
22 import org.junit.Assert;
23 import org.junit.Before;
24 import org.junit.Test;
25 import org.junit.runner.RunWith;
26 import org.mockito.InjectMocks;
27 import org.mockito.Mock;
28 import org.mockito.invocation.InvocationOnMock;
29 import org.mockito.stubbing.Answer;
30 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
31 import org.opendaylight.controller.md.sal.binding.api.WriteTransaction;
32 import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
33 import org.opendaylight.controller.md.sal.common.api.data.TransactionCommitFailedException;
34 import org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronSecurityGroup;
35 import org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronSecurityRule;
36 import org.opendaylight.ovsdb.openstack.netvirt.translator.Neutron_IPs;
37 import org.opendaylight.ovsdb.openstack.netvirt.api.SecurityGroupCacheManger;
38 import org.opendaylight.ovsdb.openstack.netvirt.api.SecurityServicesManager;
39 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.PipelineOrchestrator;
40 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.Service;
41 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.inventory.rev130819.tables.table.FlowBuilder;
42 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.nodes.Node;
43 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.nodes.NodeBuilder;
44 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.Match;
45 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.EthernetMatch;
46 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.Icmpv4Match;
47 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._4.match.TcpMatch;
48 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._4.match.UdpMatch;
49 import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
50 import org.powermock.api.mockito.PowerMockito;
51 import org.powermock.modules.junit4.PowerMockRunner;
53 import com.google.common.util.concurrent.CheckedFuture;
55 * Unit test for {@link EgressAclService}
57 @RunWith(PowerMockRunner.class)
58 @SuppressWarnings("unchecked")
59 public class EgressAclServiceTest {
61 @InjectMocks private EgressAclService egressAclService = new EgressAclService();
62 private EgressAclService egressAclServiceSpy;
64 @Mock private DataBroker dataBroker;
65 @Mock private PipelineOrchestrator orchestrator;
67 @Mock private WriteTransaction writeTransaction;
68 @Mock private CheckedFuture<Void, TransactionCommitFailedException> commitFuture;
70 @Mock private NeutronSecurityGroup securityGroup;
71 @Mock private NeutronSecurityRule portSecurityRule;
73 @Mock private SecurityServicesManager securityServices;
74 @Mock private SecurityGroupCacheManger securityGroupCacheManger;
76 private Neutron_IPs neutron_ip_src;
77 private Neutron_IPs neutron_ip_dest_1;
78 private Neutron_IPs neutron_ip_dest_2;
79 private List<Neutron_IPs> neutronSrcIpList = new ArrayList<>();
80 private List<Neutron_IPs> neutronDestIpList = new ArrayList<>();
81 private static final String HOST_ADDRESS = "127.0.0.1/32";
82 private static final String MAC_ADDRESS = "87:1D:5E:02:40:B7";
83 private static final String SRC_IP = "192.168.0.1";
84 private static final String DEST_IP_1 = "192.169.0.1";
85 private static final String DEST_IP_2 = "192.169.0.2";
86 private static final String DEST_IP_1_WITH_MASK = "192.169.0.1/32";
87 private static final String DEST_IP_2_WITH_MASK = "192.169.0.2/32";
88 private static final String SECURITY_GROUP_UUID = "85cc3048-abc3-43cc-89b3-377341426ac5";
89 private static final String PORT_UUID = "95cc3048-abc3-43cc-89b3-377341426ac5";
90 private static final String SEGMENT_ID = "2";
91 private static final Long DP_ID_LONG = (long) 1554;
92 private static final Long LOCAL_PORT = (long) 124;
93 private static final int PORT_RANGE_MIN = 1;
94 private static final int PORT_RANGE_MAX = 65535;
95 private static FlowBuilder flowBuilder;
96 private static NodeBuilder nodeBuilder;
98 private static Answer<Object> answer() {
99 return new Answer<Object>() {
101 public CheckedFuture<Void, TransactionCommitFailedException> answer(InvocationOnMock invocation)
103 flowBuilder = (FlowBuilder) invocation.getArguments()[0];
104 nodeBuilder = (NodeBuilder) invocation.getArguments()[1];
111 public void setUp() {
112 egressAclServiceSpy = PowerMockito.spy(egressAclService);
114 when(writeTransaction.submit()).thenReturn(commitFuture);
116 when(dataBroker.newWriteOnlyTransaction()).thenReturn(writeTransaction);
118 when(orchestrator.getNextServiceInPipeline(any(Service.class))).thenReturn(Service.ARP_RESPONDER);
120 portSecurityRule = mock(NeutronSecurityRule.class);
122 when(portSecurityRule.getSecurityRuleEthertype()).thenReturn("IPv4");
