openstack/net-virt-providers/src/test/java/org/opendaylight/ovsdb/openstack/netvirt/providers/openflow13/services/EgressAclServiceTest.java

   1 /*
   2  * Copyright (c) 2015 Inocybe and others.  All rights reserved.
   3  *
   4  * This program and the accompanying materials are made available under the
   5  * terms of the Eclipse Public License v1.0 which accompanies this distribution,
   6  * and is available at http://www.eclipse.org/legal/epl-v10.html
   7  */
   8
   9 package org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.services;
  10
  11 import static org.mockito.Matchers.any;
  12 import static org.mockito.Matchers.anyBoolean;
  13 import static org.mockito.Matchers.eq;
  14 import static org.mockito.Mockito.mock;
  15 import static org.mockito.Mockito.times;
  16 import static org.mockito.Mockito.verify;
  17 import static org.mockito.Mockito.when;
  18
  19 import java.util.ArrayList;
  20 import java.util.List;
  21
  22 import org.junit.Assert;
  23 import org.junit.Before;
  24 import org.junit.Test;
  25 import org.junit.runner.RunWith;
  26 import org.mockito.InjectMocks;
  27 import org.mockito.Mock;
  28 import org.mockito.invocation.InvocationOnMock;
  29 import org.mockito.stubbing.Answer;
  30 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
  31 import org.opendaylight.controller.md.sal.binding.api.WriteTransaction;
  32 import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
  33 import org.opendaylight.controller.md.sal.common.api.data.TransactionCommitFailedException;
  34 import org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronSecurityGroup;
  35 import org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronSecurityRule;
  36 import org.opendaylight.ovsdb.openstack.netvirt.translator.Neutron_IPs;
  37 import org.opendaylight.ovsdb.openstack.netvirt.api.SecurityGroupCacheManger;
  38 import org.opendaylight.ovsdb.openstack.netvirt.api.SecurityServicesManager;
  39 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.PipelineOrchestrator;
  40 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.Service;
  41 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.inventory.rev130819.tables.table.FlowBuilder;
  42 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.nodes.Node;
  43 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.nodes.NodeBuilder;
  44 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.Match;
  45 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.EthernetMatch;
  46 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.Icmpv4Match;
  47 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._4.match.TcpMatch;
  48 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._4.match.UdpMatch;
  49 import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
  50 import org.powermock.api.mockito.PowerMockito;
  51 import org.powermock.modules.junit4.PowerMockRunner;
  52
  53 import com.google.common.util.concurrent.CheckedFuture;
  54 /**
  55  * Unit test for {@link EgressAclService}
  56  */
  57 @RunWith(PowerMockRunner.class)
  58 @SuppressWarnings("unchecked")
  59 public class EgressAclServiceTest {
  60
  61     @InjectMocks private EgressAclService egressAclService = new EgressAclService();
  62     private EgressAclService egressAclServiceSpy;
  63
  64     @Mock private DataBroker dataBroker;
  65     @Mock private PipelineOrchestrator orchestrator;
  66
  67     @Mock private WriteTransaction writeTransaction;
  68     @Mock private CheckedFuture<Void, TransactionCommitFailedException> commitFuture;
  69
  70     @Mock private NeutronSecurityGroup securityGroup;
  71     @Mock private NeutronSecurityRule portSecurityRule;
  72
  73     @Mock private SecurityServicesManager securityServices;
  74     @Mock private SecurityGroupCacheManger securityGroupCacheManger;
  75
  76     private Neutron_IPs neutron_ip_src;
  77     private Neutron_IPs neutron_ip_dest_1;
  78     private Neutron_IPs neutron_ip_dest_2;
  79     private List<Neutron_IPs> neutronSrcIpList = new ArrayList<>();
  80     private List<Neutron_IPs> neutronDestIpList = new ArrayList<>();
  81     private static final String HOST_ADDRESS = "127.0.0.1/32";
  82     private static final String MAC_ADDRESS = "87:1D:5E:02:40:B7";
  83     private static final String SRC_IP = "192.168.0.1";
  84     private static final String DEST_IP_1 = "192.169.0.1";
  85     private static final String DEST_IP_2 = "192.169.0.2";
  86     private static final String DEST_IP_1_WITH_MASK = "192.169.0.1/32";
  87     private static final String DEST_IP_2_WITH_MASK = "192.169.0.2/32";
  88     private static final String SECURITY_GROUP_UUID = "85cc3048-abc3-43cc-89b3-377341426ac5";
  89     private static final String PORT_UUID = "95cc3048-abc3-43cc-89b3-377341426ac5";
  90     private static final String SEGMENT_ID = "2";
  91     private static final Long DP_ID_LONG = (long) 1554;
  92     private static final Long LOCAL_PORT = (long) 124;
  93     private static final int PORT_RANGE_MIN = 1;
  94     private static final int PORT_RANGE_MAX = 65535;
  95     private static FlowBuilder flowBuilder;
  96     private static NodeBuilder nodeBuilder;
  97
  98     private static Answer<Object> answer() {
  99         return new Answer<Object>() {
 100             @Override
 101             public CheckedFuture<Void, TransactionCommitFailedException> answer(InvocationOnMock invocation)
 102                     throws Throwable {
 103                 flowBuilder = (FlowBuilder) invocation.getArguments()[0];
 104                 nodeBuilder = (NodeBuilder) invocation.getArguments()[1];
 105                 return null;
 106             }
 107         };
 108     }
 109
 110     @Before
 111     public void setUp() {
 112         egressAclServiceSpy = PowerMockito.spy(egressAclService);
 113
 114         when(writeTransaction.submit()).thenReturn(commitFuture);
 115
 116         when(dataBroker.newWriteOnlyTransaction()).thenReturn(writeTransaction);
 117
 118         when(orchestrator.getNextServiceInPipeline(any(Service.class))).thenReturn(Service.ARP_RESPONDER);
 119
 120         portSecurityRule = mock(NeutronSecurityRule.class);
 121
 122         when(portSecurityRule.getSecurityRuleEthertype()).thenReturn("IPv4");
 123         when(portSecurityRule.getSecurityRuleDirection()).thenReturn("egress");
