2 * Copyright (c) 2015 Inocybe and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
9 package org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.services;
11 import static org.mockito.Matchers.any;
12 import static org.mockito.Matchers.anyBoolean;
13 import static org.mockito.Matchers.anyInt;
14 import static org.mockito.Matchers.anyLong;
15 import static org.mockito.Matchers.anyString;
16 import static org.mockito.Mockito.mock;
17 import static org.mockito.Mockito.times;
18 import static org.mockito.Mockito.verify;
19 import static org.mockito.Mockito.when;
21 import java.util.ArrayList;
22 import java.util.List;
24 import org.junit.Before;
25 import org.junit.Test;
26 import org.junit.runner.RunWith;
27 import org.mockito.InjectMocks;
28 import org.mockito.Mock;
29 import org.mockito.Mockito;
30 import org.mockito.Spy;
31 import org.mockito.runners.MockitoJUnitRunner;
32 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
33 import org.opendaylight.controller.md.sal.binding.api.ReadWriteTransaction;
34 import org.opendaylight.controller.md.sal.binding.api.WriteTransaction;
35 import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
36 import org.opendaylight.controller.md.sal.common.api.data.TransactionCommitFailedException;
37 import org.opendaylight.neutron.spi.NeutronSecurityGroup;
38 import org.opendaylight.neutron.spi.NeutronSecurityRule;
39 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.MdsalConsumer;
40 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.PipelineOrchestrator;
41 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.Service;
42 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.nodes.Node;
43 import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
45 import com.google.common.util.concurrent.CheckedFuture;
47 * Unit test for {@link EgressAclService}
49 @RunWith(MockitoJUnitRunner.class)
50 public class EgressAclServiceTest {
52 @InjectMocks private EgressAclService egressAclService = new EgressAclService();
53 @Spy private EgressAclService egressAclServiceSpy;
55 @Mock private MdsalConsumer mdsalConsumer;
56 @Mock private PipelineOrchestrator orchestrator;
58 @Mock private ReadWriteTransaction readWriteTransaction;
59 @Mock private WriteTransaction writeTransaction;
60 @Mock private CheckedFuture<Void, TransactionCommitFailedException> commitFuture;
62 @Mock private NeutronSecurityGroup securityGroup;
63 @Mock private NeutronSecurityRule portSecurityRule;
65 private static final String HOST_ADDRESS = "127.0.0.1/32";
66 private static final String MAC_ADDRESS = "87:1D:5E:02:40:B7";
70 egressAclServiceSpy = Mockito.spy(egressAclService);
72 when(readWriteTransaction.submit()).thenReturn(commitFuture);
73 when(writeTransaction.submit()).thenReturn(commitFuture);
75 DataBroker dataBroker = mock(DataBroker.class);
76 when(dataBroker.newReadWriteTransaction()).thenReturn(readWriteTransaction);
77 when(dataBroker.newWriteOnlyTransaction()).thenReturn(writeTransaction);
79 when(mdsalConsumer.getDataBroker()).thenReturn(dataBroker);
81 when(orchestrator.getNextServiceInPipeline(any(Service.class))).thenReturn(Service.ARP_RESPONDER);
83 portSecurityRule = mock(NeutronSecurityRule.class);
84 when(portSecurityRule.getSecurityRuleEthertype()).thenReturn("IPv4");
85 when(portSecurityRule.getSecurityRuleDirection()).thenReturn("egress");
87 List<NeutronSecurityRule> portSecurityList = new ArrayList();
88 portSecurityList.add(portSecurityRule);
90 when(securityGroup.getSecurityRules()).thenReturn(portSecurityList);
94 * Rule 1: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (True), IP Prefix (True)
97 public void testProgramPortSecurityACLRule1() throws Exception {
98 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
99 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(1);
100 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
101 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
103 egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
104 verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
105 verify(egressAclServiceSpy, times(1)).egressACLTcpPortWithPrefix(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyString(), anyInt());
106 verify(readWriteTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
107 verify(readWriteTransaction, times(2)).submit();
108 verify(commitFuture, times(2)).get();
112 * Rule 2: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (False), IP Prefix (True)
115 public void testProgramPortSecurityACLRule2() throws Exception {
116 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
117 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
118 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
119 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
121 egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
122 verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
123 verify(egressAclServiceSpy, times(1)).egressACLTcpPortWithPrefix(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyString(), anyInt());
124 verify(readWriteTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
125 verify(readWriteTransaction, times(2)).submit();
126 verify(commitFuture, times(2)).get();
130 * Rule 3: TCP Proto (True), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (True)
133 public void testProgramPortSecurityACLRule3() throws Exception {
134 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
135 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
136 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
137 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
139 egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
140 verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
141 verify(egressAclServiceSpy, times(1)).egressACLPermitAllProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
142 verify(readWriteTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
143 verify(readWriteTransaction, times(2)).submit();
144 verify(commitFuture, times(2)).get();
148 * Rule 4: TCP Proto (False), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (True)
151 public void testProgramPortSecurityACLRule4() throws Exception {
152 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
153 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
154 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
155 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
