openstack/net-virt-providers/src/test/java/org/opendaylight/ovsdb/openstack/netvirt/providers/openflow13/services/EgressAclServiceTest.java

   1 /*
   2  * Copyright (c) 2015 Inocybe and others.  All rights reserved.
   3  *
   4  * This program and the accompanying materials are made available under the
   5  * terms of the Eclipse Public License v1.0 which accompanies this distribution,
   6  * and is available at http://www.eclipse.org/legal/epl-v10.html
   7  */
   8
   9 package org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.services;
  10
  11 import static org.mockito.Matchers.any;
  12 import static org.mockito.Matchers.anyBoolean;
  13 import static org.mockito.Matchers.eq;
  14 import static org.mockito.Mockito.mock;
  15 import static org.mockito.Mockito.times;
  16 import static org.mockito.Mockito.verify;
  17 import static org.mockito.Mockito.when;
  18
  19 import java.util.ArrayList;
  20 import java.util.List;
  21
  22 import org.junit.Assert;
  23 import org.junit.Before;
  24 import org.junit.Test;
  25 import org.junit.runner.RunWith;
  26 import org.mockito.InjectMocks;
  27 import org.mockito.Mock;
  28 import org.mockito.invocation.InvocationOnMock;
  29 import org.mockito.stubbing.Answer;
  30 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
  31 import org.opendaylight.controller.md.sal.binding.api.WriteTransaction;
  32 import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
  33 import org.opendaylight.controller.md.sal.common.api.data.TransactionCommitFailedException;
  34 import org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronSecurityGroup;
  35 import org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronSecurityRule;
  36 import org.opendaylight.ovsdb.openstack.netvirt.translator.Neutron_IPs;
  37 import org.opendaylight.ovsdb.openstack.netvirt.api.Constants;
  38 import org.opendaylight.ovsdb.openstack.netvirt.api.SecurityGroupCacheManger;
  39 import org.opendaylight.ovsdb.openstack.netvirt.api.SecurityServicesManager;
  40 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.PipelineOrchestrator;
  41 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.Service;
  42 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.inventory.rev130819.tables.table.FlowBuilder;
  43 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.nodes.Node;
  44 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.nodes.NodeBuilder;
  45 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.Match;
  46 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.EthernetMatch;
  47 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.Icmpv4Match;
  48 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._4.match.TcpMatch;
  49 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._4.match.UdpMatch;
  50 import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
  51 import org.powermock.api.mockito.PowerMockito;
  52 import org.powermock.modules.junit4.PowerMockRunner;
  53
  54 import com.google.common.util.concurrent.CheckedFuture;
  55 /**
  56  * Unit test for {@link EgressAclService}
  57  */
  58 @RunWith(PowerMockRunner.class)
  59 @SuppressWarnings("unchecked")
  60 public class EgressAclServiceTest {
  61
  62     @InjectMocks private EgressAclService egressAclService = new EgressAclService();
  63     private EgressAclService egressAclServiceSpy;
  64
  65     @Mock private DataBroker dataBroker;
  66     @Mock private PipelineOrchestrator orchestrator;
  67
  68     @Mock private WriteTransaction writeTransaction;
  69     @Mock private CheckedFuture<Void, TransactionCommitFailedException> commitFuture;
  70
  71     @Mock private NeutronSecurityGroup securityGroup;
  72     @Mock private NeutronSecurityRule portSecurityRule;
  73
  74     @Mock private SecurityServicesManager securityServices;
  75     @Mock private SecurityGroupCacheManger securityGroupCacheManger;
  76
  77     private Neutron_IPs neutron_ip_src;
  78     private Neutron_IPs neutron_ip_dest_1;
  79     private Neutron_IPs neutron_ip_dest_2;
  80     private List<Neutron_IPs> neutronSrcIpList = new ArrayList<Neutron_IPs>();
  81     private List<Neutron_IPs> neutronDestIpList = new ArrayList<Neutron_IPs>();
  82     private static final String HOST_ADDRESS = "127.0.0.1/32";
  83     private static final String MAC_ADDRESS = "87:1D:5E:02:40:B7";
  84     private static final String SRC_IP = "192.168.0.1";
  85     private static final String DEST_IP_1 = "192.169.0.1";
  86     private static final String DEST_IP_2 = "192.169.0.2";
  87     private static final String DEST_IP_1_WITH_MASK = "192.169.0.1/32";
  88     private static final String DEST_IP_2_WITH_MASK = "192.169.0.2/32";
  89     private static final String SECURITY_GROUP_UUID = "85cc3048-abc3-43cc-89b3-377341426ac5";
  90     private static final String PORT_UUID = "95cc3048-abc3-43cc-89b3-377341426ac5";
  91     private static final String SEGMENT_ID = "2";
  92     private static final Long DP_ID_LONG = (long) 1554;
  93     private static final Long LOCAL_PORT = (long) 124;
  94     private static final int PORT_RANGE_MIN = 1;
  95     private static final int PORT_RANGE_MAX = 65535;
  96     private static FlowBuilder flowBuilder;
  97     private static NodeBuilder nodeBuilder;
  98
  99     private static Answer<Object> answer() {
 100         return new Answer<Object>() {
 101             @Override
 102             public CheckedFuture<Void, TransactionCommitFailedException> answer(InvocationOnMock invocation)
 103                     throws Throwable {
 104                 flowBuilder = (FlowBuilder) invocation.getArguments()[0];
 105                 nodeBuilder = (NodeBuilder) invocation.getArguments()[1];
 106                 return null;
 107             }
 108         };
 109     }
 110
 111     @Before
 112     public void setUp() {
 113         egressAclServiceSpy = PowerMockito.spy(egressAclService);
 114
 115         when(writeTransaction.submit()).thenReturn(commitFuture);
 116
 117         when(dataBroker.newWriteOnlyTransaction()).thenReturn(writeTransaction);
 118
 119         when(orchestrator.getNextServiceInPipeline(any(Service.class))).thenReturn(Service.ARP_RESPONDER);
 120
 121         portSecurityRule = mock(NeutronSecurityRule.class);
 122
 123         when(portSecurityRule.getSecurityRuleEthertype()).thenReturn("IPv4");