 124
 125         List<NeutronSecurityRule> portSecurityList = new ArrayList<>();
 126         portSecurityList.add(portSecurityRule);
 127
 128         neutron_ip_src = new Neutron_IPs();
 129         neutron_ip_src.setIpAddress(SRC_IP);
 130         neutronSrcIpList.add(neutron_ip_src);
 131
 132         neutron_ip_dest_1 = new Neutron_IPs();
 133         neutron_ip_dest_1.setIpAddress(DEST_IP_1);
 134         neutronDestIpList.add(neutron_ip_dest_1);
 135
 136         neutron_ip_dest_2 = new Neutron_IPs();
 137         neutron_ip_dest_2.setIpAddress(DEST_IP_2);
 138         neutronDestIpList.add(neutron_ip_dest_2);
 139
 140         when(securityGroup.getSecurityRules()).thenReturn(portSecurityList);
 141         when(securityServices.getVmListForSecurityGroup(PORT_UUID, SECURITY_GROUP_UUID)).thenReturn(neutronDestIpList);
 142     }
 143
 144     /**
 145      * Rule 1: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (True), IP Prefix (True)
 146      */
 147     /*@Test
 148     public void testProgramPortSecurityACLRule1() throws Exception {
 149         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 150         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(1);
 151         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
 152         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
 153
 154         egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
 155         verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 156         verify(egressAclServiceSpy, times(1)).egressACLTcpPortWithPrefix(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyString(), anyInt());
 157         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 158         verify(writeTransaction, times(2)).submit();
 159         verify(commitFuture, times(2)).get();
 160     }
 161
 162     *//**
 163      * Rule 2: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (False), IP Prefix (True)
 164      *//*
 165     @Test
 166     public void testProgramPortSecurityACLRule2() throws Exception {
 167         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 168         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 169         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
 170         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
 171
 172         egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
 173         verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 174         verify(egressAclServiceSpy, times(1)).egressACLTcpPortWithPrefix(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyString(), anyInt());
 175         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 176         verify(writeTransaction, times(2)).submit();
 177         verify(commitFuture, times(2)).get();
 178     }
 179
 180     *//**
 181      * Rule 3: TCP Proto (True), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (True)
 182      *//*
 183     @Test
 184     public void testProgramPortSecurityACLRule3() throws Exception {
 185         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 186         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 187         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
 188         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
 189
 190         egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
 191         verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 192         verify(egressAclServiceSpy, times(1)).egressACLPermitAllProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
 193         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 194         verify(writeTransaction, times(2)).submit();
 195         verify(commitFuture, times(2)).get();
 196     }
 197
 198     *//**
 199      * Rule 4: TCP Proto (False), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (True)
 200      *//*
 201     @Test
 202     public void testProgramPortSecurityACLRule4() throws Exception {
 203         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
 204         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 205         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
 206         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
 207
 208         egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
 209         verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 210         verify(egressAclServiceSpy, times(1)).egressACLPermitAllProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
 211         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 212         verify(writeTransaction, times(2)).submit();
 213         verify(commitFuture, times(2)).get();
 214     }
 215
 216     *//**
 217      * Rule 5: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (True), IP Prefix (False)
 218      *//*
 219     @Test
 220     public void testProgramPortSecurityACLRule5() throws Exception {
 221         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 222         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(1);
 223         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
 224         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
 225
 226         egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
 227         verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 228         verify(egressAclServiceSpy, times(1)).egressACLTcpSyn(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyInt());
 229         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 230         verify(writeTransaction, times(2)).submit();
 231         verify(commitFuture, times(2)).get();
 232     }
 233
 234     *//**
 235      * Rule 6: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (False), IP Prefix (False)
 236      *//*
 237     @Test
 238     public void testProgramPortSecurityACLRule6() throws Exception {
 239         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 240         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 241         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
 242         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
 243
 244         egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
 245         verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 246         verify(egressAclServiceSpy, times(1)).egressACLTcpSyn(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyInt());
