2 * Copyright (c) 2015 Inocybe and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
9 package org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.services;
11 import static org.mockito.Matchers.any;
12 import static org.mockito.Matchers.anyBoolean;
13 import static org.mockito.Matchers.eq;
14 import static org.mockito.Mockito.mock;
15 import static org.mockito.Mockito.times;
16 import static org.mockito.Mockito.verify;
17 import static org.mockito.Mockito.when;
19 import java.util.ArrayList;
20 import java.util.List;
22 import org.junit.Assert;
23 import org.junit.Before;
24 import org.junit.Test;
25 import org.junit.runner.RunWith;
26 import org.mockito.InjectMocks;
27 import org.mockito.Mock;
28 import org.mockito.invocation.InvocationOnMock;
29 import org.mockito.stubbing.Answer;
30 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
31 import org.opendaylight.controller.md.sal.binding.api.WriteTransaction;
32 import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
33 import org.opendaylight.controller.md.sal.common.api.data.TransactionCommitFailedException;
34 import org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronSecurityGroup;
35 import org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronSecurityRule;
36 import org.opendaylight.ovsdb.openstack.netvirt.translator.Neutron_IPs;
37 import org.opendaylight.ovsdb.openstack.netvirt.api.SecurityGroupCacheManger;
38 import org.opendaylight.ovsdb.openstack.netvirt.api.SecurityServicesManager;
39 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.PipelineOrchestrator;
40 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.Service;
41 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.inventory.rev130819.tables.table.FlowBuilder;
42 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.nodes.Node;
43 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.nodes.NodeBuilder;
44 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.Match;
45 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.EthernetMatch;
46 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.Icmpv4Match;
47 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._4.match.TcpMatch;
48 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._4.match.UdpMatch;
49 import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
50 import org.powermock.api.mockito.PowerMockito;
51 import org.powermock.modules.junit4.PowerMockRunner;
53 import com.google.common.util.concurrent.CheckedFuture;
55 * Unit test for {@link EgressAclService}
57 @RunWith(PowerMockRunner.class)
58 @SuppressWarnings("unchecked")
59 public class EgressAclServiceTest {
61 @InjectMocks private EgressAclService egressAclService = new EgressAclService();
62 private EgressAclService egressAclServiceSpy;
64 @Mock private DataBroker dataBroker;
65 @Mock private PipelineOrchestrator orchestrator;
67 @Mock private WriteTransaction writeTransaction;
68 @Mock private CheckedFuture<Void, TransactionCommitFailedException> commitFuture;
70 @Mock private NeutronSecurityGroup securityGroup;
71 @Mock private NeutronSecurityRule portSecurityRule;
73 @Mock private SecurityServicesManager securityServices;
74 @Mock private SecurityGroupCacheManger securityGroupCacheManger;
76 private Neutron_IPs neutron_ip_src;
77 private Neutron_IPs neutron_ip_dest_1;
78 private Neutron_IPs neutron_ip_dest_2;
79 private List<Neutron_IPs> neutronSrcIpList = new ArrayList<>();
80 private List<Neutron_IPs> neutronDestIpList = new ArrayList<>();
81 private static final String HOST_ADDRESS = "127.0.0.1/32";
82 private static final String MAC_ADDRESS = "87:1D:5E:02:40:B7";
83 private static final String SRC_IP = "192.168.0.1";
84 private static final String DEST_IP_1 = "192.169.0.1";
85 private static final String DEST_IP_2 = "192.169.0.2";
86 private static final String DEST_IP_1_WITH_MASK = "192.169.0.1/32";
87 private static final String DEST_IP_2_WITH_MASK = "192.169.0.2/32";
88 private static final String SECURITY_GROUP_UUID = "85cc3048-abc3-43cc-89b3-377341426ac5";
89 private static final String PORT_UUID = "95cc3048-abc3-43cc-89b3-377341426ac5";
90 private static final String SEGMENT_ID = "2";
91 private static final Long DP_ID_LONG = (long) 1554;
92 private static final Long LOCAL_PORT = (long) 124;
93 private static final int PORT_RANGE_MIN = 1;
94 private static final int PORT_RANGE_MAX = 65535;
95 private static FlowBuilder flowBuilder;
96 private static NodeBuilder nodeBuilder;
98 private static Answer<Object> answer() {
99 return new Answer<Object>() {
101 public CheckedFuture<Void, TransactionCommitFailedException> answer(InvocationOnMock invocation)
103 flowBuilder = (FlowBuilder) invocation.getArguments()[0];
104 nodeBuilder = (NodeBuilder) invocation.getArguments()[1];
111 public void setUp() {
112 egressAclServiceSpy = PowerMockito.spy(egressAclService);
114 when(writeTransaction.submit()).thenReturn(commitFuture);
116 when(dataBroker.newWriteOnlyTransaction()).thenReturn(writeTransaction);
118 when(orchestrator.getNextServiceInPipeline(any(Service.class))).thenReturn(Service.ARP_RESPONDER);
120 portSecurityRule = mock(NeutronSecurityRule.class);
122 when(portSecurityRule.getSecurityRuleEthertype()).thenReturn("IPv4");
123 when(portSecurityRule.getSecurityRuleDirection()).thenReturn("egress");
125 List<NeutronSecurityRule> portSecurityList = new ArrayList<>();
126 portSecurityList.add(portSecurityRule);
128 neutron_ip_src = new Neutron_IPs();
129 neutron_ip_src.setIpAddress(SRC_IP);
130 neutronSrcIpList.add(neutron_ip_src);
132 neutron_ip_dest_1 = new Neutron_IPs();
133 neutron_ip_dest_1.setIpAddress(DEST_IP_1);
134 neutronDestIpList.add(neutron_ip_dest_1);
136 neutron_ip_dest_2 = new Neutron_IPs();
137 neutron_ip_dest_2.setIpAddress(DEST_IP_2);
138 neutronDestIpList.add(neutron_ip_dest_2);
140 when(securityGroup.getSecurityRules()).thenReturn(portSecurityList);
141 when(securityServices.getVmListForSecurityGroup(PORT_UUID, SECURITY_GROUP_UUID)).thenReturn(neutronDestIpList);
145 * Rule 1: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (True), IP Prefix (True)
