2 * Copyright (c) 2015 Inocybe and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
9 package org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.services;
11 import static org.mockito.Matchers.any;
12 import static org.mockito.Matchers.anyBoolean;
13 import static org.mockito.Matchers.eq;
14 import static org.mockito.Mockito.mock;
15 import static org.mockito.Mockito.times;
16 import static org.mockito.Mockito.verify;
17 import static org.mockito.Mockito.when;
19 import java.util.ArrayList;
20 import java.util.List;
22 import org.junit.Assert;
23 import org.junit.Before;
24 import org.junit.Test;
25 import org.junit.runner.RunWith;
26 import org.mockito.InjectMocks;
27 import org.mockito.Mock;
28 import org.mockito.invocation.InvocationOnMock;
29 import org.mockito.stubbing.Answer;
30 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
31 import org.opendaylight.controller.md.sal.binding.api.WriteTransaction;
32 import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
33 import org.opendaylight.controller.md.sal.common.api.data.TransactionCommitFailedException;
34 import org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronSecurityGroup;
35 import org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronSecurityRule;
36 import org.opendaylight.ovsdb.openstack.netvirt.translator.Neutron_IPs;
37 import org.opendaylight.ovsdb.openstack.netvirt.api.Constants;
38 import org.opendaylight.ovsdb.openstack.netvirt.api.SecurityServicesManager;
39 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.PipelineOrchestrator;
40 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.Service;
41 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.inventory.rev130819.tables.table.FlowBuilder;
42 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.nodes.Node;
43 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.nodes.NodeBuilder;
44 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.Match;
45 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.EthernetMatch;
46 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.Icmpv4Match;
47 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._4.match.TcpMatch;
48 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._4.match.UdpMatch;
49 import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
50 import org.powermock.api.mockito.PowerMockito;
51 import org.powermock.modules.junit4.PowerMockRunner;
53 import com.google.common.util.concurrent.CheckedFuture;
55 * Unit test for {@link EgressAclService}
57 @RunWith(PowerMockRunner.class)
58 @SuppressWarnings("unchecked")
59 public class EgressAclServiceTest {
61 @InjectMocks private EgressAclService egressAclService = new EgressAclService();
62 private EgressAclService egressAclServiceSpy;
64 @Mock private DataBroker dataBroker;
65 @Mock private PipelineOrchestrator orchestrator;
67 @Mock private WriteTransaction writeTransaction;
68 @Mock private CheckedFuture<Void, TransactionCommitFailedException> commitFuture;
70 @Mock private NeutronSecurityGroup securityGroup;
71 @Mock private NeutronSecurityRule portSecurityRule;
73 @Mock private SecurityServicesManager securityServices;
75 private Neutron_IPs neutron_ip_src;
76 private Neutron_IPs neutron_ip_dest_1;
77 private Neutron_IPs neutron_ip_dest_2;
78 private List<Neutron_IPs> neutronSrcIpList = new ArrayList<Neutron_IPs>();
79 private List<Neutron_IPs> neutronDestIpList = new ArrayList<Neutron_IPs>();
80 private static final String HOST_ADDRESS = "127.0.0.1/32";
81 private static final String MAC_ADDRESS = "87:1D:5E:02:40:B7";
82 private static final String SRC_IP = "192.168.0.1";
83 private static final String DEST_IP_1 = "192.169.0.1";
84 private static final String DEST_IP_2 = "192.169.0.2";
85 private static final String DEST_IP_1_WITH_MASK = "192.169.0.1/32";
86 private static final String DEST_IP_2_WITH_MASK = "192.169.0.2/32";
87 private static final String SECURITY_GROUP_UUID = "85cc3048-abc3-43cc-89b3-377341426ac5";
88 private static final String SEGMENT_ID = "2";
89 private static final Long DP_ID_LONG = (long) 1554;
90 private static final Long LOCAL_PORT = (long) 124;
91 private static final int PORT_RANGE_MIN = 1;
92 private static final int PORT_RANGE_MAX = 65535;
93 private static FlowBuilder flowBuilder;
94 private static NodeBuilder nodeBuilder;
96 private static Answer<Object> answer() {
97 return new Answer<Object>() {
99 public CheckedFuture<Void, TransactionCommitFailedException> answer(InvocationOnMock invocation)
101 flowBuilder = (FlowBuilder) invocation.getArguments()[0];
102 nodeBuilder = (NodeBuilder) invocation.getArguments()[1];
109 public void setUp() {
110 egressAclServiceSpy = PowerMockito.spy(egressAclService);
112 when(writeTransaction.submit()).thenReturn(commitFuture);
114 when(dataBroker.newWriteOnlyTransaction()).thenReturn(writeTransaction);
116 when(orchestrator.getNextServiceInPipeline(any(Service.class))).thenReturn(Service.ARP_RESPONDER);
118 portSecurityRule = mock(NeutronSecurityRule.class);
120 when(portSecurityRule.getSecurityRuleEthertype()).thenReturn("IPv4");
121 when(portSecurityRule.getSecurityRuleDirection()).thenReturn("egress");
123 List<NeutronSecurityRule> portSecurityList = new ArrayList<NeutronSecurityRule>();
124 portSecurityList.add(portSecurityRule);
126 neutron_ip_src = new Neutron_IPs();
127 neutron_ip_src.setIpAddress(SRC_IP);
128 neutronSrcIpList.add(neutron_ip_src);
130 neutron_ip_dest_1 = new Neutron_IPs();
131 neutron_ip_dest_1.setIpAddress(DEST_IP_1);
132 neutronDestIpList.add(neutron_ip_dest_1);
134 neutron_ip_dest_2 = new Neutron_IPs();
135 neutron_ip_dest_2.setIpAddress(DEST_IP_2);
136 neutronDestIpList.add(neutron_ip_dest_2);
138 when(securityGroup.getSecurityRules()).thenReturn(portSecurityList);
139 when(securityServices.getVmListForSecurityGroup(neutronSrcIpList, SECURITY_GROUP_UUID)).thenReturn(neutronDestIpList);
143 * Rule 1: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (True), IP Prefix (True)
146 public void testProgramPortSecurityACLRule1() throws Exception {
