openstack/net-virt-providers/src/test/java/org/opendaylight/ovsdb/openstack/netvirt/providers/openflow13/services/EgressAclServiceTest.java

   1 /*
   2  * Copyright (c) 2015 Inocybe and others.  All rights reserved.
   3  *
   4  * This program and the accompanying materials are made available under the
   5  * terms of the Eclipse Public License v1.0 which accompanies this distribution,
   6  * and is available at http://www.eclipse.org/legal/epl-v10.html
   7  */
   8
   9 package org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.services;
  10
  11 import static org.mockito.Matchers.any;
  12 import static org.mockito.Matchers.anyBoolean;
  13 import static org.mockito.Matchers.eq;
  14 import static org.mockito.Mockito.mock;
  15 import static org.mockito.Mockito.times;
  16 import static org.mockito.Mockito.verify;
  17 import static org.mockito.Mockito.when;
  18
  19 import java.util.ArrayList;
  20 import java.util.List;
  21
  22 import org.junit.Assert;
  23 import org.junit.Before;
  24 import org.junit.Test;
  25 import org.junit.runner.RunWith;
  26 import org.mockito.InjectMocks;
  27 import org.mockito.Mock;
  28 import org.mockito.invocation.InvocationOnMock;
  29 import org.mockito.stubbing.Answer;
  30 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
  31 import org.opendaylight.controller.md.sal.binding.api.WriteTransaction;
  32 import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
  33 import org.opendaylight.controller.md.sal.common.api.data.TransactionCommitFailedException;
  34 import org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronSecurityGroup;
  35 import org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronSecurityRule;
  36 import org.opendaylight.ovsdb.openstack.netvirt.translator.Neutron_IPs;
  37 import org.opendaylight.ovsdb.openstack.netvirt.api.Constants;
  38 import org.opendaylight.ovsdb.openstack.netvirt.api.SecurityServicesManager;
  39 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.PipelineOrchestrator;
  40 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.Service;
  41 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.inventory.rev130819.tables.table.FlowBuilder;
  42 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.nodes.Node;
  43 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.nodes.NodeBuilder;
  44 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.Match;
  45 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.EthernetMatch;
  46 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.Icmpv4Match;
  47 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._4.match.TcpMatch;
  48 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._4.match.UdpMatch;
  49 import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
  50 import org.powermock.api.mockito.PowerMockito;
  51 import org.powermock.modules.junit4.PowerMockRunner;
  52
  53 import com.google.common.util.concurrent.CheckedFuture;
  54 /**
  55  * Unit test for {@link EgressAclService}
  56  */
  57 @RunWith(PowerMockRunner.class)
  58 @SuppressWarnings("unchecked")
  59 public class EgressAclServiceTest {
  60
  61     @InjectMocks private EgressAclService egressAclService = new EgressAclService();
  62     private EgressAclService egressAclServiceSpy;
  63
  64     @Mock private DataBroker dataBroker;
  65     @Mock private PipelineOrchestrator orchestrator;
  66
  67     @Mock private WriteTransaction writeTransaction;
  68     @Mock private CheckedFuture<Void, TransactionCommitFailedException> commitFuture;
  69
  70     @Mock private NeutronSecurityGroup securityGroup;
  71     @Mock private NeutronSecurityRule portSecurityRule;
  72
  73     @Mock private SecurityServicesManager securityServices;
  74
  75     private Neutron_IPs neutron_ip_src;
  76     private Neutron_IPs neutron_ip_dest_1;
  77     private Neutron_IPs neutron_ip_dest_2;
  78     private List<Neutron_IPs> neutronSrcIpList = new ArrayList<Neutron_IPs>();
  79     private List<Neutron_IPs> neutronDestIpList = new ArrayList<Neutron_IPs>();
  80     private static final String HOST_ADDRESS = "127.0.0.1/32";
  81     private static final String MAC_ADDRESS = "87:1D:5E:02:40:B7";
  82     private static final String SRC_IP = "192.168.0.1";
  83     private static final String DEST_IP_1 = "192.169.0.1";
  84     private static final String DEST_IP_2 = "192.169.0.2";
  85     private static final String DEST_IP_1_WITH_MASK = "192.169.0.1/32";
  86     private static final String DEST_IP_2_WITH_MASK = "192.169.0.2/32";
  87     private static final String SECURITY_GROUP_UUID = "85cc3048-abc3-43cc-89b3-377341426ac5";
  88     private static final String SEGMENT_ID = "2";
  89     private static final Long DP_ID_LONG = (long) 1554;
  90     private static final Long LOCAL_PORT = (long) 124;
  91     private static final int PORT_RANGE_MIN = 1;
  92     private static final int PORT_RANGE_MAX = 65535;
  93     private static FlowBuilder flowBuilder;
  94     private static NodeBuilder nodeBuilder;
  95
  96     private static Answer<Object> answer() {
  97         return new Answer<Object>() {
  98             @Override
  99             public CheckedFuture<Void, TransactionCommitFailedException> answer(InvocationOnMock invocation)
 100                     throws Throwable {
 101                 flowBuilder = (FlowBuilder) invocation.getArguments()[0];
 102                 nodeBuilder = (NodeBuilder) invocation.getArguments()[1];
 103                 return null;
 104             }
 105         };
 106     }
 107
 108     @Before
 109     public void setUp() {
 110         egressAclServiceSpy = PowerMockito.spy(egressAclService);
 111
 112         when(writeTransaction.submit()).thenReturn(commitFuture);
 113
 114         when(dataBroker.newWriteOnlyTransaction()).thenReturn(writeTransaction);
 115
 116         when(orchestrator.getNextServiceInPipeline(any(Service.class))).thenReturn(Service.ARP_RESPONDER);
 117
 118         portSecurityRule = mock(NeutronSecurityRule.class);
 119
 120         when(portSecurityRule.getSecurityRuleEthertype()).thenReturn("IPv4");
 121         when(portSecurityRule.getSecurityRuleDirection()).thenReturn("egress");
 122
 123         List<NeutronSecurityRule> portSecurityList = new ArrayList<NeutronSecurityRule>();