148 public void testProgramPortSecurityACLRule1() throws Exception {
149 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
150 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(1);
151 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
152 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
154 egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
155 verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
156 verify(egressAclServiceSpy, times(1)).egressACLTcpPortWithPrefix(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyString(), anyInt());
157 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
158 verify(writeTransaction, times(2)).submit();
159 verify(commitFuture, times(2)).get();
163 * Rule 2: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (False), IP Prefix (True)
166 public void testProgramPortSecurityACLRule2() throws Exception {
167 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
168 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
169 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
170 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
172 egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
173 verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
174 verify(egressAclServiceSpy, times(1)).egressACLTcpPortWithPrefix(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyString(), anyInt());
175 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
176 verify(writeTransaction, times(2)).submit();
177 verify(commitFuture, times(2)).get();
181 * Rule 3: TCP Proto (True), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (True)
184 public void testProgramPortSecurityACLRule3() throws Exception {
185 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
186 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
187 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
188 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
190 egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
191 verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
192 verify(egressAclServiceSpy, times(1)).egressACLPermitAllProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
193 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
194 verify(writeTransaction, times(2)).submit();
195 verify(commitFuture, times(2)).get();
199 * Rule 4: TCP Proto (False), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (True)
202 public void testProgramPortSecurityACLRule4() throws Exception {
203 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
204 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
205 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
206 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
208 egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
209 verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
210 verify(egressAclServiceSpy, times(1)).egressACLPermitAllProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
211 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
212 verify(writeTransaction, times(2)).submit();
213 verify(commitFuture, times(2)).get();
217 * Rule 5: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (True), IP Prefix (False)
220 public void testProgramPortSecurityACLRule5() throws Exception {
221 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
222 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(1);
223 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
224 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
226 egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
227 verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
228 verify(egressAclServiceSpy, times(1)).egressACLTcpSyn(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyInt());
229 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
230 verify(writeTransaction, times(2)).submit();
231 verify(commitFuture, times(2)).get();
235 * Rule 6: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (False), IP Prefix (False)
238 public void testProgramPortSecurityACLRule6() throws Exception {
239 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
240 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
241 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
242 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
244 egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
245 verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
246 verify(egressAclServiceSpy, times(1)).egressACLTcpSyn(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyInt());
247 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
248 verify(writeTransaction, times(2)).submit();
249 verify(commitFuture, times(2)).get();
253 * Rule 7: TCP Proto (True), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (False or 0.0.0.0/0)
256 public void testProgramPortSecurityACLRule7() throws Exception {
257 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
258 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
259 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
260 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
262 egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
263 verify(egressAclServiceSpy, times(1)).egressAllowProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
264 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
265 verify(writeTransaction, times(1)).submit();
266 verify(commitFuture, times(1)).get();
270 * Test method {@link EgressAclService#egressACLDefaultTcpDrop(Long, String, String, int, boolean)}
273 public void testEgressACLDefaultTcpDrop() throws Exception {
274 egressAclService.egressACLDefaultTcpDrop(123L, "2", MAC_ADDRESS, 1, true);
275 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
276 verify(writeTransaction, times(1)).submit();
277 verify(commitFuture, times(1)).get();
279 egressAclService.egressACLDefaultTcpDrop(123L, "2", MAC_ADDRESS, 1, false);
280 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
281 verify(writeTransaction, times(2)).submit();
282 verify(commitFuture, times(2)).get(); // 1 + 1 above
286 * Test IPv4 add test case.