 247         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 248         verify(writeTransaction, times(2)).submit();
 249         verify(commitFuture, times(2)).get();
 250     }
 251
 252     *//**
 253      * Rule 7: TCP Proto (True), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (False or 0.0.0.0/0)
 254      *//*
 255     @Test
 256     public void testProgramPortSecurityACLRule7() throws Exception {
 257         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 258         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 259         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
 260         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
 261
 262         egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
 263         verify(egressAclServiceSpy, times(1)).egressAllowProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
 264         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 265         verify(writeTransaction, times(1)).submit();
 266         verify(commitFuture, times(1)).get();
 267     }
 268 */
 269     /**
 270      * Test method {@link EgressAclService#egressACLDefaultTcpDrop(Long, String, String, int, boolean)}
 271      */
 272     @Test
 273     public void testEgressACLDefaultTcpDrop() throws Exception {
 274         egressAclService.egressACLDefaultTcpDrop(123L, "2", MAC_ADDRESS, 1, true);
 275         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 276         verify(writeTransaction, times(1)).submit();
 277         verify(commitFuture, times(1)).get();
 278
 279         egressAclService.egressACLDefaultTcpDrop(123L, "2", MAC_ADDRESS, 1, false);
 280         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 281         verify(writeTransaction, times(2)).submit();
 282         verify(commitFuture, times(2)).get(); // 1 + 1 above
 283     }
 284
 285     /**
 286      *  Test IPv4 add test case.
 287      */
 288     @Test
 289     public void testProgramPortSecurityACLRuleAddIpv4() throws Exception {
 290         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
 291         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 292         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
 293         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
 294
 295         egressAclServiceSpy.programPortSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,PORT_UUID,true);
 296
 297         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
 298         verify(writeTransaction, times(1)).submit();
 299         verify(commitFuture, times(1)).get();
 300     }
 301
 302     /**
 303      *  Test IPv4 remove test case.
 304      */
 305     @Test
 306     public void testProgramPortSecurityACLRuleRemoveIpv4() throws Exception {
 307         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
 308         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 309         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
 310         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
 311
 312         egressAclServiceSpy.programPortSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,PORT_UUID,false);
 313         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 314         verify(writeTransaction, times(1)).submit();
 315         verify(commitFuture, times(1)).get();
 316     }
 317
 318     /**
 319      *  Test TCP add with port no and CIDR selected.
 320      */
 321     @Test
 322     public void testProgramPortSecurityACLRuleAddTcp1() throws Exception {
 323         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 324         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(20);
 325         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(20);
 326         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 327         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 328                                              any(NodeBuilder.class));
 329         egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 330                                                      PORT_UUID, true);
 331
 332         Match match = flowBuilder.getMatch();
 333         EthernetMatch ethMatch = match.getEthernetMatch();
 334         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 335
 336         Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
 337         TcpMatch layer4Match=(TcpMatch) match.getLayer4Match();
 338         Assert.assertEquals(20, layer4Match.getTcpDestinationPort().getValue().intValue());
 339         int port=portSecurityRule.getSecurityRulePortMin();
 340         Assert.assertEquals("Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
 341                             "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
 342     }
 343
 344     /**
 345      *  Test TCP remove with port no and CIDR selected.
 346      */
 347     @Test
 348     public void testProgramPortSecurityACLRuleRemoveTcp1() throws Exception {
 349         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 350         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(30);
 351         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(30);
 352         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 353         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 354                                              any(NodeBuilder.class));
 355
 356         egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 357                                                      PORT_UUID, false);
 358
 359         Match match = flowBuilder.getMatch();
 360         EthernetMatch ethMatch = match.getEthernetMatch();
 361         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 362
 363         Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
 364         TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
 365         Assert.assertEquals(30, layer4Match.getTcpDestinationPort().getValue().intValue());
 366         int port=portSecurityRule.getSecurityRulePortMin();
 367         Assert.assertEquals("Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
 368                             "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
 369     }
 370
 371     /**
 372      *  Test TCP add with port no and remote SG selected.
