openstack/net-virt-providers/src/test/java/org/opendaylight/ovsdb/openstack/netvirt/providers/openflow13/services/EgressAclServiceTest.java

   1 /*
   2  * Copyright (c) 2015 Inocybe and others.  All rights reserved.
   3  *
   4  * This program and the accompanying materials are made available under the
   5  * terms of the Eclipse Public License v1.0 which accompanies this distribution,
   6  * and is available at http://www.eclipse.org/legal/epl-v10.html
   7  */
   8
   9 package org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.services;
  10
  11 import static org.mockito.Matchers.any;
  12 import static org.mockito.Matchers.anyBoolean;
  13 import static org.mockito.Matchers.anyInt;
  14 import static org.mockito.Matchers.anyLong;
  15 import static org.mockito.Matchers.anyString;
  16 import static org.mockito.Mockito.mock;
  17 import static org.mockito.Mockito.times;
  18 import static org.mockito.Mockito.verify;
  19 import static org.mockito.Mockito.when;
  20
  21 import java.util.ArrayList;
  22 import java.util.List;
  23
  24 import org.junit.Before;
  25 import org.junit.Test;
  26 import org.junit.runner.RunWith;
  27 import org.mockito.InjectMocks;
  28 import org.mockito.Mock;
  29 import org.mockito.Mockito;
  30 import org.mockito.Spy;
  31 import org.mockito.runners.MockitoJUnitRunner;
  32 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
  33 import org.opendaylight.controller.md.sal.binding.api.ReadWriteTransaction;
  34 import org.opendaylight.controller.md.sal.binding.api.WriteTransaction;
  35 import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
  36 import org.opendaylight.controller.md.sal.common.api.data.TransactionCommitFailedException;
  37 import org.opendaylight.neutron.spi.NeutronSecurityGroup;
  38 import org.opendaylight.neutron.spi.NeutronSecurityRule;
  39 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.MdsalConsumer;
  40 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.PipelineOrchestrator;
  41 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.Service;
  42 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.nodes.Node;
  43 import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
  44
  45 import com.google.common.util.concurrent.CheckedFuture;
  46 /**
  47  * Unit test for {@link EgressAclService}
  48  */
  49 @RunWith(MockitoJUnitRunner.class)
  50 public class EgressAclServiceTest {
  51
  52     @InjectMocks private EgressAclService egressAclService = new EgressAclService();
  53     @Spy private EgressAclService egressAclServiceSpy;
  54
  55     @Mock private MdsalConsumer mdsalConsumer;
  56     @Mock private PipelineOrchestrator orchestrator;
  57
  58     @Mock private ReadWriteTransaction readWriteTransaction;
  59     @Mock private WriteTransaction writeTransaction;
  60     @Mock private CheckedFuture<Void, TransactionCommitFailedException> commitFuture;
  61
  62     @Mock private NeutronSecurityGroup securityGroup;
  63     @Mock private NeutronSecurityRule portSecurityRule;
  64
  65     private static final String HOST_ADDRESS = "127.0.0.1/32";
  66     private static final String MAC_ADDRESS = "87:1D:5E:02:40:B7";
  67
  68     @Before
  69     public void setUp() {
  70         egressAclServiceSpy = Mockito.spy(egressAclService);
  71
  72         when(readWriteTransaction.submit()).thenReturn(commitFuture);
  73         when(writeTransaction.submit()).thenReturn(commitFuture);
  74
  75         DataBroker dataBroker = mock(DataBroker.class);
  76         when(dataBroker.newReadWriteTransaction()).thenReturn(readWriteTransaction);
  77         when(dataBroker.newWriteOnlyTransaction()).thenReturn(writeTransaction);
  78
  79         when(mdsalConsumer.getDataBroker()).thenReturn(dataBroker);
  80
  81         when(orchestrator.getNextServiceInPipeline(any(Service.class))).thenReturn(Service.ARP_RESPONDER);
  82
  83         portSecurityRule = mock(NeutronSecurityRule.class);
  84         when(portSecurityRule.getSecurityRuleEthertype()).thenReturn("IPv4");
  85         when(portSecurityRule.getSecurityRuleDirection()).thenReturn("egress");
  86
  87         List<NeutronSecurityRule> portSecurityList = new ArrayList();
  88         portSecurityList.add(portSecurityRule);
  89
  90         when(securityGroup.getSecurityRules()).thenReturn(portSecurityList);
  91     }
  92
  93     /**
  94      * Rule 1: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (True), IP Prefix (True)
  95      */
  96     @Test
  97     public void testProgramPortSecurityACLRule1() throws Exception {
  98         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
  99         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(1);
 100         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
 101         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
 102
 103         egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
 104         verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 105         verify(egressAclServiceSpy, times(1)).egressACLTcpPortWithPrefix(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyString(), anyInt());