289 public void testProgramPortSecurityACLRuleAddIpv4() throws Exception {
290 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
291 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
292 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
293 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
295 egressAclServiceSpy.programPortSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,PORT_UUID,true);
297 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
298 verify(writeTransaction, times(1)).submit();
299 verify(commitFuture, times(1)).get();
303 * Test IPv4 remove test case.
306 public void testProgramPortSecurityACLRuleRemoveIpv4() throws Exception {
307 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
308 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
309 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
310 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
312 egressAclServiceSpy.programPortSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,PORT_UUID,false);
313 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
314 verify(writeTransaction, times(1)).submit();
315 verify(commitFuture, times(1)).get();
319 * Test TCP add with port no and CIDR selected.
322 public void testProgramPortSecurityACLRuleAddTcp1() throws Exception {
323 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
324 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(20);
325 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(20);
326 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
327 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
328 any(NodeBuilder.class));
329 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
332 Match match = flowBuilder.getMatch();
333 EthernetMatch ethMatch = match.getEthernetMatch();
334 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
336 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
337 TcpMatch layer4Match=(TcpMatch) match.getLayer4Match();
338 Assert.assertEquals(20, layer4Match.getTcpDestinationPort().getValue().intValue());
339 int port=portSecurityRule.getSecurityRulePortMin();
340 Assert.assertEquals("Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
341 "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
345 * Test TCP remove with port no and CIDR selected.
348 public void testProgramPortSecurityACLRuleRemoveTcp1() throws Exception {
349 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
350 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(30);
351 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(30);
352 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
353 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
354 any(NodeBuilder.class));
356 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
359 Match match = flowBuilder.getMatch();
360 EthernetMatch ethMatch = match.getEthernetMatch();
361 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
363 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
364 TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
365 Assert.assertEquals(30, layer4Match.getTcpDestinationPort().getValue().intValue());
366 int port=portSecurityRule.getSecurityRulePortMin();
367 Assert.assertEquals("Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
368 "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
372 * Test TCP add with port no and remote SG selected.
375 public void testProgramPortSecurityACLRuleAddTcp2() throws Exception {
376 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
377 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(40);
378 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(40);
379 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
380 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
381 any(NodeBuilder.class));
382 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
385 Match match = flowBuilder.getMatch();
386 EthernetMatch ethMatch = match.getEthernetMatch();
387 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
389 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
390 TcpMatch layer4Match=(TcpMatch) match.getLayer4Match();
391 int port=portSecurityRule.getSecurityRulePortMin();
392 String expectedFlowId1 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + DEST_IP_1 +
394 String expectedFlowId2 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + DEST_IP_2 +
396 String actualFlowId = flowBuilder.getFlowName();
397 if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
398 Assert.assertTrue(true);
400 Assert.assertTrue(false);
405 * Test TCP remove with port no and remote SG selected.