147 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
148 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(1);
149 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
150 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
152 egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
153 verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
154 verify(egressAclServiceSpy, times(1)).egressACLTcpPortWithPrefix(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyString(), anyInt());
155 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
156 verify(writeTransaction, times(2)).submit();
157 verify(commitFuture, times(2)).get();
161 * Rule 2: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (False), IP Prefix (True)
164 public void testProgramPortSecurityACLRule2() throws Exception {
165 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
166 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
167 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
168 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
170 egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
171 verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
172 verify(egressAclServiceSpy, times(1)).egressACLTcpPortWithPrefix(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyString(), anyInt());
173 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
174 verify(writeTransaction, times(2)).submit();
175 verify(commitFuture, times(2)).get();
179 * Rule 3: TCP Proto (True), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (True)
182 public void testProgramPortSecurityACLRule3() throws Exception {
183 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
184 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
185 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
186 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
188 egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
189 verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
190 verify(egressAclServiceSpy, times(1)).egressACLPermitAllProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
191 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
192 verify(writeTransaction, times(2)).submit();
193 verify(commitFuture, times(2)).get();
197 * Rule 4: TCP Proto (False), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (True)
200 public void testProgramPortSecurityACLRule4() throws Exception {
201 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
202 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
203 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
204 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
206 egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
207 verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
208 verify(egressAclServiceSpy, times(1)).egressACLPermitAllProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
209 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
210 verify(writeTransaction, times(2)).submit();
211 verify(commitFuture, times(2)).get();
215 * Rule 5: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (True), IP Prefix (False)
218 public void testProgramPortSecurityACLRule5() throws Exception {
219 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
220 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(1);
221 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
222 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
224 egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
225 verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
226 verify(egressAclServiceSpy, times(1)).egressACLTcpSyn(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyInt());
227 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
228 verify(writeTransaction, times(2)).submit();
229 verify(commitFuture, times(2)).get();
233 * Rule 6: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (False), IP Prefix (False)
236 public void testProgramPortSecurityACLRule6() throws Exception {
237 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
238 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
239 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
240 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
242 egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
243 verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
244 verify(egressAclServiceSpy, times(1)).egressACLTcpSyn(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyInt());
245 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
246 verify(writeTransaction, times(2)).submit();
247 verify(commitFuture, times(2)).get();
251 * Rule 7: TCP Proto (True), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (False or 0.0.0.0/0)
254 public void testProgramPortSecurityACLRule7() throws Exception {
255 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
256 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
257 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
258 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
260 egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
261 verify(egressAclServiceSpy, times(1)).egressAllowProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
262 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
263 verify(writeTransaction, times(1)).submit();
264 verify(commitFuture, times(1)).get();
268 * Test method {@link EgressAclService#egressACLDefaultTcpDrop(Long, String, String, int, boolean)}
271 public void testEgressACLDefaultTcpDrop() throws Exception {
272 egressAclService.egressACLDefaultTcpDrop(Long.valueOf(123), "2", MAC_ADDRESS, 1, true);
273 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
274 verify(writeTransaction, times(1)).submit();
275 verify(commitFuture, times(1)).get();
277 egressAclService.egressACLDefaultTcpDrop(Long.valueOf(123), "2", MAC_ADDRESS, 1, false);
278 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
279 verify(writeTransaction, times(2)).submit();
280 verify(commitFuture, times(2)).get(); // 1 + 1 above
284 * Test IPv4 add test case.