157 egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
158 verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
159 verify(egressAclServiceSpy, times(1)).egressACLPermitAllProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
160 verify(readWriteTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
161 verify(readWriteTransaction, times(2)).submit();
162 verify(commitFuture, times(2)).get();
166 * Rule 5: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (True), IP Prefix (False)
169 public void testProgramPortSecurityACLRule5() throws Exception {
170 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
171 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(1);
172 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
173 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
175 egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
176 verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
177 verify(egressAclServiceSpy, times(1)).egressACLTcpSyn(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyInt());
178 verify(readWriteTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
179 verify(readWriteTransaction, times(2)).submit();
180 verify(commitFuture, times(2)).get();
184 * Rule 6: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (False), IP Prefix (False)
187 public void testProgramPortSecurityACLRule6() throws Exception {
188 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
189 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
190 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
191 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
193 egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
194 verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
195 verify(egressAclServiceSpy, times(1)).egressACLTcpSyn(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyInt());
196 verify(readWriteTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
197 verify(readWriteTransaction, times(2)).submit();
198 verify(commitFuture, times(2)).get();
202 * Rule 7: TCP Proto (True), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (False or 0.0.0.0/0)
205 public void testProgramPortSecurityACLRule7() throws Exception {
206 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
207 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
208 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
209 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
211 egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
212 verify(egressAclServiceSpy, times(1)).egressAllowProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
213 verify(readWriteTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
214 verify(readWriteTransaction, times(1)).submit();
215 verify(commitFuture, times(1)).get();
219 * Test method {@link EgressAclService#egressACLDefaultTcpDrop(Long, String, String, int, boolean)}
222 public void testEgressACLDefaultTcpDrop() throws Exception {
223 egressAclService.egressACLDefaultTcpDrop(Long.valueOf(123), "2", MAC_ADDRESS, 1, true);
224 verify(readWriteTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
225 verify(readWriteTransaction, times(1)).submit();
226 verify(commitFuture, times(1)).get();
228 egressAclService.egressACLDefaultTcpDrop(Long.valueOf(123), "2", MAC_ADDRESS, 1, false);
229 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
230 verify(readWriteTransaction, times(1)).submit();
231 verify(commitFuture, times(2)).get(); // 1 + 1 above
235 * Test method {@link EgressAclService#egressACLTcpPortWithPrefix(Long, String, String, boolean, Integer, String, Integer)}
238 public void testEgressACLTcpPortWithPrefix() throws Exception {
239 egressAclService.egressACLTcpPortWithPrefix(Long.valueOf(123), "2", MAC_ADDRESS, true, 1, HOST_ADDRESS, 1);
240 verify(readWriteTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
241 verify(readWriteTransaction, times(1)).submit();
242 verify(commitFuture, times(1)).get();
244 egressAclService.egressACLTcpPortWithPrefix(Long.valueOf(123), "2", MAC_ADDRESS, false, 1, HOST_ADDRESS, 1);
245 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
246 verify(readWriteTransaction, times(1)).submit();
247 verify(commitFuture, times(2)).get(); // 1 + 1 above
251 * Test method {@link EgressAclService#egressAllowProto(Long, String, String, boolean, String, Integer)}
254 public void testEgressAllowProto() throws Exception {
255 egressAclService.egressAllowProto(Long.valueOf(123), "2", MAC_ADDRESS, true, HOST_ADDRESS, 1);
256 verify(readWriteTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
257 verify(readWriteTransaction, times(1)).submit();
258 verify(commitFuture, times(1)).get();
260 egressAclService.egressAllowProto(Long.valueOf(123), "2", MAC_ADDRESS, false, HOST_ADDRESS, 1);
261 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
262 verify(readWriteTransaction, times(1)).submit();
263 verify(commitFuture, times(2)).get(); // 1 + 1 above
267 * Test method {@link EgressAclService#egressACLPermitAllProto(Long, String, String, boolean, String, Integer)}
270 public void testEgressACLPermitAllProto() throws Exception {
271 egressAclService.egressACLPermitAllProto(Long.valueOf(123), "2", MAC_ADDRESS, true, HOST_ADDRESS, 1);
272 verify(readWriteTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
273 verify(readWriteTransaction, times(1)).submit();
274 verify(commitFuture, times(1)).get();
276 egressAclService.egressACLPermitAllProto(Long.valueOf(123), "2", MAC_ADDRESS, false, HOST_ADDRESS, 1);
277 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
278 verify(readWriteTransaction, times(1)).submit();
279 verify(commitFuture, times(2)).get(); // 1 + 1 above
283 * Test method {@link EgressAclService#egressACLTcpSyn(Long, String, String, boolean, Integer, Integer)}
286 public void testEgressACLTcpSyn() throws Exception {
287 egressAclService.egressACLTcpSyn(Long.valueOf(123), "2", MAC_ADDRESS, true, 1, 1);
288 verify(readWriteTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
289 verify(readWriteTransaction, times(1)).submit();
290 verify(commitFuture, times(1)).get();
292 egressAclService.egressACLTcpSyn(Long.valueOf(123), "2", MAC_ADDRESS, false, 1, 1);
293 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
294 verify(readWriteTransaction, times(1)).submit();
295 verify(commitFuture, times(2)).get(); // 1 + 1 above