408 public void testProgramPortSecurityACLRuleRemoveTcp2() throws Exception {
409 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
410 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
411 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
412 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
413 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
414 any(NodeBuilder.class));
416 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
419 Match match = flowBuilder.getMatch();
420 EthernetMatch ethMatch = match.getEthernetMatch();
421 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
423 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
424 TcpMatch layer4Match=(TcpMatch) match.getLayer4Match();
425 int port=portSecurityRule.getSecurityRulePortMin();
426 String expectedFlowId1 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_1 +
428 String expectedFlowId2 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_2 +
430 String actualFlowId = flowBuilder.getFlowName();
431 if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
432 Assert.assertTrue(true);
434 Assert.assertTrue(false);
439 * Test TCP add with port range (All TCP) and CIDR selected.
442 public void testProgramPortSecurityACLRuleAddTcpAll1() throws Exception {
443 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
444 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
445 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
446 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
447 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
448 any(NodeBuilder.class));
449 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
452 Match match = flowBuilder.getMatch();
453 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
454 TcpMatch layer4Match=(TcpMatch) match.getLayer4Match();
455 EthernetMatch ethMatch = match.getEthernetMatch();
456 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
460 * Test TCP remove with port range (All TCP) and CIDR selected.
463 public void testProgramPortSecurityACLRuleRemoveTcpAll1() throws Exception {
464 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
465 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
466 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
467 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
468 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
469 any(NodeBuilder.class));
471 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
474 Match match = flowBuilder.getMatch();
475 EthernetMatch ethMatch = match.getEthernetMatch();
476 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
478 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
479 Assert.assertEquals("Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
480 PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
484 * Test TCP add with port range (All TCP) and remote SG selected.
487 public void testProgramPortSecurityACLRuleAddTcpAll2() throws Exception {
488 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
489 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
490 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
491 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
492 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
493 any(NodeBuilder.class));
494 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
497 Match match = flowBuilder.getMatch();
498 EthernetMatch ethMatch = match.getEthernetMatch();
499 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
501 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
502 String expectedFlowId1 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
503 PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
504 String expectedFlowId2 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
505 PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
506 String actualFlowId = flowBuilder.getFlowName();
507 if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
508 Assert.assertTrue(true);
510 Assert.assertTrue(false);
515 * Test TCP remove with port range (All TCP) and remote SG selected.
518 public void testProgramPortSecurityACLRuleRemoveTcpAll2() throws Exception {
519 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
520 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
521 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
522 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
523 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
524 any(NodeBuilder.class));
526 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
529 Match match = flowBuilder.getMatch();
530 EthernetMatch ethMatch = match.getEthernetMatch();
531 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
533 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
534 String expectedFlowId1 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
535 PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
536 String expectedFlowId2 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
537 PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
538 String actualFlowId = flowBuilder.getFlowName();
539 if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
540 Assert.assertTrue(true);
542 Assert.assertTrue(false);
547 * Test UDP add with port no and CIDR selected.
550 public void testProgramPortSecurityACLRuleAddUdp1() throws Exception {
551 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
552 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
553 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
554 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
555 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
556 any(NodeBuilder.class));
557 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
560 Match match = flowBuilder.getMatch();
561 EthernetMatch ethMatch = match.getEthernetMatch();
562 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
564 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
565 UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
566 Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
567 int port = portSecurityRule.getSecurityRulePortMin();
568 Assert.assertEquals("Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
569 "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
573 * Test UDP remove with port no and CIDR selected.
576 public void testProgramPortSecurityACLRuleRemoveUdp1() throws Exception {
577 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
578 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
579 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
580 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
581 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
582 any(NodeBuilder.class));
583 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
586 Match match = flowBuilder.getMatch();
587 EthernetMatch ethMatch = match.getEthernetMatch();
588 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
590 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
591 UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
592 Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
593 int port = portSecurityRule.getSecurityRulePortMin();
594 Assert.assertEquals("Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
595 "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
599 * Test UDP add with port no and remote SG selected.
602 public void testProgramPortSecurityACLRuleAddUdp2() throws Exception {
603 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
604 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
605 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
606 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
607 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
608 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
609 any(NodeBuilder.class));
610 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
613 Match match = flowBuilder.getMatch();
614 EthernetMatch ethMatch = match.getEthernetMatch();
615 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
617 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
618 UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
619 Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
620 int port = portSecurityRule.getSecurityRulePortMin();
621 String expectedFlowId1 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + DEST_IP_1 +
623 String expectedFlowId2 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + DEST_IP_2 +
625 String actualFlowId = flowBuilder.getFlowName();
626 if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
627 Assert.assertTrue(true);
629 Assert.assertTrue(false);
634 * Test UDP remove with port no and remote SG selected.