 124         when(portSecurityRule.getSecurityRuleDirection()).thenReturn("egress");
 125
 126         List<NeutronSecurityRule> portSecurityList = new ArrayList<NeutronSecurityRule>();
 127         portSecurityList.add(portSecurityRule);
 128
 129         neutron_ip_src = new Neutron_IPs();
 130         neutron_ip_src.setIpAddress(SRC_IP);
 131         neutronSrcIpList.add(neutron_ip_src);
 132
 133         neutron_ip_dest_1 = new Neutron_IPs();
 134         neutron_ip_dest_1.setIpAddress(DEST_IP_1);
 135         neutronDestIpList.add(neutron_ip_dest_1);
 136
 137         neutron_ip_dest_2 = new Neutron_IPs();
 138         neutron_ip_dest_2.setIpAddress(DEST_IP_2);
 139         neutronDestIpList.add(neutron_ip_dest_2);
 140
 141         when(securityGroup.getSecurityRules()).thenReturn(portSecurityList);
 142         when(securityServices.getVmListForSecurityGroup(PORT_UUID, SECURITY_GROUP_UUID)).thenReturn(neutronDestIpList);
 143     }
 144
 145     /**
 146      * Rule 1: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (True), IP Prefix (True)
 147      */
 148     /*@Test
 149     public void testProgramPortSecurityACLRule1() throws Exception {
 150         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 151         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(1);
 152         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
 153         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
 154
 155         egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
 156         verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 157         verify(egressAclServiceSpy, times(1)).egressACLTcpPortWithPrefix(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyString(), anyInt());
 158         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 159         verify(writeTransaction, times(2)).submit();
 160         verify(commitFuture, times(2)).get();
 161     }
 162
 163     *//**
 164      * Rule 2: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (False), IP Prefix (True)
 165      *//*
 166     @Test
 167     public void testProgramPortSecurityACLRule2() throws Exception {
 168         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 169         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 170         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
 171         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
 172
 173         egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
 174         verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 175         verify(egressAclServiceSpy, times(1)).egressACLTcpPortWithPrefix(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyString(), anyInt());
 176         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 177         verify(writeTransaction, times(2)).submit();
 178         verify(commitFuture, times(2)).get();
 179     }
 180
 181     *//**
 182      * Rule 3: TCP Proto (True), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (True)
 183      *//*
 184     @Test
 185     public void testProgramPortSecurityACLRule3() throws Exception {
 186         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 187         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 188         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
 189         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
 190
 191         egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
 192         verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 193         verify(egressAclServiceSpy, times(1)).egressACLPermitAllProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
 194         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 195         verify(writeTransaction, times(2)).submit();
 196         verify(commitFuture, times(2)).get();
 197     }
 198
 199     *//**
 200      * Rule 4: TCP Proto (False), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (True)
 201      *//*
 202     @Test
 203     public void testProgramPortSecurityACLRule4() throws Exception {
 204         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
 205         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 206         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
 207         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
 208
 209         egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
 210         verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 211         verify(egressAclServiceSpy, times(1)).egressACLPermitAllProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
 212         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 213         verify(writeTransaction, times(2)).submit();
 214         verify(commitFuture, times(2)).get();
 215     }
 216
 217     *//**
 218      * Rule 5: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (True), IP Prefix (False)
 219      *//*
 220     @Test
 221     public void testProgramPortSecurityACLRule5() throws Exception {
 222         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 223         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(1);
 224         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
 225         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
 226
 227         egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
 228         verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 229         verify(egressAclServiceSpy, times(1)).egressACLTcpSyn(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyInt());
 230         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 231         verify(writeTransaction, times(2)).submit();
 232         verify(commitFuture, times(2)).get();
 233     }
 234
 235     *//**
 236      * Rule 6: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (False), IP Prefix (False)
 237      *//*
 238     @Test
 239     public void testProgramPortSecurityACLRule6() throws Exception {
 240         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 241         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 242         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
 243         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
 244
 245         egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
 246         verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 247         verify(egressAclServiceSpy, times(1)).egressACLTcpSyn(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyInt());