123 when(portSecurityRule.getSecurityRuleDirection()).thenReturn("egress");
125 List<NeutronSecurityRule> portSecurityList = new ArrayList<>();
126 portSecurityList.add(portSecurityRule);
128 neutron_ip_src = new Neutron_IPs();
129 neutron_ip_src.setIpAddress(SRC_IP);
130 neutronSrcIpList.add(neutron_ip_src);
132 neutron_ip_dest_1 = new Neutron_IPs();
133 neutron_ip_dest_1.setIpAddress(DEST_IP_1);
134 neutronDestIpList.add(neutron_ip_dest_1);
136 neutron_ip_dest_2 = new Neutron_IPs();
137 neutron_ip_dest_2.setIpAddress(DEST_IP_2);
138 neutronDestIpList.add(neutron_ip_dest_2);
140 when(securityGroup.getSecurityRules()).thenReturn(portSecurityList);
141 when(securityServices.getVmListForSecurityGroup(PORT_UUID, SECURITY_GROUP_UUID)).thenReturn(neutronDestIpList);
145 * Rule 1: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (True), IP Prefix (True)
148 public void testProgramPortSecurityACLRule1() throws Exception {
149 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
150 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(1);
151 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
152 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
154 egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
155 verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
156 verify(egressAclServiceSpy, times(1)).egressACLTcpPortWithPrefix(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyString(), anyInt());
157 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
158 verify(writeTransaction, times(2)).submit();
159 verify(commitFuture, times(2)).get();
163 * Rule 2: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (False), IP Prefix (True)
166 public void testProgramPortSecurityACLRule2() throws Exception {
167 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
168 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
169 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
170 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
172 egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
173 verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
174 verify(egressAclServiceSpy, times(1)).egressACLTcpPortWithPrefix(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyString(), anyInt());
175 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
176 verify(writeTransaction, times(2)).submit();
177 verify(commitFuture, times(2)).get();
181 * Rule 3: TCP Proto (True), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (True)
184 public void testProgramPortSecurityACLRule3() throws Exception {
185 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
186 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
187 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
188 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
190 egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
191 verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
192 verify(egressAclServiceSpy, times(1)).egressACLPermitAllProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
193 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
194 verify(writeTransaction, times(2)).submit();
195 verify(commitFuture, times(2)).get();
199 * Rule 4: TCP Proto (False), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (True)
202 public void testProgramPortSecurityACLRule4() throws Exception {
203 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
204 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
205 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
206 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
208 egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
209 verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
210 verify(egressAclServiceSpy, times(1)).egressACLPermitAllProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
211 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
212 verify(writeTransaction, times(2)).submit();
213 verify(commitFuture, times(2)).get();
217 * Rule 5: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (True), IP Prefix (False)
220 public void testProgramPortSecurityACLRule5() throws Exception {
221 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
222 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(1);
223 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
224 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
226 egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
227 verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
228 verify(egressAclServiceSpy, times(1)).egressACLTcpSyn(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyInt());
229 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