637 public void testProgramPortSecurityACLRuleRemoveUdp2() throws Exception {
638 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
639 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
640 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
641 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
642 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
643 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
644 any(NodeBuilder.class));
645 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
648 Match match = flowBuilder.getMatch();
649 EthernetMatch ethMatch = match.getEthernetMatch();
650 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
652 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
653 UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
654 Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
655 int port = portSecurityRule.getSecurityRulePortMin();
656 String expectedFlowId1 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + DEST_IP_1 +
658 String expectedFlowId2 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + DEST_IP_2 +
660 String actualFlowId = flowBuilder.getFlowName();
661 if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
662 Assert.assertTrue(true);
664 Assert.assertTrue(false);
670 * Test UDP add with port (All UDP) and CIDR selected.
673 public void testProgramPortSecurityACLRuleAddUdpAll1() throws Exception {
674 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
675 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
676 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
677 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
678 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
679 any(NodeBuilder.class));
680 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
683 Match match = flowBuilder.getMatch();
684 EthernetMatch ethMatch = match.getEthernetMatch();
685 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
687 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
688 Assert.assertEquals("Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
689 PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
693 * Test UDP remove with port (All UDP) and CIDR selected.
696 public void testProgramPortSecurityACLRuleRemoveUdpAll1() throws Exception {
697 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
698 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
699 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
700 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
701 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
702 any(NodeBuilder.class));
703 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
706 Match match = flowBuilder.getMatch();
707 EthernetMatch ethMatch = match.getEthernetMatch();
708 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
710 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
711 Assert.assertEquals("Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
712 PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
716 * Test UDP add with port (All UDP) and remote SG selected.
719 public void testProgramPortSecurityACLRuleAddUdpAll2() throws Exception {
720 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
721 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
722 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
723 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
724 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
725 any(NodeBuilder.class));
726 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
729 Match match = flowBuilder.getMatch();
730 EthernetMatch ethMatch = match.getEthernetMatch();
731 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
733 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
734 String expectedFlowId1 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
735 PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
736 String expectedFlowId2 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
737 PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
738 String actualFlowId = flowBuilder.getFlowName();
739 if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
740 Assert.assertTrue(true);
742 Assert.assertTrue(false);
747 * Test UDP remove with port (All UDP) and remote SG selected.
750 public void testProgramPortSecurityACLRuleRemoveUdpAll2() throws Exception {
751 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
752 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
753 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
754 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
755 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
756 any(NodeBuilder.class));
757 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
760 Match match = flowBuilder.getMatch();
761 EthernetMatch ethMatch = match.getEthernetMatch();
762 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
764 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
765 String expectedFlowId1 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
766 PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
767 String expectedFlowId2 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
768 PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
769 String actualFlowId = flowBuilder.getFlowName();
770 if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
771 Assert.assertTrue(true);
773 Assert.assertTrue(false);
778 * Test ICMP add with code, type and CIDR selected.
781 public void testProgramPortSecurityACLRuleAddIcmp1() throws Exception {
782 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
783 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(10);
784 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(10);
785 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
786 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
787 any(NodeBuilder.class));
789 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
792 Match match = flowBuilder.getMatch();
793 Icmpv4Match icmpv4Match = match.getIcmpv4Match();
794 Assert.assertEquals(10, icmpv4Match.getIcmpv4Type().shortValue());
795 Assert.assertEquals(10, icmpv4Match.getIcmpv4Code().shortValue());
796 EthernetMatch ethMatch = match.getEthernetMatch();
797 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
798 Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
799 Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
800 Assert.assertEquals("Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
801 "_" + type + "_" + code + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
805 * Test ICMP remove with code, type and CIDR selected.
808 public void testProgramPortSecurityACLRuleRemoveIcmp1() throws Exception {
809 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
810 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(20);
811 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(20);
812 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
813 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
814 any(NodeBuilder.class));
816 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
819 Match match = flowBuilder.getMatch();
820 Icmpv4Match icmpv4Match = match.getIcmpv4Match();
821 Assert.assertEquals(20, icmpv4Match.getIcmpv4Type().shortValue());
822 Assert.assertEquals(20, icmpv4Match.getIcmpv4Code().shortValue());
823 EthernetMatch ethMatch = match.getEthernetMatch();
824 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
825 Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
826 Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
827 Assert.assertEquals("Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
828 "_" + type + "_" + code + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
832 * Test ICMP add with code, type and remote SG selected.