 248         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 249         verify(writeTransaction, times(2)).submit();
 250         verify(commitFuture, times(2)).get();
 251     }
 252
 253     *//**
 254      * Rule 7: TCP Proto (True), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (False or 0.0.0.0/0)
 255      *//*
 256     @Test
 257     public void testProgramPortSecurityACLRule7() throws Exception {
 258         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 259         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 260         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
 261         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
 262
 263         egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
 264         verify(egressAclServiceSpy, times(1)).egressAllowProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
 265         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 266         verify(writeTransaction, times(1)).submit();
 267         verify(commitFuture, times(1)).get();
 268     }
 269 */
 270     /**
 271      * Test method {@link EgressAclService#egressACLDefaultTcpDrop(Long, String, String, int, boolean)}
 272      */
 273     @Test
 274     public void testEgressACLDefaultTcpDrop() throws Exception {
 275         egressAclService.egressACLDefaultTcpDrop(Long.valueOf(123), "2", MAC_ADDRESS, 1, true);
 276         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 277         verify(writeTransaction, times(1)).submit();
 278         verify(commitFuture, times(1)).get();
 279
 280         egressAclService.egressACLDefaultTcpDrop(Long.valueOf(123), "2", MAC_ADDRESS, 1, false);
 281         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 282         verify(writeTransaction, times(2)).submit();
 283         verify(commitFuture, times(2)).get(); // 1 + 1 above
 284     }
 285
 286     /**
 287      *  Test IPv4 add test case.
 288      */
 289     @Test
 290     public void testProgramPortSecurityACLRuleAddIpv4() throws Exception {
 291         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
 292         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 293         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
 294         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
 295
 296         egressAclServiceSpy.programPortSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,PORT_UUID,true);
 297
 298         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
 299         verify(writeTransaction, times(1)).submit();
 300         verify(commitFuture, times(1)).get();
 301     }
 302
 303     /**
 304      *  Test IPv4 remove test case.
 305      */
 306     @Test
 307     public void testProgramPortSecurityACLRuleRemoveIpv4() throws Exception {
 308         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
 309         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 310         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
 311         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
 312
 313         egressAclServiceSpy.programPortSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,PORT_UUID,false);
 314         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 315         verify(writeTransaction, times(1)).submit();
 316         verify(commitFuture, times(1)).get();
 317     }
 318
 319     /**
 320      *  Test TCP add with port no and CIDR selected.
 321      */
 322     @Test
 323     public void testProgramPortSecurityACLRuleAddTcp1() throws Exception {
 324         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 325         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(20);
 326         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(20);
 327         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 328         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 329                                              any(NodeBuilder.class));
 330         egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 331                                                      PORT_UUID, true);
 332
 333         Match match = flowBuilder.getMatch();
 334         EthernetMatch ethMatch = match.getEthernetMatch();
 335         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 336
 337         Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
 338         TcpMatch layer4Match=(TcpMatch) match.getLayer4Match();
 339         Assert.assertEquals(20, layer4Match.getTcpDestinationPort().getValue().intValue());
 340         int port=portSecurityRule.getSecurityRulePortMin();
 341         Assert.assertEquals("Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
 342                             "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
 343     }
 344
 345     /**
 346      *  Test TCP remove with port no and CIDR selected.
 347      */
 348     @Test
 349     public void testProgramPortSecurityACLRuleRemoveTcp1() throws Exception {
 350         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 351         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(30);
 352         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(30);
 353         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 354         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 355                                              any(NodeBuilder.class));
 356
 357         egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 358                                                      PORT_UUID, false);
 359
 360         Match match = flowBuilder.getMatch();
 361         EthernetMatch ethMatch = match.getEthernetMatch();
 362         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 363
 364         Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
 365         TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
 366         Assert.assertEquals(30, layer4Match.getTcpDestinationPort().getValue().intValue());
 367         int port=portSecurityRule.getSecurityRulePortMin();
 368         Assert.assertEquals("Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
 369                             "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
 370     }
 371
 372     /**
 373      *  Test TCP add with port no and remote SG selected.
