2 * Copyright (c) 2015 Inocybe and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
9 package org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.services;
11 import static org.mockito.Matchers.any;
12 import static org.mockito.Matchers.anyBoolean;
13 import static org.mockito.Matchers.eq;
14 import static org.mockito.Mockito.mock;
15 import static org.mockito.Mockito.times;
16 import static org.mockito.Mockito.verify;
17 import static org.mockito.Mockito.when;
19 import java.util.ArrayList;
20 import java.util.List;
22 import org.junit.Assert;
23 import org.junit.Before;
24 import org.junit.Test;
25 import org.junit.runner.RunWith;
26 import org.mockito.InjectMocks;
27 import org.mockito.Mock;
28 import org.mockito.invocation.InvocationOnMock;
29 import org.mockito.stubbing.Answer;
30 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
31 import org.opendaylight.controller.md.sal.binding.api.WriteTransaction;
32 import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
33 import org.opendaylight.controller.md.sal.common.api.data.TransactionCommitFailedException;
34 import org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronSecurityGroup;
35 import org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronSecurityRule;
36 import org.opendaylight.ovsdb.openstack.netvirt.translator.Neutron_IPs;
37 import org.opendaylight.ovsdb.openstack.netvirt.api.Constants;
38 import org.opendaylight.ovsdb.openstack.netvirt.api.SecurityGroupCacheManger;
39 import org.opendaylight.ovsdb.openstack.netvirt.api.SecurityServicesManager;
40 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.PipelineOrchestrator;
41 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.Service;
42 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.inventory.rev130819.tables.table.FlowBuilder;
43 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.nodes.Node;
44 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.nodes.NodeBuilder;
45 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.Match;
46 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.EthernetMatch;
47 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.Icmpv4Match;
48 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._4.match.TcpMatch;
49 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._4.match.UdpMatch;
50 import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
51 import org.powermock.api.mockito.PowerMockito;
52 import org.powermock.modules.junit4.PowerMockRunner;
54 import com.google.common.util.concurrent.CheckedFuture;
56 * Unit test for {@link EgressAclService}
58 @RunWith(PowerMockRunner.class)
59 @SuppressWarnings("unchecked")
60 public class EgressAclServiceTest {
62 @InjectMocks private EgressAclService egressAclService = new EgressAclService();
63 private EgressAclService egressAclServiceSpy;
65 @Mock private DataBroker dataBroker;
66 @Mock private PipelineOrchestrator orchestrator;
68 @Mock private WriteTransaction writeTransaction;
69 @Mock private CheckedFuture<Void, TransactionCommitFailedException> commitFuture;
71 @Mock private NeutronSecurityGroup securityGroup;
72 @Mock private NeutronSecurityRule portSecurityRule;
74 @Mock private SecurityServicesManager securityServices;
75 @Mock private SecurityGroupCacheManger securityGroupCacheManger;
77 private Neutron_IPs neutron_ip_src;
78 private Neutron_IPs neutron_ip_dest_1;
79 private Neutron_IPs neutron_ip_dest_2;
80 private List<Neutron_IPs> neutronSrcIpList = new ArrayList<Neutron_IPs>();
81 private List<Neutron_IPs> neutronDestIpList = new ArrayList<Neutron_IPs>();
82 private static final String HOST_ADDRESS = "127.0.0.1/32";
83 private static final String MAC_ADDRESS = "87:1D:5E:02:40:B7";
84 private static final String SRC_IP = "192.168.0.1";
85 private static final String DEST_IP_1 = "192.169.0.1";
86 private static final String DEST_IP_2 = "192.169.0.2";
87 private static final String DEST_IP_1_WITH_MASK = "192.169.0.1/32";
88 private static final String DEST_IP_2_WITH_MASK = "192.169.0.2/32";
89 private static final String SECURITY_GROUP_UUID = "85cc3048-abc3-43cc-89b3-377341426ac5";
90 private static final String PORT_UUID = "95cc3048-abc3-43cc-89b3-377341426ac5";
91 private static final String SEGMENT_ID = "2";
92 private static final Long DP_ID_LONG = (long) 1554;
93 private static final Long LOCAL_PORT = (long) 124;
94 private static final int PORT_RANGE_MIN = 1;
95 private static final int PORT_RANGE_MAX = 65535;
96 private static FlowBuilder flowBuilder;
97 private static NodeBuilder nodeBuilder;
99 private static Answer<Object> answer() {
100 return new Answer<Object>() {
102 public CheckedFuture<Void, TransactionCommitFailedException> answer(InvocationOnMock invocation)
104 flowBuilder = (FlowBuilder) invocation.getArguments()[0];
105 nodeBuilder = (NodeBuilder) invocation.getArguments()[1];
112 public void setUp() {
113 egressAclServiceSpy = PowerMockito.spy(egressAclService);
115 when(writeTransaction.submit()).thenReturn(commitFuture);
117 when(dataBroker.newWriteOnlyTransaction()).thenReturn(writeTransaction);
119 when(orchestrator.getNextServiceInPipeline(any(Service.class))).thenReturn(Service.ARP_RESPONDER);
121 portSecurityRule = mock(NeutronSecurityRule.class);
123 when(portSecurityRule.getSecurityRuleEthertype()).thenReturn("IPv4");
124 when(portSecurityRule.getSecurityRuleDirection()).thenReturn("egress");
126 List<NeutronSecurityRule> portSecurityList = new ArrayList<NeutronSecurityRule>();
127 portSecurityList.add(portSecurityRule);
129 neutron_ip_src = new Neutron_IPs();
130 neutron_ip_src.setIpAddress(SRC_IP);
131 neutronSrcIpList.add(neutron_ip_src);
133 neutron_ip_dest_1 = new Neutron_IPs();
134 neutron_ip_dest_1.setIpAddress(DEST_IP_1);
135 neutronDestIpList.add(neutron_ip_dest_1);
137 neutron_ip_dest_2 = new Neutron_IPs();
138 neutron_ip_dest_2.setIpAddress(DEST_IP_2);
139 neutronDestIpList.add(neutron_ip_dest_2);
141 when(securityGroup.getSecurityRules()).thenReturn(portSecurityList);
142 when(securityServices.getVmListForSecurityGroup(PORT_UUID, SECURITY_GROUP_UUID)).thenReturn(neutronDestIpList);