287 public void testProgramPortSecurityACLRuleAddIpv4() throws Exception {
288 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
289 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
290 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
291 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
293 egressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,true);
295 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
296 verify(writeTransaction, times(1)).submit();
297 verify(commitFuture, times(1)).get();
301 * Test IPv4 remove test case.
304 public void testProgramPortSecurityACLRuleRemoveIpv4() throws Exception {
305 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
306 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
307 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
308 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
310 egressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false);
311 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
312 verify(writeTransaction, times(1)).submit();
313 verify(commitFuture, times(1)).get();
317 * Test TCP add with port no and CIDR selected.
320 public void testProgramPortSecurityACLRuleAddTcp1() throws Exception {
321 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
322 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(20);
323 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(20);
324 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
325 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
326 any(NodeBuilder.class));
327 egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
328 neutronSrcIpList, true);
330 Match match = flowBuilder.getMatch();
331 EthernetMatch ethMatch = match.getEthernetMatch();
332 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
334 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
335 TcpMatch layer4Match=(TcpMatch) match.getLayer4Match();
336 Assert.assertEquals(20, layer4Match.getTcpDestinationPort().getValue().intValue());
337 int port=portSecurityRule.getSecurityRulePortMin();
338 Assert.assertEquals("Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
339 "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
343 * Test TCP remove with port no and CIDR selected.
346 public void testProgramPortSecurityACLRuleRemoveTcp1() throws Exception {
347 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
348 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(30);
349 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(30);
350 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
351 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
352 any(NodeBuilder.class));
354 egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
355 neutronSrcIpList, false);
357 Match match = flowBuilder.getMatch();
358 EthernetMatch ethMatch = match.getEthernetMatch();
359 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
361 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
362 TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
363 Assert.assertEquals(30, layer4Match.getTcpDestinationPort().getValue().intValue());
364 int port=portSecurityRule.getSecurityRulePortMin();
365 Assert.assertEquals("Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
366 "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
370 * Test TCP add with port no and remote SG selected.
373 public void testProgramPortSecurityACLRuleAddTcp2() throws Exception {
374 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
375 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(40);
376 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(40);
377 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
378 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
379 any(NodeBuilder.class));
380 egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
381 neutronSrcIpList, true);
383 Match match = flowBuilder.getMatch();
384 EthernetMatch ethMatch = match.getEthernetMatch();
385 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
387 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
388 TcpMatch layer4Match=(TcpMatch) match.getLayer4Match();
389 int port=portSecurityRule.getSecurityRulePortMin();
390 String expectedFlowId1 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + DEST_IP_1 +
392 String expectedFlowId2 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + DEST_IP_2 +
394 String actualFlowId = flowBuilder.getFlowName();
395 if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
396 Assert.assertTrue(true);
398 Assert.assertTrue(false);
403 * Test TCP remove with port no and remote SG selected.
406 public void testProgramPortSecurityACLRuleRemoveTcp2() throws Exception {
407 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
408 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
409 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
410 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
411 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
412 any(NodeBuilder.class));
414 egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
415 neutronSrcIpList, false);
417 Match match = flowBuilder.getMatch();
418 EthernetMatch ethMatch = match.getEthernetMatch();
419 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
421 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
422 TcpMatch layer4Match=(TcpMatch) match.getLayer4Match();
423 int port=portSecurityRule.getSecurityRulePortMin();
424 String expectedFlowId1 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_1 +
426 String expectedFlowId2 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_2 +
428 String actualFlowId = flowBuilder.getFlowName();
429 if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
430 Assert.assertTrue(true);
432 Assert.assertTrue(false);
437 * Test TCP add with port range (All TCP) and CIDR selected.