 373      */
 374     @Test
 375     public void testProgramPortSecurityACLRuleAddTcp2() throws Exception {
 376         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 377         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(40);
 378         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(40);
 379         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 380         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 381                                              any(NodeBuilder.class));
 382         egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 383                                                      PORT_UUID, true);
 384
 385         Match match = flowBuilder.getMatch();
 386         EthernetMatch ethMatch = match.getEthernetMatch();
 387         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 388
 389         Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
 390         TcpMatch layer4Match=(TcpMatch) match.getLayer4Match();
 391         int port=portSecurityRule.getSecurityRulePortMin();
 392         String expectedFlowId1 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + DEST_IP_1 +
 393                 "_Permit";
 394         String expectedFlowId2 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + DEST_IP_2 +
 395                 "_Permit";
 396         String actualFlowId = flowBuilder.getFlowName();
 397         if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 398             Assert.assertTrue(true);
 399         } else {
 400             Assert.assertTrue(false);
 401         }
 402     }
 403
 404     /**
 405      *  Test TCP remove with port no and remote SG selected.
 406      */
 407     @Test
 408     public void testProgramPortSecurityACLRuleRemoveTcp2() throws Exception {
 409         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 410         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
 411         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
 412         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 413         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 414                                              any(NodeBuilder.class));
 415
 416         egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 417                                                      PORT_UUID, false);
 418
 419         Match match = flowBuilder.getMatch();
 420         EthernetMatch ethMatch = match.getEthernetMatch();
 421         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 422
 423         Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
 424         TcpMatch layer4Match=(TcpMatch) match.getLayer4Match();
 425         int port=portSecurityRule.getSecurityRulePortMin();
 426         String expectedFlowId1 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_1 +
 427                 "_Permit";
 428         String expectedFlowId2 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_2 +
 429                 "_Permit";
 430         String actualFlowId = flowBuilder.getFlowName();
 431         if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 432             Assert.assertTrue(true);
 433         } else {
 434             Assert.assertTrue(false);
 435         }
 436     }
 437
 438     /**
 439      *  Test TCP add with port range (All TCP) and CIDR selected.
 440      */
 441     @Test
 442     public void testProgramPortSecurityACLRuleAddTcpAll1() throws Exception {
 443         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 444         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
 445         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
 446         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 447         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 448                                              any(NodeBuilder.class));
 449         egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 450                                                      PORT_UUID, true);
 451
 452         Match match = flowBuilder.getMatch();
 453         Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
 454         TcpMatch layer4Match=(TcpMatch) match.getLayer4Match();
 455         EthernetMatch ethMatch = match.getEthernetMatch();
 456         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 457     }
 458
 459     /**
 460      *  Test TCP remove with port range (All TCP) and CIDR selected.
 461      */
 462     @Test
 463     public void testProgramPortSecurityACLRuleRemoveTcpAll1() throws Exception {
 464         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 465         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
 466         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
 467         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 468         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 469                                              any(NodeBuilder.class));
 470
 471         egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 472                                                      PORT_UUID, false);
 473
 474         Match match = flowBuilder.getMatch();
 475         EthernetMatch ethMatch = match.getEthernetMatch();
 476         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 477
 478         Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
 479         Assert.assertEquals("Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
 480                             PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
 481     }
 482
 483     /**
 484      *  Test TCP add with port range (All TCP) and remote SG selected.
 485      */
 486     @Test
 487     public void testProgramPortSecurityACLRuleAddTcpAll2() throws Exception {
 488         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 489         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
 490         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
 491         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 492         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 493                                              any(NodeBuilder.class));
 494         egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 495                                                      PORT_UUID, true);
 496
 497         Match match = flowBuilder.getMatch();
 498         EthernetMatch ethMatch = match.getEthernetMatch();
 499         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 500
 501         Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
 502         String expectedFlowId1 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
 503                                 PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
 504         String expectedFlowId2 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
 505                                 PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
 506         String actualFlowId = flowBuilder.getFlowName();
 507         if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 508             Assert.assertTrue(true);
 509         } else {
 510             Assert.assertTrue(false);
 511         }
 512     }
 513
 514     /**
 515      *  Test TCP remove with port range (All TCP) and remote SG selected.