146 * Rule 1: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (True), IP Prefix (True)
149 public void testProgramPortSecurityACLRule1() throws Exception {
150 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
151 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(1);
152 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
153 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
155 egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
156 verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
157 verify(egressAclServiceSpy, times(1)).egressACLTcpPortWithPrefix(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyString(), anyInt());
158 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
159 verify(writeTransaction, times(2)).submit();
160 verify(commitFuture, times(2)).get();
164 * Rule 2: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (False), IP Prefix (True)
167 public void testProgramPortSecurityACLRule2() throws Exception {
168 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
169 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
170 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
171 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
173 egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
174 verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
175 verify(egressAclServiceSpy, times(1)).egressACLTcpPortWithPrefix(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyString(), anyInt());
176 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
177 verify(writeTransaction, times(2)).submit();
178 verify(commitFuture, times(2)).get();
182 * Rule 3: TCP Proto (True), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (True)
185 public void testProgramPortSecurityACLRule3() throws Exception {
186 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
187 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
188 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
189 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
191 egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
192 verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
193 verify(egressAclServiceSpy, times(1)).egressACLPermitAllProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
194 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
195 verify(writeTransaction, times(2)).submit();
196 verify(commitFuture, times(2)).get();
200 * Rule 4: TCP Proto (False), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (True)
203 public void testProgramPortSecurityACLRule4() throws Exception {
204 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
205 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
206 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
207 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
209 egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
210 verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
211 verify(egressAclServiceSpy, times(1)).egressACLPermitAllProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
212 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
213 verify(writeTransaction, times(2)).submit();
214 verify(commitFuture, times(2)).get();
218 * Rule 5: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (True), IP Prefix (False)
221 public void testProgramPortSecurityACLRule5() throws Exception {
222 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
223 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(1);
224 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
225 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
227 egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
228 verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
229 verify(egressAclServiceSpy, times(1)).egressACLTcpSyn(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyInt());
230 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
231 verify(writeTransaction, times(2)).submit();
232 verify(commitFuture, times(2)).get();
236 * Rule 6: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (False), IP Prefix (False)
239 public void testProgramPortSecurityACLRule6() throws Exception {
240 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
241 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
242 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
243 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
245 egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
246 verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
247 verify(egressAclServiceSpy, times(1)).egressACLTcpSyn(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyInt());
248 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
249 verify(writeTransaction, times(2)).submit();
250 verify(commitFuture, times(2)).get();
254 * Rule 7: TCP Proto (True), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (False or 0.0.0.0/0)
257 public void testProgramPortSecurityACLRule7() throws Exception {
258 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
259 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
260 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
261 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
263 egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
264 verify(egressAclServiceSpy, times(1)).egressAllowProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
265 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
266 verify(writeTransaction, times(1)).submit();
267 verify(commitFuture, times(1)).get();
271 * Test method {@link EgressAclService#egressACLDefaultTcpDrop(Long, String, String, int, boolean)}
274 public void testEgressACLDefaultTcpDrop() throws Exception {
275 egressAclService.egressACLDefaultTcpDrop(Long.valueOf(123), "2", MAC_ADDRESS, 1, true);
276 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
277 verify(writeTransaction, times(1)).submit();
278 verify(commitFuture, times(1)).get();
280 egressAclService.egressACLDefaultTcpDrop(Long.valueOf(123), "2", MAC_ADDRESS, 1, false);
281 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
282 verify(writeTransaction, times(2)).submit();
283 verify(commitFuture, times(2)).get(); // 1 + 1 above
287 * Test IPv4 add test case.