 124         portSecurityList.add(portSecurityRule);
 125
 126         neutron_ip_src = new Neutron_IPs();
 127         neutron_ip_src.setIpAddress(SRC_IP);
 128         neutronSrcIpList.add(neutron_ip_src);
 129
 130         neutron_ip_dest_1 = new Neutron_IPs();
 131         neutron_ip_dest_1.setIpAddress(DEST_IP_1);
 132         neutronDestIpList.add(neutron_ip_dest_1);
 133
 134         neutron_ip_dest_2 = new Neutron_IPs();
 135         neutron_ip_dest_2.setIpAddress(DEST_IP_2);
 136         neutronDestIpList.add(neutron_ip_dest_2);
 137
 138         when(securityGroup.getSecurityRules()).thenReturn(portSecurityList);
 139         when(securityServices.getVmListForSecurityGroup(neutronSrcIpList, SECURITY_GROUP_UUID)).thenReturn(neutronDestIpList);
 140     }
 141
 142     /**
 143      * Rule 1: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (True), IP Prefix (True)
 144      */
 145     /*@Test
 146     public void testProgramPortSecurityACLRule1() throws Exception {
 147         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 148         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(1);
 149         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
 150         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
 151
 152         egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
 153         verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 154         verify(egressAclServiceSpy, times(1)).egressACLTcpPortWithPrefix(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyString(), anyInt());
 155         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 156         verify(writeTransaction, times(2)).submit();
 157         verify(commitFuture, times(2)).get();
 158     }
 159
 160     *//**
 161      * Rule 2: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (False), IP Prefix (True)
 162      *//*
 163     @Test
 164     public void testProgramPortSecurityACLRule2() throws Exception {
 165         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 166         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 167         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
 168         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
 169
 170         egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
 171         verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 172         verify(egressAclServiceSpy, times(1)).egressACLTcpPortWithPrefix(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyString(), anyInt());
 173         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 174         verify(writeTransaction, times(2)).submit();
 175         verify(commitFuture, times(2)).get();
 176     }
 177
 178     *//**
 179      * Rule 3: TCP Proto (True), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (True)
 180      *//*
 181     @Test
 182     public void testProgramPortSecurityACLRule3() throws Exception {
 183         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 184         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 185         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
 186         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
 187
 188         egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
 189         verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 190         verify(egressAclServiceSpy, times(1)).egressACLPermitAllProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
 191         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 192         verify(writeTransaction, times(2)).submit();
 193         verify(commitFuture, times(2)).get();
 194     }
 195
 196     *//**
 197      * Rule 4: TCP Proto (False), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (True)
 198      *//*
 199     @Test
 200     public void testProgramPortSecurityACLRule4() throws Exception {
 201         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
 202         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 203         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
 204         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
 205
 206         egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
 207         verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 208         verify(egressAclServiceSpy, times(1)).egressACLPermitAllProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
 209         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 210         verify(writeTransaction, times(2)).submit();
 211         verify(commitFuture, times(2)).get();
 212     }
 213
 214     *//**
 215      * Rule 5: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (True), IP Prefix (False)
 216      *//*
 217     @Test
 218     public void testProgramPortSecurityACLRule5() throws Exception {
 219         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 220         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(1);
 221         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
 222         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
 223
 224         egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
 225         verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 226         verify(egressAclServiceSpy, times(1)).egressACLTcpSyn(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyInt());
 227         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 228         verify(writeTransaction, times(2)).submit();
 229         verify(commitFuture, times(2)).get();
 230     }
 231
 232     *//**
 233      * Rule 6: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (False), IP Prefix (False)
 234      *//*
 235     @Test
 236     public void testProgramPortSecurityACLRule6() throws Exception {
 237         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 238         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 239         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
 240         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
 241
 242         egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
 243         verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 244         verify(egressAclServiceSpy, times(1)).egressACLTcpSyn(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyInt());