230 verify(writeTransaction, times(2)).submit();
231 verify(commitFuture, times(2)).get();
235 * Rule 6: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (False), IP Prefix (False)
238 public void testProgramPortSecurityACLRule6() throws Exception {
239 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
240 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
241 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
242 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
244 egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
245 verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
246 verify(egressAclServiceSpy, times(1)).egressACLTcpSyn(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyInt());
247 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
248 verify(writeTransaction, times(2)).submit();
249 verify(commitFuture, times(2)).get();
253 * Rule 7: TCP Proto (True), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (False or 0.0.0.0/0)
256 public void testProgramPortSecurityACLRule7() throws Exception {
257 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
258 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
259 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
260 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
262 egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
263 verify(egressAclServiceSpy, times(1)).egressAllowProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
264 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
265 verify(writeTransaction, times(1)).submit();
266 verify(commitFuture, times(1)).get();
270 * Test method {@link EgressAclService#programPortSecurityGroup(java.lang.Long, java.lang.String,
271 * java.lang.String, long, org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronSecurityGroup,
272 * java.lang.String, boolean)} when portSecurityRule is incomplete
275 public void testProgramPortSecurityGroupWithIncompleteRule() throws Exception {
276 NeutronSecurityRule portSecurityRule1 = mock(NeutronSecurityRule.class);
277 when(portSecurityRule1.getSecurityRuleEthertype()).thenReturn("IPv4");
278 when(portSecurityRule1.getSecurityRuleDirection()).thenReturn("not_egress"); // other direction
280 NeutronSecurityRule portSecurityRule2 = mock(NeutronSecurityRule.class);
281 when(portSecurityRule2.getSecurityRuleEthertype()).thenReturn(null);
282 when(portSecurityRule2.getSecurityRuleDirection()).thenReturn("egress");
284 NeutronSecurityRule portSecurityRule3 = mock(NeutronSecurityRule.class);
285 when(portSecurityRule3.getSecurityRuleEthertype()).thenReturn("IPv4");
286 when(portSecurityRule3.getSecurityRuleDirection()).thenReturn(null);
288 NeutronSecurityRule portSecurityRule4 = mock(NeutronSecurityRule.class);
289 when(portSecurityRule4.getSecurityRuleEthertype()).thenReturn(null);
290 when(portSecurityRule4.getSecurityRuleDirection()).thenReturn(null);
292 List<NeutronSecurityRule> portSecurityList = new ArrayList<>();
293 portSecurityList.add(null);
294 portSecurityList.add(portSecurityRule1);
295 portSecurityList.add(portSecurityRule2);
296 portSecurityList.add(portSecurityRule3);
297 portSecurityList.add(portSecurityRule4);
299 NeutronSecurityGroup localSecurityGroup = mock(NeutronSecurityGroup.class);
300 when(localSecurityGroup.getSecurityRules()).thenReturn(portSecurityList);
302 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT,
303 localSecurityGroup, PORT_UUID, true);
307 * Test method {@link EgressAclService#egressACLDefaultTcpDrop(Long, String, String, int, boolean)}
310 public void testEgressACLDefaultTcpDrop() throws Exception {
311 egressAclService.egressACLDefaultTcpDrop(123L, "2", MAC_ADDRESS, 1, true);
312 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
313 verify(writeTransaction, times(1)).submit();
314 verify(commitFuture, times(1)).get();
316 egressAclService.egressACLDefaultTcpDrop(123L, "2", MAC_ADDRESS, 1, false);
317 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
318 verify(writeTransaction, times(2)).submit();
319 verify(commitFuture, times(2)).get(); // 1 + 1 above
323 * Test IPv4 add test case.
326 public void testProgramPortSecurityACLRuleAddIpv4() throws Exception {
327 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
328 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
329 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
330 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
332 egressAclServiceSpy.programPortSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,PORT_UUID,true);
334 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
335 verify(writeTransaction, times(1)).submit();
336 verify(commitFuture, times(1)).get();
340 * Test IPv4 remove test case.