 374      */
 375     @Test
 376     public void testProgramPortSecurityACLRuleAddTcp2() throws Exception {
 377         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 378         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(40);
 379         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(40);
 380         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 381         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 382                                              any(NodeBuilder.class));
 383         egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 384                                                      PORT_UUID, true);
 385
 386         Match match = flowBuilder.getMatch();
 387         EthernetMatch ethMatch = match.getEthernetMatch();
 388         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 389
 390         Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
 391         TcpMatch layer4Match=(TcpMatch) match.getLayer4Match();
 392         int port=portSecurityRule.getSecurityRulePortMin();
 393         String expectedFlowId1 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + DEST_IP_1 +
 394                 "_Permit";
 395         String expectedFlowId2 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + DEST_IP_2 +
 396                 "_Permit";
 397         String actualFlowId = flowBuilder.getFlowName();
 398         if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 399             Assert.assertTrue(true);
 400         } else {
 401             Assert.assertTrue(false);
 402         }
 403     }
 404
 405     /**
 406      *  Test TCP remove with port no and remote SG selected.
 407      */
 408     @Test
 409     public void testProgramPortSecurityACLRuleRemoveTcp2() throws Exception {
 410         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 411         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
 412         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
 413         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 414         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 415                                              any(NodeBuilder.class));
 416
 417         egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 418                                                      PORT_UUID, false);
 419
 420         Match match = flowBuilder.getMatch();
 421         EthernetMatch ethMatch = match.getEthernetMatch();
 422         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 423
 424         Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
 425         TcpMatch layer4Match=(TcpMatch) match.getLayer4Match();
 426         int port=portSecurityRule.getSecurityRulePortMin();
 427         String expectedFlowId1 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_1 +
 428                 "_Permit";
 429         String expectedFlowId2 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_2 +
 430                 "_Permit";
 431         String actualFlowId = flowBuilder.getFlowName();
 432         if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 433             Assert.assertTrue(true);
 434         } else {
 435             Assert.assertTrue(false);
 436         }
 437     }
 438
 439     /**
 440      *  Test TCP add with port range (All TCP) and CIDR selected.
 441      */
 442     @Test
 443     public void testProgramPortSecurityACLRuleAddTcpAll1() throws Exception {
 444         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 445         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
 446         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
 447         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 448         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 449                                              any(NodeBuilder.class));
 450         egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 451                                                      PORT_UUID, true);
 452
 453         Match match = flowBuilder.getMatch();
 454         Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
 455         TcpMatch layer4Match=(TcpMatch) match.getLayer4Match();
 456         EthernetMatch ethMatch = match.getEthernetMatch();
 457         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 458     }
 459
 460     /**
 461      *  Test TCP remove with port range (All TCP) and CIDR selected.
 462      */
 463     @Test
 464     public void testProgramPortSecurityACLRuleRemoveTcpAll1() throws Exception {
 465         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 466         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
 467         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
 468         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 469         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 470                                              any(NodeBuilder.class));
 471
 472         egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 473                                                      PORT_UUID, false);
 474
 475         Match match = flowBuilder.getMatch();
 476         EthernetMatch ethMatch = match.getEthernetMatch();
 477         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 478
 479         Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
 480         Assert.assertEquals("Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
 481                             PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
 482     }
 483
 484     /**
 485      *  Test TCP add with port range (All TCP) and remote SG selected.
 486      */
 487     @Test
 488     public void testProgramPortSecurityACLRuleAddTcpAll2() throws Exception {
 489         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 490         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
 491         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
 492         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 493         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 494                                              any(NodeBuilder.class));
 495         egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 496                                                      PORT_UUID, true);
 497
 498         Match match = flowBuilder.getMatch();
 499         EthernetMatch ethMatch = match.getEthernetMatch();
 500         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 501
 502         Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
 503         String expectedFlowId1 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
 504                                 PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
 505         String expectedFlowId2 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
 506                                 PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
 507         String actualFlowId = flowBuilder.getFlowName();
 508         if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 509             Assert.assertTrue(true);
 510         } else {
 511             Assert.assertTrue(false);
 512         }
 513     }
 514
 515     /**
 516      *  Test TCP remove with port range (All TCP) and remote SG selected.