290 public void testProgramPortSecurityACLRuleAddIpv4() throws Exception {
291 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
292 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
293 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
294 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
296 egressAclServiceSpy.programPortSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,PORT_UUID,true);
298 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
299 verify(writeTransaction, times(1)).submit();
300 verify(commitFuture, times(1)).get();
304 * Test IPv4 remove test case.
307 public void testProgramPortSecurityACLRuleRemoveIpv4() throws Exception {
308 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
309 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
310 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
311 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
313 egressAclServiceSpy.programPortSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,PORT_UUID,false);
314 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
315 verify(writeTransaction, times(1)).submit();
316 verify(commitFuture, times(1)).get();
320 * Test TCP add with port no and CIDR selected.
323 public void testProgramPortSecurityACLRuleAddTcp1() throws Exception {
324 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
325 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(20);
326 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(20);
327 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
328 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
329 any(NodeBuilder.class));
330 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
333 Match match = flowBuilder.getMatch();
334 EthernetMatch ethMatch = match.getEthernetMatch();
335 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
337 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
338 TcpMatch layer4Match=(TcpMatch) match.getLayer4Match();
339 Assert.assertEquals(20, layer4Match.getTcpDestinationPort().getValue().intValue());
340 int port=portSecurityRule.getSecurityRulePortMin();
341 Assert.assertEquals("Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
342 "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
346 * Test TCP remove with port no and CIDR selected.
349 public void testProgramPortSecurityACLRuleRemoveTcp1() throws Exception {
350 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
351 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(30);
352 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(30);
353 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
354 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
355 any(NodeBuilder.class));
357 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
360 Match match = flowBuilder.getMatch();
361 EthernetMatch ethMatch = match.getEthernetMatch();
362 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
364 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
365 TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
366 Assert.assertEquals(30, layer4Match.getTcpDestinationPort().getValue().intValue());
367 int port=portSecurityRule.getSecurityRulePortMin();
368 Assert.assertEquals("Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
369 "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
373 * Test TCP add with port no and remote SG selected.
376 public void testProgramPortSecurityACLRuleAddTcp2() throws Exception {
377 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
378 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(40);
379 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(40);
380 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
381 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
382 any(NodeBuilder.class));
383 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
386 Match match = flowBuilder.getMatch();
387 EthernetMatch ethMatch = match.getEthernetMatch();
388 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
390 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
391 TcpMatch layer4Match=(TcpMatch) match.getLayer4Match();
392 int port=portSecurityRule.getSecurityRulePortMin();
393 String expectedFlowId1 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + DEST_IP_1 +
395 String expectedFlowId2 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + DEST_IP_2 +
397 String actualFlowId = flowBuilder.getFlowName();
398 if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
399 Assert.assertTrue(true);
401 Assert.assertTrue(false);
406 * Test TCP remove with port no and remote SG selected.