 516      */
 517     @Test
 518     public void testProgramPortSecurityACLRuleRemoveTcpAll2() throws Exception {
 519         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 520         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
 521         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
 522         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 523         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 524                                              any(NodeBuilder.class));
 525
 526         egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 527                                                      PORT_UUID, false);
 528
 529         Match match = flowBuilder.getMatch();
 530         EthernetMatch ethMatch = match.getEthernetMatch();
 531         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 532
 533         Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
 534         String expectedFlowId1 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
 535                                 PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
 536         String expectedFlowId2 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
 537                                 PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
 538         String actualFlowId = flowBuilder.getFlowName();
 539         if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 540             Assert.assertTrue(true);
 541         } else {
 542             Assert.assertTrue(false);
 543         }
 544     }
 545
 546     /**
 547      *  Test UDP add with port no and CIDR selected.
 548      */
 549     @Test
 550     public void testProgramPortSecurityACLRuleAddUdp1() throws Exception {
 551         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
 552         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
 553         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
 554         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 555         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 556                                              any(NodeBuilder.class));
 557         egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 558                                                      PORT_UUID, true);
 559
 560         Match match = flowBuilder.getMatch();
 561         EthernetMatch ethMatch = match.getEthernetMatch();
 562         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 563
 564         Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
 565         UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
 566         Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
 567         int port = portSecurityRule.getSecurityRulePortMin();
 568         Assert.assertEquals("Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
 569                             "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
 570     }
 571
 572     /**
 573      *  Test UDP remove with port no and CIDR selected.
 574      */
 575     @Test
 576     public void testProgramPortSecurityACLRuleRemoveUdp1() throws Exception {
 577         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
 578         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
 579         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
 580         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 581         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 582                                              any(NodeBuilder.class));
 583         egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 584                                                      PORT_UUID, false);
 585
 586         Match match = flowBuilder.getMatch();
 587         EthernetMatch ethMatch = match.getEthernetMatch();
 588         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 589
 590         Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
 591         UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
 592         Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
 593         int port = portSecurityRule.getSecurityRulePortMin();
 594         Assert.assertEquals("Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
 595                             "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
 596     }
 597
 598     /**
 599      *  Test UDP add with port no and remote SG selected.
 600      */
 601     @Test
 602     public void testProgramPortSecurityACLRuleAddUdp2() throws Exception {
 603         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
 604         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
 605         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
 606         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 607         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 608         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 609                                              any(NodeBuilder.class));
 610         egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 611                                                      PORT_UUID, true);
 612
 613         Match match = flowBuilder.getMatch();
 614         EthernetMatch ethMatch = match.getEthernetMatch();
 615         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 616
 617         Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
 618         UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
 619         Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
 620         int port = portSecurityRule.getSecurityRulePortMin();
 621         String expectedFlowId1 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + DEST_IP_1 +
 622                 "_Permit";
 623         String expectedFlowId2 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + DEST_IP_2 +
 624                 "_Permit";
 625         String actualFlowId = flowBuilder.getFlowName();
 626         if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 627             Assert.assertTrue(true);
 628         } else {
 629             Assert.assertTrue(false);
 630         }
 631     }
 632
 633     /**
 634      *  Test UDP remove with port no and remote SG selected.
 635      */
 636     @Test
 637     public void testProgramPortSecurityACLRuleRemoveUdp2() throws Exception {
 638         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
 639         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
 640         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
 641         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 642         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 643         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 644                                              any(NodeBuilder.class));
 645         egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 646                                                      PORT_UUID, false);
 647
 648         Match match = flowBuilder.getMatch();
 649         EthernetMatch ethMatch = match.getEthernetMatch();
 650         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 651
 652         Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
 653         UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
 654         Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
 655         int port = portSecurityRule.getSecurityRulePortMin();
 656         String expectedFlowId1 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + DEST_IP_1 +
 657                 "_Permit";
 658         String expectedFlowId2 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + DEST_IP_2 +
 659                 "_Permit";
 660         String actualFlowId = flowBuilder.getFlowName();
 661         if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 662             Assert.assertTrue(true);
 663         } else {
 664             Assert.assertTrue(false);
 665         }
 666     }
 667
 668
 669     /**
 670      *  Test UDP add with port (All UDP) and CIDR selected.
 671      */
 672     @Test
 673     public void testProgramPortSecurityACLRuleAddUdpAll1() throws Exception {
 674         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
 675         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
 676         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
 677         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 678         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 679                                              any(NodeBuilder.class));
 680         egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 681                                                      PORT_UUID, true);
 682
 683         Match match = flowBuilder.getMatch();
 684         EthernetMatch ethMatch = match.getEthernetMatch();
 685         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 686
 687         Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
 688         Assert.assertEquals("Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
 689                             PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
 690     }
 691
 692     /**
 693      *  Test UDP remove with port (All UDP) and CIDR selected.