 517      */
 518     @Test
 519     public void testProgramPortSecurityACLRuleRemoveTcpAll2() throws Exception {
 520         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 521         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
 522         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
 523         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 524         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 525                                              any(NodeBuilder.class));
 526
 527         egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 528                                                      PORT_UUID, false);
 529
 530         Match match = flowBuilder.getMatch();
 531         EthernetMatch ethMatch = match.getEthernetMatch();
 532         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 533
 534         Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
 535         String expectedFlowId1 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
 536                                 PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
 537         String expectedFlowId2 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
 538                                 PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
 539         String actualFlowId = flowBuilder.getFlowName();
 540         if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 541             Assert.assertTrue(true);
 542         } else {
 543             Assert.assertTrue(false);
 544         }
 545     }
 546
 547     /**
 548      *  Test UDP add with port no and CIDR selected.
 549      */
 550     @Test
 551     public void testProgramPortSecurityACLRuleAddUdp1() throws Exception {
 552         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
 553         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
 554         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
 555         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 556         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 557                                              any(NodeBuilder.class));
 558         egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 559                                                      PORT_UUID, true);
 560
 561         Match match = flowBuilder.getMatch();
 562         EthernetMatch ethMatch = match.getEthernetMatch();
 563         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 564
 565         Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
 566         UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
 567         Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
 568         int port = portSecurityRule.getSecurityRulePortMin();
 569         Assert.assertEquals("Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
 570                             "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
 571     }
 572
 573     /**
 574      *  Test UDP remove with port no and CIDR selected.
 575      */
 576     @Test
 577     public void testProgramPortSecurityACLRuleRemoveUdp1() throws Exception {
 578         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
 579         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
 580         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
 581         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 582         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 583                                              any(NodeBuilder.class));
 584         egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 585                                                      PORT_UUID, false);
 586
 587         Match match = flowBuilder.getMatch();
 588         EthernetMatch ethMatch = match.getEthernetMatch();
 589         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 590
 591         Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
 592         UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
 593         Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
 594         int port = portSecurityRule.getSecurityRulePortMin();
 595         Assert.assertEquals("Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
 596                             "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
 597     }
 598
 599     /**
 600      *  Test UDP add with port no and remote SG selected.
 601      */
 602     @Test
 603     public void testProgramPortSecurityACLRuleAddUdp2() throws Exception {
 604         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
 605         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
 606         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
 607         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 608         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 609         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 610                                              any(NodeBuilder.class));
 611         egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 612                                                      PORT_UUID, true);
 613
 614         Match match = flowBuilder.getMatch();
 615         EthernetMatch ethMatch = match.getEthernetMatch();
 616         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 617
 618         Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
 619         UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
 620         Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
 621         int port = portSecurityRule.getSecurityRulePortMin();
 622         String expectedFlowId1 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + DEST_IP_1 +
 623                 "_Permit";
 624         String expectedFlowId2 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + DEST_IP_2 +
 625                 "_Permit";
 626         String actualFlowId = flowBuilder.getFlowName();
 627         if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 628             Assert.assertTrue(true);
 629         } else {
 630             Assert.assertTrue(false);
 631         }
 632     }
 633
 634     /**
 635      *  Test UDP remove with port no and remote SG selected.
 636      */
 637     @Test
 638     public void testProgramPortSecurityACLRuleRemoveUdp2() throws Exception {
 639         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
 640         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
 641         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
 642         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 643         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 644         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 645                                              any(NodeBuilder.class));
 646         egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 647                                                      PORT_UUID, false);
 648
 649         Match match = flowBuilder.getMatch();
 650         EthernetMatch ethMatch = match.getEthernetMatch();
 651         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 652
 653         Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
 654         UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
 655         Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
 656         int port = portSecurityRule.getSecurityRulePortMin();
 657         String expectedFlowId1 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + DEST_IP_1 +
 658                 "_Permit";
 659         String expectedFlowId2 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + DEST_IP_2 +
 660                 "_Permit";
 661         String actualFlowId = flowBuilder.getFlowName();
 662         if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 663             Assert.assertTrue(true);
 664         } else {
 665             Assert.assertTrue(false);
 666         }
 667     }
 668
 669
 670     /**
 671      *  Test UDP add with port (All UDP) and CIDR selected.
 672      */
 673     @Test
 674     public void testProgramPortSecurityACLRuleAddUdpAll1() throws Exception {
 675         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
 676         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
 677         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
 678         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 679         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 680                                              any(NodeBuilder.class));
 681         egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 682                                                      PORT_UUID, true);
 683
 684         Match match = flowBuilder.getMatch();
 685         EthernetMatch ethMatch = match.getEthernetMatch();
 686         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 687
 688         Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
 689         Assert.assertEquals("Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
 690                             PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
 691     }
 692
 693     /**
 694      *  Test UDP remove with port (All UDP) and CIDR selected.