409 public void testProgramPortSecurityACLRuleRemoveTcp2() throws Exception {
410 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
411 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
412 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
413 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
414 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
415 any(NodeBuilder.class));
417 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
420 Match match = flowBuilder.getMatch();
421 EthernetMatch ethMatch = match.getEthernetMatch();
422 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
424 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
425 TcpMatch layer4Match=(TcpMatch) match.getLayer4Match();
426 int port=portSecurityRule.getSecurityRulePortMin();
427 String expectedFlowId1 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_1 +
429 String expectedFlowId2 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_2 +
431 String actualFlowId = flowBuilder.getFlowName();
432 if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
433 Assert.assertTrue(true);
435 Assert.assertTrue(false);
440 * Test TCP add with port range (All TCP) and CIDR selected.
443 public void testProgramPortSecurityACLRuleAddTcpAll1() throws Exception {
444 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
445 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
446 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
447 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
448 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
449 any(NodeBuilder.class));
450 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
453 Match match = flowBuilder.getMatch();
454 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
455 TcpMatch layer4Match=(TcpMatch) match.getLayer4Match();
456 EthernetMatch ethMatch = match.getEthernetMatch();
457 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
461 * Test TCP remove with port range (All TCP) and CIDR selected.
464 public void testProgramPortSecurityACLRuleRemoveTcpAll1() throws Exception {
465 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
466 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
467 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
468 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
469 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
470 any(NodeBuilder.class));
472 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
475 Match match = flowBuilder.getMatch();
476 EthernetMatch ethMatch = match.getEthernetMatch();
477 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
479 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
480 Assert.assertEquals("Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
481 PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
485 * Test TCP add with port range (All TCP) and remote SG selected.
488 public void testProgramPortSecurityACLRuleAddTcpAll2() throws Exception {
489 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
490 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
491 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
492 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
493 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
494 any(NodeBuilder.class));
495 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
498 Match match = flowBuilder.getMatch();
499 EthernetMatch ethMatch = match.getEthernetMatch();
500 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
502 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
503 String expectedFlowId1 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
504 PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
505 String expectedFlowId2 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
506 PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
507 String actualFlowId = flowBuilder.getFlowName();
508 if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
509 Assert.assertTrue(true);
511 Assert.assertTrue(false);
516 * Test TCP remove with port range (All TCP) and remote SG selected.
519 public void testProgramPortSecurityACLRuleRemoveTcpAll2() throws Exception {
520 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
521 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
522 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
523 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
524 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
525 any(NodeBuilder.class));
527 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
530 Match match = flowBuilder.getMatch();
531 EthernetMatch ethMatch = match.getEthernetMatch();
532 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
534 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
535 String expectedFlowId1 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
536 PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
537 String expectedFlowId2 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
538 PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
539 String actualFlowId = flowBuilder.getFlowName();
540 if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
541 Assert.assertTrue(true);
543 Assert.assertTrue(false);
548 * Test UDP add with port no and CIDR selected.
551 public void testProgramPortSecurityACLRuleAddUdp1() throws Exception {
552 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
553 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
554 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
555 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
556 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
557 any(NodeBuilder.class));
558 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
561 Match match = flowBuilder.getMatch();
562 EthernetMatch ethMatch = match.getEthernetMatch();
563 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
565 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
566 UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
567 Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
568 int port = portSecurityRule.getSecurityRulePortMin();
569 Assert.assertEquals("Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
570 "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
574 * Test UDP remove with port no and CIDR selected.
577 public void testProgramPortSecurityACLRuleRemoveUdp1() throws Exception {
578 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
579 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
580 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
581 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
582 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
583 any(NodeBuilder.class));
584 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
587 Match match = flowBuilder.getMatch();
588 EthernetMatch ethMatch = match.getEthernetMatch();
589 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
591 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
592 UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
593 Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
594 int port = portSecurityRule.getSecurityRulePortMin();
595 Assert.assertEquals("Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
596 "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
600 * Test UDP add with port no and remote SG selected.
603 public void testProgramPortSecurityACLRuleAddUdp2() throws Exception {
604 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
605 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
606 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
607 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
608 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
609 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
610 any(NodeBuilder.class));
611 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
614 Match match = flowBuilder.getMatch();
615 EthernetMatch ethMatch = match.getEthernetMatch();
616 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
618 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
619 UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
620 Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
621 int port = portSecurityRule.getSecurityRulePortMin();
622 String expectedFlowId1 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + DEST_IP_1 +
624 String expectedFlowId2 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + DEST_IP_2 +
626 String actualFlowId = flowBuilder.getFlowName();
627 if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
628 Assert.assertTrue(true);
630 Assert.assertTrue(false);
635 * Test UDP remove with port no and remote SG selected.