 245         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 246         verify(writeTransaction, times(2)).submit();
 247         verify(commitFuture, times(2)).get();
 248     }
 249
 250     *//**
 251      * Rule 7: TCP Proto (True), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (False or 0.0.0.0/0)
 252      *//*
 253     @Test
 254     public void testProgramPortSecurityACLRule7() throws Exception {
 255         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 256         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 257         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
 258         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
 259
 260         egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
 261         verify(egressAclServiceSpy, times(1)).egressAllowProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
 262         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 263         verify(writeTransaction, times(1)).submit();
 264         verify(commitFuture, times(1)).get();
 265     }
 266 */
 267     /**
 268      * Test method {@link EgressAclService#egressACLDefaultTcpDrop(Long, String, String, int, boolean)}
 269      */
 270     @Test
 271     public void testEgressACLDefaultTcpDrop() throws Exception {
 272         egressAclService.egressACLDefaultTcpDrop(Long.valueOf(123), "2", MAC_ADDRESS, 1, true);
 273         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 274         verify(writeTransaction, times(1)).submit();
 275         verify(commitFuture, times(1)).get();
 276
 277         egressAclService.egressACLDefaultTcpDrop(Long.valueOf(123), "2", MAC_ADDRESS, 1, false);
 278         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 279         verify(writeTransaction, times(2)).submit();
 280         verify(commitFuture, times(2)).get(); // 1 + 1 above
 281     }
 282
 283     /**
 284      *  Test IPv4 add test case.
 285      */
 286     @Test
 287     public void testProgramPortSecurityACLRuleAddIpv4() throws Exception {
 288         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
 289         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 290         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
 291         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
 292
 293         egressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,true);
 294
 295         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
 296         verify(writeTransaction, times(1)).submit();
 297         verify(commitFuture, times(1)).get();
 298     }
 299
 300     /**
 301      *  Test IPv4 remove test case.
 302      */
 303     @Test
 304     public void testProgramPortSecurityACLRuleRemoveIpv4() throws Exception {
 305         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
 306         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 307         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
 308         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
 309
 310         egressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false);
 311         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 312         verify(writeTransaction, times(1)).submit();
 313         verify(commitFuture, times(1)).get();
 314     }
 315
 316     /**
 317      *  Test TCP add with port no and CIDR selected.
 318      */
 319     @Test
 320     public void testProgramPortSecurityACLRuleAddTcp1() throws Exception {
 321         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 322         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(20);
 323         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(20);
 324         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 325         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 326                                              any(NodeBuilder.class));
 327         egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 328                                                    neutronSrcIpList, true);
 329
 330         Match match = flowBuilder.getMatch();
 331         EthernetMatch ethMatch = match.getEthernetMatch();
 332         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 333
 334         Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
 335         TcpMatch layer4Match=(TcpMatch) match.getLayer4Match();
 336         Assert.assertEquals(20, layer4Match.getTcpDestinationPort().getValue().intValue());
 337         int port=portSecurityRule.getSecurityRulePortMin();
 338         Assert.assertEquals("Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
 339                             "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
 340     }
 341
 342     /**
 343      *  Test TCP remove with port no and CIDR selected.
 344      */
 345     @Test
 346     public void testProgramPortSecurityACLRuleRemoveTcp1() throws Exception {
 347         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 348         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(30);
 349         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(30);
 350         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 351         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 352                                              any(NodeBuilder.class));
 353
 354         egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 355                                                    neutronSrcIpList, false);
 356
 357         Match match = flowBuilder.getMatch();
 358         EthernetMatch ethMatch = match.getEthernetMatch();
 359         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 360
 361         Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
 362         TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
 363         Assert.assertEquals(30, layer4Match.getTcpDestinationPort().getValue().intValue());
 364         int port=portSecurityRule.getSecurityRulePortMin();
 365         Assert.assertEquals("Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
 366                             "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
 367     }
 368
 369     /**
 370      *  Test TCP add with port no and remote SG selected.