440 public void testProgramPortSecurityACLRuleAddTcpAll1() throws Exception {
441 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
442 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
443 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
444 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
445 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
446 any(NodeBuilder.class));
447 egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
448 neutronSrcIpList, true);
450 Match match = flowBuilder.getMatch();
451 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
452 TcpMatch layer4Match=(TcpMatch) match.getLayer4Match();
453 EthernetMatch ethMatch = match.getEthernetMatch();
454 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
458 * Test TCP remove with port range (All TCP) and CIDR selected.
461 public void testProgramPortSecurityACLRuleRemoveTcpAll1() throws Exception {
462 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
463 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
464 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
465 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
466 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
467 any(NodeBuilder.class));
469 egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
470 neutronSrcIpList, false);
472 Match match = flowBuilder.getMatch();
473 EthernetMatch ethMatch = match.getEthernetMatch();
474 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
476 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
477 Assert.assertEquals("Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
478 PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
482 * Test TCP add with port range (All TCP) and remote SG selected.
485 public void testProgramPortSecurityACLRuleAddTcpAll2() throws Exception {
486 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
487 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
488 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
489 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
490 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
491 any(NodeBuilder.class));
492 egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
493 neutronSrcIpList, true);
495 Match match = flowBuilder.getMatch();
496 EthernetMatch ethMatch = match.getEthernetMatch();
497 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
499 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
500 String expectedFlowId1 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
501 PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
502 String expectedFlowId2 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
503 PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
504 String actualFlowId = flowBuilder.getFlowName();
505 if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
506 Assert.assertTrue(true);
508 Assert.assertTrue(false);
513 * Test TCP remove with port range (All TCP) and remote SG selected.
516 public void testProgramPortSecurityACLRuleRemoveTcpAll2() throws Exception {
517 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
518 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
519 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
520 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
521 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
522 any(NodeBuilder.class));
524 egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
525 neutronSrcIpList, false);
527 Match match = flowBuilder.getMatch();
528 EthernetMatch ethMatch = match.getEthernetMatch();
529 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
531 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
532 String expectedFlowId1 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
533 PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
534 String expectedFlowId2 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
535 PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
536 String actualFlowId = flowBuilder.getFlowName();
537 if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
538 Assert.assertTrue(true);
540 Assert.assertTrue(false);
545 * Test UDP add with port no and CIDR selected.
548 public void testProgramPortSecurityACLRuleAddUdp1() throws Exception {
549 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
550 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
551 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
552 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
553 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
554 any(NodeBuilder.class));
555 egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
556 neutronSrcIpList, true);
558 Match match = flowBuilder.getMatch();
559 EthernetMatch ethMatch = match.getEthernetMatch();
560 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
562 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
563 UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
564 Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
565 int port = portSecurityRule.getSecurityRulePortMin();
566 Assert.assertEquals("Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
567 "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
571 * Test UDP remove with port no and CIDR selected.
574 public void testProgramPortSecurityACLRuleRemoveUdp1() throws Exception {
575 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
576 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
577 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
578 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
579 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
580 any(NodeBuilder.class));
581 egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
582 neutronSrcIpList, false);
584 Match match = flowBuilder.getMatch();
585 EthernetMatch ethMatch = match.getEthernetMatch();
586 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
588 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
589 UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
590 Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
591 int port = portSecurityRule.getSecurityRulePortMin();
592 Assert.assertEquals("Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
593 "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
597 * Test UDP add with port no and remote SG selected.
600 public void testProgramPortSecurityACLRuleAddUdp2() throws Exception {
601 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
602 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
603 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
604 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
605 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
606 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
607 any(NodeBuilder.class));
608 egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
609 neutronSrcIpList, true);
611 Match match = flowBuilder.getMatch();
612 EthernetMatch ethMatch = match.getEthernetMatch();
613 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
615 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
616 UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
617 Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
618 int port = portSecurityRule.getSecurityRulePortMin();
619 String expectedFlowId1 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + DEST_IP_1 +
621 String expectedFlowId2 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + DEST_IP_2 +
623 String actualFlowId = flowBuilder.getFlowName();
624 if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
625 Assert.assertTrue(true);
627 Assert.assertTrue(false);
632 * Test UDP remove with port no and remote SG selected.