 695      */
 696     @Test
 697     public void testProgramPortSecurityACLRuleRemoveUdpAll1() throws Exception {
 698         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
 699         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
 700         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
 701         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 702         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 703                                              any(NodeBuilder.class));
 704         egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 705                                                      PORT_UUID, false);
 706
 707         Match match = flowBuilder.getMatch();
 708         EthernetMatch ethMatch = match.getEthernetMatch();
 709         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 710
 711         Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
 712         Assert.assertEquals("Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
 713                             PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
 714     }
 715
 716     /**
 717      *  Test UDP add with port (All UDP) and remote SG selected.
 718      */
 719     @Test
 720     public void testProgramPortSecurityACLRuleAddUdpAll2() throws Exception {
 721         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
 722         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
 723         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
 724         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 725         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 726                                              any(NodeBuilder.class));
 727         egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 728                                                      PORT_UUID, true);
 729
 730         Match match = flowBuilder.getMatch();
 731         EthernetMatch ethMatch = match.getEthernetMatch();
 732         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 733
 734         Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
 735         String expectedFlowId1 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
 736                                 PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
 737         String expectedFlowId2 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
 738                                 PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
 739         String actualFlowId = flowBuilder.getFlowName();
 740         if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 741             Assert.assertTrue(true);
 742         } else {
 743             Assert.assertTrue(false);
 744         }
 745     }
 746
 747     /**
 748      *  Test UDP remove with port (All UDP) and remote SG selected.
 749      */
 750     @Test
 751     public void testProgramPortSecurityACLRuleRemoveUdpAll2() throws Exception {
 752         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
 753         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
 754         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
 755         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 756         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 757                                              any(NodeBuilder.class));
 758         egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 759                                                      PORT_UUID, false);
 760
 761         Match match = flowBuilder.getMatch();
 762         EthernetMatch ethMatch = match.getEthernetMatch();
 763         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 764
 765         Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
 766         String expectedFlowId1 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
 767                 PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
 768         String expectedFlowId2 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
 769                 PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
 770         String actualFlowId = flowBuilder.getFlowName();
 771         if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 772             Assert.assertTrue(true);
 773         } else {
 774             Assert.assertTrue(false);
 775         }
 776     }
 777
 778     /**
 779      *  Test ICMP add with code, type and CIDR selected.
 780      */
 781     @Test
 782     public void testProgramPortSecurityACLRuleAddIcmp1() throws Exception {
 783         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
 784         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(10);
 785         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(10);
 786         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 787         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 788                                              any(NodeBuilder.class));
 789
 790         egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 791                                                      PORT_UUID, true);
 792
 793         Match match = flowBuilder.getMatch();
 794         Icmpv4Match icmpv4Match = match.getIcmpv4Match();
 795         Assert.assertEquals(10, icmpv4Match.getIcmpv4Type().shortValue());
 796         Assert.assertEquals(10, icmpv4Match.getIcmpv4Code().shortValue());
 797         EthernetMatch ethMatch = match.getEthernetMatch();
 798         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 799         Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
 800         Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
 801         Assert.assertEquals("Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
 802                             "_" + type + "_" + code + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
 803     }
 804
 805     /**
 806      *  Test ICMP remove with code, type and CIDR selected.
 807      */
 808     @Test
 809     public void testProgramPortSecurityACLRuleRemoveIcmp1() throws Exception {
 810         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
 811         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(20);
 812         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(20);
 813         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 814         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 815                                              any(NodeBuilder.class));
 816
 817         egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 818                                                      PORT_UUID, false);
 819
 820         Match match = flowBuilder.getMatch();
 821         Icmpv4Match icmpv4Match = match.getIcmpv4Match();
 822         Assert.assertEquals(20, icmpv4Match.getIcmpv4Type().shortValue());
 823         Assert.assertEquals(20, icmpv4Match.getIcmpv4Code().shortValue());
 824         EthernetMatch ethMatch = match.getEthernetMatch();
 825         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 826         Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
 827         Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
 828         Assert.assertEquals("Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
 829                             "_" + type + "_" + code + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
 830     }
 831
 832     /**
 833      *  Test ICMP add with code, type and remote SG selected.
 834      */
 835     @Test
 836     public void testProgramPortSecurityACLRuleAddIcmp2() throws Exception {
 837         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
 838         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(30);
 839         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(30);
 840         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 841         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 842         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 843                                              any(NodeBuilder.class));
 844
 845         egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 846                                                      PORT_UUID, true);
 847
 848         Match match = flowBuilder.getMatch();
 849         Icmpv4Match icmpv4Match = match.getIcmpv4Match();
 850         Assert.assertEquals(30, icmpv4Match.getIcmpv4Type().shortValue());
 851         Assert.assertEquals(30, icmpv4Match.getIcmpv4Code().shortValue());
 852         EthernetMatch ethMatch = match.getEthernetMatch();
 853         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 854         Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
 855         Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
 856         String expectedFlowId1 = "Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code + "_"
 857                                 + DEST_IP_1 + "_Permit";
 858         String expectedFlowId2 = "Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code + "_"
 859                                 + DEST_IP_2 + "_Permit";
 860         String actualFlowId = flowBuilder.getFlowName();
 861         if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 862             Assert.assertTrue(true);
 863         } else {
 864             Assert.assertTrue(false);
 865         }
 866     }
 867
 868     /**
 869      *  Test ICMP remove with code, type and remote SG selected.