 694      */
 695     @Test
 696     public void testProgramPortSecurityACLRuleRemoveUdpAll1() throws Exception {
 697         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
 698         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
 699         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
 700         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 701         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 702                                              any(NodeBuilder.class));
 703         egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 704                                                      PORT_UUID, false);
 705
 706         Match match = flowBuilder.getMatch();
 707         EthernetMatch ethMatch = match.getEthernetMatch();
 708         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 709
 710         Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
 711         Assert.assertEquals("Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
 712                             PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
 713     }
 714
 715     /**
 716      *  Test UDP add with port (All UDP) and remote SG selected.
 717      */
 718     @Test
 719     public void testProgramPortSecurityACLRuleAddUdpAll2() throws Exception {
 720         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
 721         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
 722         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
 723         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 724         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 725                                              any(NodeBuilder.class));
 726         egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 727                                                      PORT_UUID, true);
 728
 729         Match match = flowBuilder.getMatch();
 730         EthernetMatch ethMatch = match.getEthernetMatch();
 731         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 732
 733         Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
 734         String expectedFlowId1 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
 735                                 PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
 736         String expectedFlowId2 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
 737                                 PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
 738         String actualFlowId = flowBuilder.getFlowName();
 739         if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 740             Assert.assertTrue(true);
 741         } else {
 742             Assert.assertTrue(false);
 743         }
 744     }
 745
 746     /**
 747      *  Test UDP remove with port (All UDP) and remote SG selected.
 748      */
 749     @Test
 750     public void testProgramPortSecurityACLRuleRemoveUdpAll2() throws Exception {
 751         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
 752         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
 753         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
 754         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 755         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 756                                              any(NodeBuilder.class));
 757         egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 758                                                      PORT_UUID, false);
 759
 760         Match match = flowBuilder.getMatch();
 761         EthernetMatch ethMatch = match.getEthernetMatch();
 762         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 763
 764         Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
 765         String expectedFlowId1 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
 766                 PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
 767         String expectedFlowId2 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
 768                 PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
 769         String actualFlowId = flowBuilder.getFlowName();
 770         if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 771             Assert.assertTrue(true);
 772         } else {
 773             Assert.assertTrue(false);
 774         }
 775     }
 776
 777     /**
 778      *  Test ICMP add with code, type and CIDR selected.
 779      */
 780     @Test
 781     public void testProgramPortSecurityACLRuleAddIcmp1() throws Exception {
 782         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
 783         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(10);
 784         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(10);
 785         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 786         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 787                                              any(NodeBuilder.class));
 788
 789         egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 790                                                      PORT_UUID, true);
 791
 792         Match match = flowBuilder.getMatch();
 793         Icmpv4Match icmpv4Match = match.getIcmpv4Match();
 794         Assert.assertEquals(10, icmpv4Match.getIcmpv4Type().shortValue());
 795         Assert.assertEquals(10, icmpv4Match.getIcmpv4Code().shortValue());
 796         EthernetMatch ethMatch = match.getEthernetMatch();
 797         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 798         Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
 799         Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
 800         Assert.assertEquals("Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
 801                             "_" + type + "_" + code + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
 802     }
 803
 804     /**
 805      *  Test ICMP remove with code, type and CIDR selected.
 806      */
 807     @Test
 808     public void testProgramPortSecurityACLRuleRemoveIcmp1() throws Exception {
 809         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
 810         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(20);
 811         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(20);
 812         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 813         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 814                                              any(NodeBuilder.class));
 815
 816         egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 817                                                      PORT_UUID, false);
 818
 819         Match match = flowBuilder.getMatch();
 820         Icmpv4Match icmpv4Match = match.getIcmpv4Match();
 821         Assert.assertEquals(20, icmpv4Match.getIcmpv4Type().shortValue());
 822         Assert.assertEquals(20, icmpv4Match.getIcmpv4Code().shortValue());
 823         EthernetMatch ethMatch = match.getEthernetMatch();
 824         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 825         Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
 826         Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
 827         Assert.assertEquals("Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
 828                             "_" + type + "_" + code + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
 829     }
 830
 831     /**
 832      *  Test ICMP add with code, type and remote SG selected.