635 public void testProgramPortSecurityACLRuleRemoveUdp2() throws Exception {
636 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
637 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
638 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
639 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
640 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
641 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
642 any(NodeBuilder.class));
643 egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
644 neutronSrcIpList, false);
646 Match match = flowBuilder.getMatch();
647 EthernetMatch ethMatch = match.getEthernetMatch();
648 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
650 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
651 UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
652 Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
653 int port = portSecurityRule.getSecurityRulePortMin();
654 String expectedFlowId1 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + DEST_IP_1 +
656 String expectedFlowId2 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + DEST_IP_2 +
658 String actualFlowId = flowBuilder.getFlowName();
659 if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
660 Assert.assertTrue(true);
662 Assert.assertTrue(false);
668 * Test UDP add with port (All UDP) and CIDR selected.
671 public void testProgramPortSecurityACLRuleAddUdpAll1() throws Exception {
672 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
673 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
674 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
675 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
676 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
677 any(NodeBuilder.class));
678 egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
679 neutronSrcIpList, true);
681 Match match = flowBuilder.getMatch();
682 EthernetMatch ethMatch = match.getEthernetMatch();
683 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
685 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
686 Assert.assertEquals("Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
687 PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
691 * Test UDP remove with port (All UDP) and CIDR selected.
694 public void testProgramPortSecurityACLRuleRemoveUdpAll1() throws Exception {
695 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
696 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
697 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
698 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
699 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
700 any(NodeBuilder.class));
701 egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
702 neutronSrcIpList, false);
704 Match match = flowBuilder.getMatch();
705 EthernetMatch ethMatch = match.getEthernetMatch();
706 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
708 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
709 Assert.assertEquals("Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
710 PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
714 * Test UDP add with port (All UDP) and remote SG selected.
717 public void testProgramPortSecurityACLRuleAddUdpAll2() throws Exception {
718 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
719 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
720 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
721 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
722 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
723 any(NodeBuilder.class));
724 egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
725 neutronSrcIpList, true);
727 Match match = flowBuilder.getMatch();
728 EthernetMatch ethMatch = match.getEthernetMatch();
729 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
731 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
732 String expectedFlowId1 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
733 PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
734 String expectedFlowId2 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
735 PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
736 String actualFlowId = flowBuilder.getFlowName();
737 if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
738 Assert.assertTrue(true);
740 Assert.assertTrue(false);
745 * Test UDP remove with port (All UDP) and remote SG selected.
748 public void testProgramPortSecurityACLRuleRemoveUdpAll2() throws Exception {
749 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
750 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
751 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
752 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
753 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
754 any(NodeBuilder.class));
755 egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
756 neutronSrcIpList, false);
758 Match match = flowBuilder.getMatch();
759 EthernetMatch ethMatch = match.getEthernetMatch();
760 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
762 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
763 String expectedFlowId1 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
764 PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
765 String expectedFlowId2 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
766 PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
767 String actualFlowId = flowBuilder.getFlowName();
768 if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
769 Assert.assertTrue(true);
771 Assert.assertTrue(false);
776 * Test ICMP add with code, type and CIDR selected.
779 public void testProgramPortSecurityACLRuleAddIcmp1() throws Exception {
780 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
781 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(10);
782 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(10);
783 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
784 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
785 any(NodeBuilder.class));
787 egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
788 neutronSrcIpList, true);
790 Match match = flowBuilder.getMatch();
791 Icmpv4Match icmpv4Match = match.getIcmpv4Match();
792 Assert.assertEquals(10, icmpv4Match.getIcmpv4Type().shortValue());
793 Assert.assertEquals(10, icmpv4Match.getIcmpv4Code().shortValue());
794 EthernetMatch ethMatch = match.getEthernetMatch();
795 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
796 Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
797 Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
798 Assert.assertEquals("Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
799 "_" + type + "_" + code + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
803 * Test ICMP remove with code, type and CIDR selected.
806 public void testProgramPortSecurityACLRuleRemoveIcmp1() throws Exception {
807 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
808 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(20);
809 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(20);
810 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
811 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
812 any(NodeBuilder.class));
814 egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
815 neutronSrcIpList, false);
817 Match match = flowBuilder.getMatch();
818 Icmpv4Match icmpv4Match = match.getIcmpv4Match();
819 Assert.assertEquals(20, icmpv4Match.getIcmpv4Type().shortValue());
820 Assert.assertEquals(20, icmpv4Match.getIcmpv4Code().shortValue());
821 EthernetMatch ethMatch = match.getEthernetMatch();
822 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
823 Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
824 Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
825 Assert.assertEquals("Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
826 "_" + type + "_" + code + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
830 * Test ICMP add with code, type and remote SG selected.