638 public void testProgramPortSecurityACLRuleRemoveUdp2() throws Exception {
639 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
640 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
641 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
642 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
643 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
644 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
645 any(NodeBuilder.class));
646 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
649 Match match = flowBuilder.getMatch();
650 EthernetMatch ethMatch = match.getEthernetMatch();
651 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
653 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
654 UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
655 Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
656 int port = portSecurityRule.getSecurityRulePortMin();
657 String expectedFlowId1 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + DEST_IP_1 +
659 String expectedFlowId2 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + DEST_IP_2 +
661 String actualFlowId = flowBuilder.getFlowName();
662 if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
663 Assert.assertTrue(true);
665 Assert.assertTrue(false);
671 * Test UDP add with port (All UDP) and CIDR selected.
674 public void testProgramPortSecurityACLRuleAddUdpAll1() throws Exception {
675 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
676 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
677 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
678 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
679 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
680 any(NodeBuilder.class));
681 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
684 Match match = flowBuilder.getMatch();
685 EthernetMatch ethMatch = match.getEthernetMatch();
686 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
688 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
689 Assert.assertEquals("Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
690 PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
694 * Test UDP remove with port (All UDP) and CIDR selected.
697 public void testProgramPortSecurityACLRuleRemoveUdpAll1() throws Exception {
698 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
699 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
700 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
701 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
702 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
703 any(NodeBuilder.class));
704 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
707 Match match = flowBuilder.getMatch();
708 EthernetMatch ethMatch = match.getEthernetMatch();
709 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
711 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
712 Assert.assertEquals("Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
713 PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
717 * Test UDP add with port (All UDP) and remote SG selected.
720 public void testProgramPortSecurityACLRuleAddUdpAll2() throws Exception {
721 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
722 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
723 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
724 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
725 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
726 any(NodeBuilder.class));
727 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
730 Match match = flowBuilder.getMatch();
731 EthernetMatch ethMatch = match.getEthernetMatch();
732 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
734 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
735 String expectedFlowId1 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
736 PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
737 String expectedFlowId2 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
738 PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
739 String actualFlowId = flowBuilder.getFlowName();
740 if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
741 Assert.assertTrue(true);
743 Assert.assertTrue(false);
748 * Test UDP remove with port (All UDP) and remote SG selected.
751 public void testProgramPortSecurityACLRuleRemoveUdpAll2() throws Exception {
752 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
753 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
754 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
755 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
756 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
757 any(NodeBuilder.class));
758 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
761 Match match = flowBuilder.getMatch();
762 EthernetMatch ethMatch = match.getEthernetMatch();
763 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
765 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
766 String expectedFlowId1 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
767 PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
768 String expectedFlowId2 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
769 PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
770 String actualFlowId = flowBuilder.getFlowName();
771 if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
772 Assert.assertTrue(true);
774 Assert.assertTrue(false);
779 * Test ICMP add with code, type and CIDR selected.
782 public void testProgramPortSecurityACLRuleAddIcmp1() throws Exception {
783 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
784 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(10);
785 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(10);
786 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
787 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
788 any(NodeBuilder.class));
790 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
793 Match match = flowBuilder.getMatch();
794 Icmpv4Match icmpv4Match = match.getIcmpv4Match();
795 Assert.assertEquals(10, icmpv4Match.getIcmpv4Type().shortValue());
796 Assert.assertEquals(10, icmpv4Match.getIcmpv4Code().shortValue());
797 EthernetMatch ethMatch = match.getEthernetMatch();
798 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
799 Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
800 Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
801 Assert.assertEquals("Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
802 "_" + type + "_" + code + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
806 * Test ICMP remove with code, type and CIDR selected.
809 public void testProgramPortSecurityACLRuleRemoveIcmp1() throws Exception {
810 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
811 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(20);
812 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(20);
813 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
814 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
815 any(NodeBuilder.class));
817 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
820 Match match = flowBuilder.getMatch();
821 Icmpv4Match icmpv4Match = match.getIcmpv4Match();
822 Assert.assertEquals(20, icmpv4Match.getIcmpv4Type().shortValue());
823 Assert.assertEquals(20, icmpv4Match.getIcmpv4Code().shortValue());
824 EthernetMatch ethMatch = match.getEthernetMatch();
825 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
826 Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
827 Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
828 Assert.assertEquals("Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
829 "_" + type + "_" + code + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
833 * Test ICMP add with code, type and remote SG selected.