343 public void testProgramPortSecurityACLRuleRemoveIpv4() throws Exception {
344 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
345 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
346 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
347 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
349 egressAclServiceSpy.programPortSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,PORT_UUID,false);
350 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
351 verify(writeTransaction, times(1)).submit();
352 verify(commitFuture, times(1)).get();
356 * Test TCP add with port no and CIDR selected.
359 public void testProgramPortSecurityACLRuleAddTcp1() throws Exception {
360 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
361 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(20);
362 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(20);
363 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
364 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
365 any(NodeBuilder.class));
366 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
369 Match match = flowBuilder.getMatch();
370 EthernetMatch ethMatch = match.getEthernetMatch();
371 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
373 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
374 TcpMatch layer4Match=(TcpMatch) match.getLayer4Match();
375 Assert.assertEquals(20, layer4Match.getTcpDestinationPort().getValue().intValue());
376 int port=portSecurityRule.getSecurityRulePortMin();
377 Assert.assertEquals("Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
378 "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
382 * Test TCP remove with port no and CIDR selected.
385 public void testProgramPortSecurityACLRuleRemoveTcp1() throws Exception {
386 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
387 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(30);
388 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(30);
389 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
390 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
391 any(NodeBuilder.class));
393 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
396 Match match = flowBuilder.getMatch();
397 EthernetMatch ethMatch = match.getEthernetMatch();
398 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
400 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
401 TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
402 Assert.assertEquals(30, layer4Match.getTcpDestinationPort().getValue().intValue());
403 int port=portSecurityRule.getSecurityRulePortMin();
404 Assert.assertEquals("Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
405 "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
409 * Test TCP add with port no and remote SG selected.
412 public void testProgramPortSecurityACLRuleAddTcp2() throws Exception {
413 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
414 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(40);
415 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(40);
416 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
417 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
418 any(NodeBuilder.class));
419 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
422 Match match = flowBuilder.getMatch();
423 EthernetMatch ethMatch = match.getEthernetMatch();
424 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
426 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
427 TcpMatch layer4Match=(TcpMatch) match.getLayer4Match();
428 int port=portSecurityRule.getSecurityRulePortMin();
429 String expectedFlowId1 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + DEST_IP_1 +
431 String expectedFlowId2 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + DEST_IP_2 +
433 String actualFlowId = flowBuilder.getFlowName();
434 if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
435 Assert.assertTrue(true);
437 Assert.assertTrue(false);
442 * Test TCP remove with port no and remote SG selected.
445 public void testProgramPortSecurityACLRuleRemoveTcp2() throws Exception {
446 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
447 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
448 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
449 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
450 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
451 any(NodeBuilder.class));
453 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
456 Match match = flowBuilder.getMatch();
457 EthernetMatch ethMatch = match.getEthernetMatch();
458 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
460 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
461 TcpMatch layer4Match=(TcpMatch) match.getLayer4Match();
462 int port=portSecurityRule.getSecurityRulePortMin();
463 String expectedFlowId1 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_1 +
465 String expectedFlowId2 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_2 +
467 String actualFlowId = flowBuilder.getFlowName();
468 if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
469 Assert.assertTrue(true);
471 Assert.assertTrue(false);
476 * Test TCP add with port range (All TCP) and CIDR selected.
479 public void testProgramPortSecurityACLRuleAddTcpAll1() throws Exception {
480 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
481 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
482 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
483 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
484 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
485 any(NodeBuilder.class));
486 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
489 Match match = flowBuilder.getMatch();
490 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
491 TcpMatch layer4Match=(TcpMatch) match.getLayer4Match();
492 EthernetMatch ethMatch = match.getEthernetMatch();
493 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
497 * Test TCP remove with port range (All TCP) and CIDR selected.
500 public void testProgramPortSecurityACLRuleRemoveTcpAll1() throws Exception {
501 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
502 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
503 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
504 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
505 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
506 any(NodeBuilder.class));
508 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
511 Match match = flowBuilder.getMatch();
512 EthernetMatch ethMatch = match.getEthernetMatch();
513 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
515 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
516 Assert.assertEquals("Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
517 PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
521 * Test TCP add with port range (All TCP) and remote SG selected.
