2 * Copyright (c) 2015 Inocybe and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
9 package org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.services;
11 import static org.mockito.Matchers.any;
12 import static org.mockito.Matchers.anyBoolean;
13 import static org.mockito.Matchers.anyInt;
14 import static org.mockito.Matchers.anyLong;
15 import static org.mockito.Matchers.anyString;
16 import static org.mockito.Mockito.mock;
17 import static org.mockito.Mockito.times;
18 import static org.mockito.Mockito.verify;
19 import static org.mockito.Mockito.when;
21 import java.util.ArrayList;
22 import java.util.List;
24 import org.junit.Before;
25 import org.junit.Test;
26 import org.junit.runner.RunWith;
27 import org.mockito.InjectMocks;
28 import org.mockito.Mock;
29 import org.mockito.Mockito;
30 import org.mockito.Spy;
31 import org.mockito.runners.MockitoJUnitRunner;
32 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
33 import org.opendaylight.controller.md.sal.binding.api.WriteTransaction;
34 import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
35 import org.opendaylight.controller.md.sal.common.api.data.TransactionCommitFailedException;
36 import org.opendaylight.neutron.spi.NeutronSecurityGroup;
37 import org.opendaylight.neutron.spi.NeutronSecurityRule;
38 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.PipelineOrchestrator;
39 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.Service;
40 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.nodes.Node;
41 import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
43 import com.google.common.util.concurrent.CheckedFuture;
45 * Unit test for {@link EgressAclService}
47 @RunWith(MockitoJUnitRunner.class)
48 @SuppressWarnings("unchecked")
49 public class EgressAclServiceTest {
51 @InjectMocks private EgressAclService egressAclService = new EgressAclService();
52 @Spy private EgressAclService egressAclServiceSpy;
54 @Mock private DataBroker dataBroker;
55 @Mock private PipelineOrchestrator orchestrator;
57 @Mock private WriteTransaction writeTransaction;
58 @Mock private CheckedFuture<Void, TransactionCommitFailedException> commitFuture;
60 @Mock private NeutronSecurityGroup securityGroup;
61 @Mock private NeutronSecurityRule portSecurityRule;
63 private static final String HOST_ADDRESS = "127.0.0.1/32";
64 private static final String MAC_ADDRESS = "87:1D:5E:02:40:B7";
68 egressAclServiceSpy = Mockito.spy(egressAclService);
70 when(writeTransaction.submit()).thenReturn(commitFuture);
72 when(dataBroker.newWriteOnlyTransaction()).thenReturn(writeTransaction);
74 when(orchestrator.getNextServiceInPipeline(any(Service.class))).thenReturn(Service.ARP_RESPONDER);
76 portSecurityRule = mock(NeutronSecurityRule.class);
77 when(portSecurityRule.getSecurityRuleEthertype()).thenReturn("IPv4");
78 when(portSecurityRule.getSecurityRuleDirection()).thenReturn("egress");
80 List<NeutronSecurityRule> portSecurityList = new ArrayList<NeutronSecurityRule>();
81 portSecurityList.add(portSecurityRule);
83 when(securityGroup.getSecurityRules()).thenReturn(portSecurityList);
87 * Rule 1: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (True), IP Prefix (True)
90 public void testProgramPortSecurityACLRule1() throws Exception {
91 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
92 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(1);
93 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
94 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
96 egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
97 verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
98 verify(egressAclServiceSpy, times(1)).egressACLTcpPortWithPrefix(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyString(), anyInt());
99 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
100 verify(writeTransaction, times(2)).submit();
101 verify(commitFuture, times(2)).get();
105 * Rule 2: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (False), IP Prefix (True)
108 public void testProgramPortSecurityACLRule2() throws Exception {
109 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
110 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
111 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
112 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
114 egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
115 verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
116 verify(egressAclServiceSpy, times(1)).egressACLTcpPortWithPrefix(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyString(), anyInt());
117 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
118 verify(writeTransaction, times(2)).submit();
119 verify(commitFuture, times(2)).get();
123 * Rule 3: TCP Proto (True), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (True)
126 public void testProgramPortSecurityACLRule3() throws Exception {
127 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
128 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
129 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
130 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
132 egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
133 verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