835 public void testProgramPortSecurityACLRuleAddIcmp2() throws Exception {
836 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
837 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(30);
838 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(30);
839 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
840 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
841 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
842 any(NodeBuilder.class));
844 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
847 Match match = flowBuilder.getMatch();
848 Icmpv4Match icmpv4Match = match.getIcmpv4Match();
849 Assert.assertEquals(30, icmpv4Match.getIcmpv4Type().shortValue());
850 Assert.assertEquals(30, icmpv4Match.getIcmpv4Code().shortValue());
851 EthernetMatch ethMatch = match.getEthernetMatch();
852 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
853 Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
854 Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
855 String expectedFlowId1 = "Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code + "_"
856 + DEST_IP_1 + "_Permit";
857 String expectedFlowId2 = "Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code + "_"
858 + DEST_IP_2 + "_Permit";
859 String actualFlowId = flowBuilder.getFlowName();
860 if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
861 Assert.assertTrue(true);
863 Assert.assertTrue(false);
868 * Test ICMP remove with code, type and remote SG selected.
871 public void testProgramPortSecurityACLRuleRemoveIcmp2() throws Exception {
872 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
873 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(40);
874 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(40);
875 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
876 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
877 any(NodeBuilder.class));
879 egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
882 Match match = flowBuilder.getMatch();
883 Icmpv4Match icmpv4Match = match.getIcmpv4Match();
884 Assert.assertEquals(40, icmpv4Match.getIcmpv4Type().shortValue());
885 Assert.assertEquals(40, icmpv4Match.getIcmpv4Code().shortValue());
886 EthernetMatch ethMatch = match.getEthernetMatch();
887 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
888 Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
889 Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
890 String expectedFlowId1 = "Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code + "_"
891 + DEST_IP_1 + "_Permit";
892 String expectedFlowId2 = "Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code + "_"
893 + DEST_IP_2 + "_Permit";
894 String actualFlowId = flowBuilder.getFlowName();
895 if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
896 Assert.assertTrue(true);
898 Assert.assertTrue(false);
903 * Test IPv4 invalid ether type test case.
906 public void testProgramPortSecurityACLRuleInvalidEther() throws Exception {
907 when(portSecurityRule.getSecurityRuleEthertype()).thenReturn("IPV6");
909 egressAclServiceSpy.programPortSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,PORT_UUID,false);
911 verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
912 verify(writeTransaction, times(0)).submit();
913 verify(commitFuture, times(0)).get();
917 * Test IPv4 invalid direction type test case.
920 public void testProgramPortSecurityACLRuleInvalidDirection() throws Exception {
921 when(portSecurityRule.getSecurityRuleDirection()).thenReturn("ingress");
923 egressAclServiceSpy.programPortSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,PORT_UUID,false);
925 verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
926 verify(writeTransaction, times(0)).submit();
927 verify(commitFuture, times(0)).get();
931 * Test With isLastPortInBridge false isComputeNode false
934 public void testProgramFixedSecurityACLAdd1() throws Exception {
935 egressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, false, false, true);
937 verify(writeTransaction, times(0)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
938 verify(writeTransaction, times(0)).submit();
939 verify(commitFuture, times(0)).get();
942 * Test With isLastPortInBridge false isComputeNode false
945 public void testProgramFixedSecurityACLRemove1() throws Exception {
947 egressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, false, false, false);
949 verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
950 verify(writeTransaction, times(0)).submit();
951 verify(commitFuture, times(0)).get();
955 * Test With isLastPortInBridge false isComputeNode true
958 public void testProgramFixedSecurityACLAdd2() throws Exception {
960 egressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, false, true, true);
962 verify(writeTransaction, times(6)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