524 public void testProgramPortSecurityACLRuleAddTcpAll2() throws Exception {
525 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
526 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
527 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
528 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
529 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
530 any(NodeBuilder.class));
531 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
534 Match match = flowBuilder.getMatch();
535 EthernetMatch ethMatch = match.getEthernetMatch();
536 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
538 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
539 String expectedFlowId1 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
540 PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
541 String expectedFlowId2 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
542 PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
543 String actualFlowId = flowBuilder.getFlowName();
544 if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
545 Assert.assertTrue(true);
547 Assert.assertTrue(false);
552 * Test TCP remove with port range (All TCP) and remote SG selected.
555 public void testProgramPortSecurityACLRuleRemoveTcpAll2() throws Exception {
556 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
557 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
558 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
559 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
560 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
561 any(NodeBuilder.class));
563 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
566 Match match = flowBuilder.getMatch();
567 EthernetMatch ethMatch = match.getEthernetMatch();
568 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
570 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
571 String expectedFlowId1 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
572 PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
573 String expectedFlowId2 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
574 PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
575 String actualFlowId = flowBuilder.getFlowName();
576 if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
577 Assert.assertTrue(true);
579 Assert.assertTrue(false);
584 * Test UDP add with port no and CIDR selected.
587 public void testProgramPortSecurityACLRuleAddUdp1() throws Exception {
588 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
589 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
590 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
591 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
592 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
593 any(NodeBuilder.class));
594 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
597 Match match = flowBuilder.getMatch();
598 EthernetMatch ethMatch = match.getEthernetMatch();
599 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
601 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
602 UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
603 Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
604 int port = portSecurityRule.getSecurityRulePortMin();
605 Assert.assertEquals("Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
606 "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
610 * Test UDP remove with port no and CIDR selected.
613 public void testProgramPortSecurityACLRuleRemoveUdp1() throws Exception {
614 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
615 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
616 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
617 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
618 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
619 any(NodeBuilder.class));
620 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
623 Match match = flowBuilder.getMatch();
624 EthernetMatch ethMatch = match.getEthernetMatch();
625 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
627 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
628 UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
629 Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
630 int port = portSecurityRule.getSecurityRulePortMin();
631 Assert.assertEquals("Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
632 "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
636 * Test UDP add with port no and remote SG selected.
639 public void testProgramPortSecurityACLRuleAddUdp2() throws Exception {
640 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
641 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
642 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
643 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
644 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
645 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
646 any(NodeBuilder.class));
647 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
650 Match match = flowBuilder.getMatch();
651 EthernetMatch ethMatch = match.getEthernetMatch();
652 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
654 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
655 UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
656 Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
657 int port = portSecurityRule.getSecurityRulePortMin();
658 String expectedFlowId1 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + DEST_IP_1 +
660 String expectedFlowId2 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + DEST_IP_2 +
662 String actualFlowId = flowBuilder.getFlowName();
663 if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
664 Assert.assertTrue(true);
666 Assert.assertTrue(false);
671 * Test UDP remove with port no and remote SG selected.
674 public void testProgramPortSecurityACLRuleRemoveUdp2() throws Exception {
675 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
676 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
677 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
678 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
679 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
680 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
681 any(NodeBuilder.class));
682 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
685 Match match = flowBuilder.getMatch();
686 EthernetMatch ethMatch = match.getEthernetMatch();
687 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
689 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
690 UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
691 Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
692 int port = portSecurityRule.getSecurityRulePortMin();
693 String expectedFlowId1 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + DEST_IP_1 +
695 String expectedFlowId2 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + DEST_IP_2 +
697 String actualFlowId = flowBuilder.getFlowName();
698 if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
699 Assert.assertTrue(true);
701 Assert.assertTrue(false);
707 * Test UDP add with port (All UDP) and CIDR selected.