 106         verify(readWriteTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 107         verify(readWriteTransaction, times(2)).submit();
 108         verify(commitFuture, times(2)).get();
 109     }
 110
 111     /**
 112      * Rule 2: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (False), IP Prefix (True)
 113      */
 114     @Test
 115     public void testProgramPortSecurityACLRule2() throws Exception {
 116         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 117         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 118         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
 119         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
 120
 121         egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
 122         verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 123         verify(egressAclServiceSpy, times(1)).egressACLTcpPortWithPrefix(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyString(), anyInt());
 124         verify(readWriteTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 125         verify(readWriteTransaction, times(2)).submit();
 126         verify(commitFuture, times(2)).get();
 127     }
 128
 129     /**
 130      * Rule 3: TCP Proto (True), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (True)
 131      */
 132     @Test
 133     public void testProgramPortSecurityACLRule3() throws Exception {
 134         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 135         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 136         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
 137         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
 138
 139         egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
 140         verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 141         verify(egressAclServiceSpy, times(1)).egressACLPermitAllProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
 142         verify(readWriteTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 143         verify(readWriteTransaction, times(2)).submit();
 144         verify(commitFuture, times(2)).get();
 145     }
 146
 147     /**
 148      * Rule 4: TCP Proto (False), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (True)
 149      */
 150     @Test
 151     public void testProgramPortSecurityACLRule4() throws Exception {
 152         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
 153         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 154         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
 155         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
 156
 157         egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
 158         verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 159         verify(egressAclServiceSpy, times(1)).egressACLPermitAllProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
 160         verify(readWriteTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 161         verify(readWriteTransaction, times(2)).submit();
 162         verify(commitFuture, times(2)).get();
 163     }
 164
 165     /**
 166      * Rule 5: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (True), IP Prefix (False)
 167      */
 168     @Test
 169     public void testProgramPortSecurityACLRule5() throws Exception {
 170         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 171         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(1);
 172         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
 173         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
 174
 175         egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
 176         verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 177         verify(egressAclServiceSpy, times(1)).egressACLTcpSyn(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyInt());
 178         verify(readWriteTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 179         verify(readWriteTransaction, times(2)).submit();
 180         verify(commitFuture, times(2)).get();
 181     }
 182
 183     /**
 184      * Rule 6: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (False), IP Prefix (False)
 185      */
 186     @Test
 187     public void testProgramPortSecurityACLRule6() throws Exception {
 188         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 189         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 190         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
 191         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
 192
 193         egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
 194         verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 195         verify(egressAclServiceSpy, times(1)).egressACLTcpSyn(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyInt());
 196         verify(readWriteTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 197         verify(readWriteTransaction, times(2)).submit();
 198         verify(commitFuture, times(2)).get();
 199     }
 200
 201     /**