836 public void testProgramPortSecurityACLRuleAddIcmp2() throws Exception {
837 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
838 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(30);
839 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(30);
840 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
841 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
842 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
843 any(NodeBuilder.class));
845 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
848 Match match = flowBuilder.getMatch();
849 Icmpv4Match icmpv4Match = match.getIcmpv4Match();
850 Assert.assertEquals(30, icmpv4Match.getIcmpv4Type().shortValue());
851 Assert.assertEquals(30, icmpv4Match.getIcmpv4Code().shortValue());
852 EthernetMatch ethMatch = match.getEthernetMatch();
853 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
854 Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
855 Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
856 String expectedFlowId1 = "Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code + "_"
857 + DEST_IP_1 + "_Permit";
858 String expectedFlowId2 = "Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code + "_"
859 + DEST_IP_2 + "_Permit";
860 String actualFlowId = flowBuilder.getFlowName();
861 if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
862 Assert.assertTrue(true);
864 Assert.assertTrue(false);
869 * Test ICMP remove with code, type and remote SG selected.
872 public void testProgramPortSecurityACLRuleRemoveIcmp2() throws Exception {
873 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
874 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(40);
875 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(40);
876 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
877 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
878 any(NodeBuilder.class));
880 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
883 Match match = flowBuilder.getMatch();
884 Icmpv4Match icmpv4Match = match.getIcmpv4Match();
885 Assert.assertEquals(40, icmpv4Match.getIcmpv4Type().shortValue());
886 Assert.assertEquals(40, icmpv4Match.getIcmpv4Code().shortValue());
887 EthernetMatch ethMatch = match.getEthernetMatch();
888 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
889 Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
890 Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
891 String expectedFlowId1 = "Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code + "_"
892 + DEST_IP_1 + "_Permit";
893 String expectedFlowId2 = "Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code + "_"
894 + DEST_IP_2 + "_Permit";
895 String actualFlowId = flowBuilder.getFlowName();
896 if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
897 Assert.assertTrue(true);
899 Assert.assertTrue(false);
904 * Test IPv4 invalid ether type test case.
907 public void testProgramPortSecurityACLRuleInvalidEther() throws Exception {
908 when(portSecurityRule.getSecurityRuleEthertype()).thenReturn("IPV6");
910 egressAclServiceSpy.programPortSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,PORT_UUID,false);
912 verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
913 verify(writeTransaction, times(0)).submit();
914 verify(commitFuture, times(0)).get();
918 * Test IPv4 invalid direction type test case.
921 public void testProgramPortSecurityACLRuleInvalidDirection() throws Exception {
922 when(portSecurityRule.getSecurityRuleDirection()).thenReturn("ingress");
924 egressAclServiceSpy.programPortSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,PORT_UUID,false);
926 verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
927 verify(writeTransaction, times(0)).submit();
928 verify(commitFuture, times(0)).get();
932 * Test With isLastPortInBridge false isComputeNode false
935 public void testProgramFixedSecurityACLAdd1() throws Exception {
936 egressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, false, false, true);
938 verify(writeTransaction, times(0)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
939 verify(writeTransaction, times(0)).submit();
940 verify(commitFuture, times(0)).get();
943 * Test With isLastPortInBridge false isComputeNode false
946 public void testProgramFixedSecurityACLRemove1() throws Exception {
948 egressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, false, false, false);
950 verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
951 verify(writeTransaction, times(0)).submit();
952 verify(commitFuture, times(0)).get();
956 * Test With isLastPortInBridge false isComputeNode true
959 public void testProgramFixedSecurityACLAdd2() throws Exception {
961 egressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, false, true, true);
963 verify(writeTransaction, times(6)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
964 verify(writeTransaction, times(3)).submit();