710 public void testProgramPortSecurityACLRuleAddUdpAll1() throws Exception {
711 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
712 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
713 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
714 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
715 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
716 any(NodeBuilder.class));
717 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
720 Match match = flowBuilder.getMatch();
721 EthernetMatch ethMatch = match.getEthernetMatch();
722 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
724 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
725 Assert.assertEquals("Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
726 PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
730 * Test UDP remove with port (All UDP) and CIDR selected.
733 public void testProgramPortSecurityACLRuleRemoveUdpAll1() throws Exception {
734 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
735 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
736 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
737 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
738 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
739 any(NodeBuilder.class));
740 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
743 Match match = flowBuilder.getMatch();
744 EthernetMatch ethMatch = match.getEthernetMatch();
745 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
747 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
748 Assert.assertEquals("Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
749 PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
753 * Test UDP add with port (All UDP) and remote SG selected.
756 public void testProgramPortSecurityACLRuleAddUdpAll2() throws Exception {
757 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
758 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
759 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
760 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
761 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
762 any(NodeBuilder.class));
763 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
766 Match match = flowBuilder.getMatch();
767 EthernetMatch ethMatch = match.getEthernetMatch();
768 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
770 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
771 String expectedFlowId1 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
772 PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
773 String expectedFlowId2 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
774 PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
775 String actualFlowId = flowBuilder.getFlowName();
776 if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
777 Assert.assertTrue(true);
779 Assert.assertTrue(false);
784 * Test UDP remove with port (All UDP) and remote SG selected.
787 public void testProgramPortSecurityACLRuleRemoveUdpAll2() throws Exception {
788 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
789 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
790 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
791 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
792 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
793 any(NodeBuilder.class));
794 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
797 Match match = flowBuilder.getMatch();
798 EthernetMatch ethMatch = match.getEthernetMatch();
799 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
801 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
802 String expectedFlowId1 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
803 PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
804 String expectedFlowId2 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
805 PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
806 String actualFlowId = flowBuilder.getFlowName();
807 if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
808 Assert.assertTrue(true);
810 Assert.assertTrue(false);
815 * Test ICMP add with code, type and CIDR selected.
818 public void testProgramPortSecurityACLRuleAddIcmp1() throws Exception {
819 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
820 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(10);
821 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(10);
822 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
823 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
824 any(NodeBuilder.class));
826 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
829 Match match = flowBuilder.getMatch();
830 Icmpv4Match icmpv4Match = match.getIcmpv4Match();
831 Assert.assertEquals(10, icmpv4Match.getIcmpv4Type().shortValue());
832 Assert.assertEquals(10, icmpv4Match.getIcmpv4Code().shortValue());
833 EthernetMatch ethMatch = match.getEthernetMatch();
834 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
835 Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
836 Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
837 Assert.assertEquals("Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
838 "_" + type + "_" + code + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
842 * Test ICMP remove with code, type and CIDR selected.
845 public void testProgramPortSecurityACLRuleRemoveIcmp1() throws Exception {
846 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
847 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(20);
848 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(20);
849 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
850 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
851 any(NodeBuilder.class));
853 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
856 Match match = flowBuilder.getMatch();
857 Icmpv4Match icmpv4Match = match.getIcmpv4Match();
858 Assert.assertEquals(20, icmpv4Match.getIcmpv4Type().shortValue());
859 Assert.assertEquals(20, icmpv4Match.getIcmpv4Code().shortValue());
860 EthernetMatch ethMatch = match.getEthernetMatch();
861 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
862 Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
863 Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
864 Assert.assertEquals("Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
865 "_" + type + "_" + code + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
869 * Test ICMP add with code, type and remote SG selected.