 870      */
 871     @Test
 872     public void testProgramPortSecurityACLRuleRemoveIcmp2() throws Exception {
 873         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
 874         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(40);
 875         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(40);
 876         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 877         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 878                                              any(NodeBuilder.class));
 879
 880         egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 881                                                      PORT_UUID, false);
 882
 883         Match match = flowBuilder.getMatch();
 884         Icmpv4Match icmpv4Match = match.getIcmpv4Match();
 885         Assert.assertEquals(40, icmpv4Match.getIcmpv4Type().shortValue());
 886         Assert.assertEquals(40, icmpv4Match.getIcmpv4Code().shortValue());
 887         EthernetMatch ethMatch = match.getEthernetMatch();
 888         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 889         Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
 890         Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
 891         String expectedFlowId1 = "Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code + "_"
 892                                 + DEST_IP_1 + "_Permit";
 893         String expectedFlowId2 = "Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code + "_"
 894                                 + DEST_IP_2 + "_Permit";
 895         String actualFlowId = flowBuilder.getFlowName();
 896         if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 897             Assert.assertTrue(true);
 898         } else {
 899             Assert.assertTrue(false);
 900         }
 901     }
 902
 903     /**
 904      *  Test IPv4 invalid ether type test case.
 905      */
 906     @Test
 907     public void testProgramPortSecurityACLRuleInvalidEther() throws Exception {
 908         when(portSecurityRule.getSecurityRuleEthertype()).thenReturn("IPV6");
 909
 910         egressAclServiceSpy.programPortSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,PORT_UUID,false);
 911
 912         verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 913         verify(writeTransaction, times(0)).submit();
 914         verify(commitFuture, times(0)).get();
 915     }
 916
 917     /**
 918      *  Test IPv4 invalid direction type test case.
 919      */
 920     @Test
 921     public void testProgramPortSecurityACLRuleInvalidDirection() throws Exception {
 922         when(portSecurityRule.getSecurityRuleDirection()).thenReturn("ingress");
 923
 924         egressAclServiceSpy.programPortSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,PORT_UUID,false);
 925
 926         verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 927         verify(writeTransaction, times(0)).submit();
 928         verify(commitFuture, times(0)).get();
 929     }
 930
 931     /**
 932      *  Test With isLastPortInBridge false isComputeNode false
 933      */
 934     @Test
 935     public void testProgramFixedSecurityACLAdd1() throws Exception {
 936         egressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, false, false, true);
 937
 938         verify(writeTransaction, times(0)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
 939         verify(writeTransaction, times(0)).submit();
 940         verify(commitFuture, times(0)).get();
 941     }
 942     /**
 943      *  Test With isLastPortInBridge false isComputeNode false
 944      */
 945     @Test
 946     public void testProgramFixedSecurityACLRemove1() throws Exception {
 947
 948         egressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, false, false, false);
 949
 950         verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 951         verify(writeTransaction, times(0)).submit();
 952         verify(commitFuture, times(0)).get();
 953     }
 954
 955     /**
 956      *  Test With isLastPortInBridge false isComputeNode true
 957      */
 958     @Test
 959     public void testProgramFixedSecurityACLAdd2() throws Exception {
 960
 961         egressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, false, true, true);
 962
 963         verify(writeTransaction, times(6)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
 964         verify(writeTransaction, times(3)).submit();
 965         verify(commitFuture, times(3)).get();
 966     }
 967
 968     /**
 969      *  Test With isLastPortInBridge false isComputeNode true
 970      */
 971     @Test
 972     public void testProgramFixedSecurityACLRemove2() throws Exception {
 973
 974         egressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, false, true, false);
 975
 976         verify(writeTransaction, times(3)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 977         verify(writeTransaction, times(3)).submit();
 978         verify(commitFuture, times(3)).get();
 979     }
 980
 981     /**
 982      *  Test With isLastPortInBridge true isComputeNode false
 983      */
 984     @Test
 985     public void testProgramFixedSecurityACLAdd3() throws Exception {
 986