 833      */
 834     @Test
 835     public void testProgramPortSecurityACLRuleAddIcmp2() throws Exception {
 836         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
 837         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(30);
 838         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(30);
 839         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 840         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 841         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 842                                              any(NodeBuilder.class));
 843
 844         egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 845                                                      PORT_UUID, true);
 846
 847         Match match = flowBuilder.getMatch();
 848         Icmpv4Match icmpv4Match = match.getIcmpv4Match();
 849         Assert.assertEquals(30, icmpv4Match.getIcmpv4Type().shortValue());
 850         Assert.assertEquals(30, icmpv4Match.getIcmpv4Code().shortValue());
 851         EthernetMatch ethMatch = match.getEthernetMatch();
 852         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 853         Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
 854         Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
 855         String expectedFlowId1 = "Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code + "_"
 856                                 + DEST_IP_1 + "_Permit";
 857         String expectedFlowId2 = "Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code + "_"
 858                                 + DEST_IP_2 + "_Permit";
 859         String actualFlowId = flowBuilder.getFlowName();
 860         if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 861             Assert.assertTrue(true);
 862         } else {
 863             Assert.assertTrue(false);
 864         }
 865     }
 866
 867     /**
 868      *  Test ICMP remove with code, type and remote SG selected.
 869      */
 870     @Test
 871     public void testProgramPortSecurityACLRuleRemoveIcmp2() throws Exception {
 872         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
 873         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(40);
 874         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(40);
 875         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 876         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 877                                              any(NodeBuilder.class));
 878
 879         egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 880                                                      PORT_UUID, false);
 881
 882         Match match = flowBuilder.getMatch();
 883         Icmpv4Match icmpv4Match = match.getIcmpv4Match();
 884         Assert.assertEquals(40, icmpv4Match.getIcmpv4Type().shortValue());
 885         Assert.assertEquals(40, icmpv4Match.getIcmpv4Code().shortValue());
 886         EthernetMatch ethMatch = match.getEthernetMatch();
 887         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
 888         Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
 889         Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
 890         String expectedFlowId1 = "Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code + "_"
 891                                 + DEST_IP_1 + "_Permit";
 892         String expectedFlowId2 = "Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code + "_"
 893                                 + DEST_IP_2 + "_Permit";
 894         String actualFlowId = flowBuilder.getFlowName();
 895         if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 896             Assert.assertTrue(true);
 897         } else {
 898             Assert.assertTrue(false);
 899         }
 900     }
 901
 902     /**
 903      *  Test IPv4 invalid ether type test case.
 904      */
 905     @Test
 906     public void testProgramPortSecurityACLRuleInvalidEther() throws Exception {
 907         when(portSecurityRule.getSecurityRuleEthertype()).thenReturn("IPV6");
 908
 909         egressAclServiceSpy.programPortSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,PORT_UUID,false);
 910
 911         verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 912         verify(writeTransaction, times(0)).submit();
 913         verify(commitFuture, times(0)).get();
 914     }
 915
 916     /**
 917      *  Test IPv4 invalid direction type test case.
 918      */
 919     @Test
 920     public void testProgramPortSecurityACLRuleInvalidDirection() throws Exception {
 921         when(portSecurityRule.getSecurityRuleDirection()).thenReturn("ingress");
 922
 923         egressAclServiceSpy.programPortSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,PORT_UUID,false);
 924
 925         verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 926         verify(writeTransaction, times(0)).submit();
 927         verify(commitFuture, times(0)).get();
 928     }
 929
 930     /**
 931      *  Test With isLastPortInBridge false isComputeNode false
 932      */
 933     @Test
 934     public void testProgramFixedSecurityACLAdd1() throws Exception {
 935         egressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, false, false, true);
 936
 937         verify(writeTransaction, times(0)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
 938         verify(writeTransaction, times(0)).submit();
 939         verify(commitFuture, times(0)).get();
 940     }
 941     /**
 942      *  Test With isLastPortInBridge false isComputeNode false
 943      */
 944     @Test
 945     public void testProgramFixedSecurityACLRemove1() throws Exception {
 946
 947         egressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, false, false, false);
 948
 949         verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 950         verify(writeTransaction, times(0)).submit();
 951         verify(commitFuture, times(0)).get();
 952     }
 953
 954     /**
 955      *  Test With isLastPortInBridge false isComputeNode true
 956      */
 957     @Test
 958     public void testProgramFixedSecurityACLAdd2() throws Exception {
 959