 202      * Rule 7: TCP Proto (True), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (False or 0.0.0.0/0)
 203      */
 204     @Test
 205     public void testProgramPortSecurityACLRule7() throws Exception {
 206         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 207         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 208         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
 209         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
 210
 211         egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
 212         verify(egressAclServiceSpy, times(1)).egressAllowProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
 213         verify(readWriteTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 214         verify(readWriteTransaction, times(1)).submit();
 215         verify(commitFuture, times(1)).get();
 216     }
 217
 218     /**
 219      * Test method {@link EgressAclService#egressACLDefaultTcpDrop(Long, String, String, int, boolean)}
 220      */
 221     @Test
 222     public void testEgressACLDefaultTcpDrop() throws Exception {
 223         egressAclService.egressACLDefaultTcpDrop(Long.valueOf(123), "2", MAC_ADDRESS, 1, true);
 224         verify(readWriteTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 225         verify(readWriteTransaction, times(1)).submit();
 226         verify(commitFuture, times(1)).get();
 227
 228         egressAclService.egressACLDefaultTcpDrop(Long.valueOf(123), "2", MAC_ADDRESS, 1, false);
 229         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 230         verify(readWriteTransaction, times(1)).submit();
 231         verify(commitFuture, times(2)).get(); // 1 + 1 above
 232     }
 233
 234     /**
 235      * Test method {@link EgressAclService#egressACLTcpPortWithPrefix(Long, String, String, boolean, Integer, String, Integer)}
 236      */
 237     @Test
 238     public void testEgressACLTcpPortWithPrefix() throws Exception {
 239         egressAclService.egressACLTcpPortWithPrefix(Long.valueOf(123), "2", MAC_ADDRESS, true, 1, HOST_ADDRESS, 1);
 240         verify(readWriteTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 241         verify(readWriteTransaction, times(1)).submit();
 242         verify(commitFuture, times(1)).get();
 243
 244         egressAclService.egressACLTcpPortWithPrefix(Long.valueOf(123), "2", MAC_ADDRESS, false, 1, HOST_ADDRESS, 1);
 245         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 246         verify(readWriteTransaction, times(1)).submit();
 247         verify(commitFuture, times(2)).get(); // 1 + 1 above
 248     }
 249
 250     /**
 251      * Test method {@link EgressAclService#egressAllowProto(Long, String, String, boolean, String, Integer)}
 252      */
 253     @Test
 254     public void testEgressAllowProto() throws Exception {
 255         egressAclService.egressAllowProto(Long.valueOf(123), "2", MAC_ADDRESS, true, HOST_ADDRESS, 1);
 256         verify(readWriteTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 257         verify(readWriteTransaction, times(1)).submit();
 258         verify(commitFuture, times(1)).get();
 259
 260         egressAclService.egressAllowProto(Long.valueOf(123), "2", MAC_ADDRESS, false, HOST_ADDRESS, 1);
 261         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 262         verify(readWriteTransaction, times(1)).submit();
 263         verify(commitFuture, times(2)).get(); // 1 + 1 above
 264     }
 265
 266     /**
 267      * Test method {@link EgressAclService#egressACLPermitAllProto(Long, String, String, boolean, String, Integer)}
 268      */
 269     @Test
 270     public void testEgressACLPermitAllProto() throws Exception {
 271         egressAclService.egressACLPermitAllProto(Long.valueOf(123), "2", MAC_ADDRESS, true, HOST_ADDRESS, 1);
 272         verify(readWriteTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 273         verify(readWriteTransaction, times(1)).submit();
 274         verify(commitFuture, times(1)).get();
 275
 276         egressAclService.egressACLPermitAllProto(Long.valueOf(123), "2", MAC_ADDRESS, false, HOST_ADDRESS, 1);
 277         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 278         verify(readWriteTransaction, times(1)).submit();
 279         verify(commitFuture, times(2)).get(); // 1 + 1 above
 280     }
 281
 282     /**
 283      * Test method {@link EgressAclService#egressACLTcpSyn(Long, String, String, boolean, Integer, Integer)}
 284      */
 285     @Test
 286     public void testEgressACLTcpSyn() throws Exception {
 287         egressAclService.egressACLTcpSyn(Long.valueOf(123), "2", MAC_ADDRESS, true, 1, 1);
 288         verify(readWriteTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 289         verify(readWriteTransaction, times(1)).submit();
 290         verify(commitFuture, times(1)).get();
 291
 292         egressAclService.egressACLTcpSyn(Long.valueOf(123), "2", MAC_ADDRESS, false, 1, 1);
 293         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 294         verify(readWriteTransaction, times(1)).submit();
 295         verify(commitFuture, times(2)).get(); // 1 + 1 above
 296     }
 297 }