965 verify(commitFuture, times(3)).get();
969 * Test With isLastPortInBridge false isComputeNode true
972 public void testProgramFixedSecurityACLRemove2() throws Exception {
974 egressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, false, true, false);
976 verify(writeTransaction, times(3)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
977 verify(writeTransaction, times(3)).submit();
978 verify(commitFuture, times(3)).get();
982 * Test With isLastPortInBridge true isComputeNode false
985 public void testProgramFixedSecurityACLAdd3() throws Exception {
987 egressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, true, false, true);
989 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
990 verify(writeTransaction, times(1)).submit();
991 verify(commitFuture, times(1)).get();
995 * Test With isLastPortInBridge true isComputeNode false
998 public void testProgramFixedSecurityACLRemove3() throws Exception {
1000 egressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, true, false, false);
1002 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1003 verify(writeTransaction, times(1)).submit();
1004 verify(commitFuture, times(1)).get();
1008 * Test With isLastPortInBridge true isComputeNode true
1011 public void testProgramFixedSecurityACLAdd4() throws Exception {
1013 egressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, true, true, true);
1015 verify(writeTransaction, times(8)).put(any(LogicalDatastoreType.class),
1016 any(InstanceIdentifier.class), any(Node.class), eq(true));
1017 verify(writeTransaction, times(4)).submit();
1018 verify(commitFuture, times(4)).get();
1022 * Test With isLastPortInBridge true isComputeNode true
1025 public void testProgramFixedSecurityACLRemove4() throws Exception {
1027 egressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, true, true, false);
1029 verify(writeTransaction, times(4)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1030 verify(writeTransaction, times(4)).submit();
1031 verify(commitFuture, times(4)).get();
1035 * Test method {@link EgressAclService#egressACLTcpPortWithPrefix(Long, String, String, boolean, Integer, String, Integer)}
1038 public void testEgressACLTcpPortWithPrefix() throws Exception {
1039 egressAclService.egressACLTcpPortWithPrefix(Long.valueOf(123), "2", MAC_ADDRESS, true, 1, HOST_ADDRESS, 1);
1040 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
1041 verify(writeTransaction, times(1)).submit();
1042 verify(commitFuture, times(1)).get();
1044 egressAclService.egressACLTcpPortWithPrefix(Long.valueOf(123), "2", MAC_ADDRESS, false, 1, HOST_ADDRESS, 1);
1045 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1046 verify(writeTransaction, times(2)).submit();
1047 verify(commitFuture, times(2)).get(); // 1 + 1 above
1051 * Test method {@link EgressAclService#egressAllowProto(Long, String, String, boolean, String, Integer)}
1054 public void testEgressAllowProto() throws Exception {
1055 egressAclService.egressAllowProto(Long.valueOf(123), "2", MAC_ADDRESS, true, HOST_ADDRESS, 1);
1056 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
1057 verify(writeTransaction, times(1)).submit();
1058 verify(commitFuture, times(1)).get();
1060 egressAclService.egressAllowProto(Long.valueOf(123), "2", MAC_ADDRESS, false, HOST_ADDRESS, 1);
1061 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1062 verify(writeTransaction, times(2)).submit();
1063 verify(commitFuture, times(2)).get(); // 1 + 1 above
1067 * Test method {@link EgressAclService#egressACLPermitAllProto(Long, String, String, boolean, String, Integer)}
1070 public void testEgressACLPermitAllProto() throws Exception {
1071 egressAclService.egressACLPermitAllProto(Long.valueOf(123), "2", MAC_ADDRESS, true, HOST_ADDRESS, 1);
1072 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
1073 verify(writeTransaction, times(1)).submit();
1074 verify(commitFuture, times(1)).get();
1076 egressAclService.egressACLPermitAllProto(Long.valueOf(123), "2", MAC_ADDRESS, false, HOST_ADDRESS, 1);
1077 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1078 verify(writeTransaction, times(2)).submit();
1079 verify(commitFuture, times(2)).get(); // 1 + 1 above
1083 * Test method {@link EgressAclService#egressACLTcpSyn(Long, String, String, boolean, Integer, Integer)}
1086 public void testEgressACLTcpSyn() throws Exception {
1087 egressAclService.egressACLTcpSyn(Long.valueOf(123), "2", MAC_ADDRESS, true, 1, 1);
1088 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
1089 verify(writeTransaction, times(1)).submit();
1090 verify(commitFuture, times(1)).get();
1092 egressAclService.egressACLTcpSyn(Long.valueOf(123), "2", MAC_ADDRESS, false, 1, 1);
1093 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1094 verify(writeTransaction, times(2)).submit();
1095 verify(commitFuture, times(2)).get(); // 1 + 1 above