 371      */
 372     @Test
 373     public void testProgramPortSecurityACLRuleAddTcp2() throws Exception {
 374         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 375         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(40);
 376         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(40);
 377         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 378         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 379                                              any(NodeBuilder.class));
 380         egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 381                                                    neutronSrcIpList, true);
 382
 383         Match match = flowBuilder.getMatch();
 384         EthernetMatch ethMatch = match.getEthernetMatch();
 385         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 386
 387         Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
 388         TcpMatch layer4Match=(TcpMatch) match.getLayer4Match();
 389         int port=portSecurityRule.getSecurityRulePortMin();
 390         String expectedFlowId1 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + DEST_IP_1 +
 391                 "_Permit";
 392         String expectedFlowId2 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + DEST_IP_2 +
 393                 "_Permit";
 394         String actualFlowId = flowBuilder.getFlowName();
 395         if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 396             Assert.assertTrue(true);
 397         } else {
 398             Assert.assertTrue(false);
 399         }
 400     }
 401
 402     /**
 403      *  Test TCP remove with port no and remote SG selected.
 404      */
 405     @Test
 406     public void testProgramPortSecurityACLRuleRemoveTcp2() throws Exception {
 407         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 408         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
 409         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
 410         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 411         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 412                                              any(NodeBuilder.class));
 413
 414         egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 415                                                    neutronSrcIpList, false);
 416
 417         Match match = flowBuilder.getMatch();
 418         EthernetMatch ethMatch = match.getEthernetMatch();
 419         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 420
 421         Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
 422         TcpMatch layer4Match=(TcpMatch) match.getLayer4Match();
 423         int port=portSecurityRule.getSecurityRulePortMin();
 424         String expectedFlowId1 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_1 +
 425                 "_Permit";
 426         String expectedFlowId2 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_2 +
 427                 "_Permit";
 428         String actualFlowId = flowBuilder.getFlowName();
 429         if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 430             Assert.assertTrue(true);
 431         } else {
 432             Assert.assertTrue(false);
 433         }
 434     }
 435
 436     /**
 437      *  Test TCP add with port range (All TCP) and CIDR selected.
 438      */
 439     @Test
 440     public void testProgramPortSecurityACLRuleAddTcpAll1() throws Exception {
 441         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 442         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
 443         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
 444         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 445         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 446                                              any(NodeBuilder.class));
 447         egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 448                                                    neutronSrcIpList, true);
 449
 450         Match match = flowBuilder.getMatch();
 451         Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
 452         TcpMatch layer4Match=(TcpMatch) match.getLayer4Match();
 453         EthernetMatch ethMatch = match.getEthernetMatch();
 454         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 455     }
 456
 457     /**
 458      *  Test TCP remove with port range (All TCP) and CIDR selected.
 459      */
 460     @Test
 461     public void testProgramPortSecurityACLRuleRemoveTcpAll1() throws Exception {
 462         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 463         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
 464         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
 465         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 466         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 467                                              any(NodeBuilder.class));
 468
 469         egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 470                                                    neutronSrcIpList, false);
 471
 472         Match match = flowBuilder.getMatch();
 473         EthernetMatch ethMatch = match.getEthernetMatch();
 474         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 475
 476         Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
 477         Assert.assertEquals("Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
 478                             PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
 479     }
 480
 481     /**
 482      *  Test TCP add with port range (All TCP) and remote SG selected.
 483      */
 484     @Test
 485     public void testProgramPortSecurityACLRuleAddTcpAll2() throws Exception {
 486         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 487         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
 488         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
 489         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 490         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 491                                              any(NodeBuilder.class));
 492         egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 493                                                    neutronSrcIpList, true);
 494
 495         Match match = flowBuilder.getMatch();
 496         EthernetMatch ethMatch = match.getEthernetMatch();
 497         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 498
 499         Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
 500         String expectedFlowId1 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
 501                                 PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
 502         String expectedFlowId2 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
 503                                 PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
 504         String actualFlowId = flowBuilder.getFlowName();
 505         if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 506             Assert.assertTrue(true);
 507         } else {
 508             Assert.assertTrue(false);
 509         }
 510     }
 511
 512     /**
 513      *  Test TCP remove with port range (All TCP) and remote SG selected.
 514      */
 515     @Test
 516     public void testProgramPortSecurityACLRuleRemoveTcpAll2() throws Exception {
 517         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 518         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
 519         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
 520         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 521         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 522                                              any(NodeBuilder.class));
 523
 524         egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 525                                                    neutronSrcIpList, false);
 526
 527         Match match = flowBuilder.getMatch();
 528         EthernetMatch ethMatch = match.getEthernetMatch();
 529         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 530
 531         Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
 532         String expectedFlowId1 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
 533                                 PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
 534         String expectedFlowId2 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
 535                                 PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
 536         String actualFlowId = flowBuilder.getFlowName();
 537         if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 538             Assert.assertTrue(true);
 539         } else {
 540             Assert.assertTrue(false);
 541         }
 542     }
 543
 544     /**
 545      *  Test UDP add with port no and CIDR selected.