833 public void testProgramPortSecurityACLRuleAddIcmp2() throws Exception {
834 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
835 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(30);
836 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(30);
837 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
838 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
839 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
840 any(NodeBuilder.class));
842 egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
843 neutronSrcIpList, true);
845 Match match = flowBuilder.getMatch();
846 Icmpv4Match icmpv4Match = match.getIcmpv4Match();
847 Assert.assertEquals(30, icmpv4Match.getIcmpv4Type().shortValue());
848 Assert.assertEquals(30, icmpv4Match.getIcmpv4Code().shortValue());
849 EthernetMatch ethMatch = match.getEthernetMatch();
850 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
851 Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
852 Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
853 String expectedFlowId1 = "Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code + "_"
854 + DEST_IP_1 + "_Permit";
855 String expectedFlowId2 = "Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code + "_"
856 + DEST_IP_2 + "_Permit";
857 String actualFlowId = flowBuilder.getFlowName();
858 if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
859 Assert.assertTrue(true);
861 Assert.assertTrue(false);
866 * Test ICMP remove with code, type and remote SG selected.
869 public void testProgramPortSecurityACLRuleRemoveIcmp2() throws Exception {
870 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
871 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(40);
872 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(40);
873 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
874 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
875 any(NodeBuilder.class));
877 egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
878 neutronSrcIpList, false);
880 Match match = flowBuilder.getMatch();
881 Icmpv4Match icmpv4Match = match.getIcmpv4Match();
882 Assert.assertEquals(40, icmpv4Match.getIcmpv4Type().shortValue());
883 Assert.assertEquals(40, icmpv4Match.getIcmpv4Code().shortValue());
884 EthernetMatch ethMatch = match.getEthernetMatch();
885 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
886 Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
887 Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
888 String expectedFlowId1 = "Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code + "_"
889 + DEST_IP_1 + "_Permit";
890 String expectedFlowId2 = "Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code + "_"
891 + DEST_IP_2 + "_Permit";
892 String actualFlowId = flowBuilder.getFlowName();
893 if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
894 Assert.assertTrue(true);
896 Assert.assertTrue(false);
901 * Test IPv4 invalid ether type test case.
904 public void testProgramPortSecurityACLRuleInvalidEther() throws Exception {
905 when(portSecurityRule.getSecurityRuleEthertype()).thenReturn("IPV6");
907 egressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false);
909 verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
910 verify(writeTransaction, times(0)).submit();
911 verify(commitFuture, times(0)).get();
915 * Test IPv4 invalid direction type test case.
918 public void testProgramPortSecurityACLRuleInvalidDirection() throws Exception {
919 when(portSecurityRule.getSecurityRuleDirection()).thenReturn("ingress");
921 egressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false);
923 verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
924 verify(writeTransaction, times(0)).submit();
925 verify(commitFuture, times(0)).get();
929 * Test With isLastPortInBridge false isComputeNode false
932 public void testProgramFixedSecurityACLAdd1() throws Exception {
933 egressAclServiceSpy.programFixedSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, false, false, true);
935 verify(writeTransaction, times(0)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
936 verify(writeTransaction, times(0)).submit();
937 verify(commitFuture, times(0)).get();
940 * Test With isLastPortInBridge false isComputeNode false
943 public void testProgramFixedSecurityACLRemove1() throws Exception {
945 egressAclServiceSpy.programFixedSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, false, false, false);
947 verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
948 verify(writeTransaction, times(0)).submit();
949 verify(commitFuture, times(0)).get();
953 * Test With isLastPortInBridge false isComputeNode true
956 public void testProgramFixedSecurityACLAdd2() throws Exception {
958 egressAclServiceSpy.programFixedSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, false, true, true);
960 verify(writeTransaction, times(6)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
961 verify(writeTransaction, times(3)).submit();