 960         egressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, false, true, true);
 961
 962         verify(writeTransaction, times(6)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
 963         verify(writeTransaction, times(3)).submit();
 964         verify(commitFuture, times(3)).get();
 965     }
 966
 967     /**
 968      *  Test With isLastPortInBridge false isComputeNode true
 969      */
 970     @Test
 971     public void testProgramFixedSecurityACLRemove2() throws Exception {
 972
 973         egressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, false, true, false);
 974
 975         verify(writeTransaction, times(3)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 976         verify(writeTransaction, times(3)).submit();
 977         verify(commitFuture, times(3)).get();
 978     }
 979
 980     /**
 981      *  Test With isLastPortInBridge true isComputeNode false
 982      */
 983     @Test
 984     public void testProgramFixedSecurityACLAdd3() throws Exception {
 985
 986         egressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, true, false, true);
 987
 988         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
 989         verify(writeTransaction, times(1)).submit();
 990         verify(commitFuture, times(1)).get();
 991     }
 992
 993     /**
 994      *  Test With isLastPortInBridge true isComputeNode false
 995      */
 996     @Test
 997     public void testProgramFixedSecurityACLRemove3() throws Exception {
 998
 999         egressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, true, false, false);
1000
1001         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1002         verify(writeTransaction, times(1)).submit();
1003         verify(commitFuture, times(1)).get();
1004     }
1005
1006     /**
1007      *  Test With isLastPortInBridge true isComputeNode true
1008      */
1009     @Test
1010     public void testProgramFixedSecurityACLAdd4() throws Exception {
1011
1012         egressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, true, true, true);
1013
1014         verify(writeTransaction, times(8)).put(any(LogicalDatastoreType.class),
1015                                                any(InstanceIdentifier.class), any(Node.class), eq(true));
1016         verify(writeTransaction, times(4)).submit();
1017         verify(commitFuture, times(4)).get();
1018     }
1019
1020     /**
1021      *  Test With isLastPortInBridge true isComputeNode true
1022      */
1023     @Test
1024     public void testProgramFixedSecurityACLRemove4() throws Exception {
1025
1026         egressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, true, true, false);
1027
1028         verify(writeTransaction, times(4)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1029         verify(writeTransaction, times(4)).submit();
1030         verify(commitFuture, times(4)).get();
1031     }
1032
1033     /**
1034      * Test method {@link EgressAclService#egressACLTcpPortWithPrefix(Long, String, String, boolean, Integer, String, Integer)}
1035      */
1036     @Test
1037     public void testEgressACLTcpPortWithPrefix() throws Exception {
1038         egressAclService.egressACLTcpPortWithPrefix(123L, "2", MAC_ADDRESS, true, 1, HOST_ADDRESS, 1);
1039         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
1040         verify(writeTransaction, times(1)).submit();
1041         verify(commitFuture, times(1)).get();
1042
1043         egressAclService.egressACLTcpPortWithPrefix(123L, "2", MAC_ADDRESS, false, 1, HOST_ADDRESS, 1);
1044         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1045         verify(writeTransaction, times(2)).submit();
1046         verify(commitFuture, times(2)).get(); // 1 + 1 above
1047     }
1048
1049     /**
1050      * Test method {@link EgressAclService#egressAllowProto(Long, String, String, boolean, String, Integer)}
1051      */
1052     @Test
1053     public void testEgressAllowProto() throws Exception {
1054         egressAclService.egressAllowProto(123L, "2", MAC_ADDRESS, true, HOST_ADDRESS, 1);
1055         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
1056         verify(writeTransaction, times(1)).submit();
1057         verify(commitFuture, times(1)).get();
1058
1059         egressAclService.egressAllowProto(123L, "2", MAC_ADDRESS, false, HOST_ADDRESS, 1);
1060         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1061         verify(writeTransaction, times(2)).submit();
1062         verify(commitFuture, times(2)).get(); // 1 + 1 above
1063     }
1064
1065     /**
1066      * Test method {@link EgressAclService#egressACLPermitAllProto(Long, String, String, boolean, String, Integer)}
1067      */
1068     @Test
1069     public void testEgressACLPermitAllProto() throws Exception {
1070         egressAclService.egressACLPermitAllProto(123L, "2", MAC_ADDRESS, true, HOST_ADDRESS, 1);
1071         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
1072         verify(writeTransaction, times(1)).submit();
1073         verify(commitFuture, times(1)).get();
1074
1075         egressAclService.egressACLPermitAllProto(123L, "2", MAC_ADDRESS, false, HOST_ADDRESS, 1);
1076         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1077         verify(writeTransaction, times(2)).submit();
1078         verify(commitFuture, times(2)).get(); // 1 + 1 above
1079     }
1080
1081     /**
1082      * Test method {@link EgressAclService#egressACLTcpSyn(Long, String, String, boolean, Integer, Integer)}
1083      */
1084     @Test
1085     public void testEgressACLTcpSyn() throws Exception {
1086         egressAclService.egressACLTcpSyn(123L, "2", MAC_ADDRESS, true, 1, 1);
1087         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
1088         verify(writeTransaction, times(1)).submit();
1089         verify(commitFuture, times(1)).get();
1090
1091         egressAclService.egressACLTcpSyn(123L, "2", MAC_ADDRESS, false, 1, 1);
1092         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1093         verify(writeTransaction, times(2)).submit();
1094         verify(commitFuture, times(2)).get(); // 1 + 1 above
1095     }
1096 }