 546      */
 547     @Test
 548     public void testProgramPortSecurityACLRuleAddUdp1() throws Exception {
 549         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
 550         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
 551         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
 552         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 553         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 554                                              any(NodeBuilder.class));
 555         egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 556                                                    neutronSrcIpList, true);
 557
 558         Match match = flowBuilder.getMatch();
 559         EthernetMatch ethMatch = match.getEthernetMatch();
 560         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 561
 562         Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
 563         UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
 564         Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
 565         int port = portSecurityRule.getSecurityRulePortMin();
 566         Assert.assertEquals("Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
 567                             "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
 568     }
 569
 570     /**
 571      *  Test UDP remove with port no and CIDR selected.
 572      */
 573     @Test
 574     public void testProgramPortSecurityACLRuleRemoveUdp1() throws Exception {
 575         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
 576         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
 577         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
 578         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 579         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 580                                              any(NodeBuilder.class));
 581         egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 582                                                    neutronSrcIpList, false);
 583
 584         Match match = flowBuilder.getMatch();
 585         EthernetMatch ethMatch = match.getEthernetMatch();
 586         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 587
 588         Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
 589         UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
 590         Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
 591         int port = portSecurityRule.getSecurityRulePortMin();
 592         Assert.assertEquals("Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
 593                             "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
 594     }
 595
 596     /**
 597      *  Test UDP add with port no and remote SG selected.
 598      */
 599     @Test
 600     public void testProgramPortSecurityACLRuleAddUdp2() throws Exception {
 601         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
 602         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
 603         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
 604         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 605         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 606         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 607                                              any(NodeBuilder.class));
 608         egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 609                                                    neutronSrcIpList, true);
 610
 611         Match match = flowBuilder.getMatch();
 612         EthernetMatch ethMatch = match.getEthernetMatch();
 613         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 614
 615         Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
 616         UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
 617         Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
 618         int port = portSecurityRule.getSecurityRulePortMin();
 619         String expectedFlowId1 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + DEST_IP_1 +
 620                 "_Permit";
 621         String expectedFlowId2 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + DEST_IP_2 +
 622                 "_Permit";
 623         String actualFlowId = flowBuilder.getFlowName();
 624         if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 625             Assert.assertTrue(true);
 626         } else {
 627             Assert.assertTrue(false);
 628         }
 629     }
 630
 631     /**
 632      *  Test UDP remove with port no and remote SG selected.
 633      */
 634     @Test
 635     public void testProgramPortSecurityACLRuleRemoveUdp2() throws Exception {
 636         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
 637         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
 638         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
 639         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 640         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 641         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 642                                              any(NodeBuilder.class));
 643         egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 644                                                    neutronSrcIpList, false);
 645
 646         Match match = flowBuilder.getMatch();
 647         EthernetMatch ethMatch = match.getEthernetMatch();
 648         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 649
 650         Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
 651         UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
 652         Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
 653         int port = portSecurityRule.getSecurityRulePortMin();
 654         String expectedFlowId1 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + DEST_IP_1 +
 655                 "_Permit";
 656         String expectedFlowId2 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + DEST_IP_2 +
 657                 "_Permit";
 658         String actualFlowId = flowBuilder.getFlowName();
 659         if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 660             Assert.assertTrue(true);
 661         } else {
 662             Assert.assertTrue(false);
 663         }
 664     }
 665
 666
 667     /**
 668      *  Test UDP add with port (All UDP) and CIDR selected.
 669      */
 670     @Test
 671     public void testProgramPortSecurityACLRuleAddUdpAll1() throws Exception {
 672         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
 673         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
 674         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
 675         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 676         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 677                                              any(NodeBuilder.class));
 678         egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 679                                                    neutronSrcIpList, true);
 680
 681         Match match = flowBuilder.getMatch();
 682         EthernetMatch ethMatch = match.getEthernetMatch();
 683         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 684
 685         Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
 686         Assert.assertEquals("Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
 687                             PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
 688     }
 689
 690     /**
 691      *  Test UDP remove with port (All UDP) and CIDR selected.
 692      */
 693     @Test
 694     public void testProgramPortSecurityACLRuleRemoveUdpAll1() throws Exception {
 695         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
 696         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
 697         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
 698         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 699         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 700                                              any(NodeBuilder.class));
 701         egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 702                                                    neutronSrcIpList, false);
 703
 704         Match match = flowBuilder.getMatch();
 705         EthernetMatch ethMatch = match.getEthernetMatch();
 706         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 707
 708         Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
 709         Assert.assertEquals("Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
 710                             PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
 711     }
 712
 713     /**
 714      *  Test UDP add with port (All UDP) and remote SG selected.