962 verify(commitFuture, times(3)).get();
966 * Test With isLastPortInBridge false isComputeNode true
969 public void testProgramFixedSecurityACLRemove2() throws Exception {
971 egressAclServiceSpy.programFixedSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, false, true, false);
973 verify(writeTransaction, times(3)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
974 verify(writeTransaction, times(3)).submit();
975 verify(commitFuture, times(3)).get();
979 * Test With isLastPortInBridge true isComputeNode false
982 public void testProgramFixedSecurityACLAdd3() throws Exception {
984 egressAclServiceSpy.programFixedSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, true, false, true);
986 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
987 verify(writeTransaction, times(1)).submit();
988 verify(commitFuture, times(1)).get();
992 * Test With isLastPortInBridge true isComputeNode false
995 public void testProgramFixedSecurityACLRemove3() throws Exception {
997 egressAclServiceSpy.programFixedSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, true, false, false);
999 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1000 verify(writeTransaction, times(1)).submit();
1001 verify(commitFuture, times(1)).get();
1005 * Test With isLastPortInBridge true isComputeNode true
1008 public void testProgramFixedSecurityACLAdd4() throws Exception {
1010 egressAclServiceSpy.programFixedSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, true, true, true);
1012 verify(writeTransaction, times(8)).put(any(LogicalDatastoreType.class),
1013 any(InstanceIdentifier.class), any(Node.class), eq(true));
1014 verify(writeTransaction, times(4)).submit();
1015 verify(commitFuture, times(4)).get();
1019 * Test With isLastPortInBridge true isComputeNode true
1022 public void testProgramFixedSecurityACLRemove4() throws Exception {
1024 egressAclServiceSpy.programFixedSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, true, true, false);
1026 verify(writeTransaction, times(4)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1027 verify(writeTransaction, times(4)).submit();
1028 verify(commitFuture, times(4)).get();
1032 * Test method {@link EgressAclService#egressACLTcpPortWithPrefix(Long, String, String, boolean, Integer, String, Integer)}
1035 public void testEgressACLTcpPortWithPrefix() throws Exception {
1036 egressAclService.egressACLTcpPortWithPrefix(Long.valueOf(123), "2", MAC_ADDRESS, true, 1, HOST_ADDRESS, 1);
1037 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
1038 verify(writeTransaction, times(1)).submit();
1039 verify(commitFuture, times(1)).get();
1041 egressAclService.egressACLTcpPortWithPrefix(Long.valueOf(123), "2", MAC_ADDRESS, false, 1, HOST_ADDRESS, 1);
1042 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1043 verify(writeTransaction, times(2)).submit();
1044 verify(commitFuture, times(2)).get(); // 1 + 1 above
1048 * Test method {@link EgressAclService#egressAllowProto(Long, String, String, boolean, String, Integer)}
1051 public void testEgressAllowProto() throws Exception {
1052 egressAclService.egressAllowProto(Long.valueOf(123), "2", MAC_ADDRESS, true, HOST_ADDRESS, 1);
1053 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
1054 verify(writeTransaction, times(1)).submit();
1055 verify(commitFuture, times(1)).get();
1057 egressAclService.egressAllowProto(Long.valueOf(123), "2", MAC_ADDRESS, false, HOST_ADDRESS, 1);
1058 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1059 verify(writeTransaction, times(2)).submit();
1060 verify(commitFuture, times(2)).get(); // 1 + 1 above
1064 * Test method {@link EgressAclService#egressACLPermitAllProto(Long, String, String, boolean, String, Integer)}
1067 public void testEgressACLPermitAllProto() throws Exception {
1068 egressAclService.egressACLPermitAllProto(Long.valueOf(123), "2", MAC_ADDRESS, true, HOST_ADDRESS, 1);
1069 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
1070 verify(writeTransaction, times(1)).submit();
1071 verify(commitFuture, times(1)).get();
1073 egressAclService.egressACLPermitAllProto(Long.valueOf(123), "2", MAC_ADDRESS, false, HOST_ADDRESS, 1);
1074 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1075 verify(writeTransaction, times(2)).submit();
1076 verify(commitFuture, times(2)).get(); // 1 + 1 above
1080 * Test method {@link EgressAclService#egressACLTcpSyn(Long, String, String, boolean, Integer, Integer)}
1083 public void testEgressACLTcpSyn() throws Exception {
1084 egressAclService.egressACLTcpSyn(Long.valueOf(123), "2", MAC_ADDRESS, true, 1, 1);
1085 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
1086 verify(writeTransaction, times(1)).submit();
1087 verify(commitFuture, times(1)).get();
1089 egressAclService.egressACLTcpSyn(Long.valueOf(123), "2", MAC_ADDRESS, false, 1, 1);
1090 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1091 verify(writeTransaction, times(2)).submit();
1092 verify(commitFuture, times(2)).get(); // 1 + 1 above