872 public void testProgramPortSecurityACLRuleAddIcmp2() throws Exception {
873 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
874 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(30);
875 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(30);
876 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
877 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
878 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
879 any(NodeBuilder.class));
881 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
884 Match match = flowBuilder.getMatch();
885 Icmpv4Match icmpv4Match = match.getIcmpv4Match();
886 Assert.assertEquals(30, icmpv4Match.getIcmpv4Type().shortValue());
887 Assert.assertEquals(30, icmpv4Match.getIcmpv4Code().shortValue());
888 EthernetMatch ethMatch = match.getEthernetMatch();
889 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
890 Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
891 Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
892 String expectedFlowId1 = "Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code + "_"
893 + DEST_IP_1 + "_Permit";
894 String expectedFlowId2 = "Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code + "_"
895 + DEST_IP_2 + "_Permit";
896 String actualFlowId = flowBuilder.getFlowName();
897 if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
898 Assert.assertTrue(true);
900 Assert.assertTrue(false);
905 * Test ICMP remove with code, type and remote SG selected.
908 public void testProgramPortSecurityACLRuleRemoveIcmp2() throws Exception {
909 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
910 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(40);
911 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(40);
912 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
913 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
914 any(NodeBuilder.class));
916 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
919 Match match = flowBuilder.getMatch();
920 Icmpv4Match icmpv4Match = match.getIcmpv4Match();
921 Assert.assertEquals(40, icmpv4Match.getIcmpv4Type().shortValue());
922 Assert.assertEquals(40, icmpv4Match.getIcmpv4Code().shortValue());
923 EthernetMatch ethMatch = match.getEthernetMatch();
924 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
925 Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
926 Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
927 String expectedFlowId1 = "Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code + "_"
928 + DEST_IP_1 + "_Permit";
929 String expectedFlowId2 = "Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code + "_"
930 + DEST_IP_2 + "_Permit";
931 String actualFlowId = flowBuilder.getFlowName();
932 if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
933 Assert.assertTrue(true);
935 Assert.assertTrue(false);
940 * Test IPv4 invalid ether type test case.
943 public void testProgramPortSecurityACLRuleInvalidEther() throws Exception {
944 when(portSecurityRule.getSecurityRuleEthertype()).thenReturn("IPV6");
946 egressAclServiceSpy.programPortSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,PORT_UUID,false);
948 verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
949 verify(writeTransaction, times(0)).submit();
950 verify(commitFuture, times(0)).get();
954 * Test IPv4 invalid direction type test case.
957 public void testProgramPortSecurityACLRuleInvalidDirection() throws Exception {
958 when(portSecurityRule.getSecurityRuleDirection()).thenReturn("ingress");
960 egressAclServiceSpy.programPortSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,PORT_UUID,false);
962 verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
963 verify(writeTransaction, times(0)).submit();
964 verify(commitFuture, times(0)).get();
968 * Test With isLastPortInBridge false isComputeNode false
971 public void testProgramFixedSecurityACLAdd1() throws Exception {
972 egressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, false, false, true);
974 verify(writeTransaction, times(0)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
975 verify(writeTransaction, times(0)).submit();
976 verify(commitFuture, times(0)).get();
979 * Test With isLastPortInBridge false isComputeNode false
982 public void testProgramFixedSecurityACLRemove1() throws Exception {
984 egressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, false, false, false);
986 verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
987 verify(writeTransaction, times(0)).submit();
988 verify(commitFuture, times(0)).get();
992 * Test With isLastPortInBridge false isComputeNode true
995 public void testProgramFixedSecurityACLAdd2() throws Exception {
997 egressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, false, true, true);
999 verify(writeTransaction, times(6)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