 715      */
 716     @Test
 717     public void testProgramPortSecurityACLRuleAddUdpAll2() throws Exception {
 718         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
 719         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
 720         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
 721         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 722         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 723                                              any(NodeBuilder.class));
 724         egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 725                                                    neutronSrcIpList, true);
 726
 727         Match match = flowBuilder.getMatch();
 728         EthernetMatch ethMatch = match.getEthernetMatch();
 729         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 730
 731         Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
 732         String expectedFlowId1 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
 733                                 PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
 734         String expectedFlowId2 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
 735                                 PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
 736         String actualFlowId = flowBuilder.getFlowName();
 737         if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 738             Assert.assertTrue(true);
 739         } else {
 740             Assert.assertTrue(false);
 741         }
 742     }
 743
 744     /**
 745      *  Test UDP remove with port (All UDP) and remote SG selected.
 746      */
 747     @Test
 748     public void testProgramPortSecurityACLRuleRemoveUdpAll2() throws Exception {
 749         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
 750         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
 751         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
 752         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 753         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 754                                              any(NodeBuilder.class));
 755         egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 756                                                    neutronSrcIpList, false);
 757
 758         Match match = flowBuilder.getMatch();
 759         EthernetMatch ethMatch = match.getEthernetMatch();
 760         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 761
 762         Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
 763         String expectedFlowId1 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
 764                 PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
 765         String expectedFlowId2 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
 766                 PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
 767         String actualFlowId = flowBuilder.getFlowName();
 768         if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 769             Assert.assertTrue(true);
 770         } else {
 771             Assert.assertTrue(false);
 772         }
 773     }
 774
 775     /**
 776      *  Test ICMP add with code, type and CIDR selected.
 777      */
 778     @Test
 779     public void testProgramPortSecurityACLRuleAddIcmp1() throws Exception {
 780         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
 781         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(10);
 782         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(10);
 783         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 784         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 785                                              any(NodeBuilder.class));
 786
 787         egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 788                                                    neutronSrcIpList, true);
 789
 790         Match match = flowBuilder.getMatch();
 791         Icmpv4Match icmpv4Match = match.getIcmpv4Match();
 792         Assert.assertEquals(10, icmpv4Match.getIcmpv4Type().shortValue());
 793         Assert.assertEquals(10, icmpv4Match.getIcmpv4Code().shortValue());
 794         EthernetMatch ethMatch = match.getEthernetMatch();
 795         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 796         Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
 797         Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
 798         Assert.assertEquals("Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
 799                             "_" + type + "_" + code + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
 800     }
 801
 802     /**
 803      *  Test ICMP remove with code, type and CIDR selected.
 804      */
 805     @Test
 806     public void testProgramPortSecurityACLRuleRemoveIcmp1() throws Exception {
 807         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
 808         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(20);
 809         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(20);
 810         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 811         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 812                                              any(NodeBuilder.class));
 813
 814         egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 815                                                    neutronSrcIpList, false);
 816
 817         Match match = flowBuilder.getMatch();
 818         Icmpv4Match icmpv4Match = match.getIcmpv4Match();
 819         Assert.assertEquals(20, icmpv4Match.getIcmpv4Type().shortValue());
 820         Assert.assertEquals(20, icmpv4Match.getIcmpv4Code().shortValue());
 821         EthernetMatch ethMatch = match.getEthernetMatch();
 822         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 823         Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
 824         Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
 825         Assert.assertEquals("Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
 826                             "_" + type + "_" + code + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
 827     }
 828
 829     /**
 830      *  Test ICMP add with code, type and remote SG selected.
 831      */
 832     @Test
 833     public void testProgramPortSecurityACLRuleAddIcmp2() throws Exception {
 834         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
 835         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(30);
 836         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(30);
 837         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 838         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 839         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 840                                              any(NodeBuilder.class));
 841
 842         egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 843                                                    neutronSrcIpList, true);
 844
 845         Match match = flowBuilder.getMatch();
 846         Icmpv4Match icmpv4Match = match.getIcmpv4Match();
 847         Assert.assertEquals(30, icmpv4Match.getIcmpv4Type().shortValue());
 848         Assert.assertEquals(30, icmpv4Match.getIcmpv4Code().shortValue());
 849         EthernetMatch ethMatch = match.getEthernetMatch();
 850         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 851         Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
 852         Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
 853         String expectedFlowId1 = "Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code + "_"
 854                                 + DEST_IP_1 + "_Permit";
 855         String expectedFlowId2 = "Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code + "_"
 856                                 + DEST_IP_2 + "_Permit";
 857         String actualFlowId = flowBuilder.getFlowName();
 858         if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 859             Assert.assertTrue(true);
 860         } else {
 861             Assert.assertTrue(false);
 862         };
 863     }
 864
 865     /**
 866      *  Test ICMP remove with code, type and remote SG selected.