963 verify(writeTransaction, times(3)).submit();
964 verify(commitFuture, times(3)).get();
968 * Test With isLastPortInBridge false isComputeNode true
971 public void testProgramFixedSecurityACLRemove2() throws Exception {
973 egressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, false, true, false);
975 verify(writeTransaction, times(3)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
976 verify(writeTransaction, times(3)).submit();
977 verify(commitFuture, times(3)).get();
981 * Test With isLastPortInBridge true isComputeNode false
984 public void testProgramFixedSecurityACLAdd3() throws Exception {
986 egressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, true, false, true);
988 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
989 verify(writeTransaction, times(1)).submit();
990 verify(commitFuture, times(1)).get();
994 * Test With isLastPortInBridge true isComputeNode false
997 public void testProgramFixedSecurityACLRemove3() throws Exception {
999 egressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, true, false, false);
1001 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1002 verify(writeTransaction, times(1)).submit();
1003 verify(commitFuture, times(1)).get();
1007 * Test With isLastPortInBridge true isComputeNode true
1010 public void testProgramFixedSecurityACLAdd4() throws Exception {
1012 egressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, true, true, true);
1014 verify(writeTransaction, times(8)).put(any(LogicalDatastoreType.class),
1015 any(InstanceIdentifier.class), any(Node.class), eq(true));
1016 verify(writeTransaction, times(4)).submit();
1017 verify(commitFuture, times(4)).get();
1021 * Test With isLastPortInBridge true isComputeNode true
1024 public void testProgramFixedSecurityACLRemove4() throws Exception {
1026 egressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, true, true, false);
1028 verify(writeTransaction, times(4)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1029 verify(writeTransaction, times(4)).submit();
1030 verify(commitFuture, times(4)).get();
1034 * Test method {@link EgressAclService#egressACLTcpPortWithPrefix(Long, String, String, boolean, Integer, String, Integer)}
1037 public void testEgressACLTcpPortWithPrefix() throws Exception {
1038 egressAclService.egressACLTcpPortWithPrefix(123L, "2", MAC_ADDRESS, true, 1, HOST_ADDRESS, 1);
1039 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
1040 verify(writeTransaction, times(1)).submit();
1041 verify(commitFuture, times(1)).get();
1043 egressAclService.egressACLTcpPortWithPrefix(123L, "2", MAC_ADDRESS, false, 1, HOST_ADDRESS, 1);
1044 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1045 verify(writeTransaction, times(2)).submit();
1046 verify(commitFuture, times(2)).get(); // 1 + 1 above
1050 * Test method {@link EgressAclService#egressAllowProto(Long, String, String, boolean, String, Integer)}
1053 public void testEgressAllowProto() throws Exception {
1054 egressAclService.egressAllowProto(123L, "2", MAC_ADDRESS, true, HOST_ADDRESS, 1);
1055 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
1056 verify(writeTransaction, times(1)).submit();
1057 verify(commitFuture, times(1)).get();
1059 egressAclService.egressAllowProto(123L, "2", MAC_ADDRESS, false, HOST_ADDRESS, 1);
1060 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1061 verify(writeTransaction, times(2)).submit();
1062 verify(commitFuture, times(2)).get(); // 1 + 1 above
1066 * Test method {@link EgressAclService#egressACLPermitAllProto(Long, String, String, boolean, String, Integer)}
1069 public void testEgressACLPermitAllProto() throws Exception {
1070 egressAclService.egressACLPermitAllProto(123L, "2", MAC_ADDRESS, true, HOST_ADDRESS, 1);
1071 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
1072 verify(writeTransaction, times(1)).submit();
1073 verify(commitFuture, times(1)).get();
1075 egressAclService.egressACLPermitAllProto(123L, "2", MAC_ADDRESS, false, HOST_ADDRESS, 1);
1076 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1077 verify(writeTransaction, times(2)).submit();
1078 verify(commitFuture, times(2)).get(); // 1 + 1 above
1082 * Test method {@link EgressAclService#egressACLTcpSyn(Long, String, String, boolean, Integer, Integer)}
1085 public void testEgressACLTcpSyn() throws Exception {
1086 egressAclService.egressACLTcpSyn(123L, "2", MAC_ADDRESS, true, 1, 1);
1087 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
1088 verify(writeTransaction, times(1)).submit();
1089 verify(commitFuture, times(1)).get();
1091 egressAclService.egressACLTcpSyn(123L, "2", MAC_ADDRESS, false, 1, 1);
1092 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1093 verify(writeTransaction, times(2)).submit();
1094 verify(commitFuture, times(2)).get(); // 1 + 1 above