1000 verify(writeTransaction, times(3)).submit();
1001 verify(commitFuture, times(3)).get();
1005 * Test With isLastPortInBridge false isComputeNode true
1008 public void testProgramFixedSecurityACLRemove2() throws Exception {
1010 egressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, false, true, false);
1012 verify(writeTransaction, times(3)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1013 verify(writeTransaction, times(3)).submit();
1014 verify(commitFuture, times(3)).get();
1018 * Test With isLastPortInBridge true isComputeNode false
1021 public void testProgramFixedSecurityACLAdd3() throws Exception {
1023 egressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, true, false, true);
1025 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
1026 verify(writeTransaction, times(1)).submit();
1027 verify(commitFuture, times(1)).get();
1031 * Test With isLastPortInBridge true isComputeNode false
1034 public void testProgramFixedSecurityACLRemove3() throws Exception {
1036 egressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, true, false, false);
1038 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1039 verify(writeTransaction, times(1)).submit();
1040 verify(commitFuture, times(1)).get();
1044 * Test With isLastPortInBridge true isComputeNode true
1047 public void testProgramFixedSecurityACLAdd4() throws Exception {
1049 egressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, true, true, true);
1051 verify(writeTransaction, times(8)).put(any(LogicalDatastoreType.class),
1052 any(InstanceIdentifier.class), any(Node.class), eq(true));
1053 verify(writeTransaction, times(4)).submit();
1054 verify(commitFuture, times(4)).get();
1058 * Test With isLastPortInBridge true isComputeNode true
1061 public void testProgramFixedSecurityACLRemove4() throws Exception {
1063 egressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, true, true, false);
1065 verify(writeTransaction, times(4)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1066 verify(writeTransaction, times(4)).submit();
1067 verify(commitFuture, times(4)).get();
1071 * Test method {@link EgressAclService#egressACLTcpPortWithPrefix(Long, String, String, boolean, Integer, String, Integer)}
1074 public void testEgressACLTcpPortWithPrefix() throws Exception {
1075 egressAclService.egressACLTcpPortWithPrefix(123L, "2", MAC_ADDRESS, true, 1, HOST_ADDRESS, 1);
1076 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
1077 verify(writeTransaction, times(1)).submit();
1078 verify(commitFuture, times(1)).get();
1080 egressAclService.egressACLTcpPortWithPrefix(123L, "2", MAC_ADDRESS, false, 1, HOST_ADDRESS, 1);
1081 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1082 verify(writeTransaction, times(2)).submit();
1083 verify(commitFuture, times(2)).get(); // 1 + 1 above
1087 * Test method {@link EgressAclService#egressAllowProto(Long, String, String, boolean, String, Integer)}
1090 public void testEgressAllowProto() throws Exception {
1091 egressAclService.egressAllowProto(123L, "2", MAC_ADDRESS, true, HOST_ADDRESS, 1);
1092 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
1093 verify(writeTransaction, times(1)).submit();
1094 verify(commitFuture, times(1)).get();
1096 egressAclService.egressAllowProto(123L, "2", MAC_ADDRESS, false, HOST_ADDRESS, 1);
1097 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1098 verify(writeTransaction, times(2)).submit();
1099 verify(commitFuture, times(2)).get(); // 1 + 1 above
1103 * Test method {@link EgressAclService#egressACLPermitAllProto(Long, String, String, boolean, String, Integer)}
1106 public void testEgressACLPermitAllProto() throws Exception {
1107 egressAclService.egressACLPermitAllProto(123L, "2", MAC_ADDRESS, true, HOST_ADDRESS, 1);
1108 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
1109 verify(writeTransaction, times(1)).submit();
1110 verify(commitFuture, times(1)).get();
1112 egressAclService.egressACLPermitAllProto(123L, "2", MAC_ADDRESS, false, HOST_ADDRESS, 1);
1113 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1114 verify(writeTransaction, times(2)).submit();
1115 verify(commitFuture, times(2)).get(); // 1 + 1 above
1119 * Test method {@link EgressAclService#egressACLTcpSyn(Long, String, String, boolean, Integer, Integer)}
1122 public void testEgressACLTcpSyn() throws Exception {
1123 egressAclService.egressACLTcpSyn(123L, "2", MAC_ADDRESS, true, 1, 1);
1124 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
1125 verify(writeTransaction, times(1)).submit();
1126 verify(commitFuture, times(1)).get();
1128 egressAclService.egressACLTcpSyn(123L, "2", MAC_ADDRESS, false, 1, 1);
1129 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1130 verify(writeTransaction, times(2)).submit();
1131 verify(commitFuture, times(2)).get(); // 1 + 1 above