 867      */
 868     @Test
 869     public void testProgramPortSecurityACLRuleRemoveIcmp2() throws Exception {
 870         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
 871         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(40);
 872         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(40);
 873         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 874         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 875                                              any(NodeBuilder.class));
 876
 877         egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 878                                                    neutronSrcIpList, false);
 879
 880         Match match = flowBuilder.getMatch();
 881         Icmpv4Match icmpv4Match = match.getIcmpv4Match();
 882         Assert.assertEquals(40, icmpv4Match.getIcmpv4Type().shortValue());
 883         Assert.assertEquals(40, icmpv4Match.getIcmpv4Code().shortValue());
 884         EthernetMatch ethMatch = match.getEthernetMatch();
 885         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 886         Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
 887         Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
 888         String expectedFlowId1 = "Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code + "_"
 889                                 + DEST_IP_1 + "_Permit";
 890         String expectedFlowId2 = "Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code + "_"
 891                                 + DEST_IP_2 + "_Permit";
 892         String actualFlowId = flowBuilder.getFlowName();
 893         if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 894             Assert.assertTrue(true);
 895         } else {
 896             Assert.assertTrue(false);
 897         }
 898     }
 899
 900     /**
 901      *  Test IPv4 invalid ether type test case.
 902      */
 903     @Test
 904     public void testProgramPortSecurityACLRuleInvalidEther() throws Exception {
 905         when(portSecurityRule.getSecurityRuleEthertype()).thenReturn("IPV6");
 906
 907         egressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false);
 908
 909         verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 910         verify(writeTransaction, times(0)).submit();
 911         verify(commitFuture, times(0)).get();
 912     }
 913
 914     /**
 915      *  Test IPv4 invalid direction type test case.
 916      */
 917     @Test
 918     public void testProgramPortSecurityACLRuleInvalidDirection() throws Exception {
 919         when(portSecurityRule.getSecurityRuleDirection()).thenReturn("ingress");
 920
 921         egressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false);
 922
 923         verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 924         verify(writeTransaction, times(0)).submit();
 925         verify(commitFuture, times(0)).get();
 926     }
 927
 928     /**
 929      *  Test With isLastPortInBridge false isComputeNode false
 930      */
 931     @Test
 932     public void testProgramFixedSecurityACLAdd1() throws Exception {
 933         egressAclServiceSpy.programFixedSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, false, false, true);
 934
 935         verify(writeTransaction, times(0)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
 936         verify(writeTransaction, times(0)).submit();
 937         verify(commitFuture, times(0)).get();
 938     }
 939     /**
 940      *  Test With isLastPortInBridge false isComputeNode false
 941      */
 942     @Test
 943     public void testProgramFixedSecurityACLRemove1() throws Exception {
 944
 945         egressAclServiceSpy.programFixedSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, false, false, false);
 946
 947         verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 948         verify(writeTransaction, times(0)).submit();
 949         verify(commitFuture, times(0)).get();
 950     }
 951
 952     /**
 953      *  Test With isLastPortInBridge false isComputeNode true
 954      */
 955     @Test
 956     public void testProgramFixedSecurityACLAdd2() throws Exception {
 957
 958         egressAclServiceSpy.programFixedSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, false, true, true);
 959
 960         verify(writeTransaction, times(6)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
 961         verify(writeTransaction, times(3)).submit();
 962         verify(commitFuture, times(3)).get();
 963     }
 964
 965     /**
 966      *  Test With isLastPortInBridge false isComputeNode true
 967      */
 968     @Test
 969     public void testProgramFixedSecurityACLRemove2() throws Exception {
 970
 971         egressAclServiceSpy.programFixedSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, false, true, false);
 972
 973         verify(writeTransaction, times(3)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 974         verify(writeTransaction, times(3)).submit();
 975         verify(commitFuture, times(3)).get();
 976     }
 977
 978     /**
 979      *  Test With isLastPortInBridge true isComputeNode false
 980      */
 981     @Test
 982     public void testProgramFixedSecurityACLAdd3() throws Exception {
 983