 987         egressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, true, false, true);
 988
 989         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
 990         verify(writeTransaction, times(1)).submit();
 991         verify(commitFuture, times(1)).get();
 992     }
 993
 994     /**
 995      *  Test With isLastPortInBridge true isComputeNode false
 996      */
 997     @Test
 998     public void testProgramFixedSecurityACLRemove3() throws Exception {
 999
1000         egressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, true, false, false);
1001
1002         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1003         verify(writeTransaction, times(1)).submit();
1004         verify(commitFuture, times(1)).get();
1005     }
1006
1007     /**
1008      *  Test With isLastPortInBridge true isComputeNode true
1009      */
1010     @Test
1011     public void testProgramFixedSecurityACLAdd4() throws Exception {
1012
1013         egressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, true, true, true);
1014
1015         verify(writeTransaction, times(8)).put(any(LogicalDatastoreType.class),
1016                                                any(InstanceIdentifier.class), any(Node.class), eq(true));
1017         verify(writeTransaction, times(4)).submit();
1018         verify(commitFuture, times(4)).get();
1019     }
1020
1021     /**
1022      *  Test With isLastPortInBridge true isComputeNode true
1023      */
1024     @Test
1025     public void testProgramFixedSecurityACLRemove4() throws Exception {
1026
1027         egressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, true, true, false);
1028
1029         verify(writeTransaction, times(4)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1030         verify(writeTransaction, times(4)).submit();
1031         verify(commitFuture, times(4)).get();
1032     }
1033
1034     /**
1035      * Test method {@link EgressAclService#egressACLTcpPortWithPrefix(Long, String, String, boolean, Integer, String, Integer)}
1036      */
1037     @Test
1038     public void testEgressACLTcpPortWithPrefix() throws Exception {
1039         egressAclService.egressACLTcpPortWithPrefix(Long.valueOf(123), "2", MAC_ADDRESS, true, 1, HOST_ADDRESS, 1);
1040         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
1041         verify(writeTransaction, times(1)).submit();
1042         verify(commitFuture, times(1)).get();
1043
1044         egressAclService.egressACLTcpPortWithPrefix(Long.valueOf(123), "2", MAC_ADDRESS, false, 1, HOST_ADDRESS, 1);
1045         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1046         verify(writeTransaction, times(2)).submit();
1047         verify(commitFuture, times(2)).get(); // 1 + 1 above
1048     }
1049
1050     /**
1051      * Test method {@link EgressAclService#egressAllowProto(Long, String, String, boolean, String, Integer)}
1052      */
1053     @Test
1054     public void testEgressAllowProto() throws Exception {
1055         egressAclService.egressAllowProto(Long.valueOf(123), "2", MAC_ADDRESS, true, HOST_ADDRESS, 1);
1056         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
1057         verify(writeTransaction, times(1)).submit();
1058         verify(commitFuture, times(1)).get();
1059
1060         egressAclService.egressAllowProto(Long.valueOf(123), "2", MAC_ADDRESS, false, HOST_ADDRESS, 1);
1061         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1062         verify(writeTransaction, times(2)).submit();
1063         verify(commitFuture, times(2)).get(); // 1 + 1 above
1064     }
1065
1066     /**
1067      * Test method {@link EgressAclService#egressACLPermitAllProto(Long, String, String, boolean, String, Integer)}
1068      */
1069     @Test
1070     public void testEgressACLPermitAllProto() throws Exception {
1071         egressAclService.egressACLPermitAllProto(Long.valueOf(123), "2", MAC_ADDRESS, true, HOST_ADDRESS, 1);
1072         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
1073         verify(writeTransaction, times(1)).submit();
1074         verify(commitFuture, times(1)).get();
1075
1076         egressAclService.egressACLPermitAllProto(Long.valueOf(123), "2", MAC_ADDRESS, false, HOST_ADDRESS, 1);
1077         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1078         verify(writeTransaction, times(2)).submit();
1079         verify(commitFuture, times(2)).get(); // 1 + 1 above
1080     }
1081
1082     /**
1083      * Test method {@link EgressAclService#egressACLTcpSyn(Long, String, String, boolean, Integer, Integer)}
1084      */
1085     @Test
1086     public void testEgressACLTcpSyn() throws Exception {
1087         egressAclService.egressACLTcpSyn(Long.valueOf(123), "2", MAC_ADDRESS, true, 1, 1);
1088         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
1089         verify(writeTransaction, times(1)).submit();
1090         verify(commitFuture, times(1)).get();
1091
1092         egressAclService.egressACLTcpSyn(Long.valueOf(123), "2", MAC_ADDRESS, false, 1, 1);
1093         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1094         verify(writeTransaction, times(2)).submit();
1095         verify(commitFuture, times(2)).get(); // 1 + 1 above
1096     }
1097 }