 984         egressAclServiceSpy.programFixedSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, true, false, true);
 985
 986         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
 987         verify(writeTransaction, times(1)).submit();
 988         verify(commitFuture, times(1)).get();
 989     }
 990
 991     /**
 992      *  Test With isLastPortInBridge true isComputeNode false
 993      */
 994     @Test
 995     public void testProgramFixedSecurityACLRemove3() throws Exception {
 996
 997         egressAclServiceSpy.programFixedSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, true, false, false);
 998
 999         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1000         verify(writeTransaction, times(1)).submit();
1001         verify(commitFuture, times(1)).get();
1002     }
1003
1004     /**
1005      *  Test With isLastPortInBridge true isComputeNode true
1006      */
1007     @Test
1008     public void testProgramFixedSecurityACLAdd4() throws Exception {
1009
1010         egressAclServiceSpy.programFixedSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, true, true, true);
1011
1012         verify(writeTransaction, times(8)).put(any(LogicalDatastoreType.class),
1013                                                any(InstanceIdentifier.class), any(Node.class), eq(true));
1014         verify(writeTransaction, times(4)).submit();
1015         verify(commitFuture, times(4)).get();
1016     }
1017
1018     /**
1019      *  Test With isLastPortInBridge true isComputeNode true
1020      */
1021     @Test
1022     public void testProgramFixedSecurityACLRemove4() throws Exception {
1023
1024         egressAclServiceSpy.programFixedSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, true, true, false);
1025
1026         verify(writeTransaction, times(4)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1027         verify(writeTransaction, times(4)).submit();
1028         verify(commitFuture, times(4)).get();
1029     }
1030
1031     /**
1032      * Test method {@link EgressAclService#egressACLTcpPortWithPrefix(Long, String, String, boolean, Integer, String, Integer)}
1033      */
1034     @Test
1035     public void testEgressACLTcpPortWithPrefix() throws Exception {
1036         egressAclService.egressACLTcpPortWithPrefix(Long.valueOf(123), "2", MAC_ADDRESS, true, 1, HOST_ADDRESS, 1);
1037         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
1038         verify(writeTransaction, times(1)).submit();
1039         verify(commitFuture, times(1)).get();
1040
1041         egressAclService.egressACLTcpPortWithPrefix(Long.valueOf(123), "2", MAC_ADDRESS, false, 1, HOST_ADDRESS, 1);
1042         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1043         verify(writeTransaction, times(2)).submit();
1044         verify(commitFuture, times(2)).get(); // 1 + 1 above
1045     }
1046
1047     /**
1048      * Test method {@link EgressAclService#egressAllowProto(Long, String, String, boolean, String, Integer)}
1049      */
1050     @Test
1051     public void testEgressAllowProto() throws Exception {
1052         egressAclService.egressAllowProto(Long.valueOf(123), "2", MAC_ADDRESS, true, HOST_ADDRESS, 1);
1053         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
1054         verify(writeTransaction, times(1)).submit();
1055         verify(commitFuture, times(1)).get();
1056
1057         egressAclService.egressAllowProto(Long.valueOf(123), "2", MAC_ADDRESS, false, HOST_ADDRESS, 1);
1058         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1059         verify(writeTransaction, times(2)).submit();
1060         verify(commitFuture, times(2)).get(); // 1 + 1 above
1061     }
1062
1063     /**
1064      * Test method {@link EgressAclService#egressACLPermitAllProto(Long, String, String, boolean, String, Integer)}
1065      */
1066     @Test
1067     public void testEgressACLPermitAllProto() throws Exception {
1068         egressAclService.egressACLPermitAllProto(Long.valueOf(123), "2", MAC_ADDRESS, true, HOST_ADDRESS, 1);
1069         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
1070         verify(writeTransaction, times(1)).submit();
1071         verify(commitFuture, times(1)).get();
1072
1073         egressAclService.egressACLPermitAllProto(Long.valueOf(123), "2", MAC_ADDRESS, false, HOST_ADDRESS, 1);
1074         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1075         verify(writeTransaction, times(2)).submit();
1076         verify(commitFuture, times(2)).get(); // 1 + 1 above
1077     }
1078
1079     /**
1080      * Test method {@link EgressAclService#egressACLTcpSyn(Long, String, String, boolean, Integer, Integer)}
1081      */
1082     @Test
1083     public void testEgressACLTcpSyn() throws Exception {
1084         egressAclService.egressACLTcpSyn(Long.valueOf(123), "2", MAC_ADDRESS, true, 1, 1);
1085         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
1086         verify(writeTransaction, times(1)).submit();
1087         verify(commitFuture, times(1)).get();
1088
1089         egressAclService.egressACLTcpSyn(Long.valueOf(123), "2", MAC_ADDRESS, false, 1, 1);
1090         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1091         verify(writeTransaction, times(2)).submit();
1092         verify(commitFuture, times(2)).get(); // 1 + 1 above
1093     }
1094 }