134 verify(egressAclServiceSpy, times(1)).egressACLPermitAllProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
135 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
136 verify(writeTransaction, times(2)).submit();
137 verify(commitFuture, times(2)).get();
141 * Rule 4: TCP Proto (False), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (True)
144 public void testProgramPortSecurityACLRule4() throws Exception {
145 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
146 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
147 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
148 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
150 egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
151 verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
152 verify(egressAclServiceSpy, times(1)).egressACLPermitAllProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
153 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
154 verify(writeTransaction, times(2)).submit();
155 verify(commitFuture, times(2)).get();
159 * Rule 5: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (True), IP Prefix (False)
162 public void testProgramPortSecurityACLRule5() throws Exception {
163 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
164 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(1);
165 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
166 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
168 egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
169 verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
170 verify(egressAclServiceSpy, times(1)).egressACLTcpSyn(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyInt());
171 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
172 verify(writeTransaction, times(2)).submit();
173 verify(commitFuture, times(2)).get();
177 * Rule 6: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (False), IP Prefix (False)
180 public void testProgramPortSecurityACLRule6() throws Exception {
181 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
182 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
183 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
184 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
186 egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
187 verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
188 verify(egressAclServiceSpy, times(1)).egressACLTcpSyn(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyInt());
189 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
190 verify(writeTransaction, times(2)).submit();
191 verify(commitFuture, times(2)).get();
195 * Rule 7: TCP Proto (True), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (False or 0.0.0.0/0)
198 public void testProgramPortSecurityACLRule7() throws Exception {
199 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
200 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
201 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
202 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
204 egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
205 verify(egressAclServiceSpy, times(1)).egressAllowProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
206 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
207 verify(writeTransaction, times(1)).submit();
208 verify(commitFuture, times(1)).get();
212 * Test method {@link EgressAclService#egressACLDefaultTcpDrop(Long, String, String, int, boolean)}
215 public void testEgressACLDefaultTcpDrop() throws Exception {
216 egressAclService.egressACLDefaultTcpDrop(Long.valueOf(123), "2", MAC_ADDRESS, 1, true);
217 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
218 verify(writeTransaction, times(1)).submit();
219 verify(commitFuture, times(1)).get();
221 egressAclService.egressACLDefaultTcpDrop(Long.valueOf(123), "2", MAC_ADDRESS, 1, false);
222 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
223 verify(writeTransaction, times(2)).submit();
224 verify(commitFuture, times(2)).get(); // 1 + 1 above
228 * Test method {@link EgressAclService#egressACLTcpPortWithPrefix(Long, String, String, boolean, Integer, String, Integer)}
231 public void testEgressACLTcpPortWithPrefix() throws Exception {
232 egressAclService.egressACLTcpPortWithPrefix(Long.valueOf(123), "2", MAC_ADDRESS, true, 1, HOST_ADDRESS, 1);
233 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
234 verify(writeTransaction, times(1)).submit();
235 verify(commitFuture, times(1)).get();
237 egressAclService.egressACLTcpPortWithPrefix(Long.valueOf(123), "2", MAC_ADDRESS, false, 1, HOST_ADDRESS, 1);
238 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
239 verify(writeTransaction, times(2)).submit();
240 verify(commitFuture, times(2)).get(); // 1 + 1 above
244 * Test method {@link EgressAclService#egressAllowProto(Long, String, String, boolean, String, Integer)}
247 public void testEgressAllowProto() throws Exception {
248 egressAclService.egressAllowProto(Long.valueOf(123), "2", MAC_ADDRESS, true, HOST_ADDRESS, 1);
249 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
250 verify(writeTransaction, times(1)).submit();
251 verify(commitFuture, times(1)).get();
253 egressAclService.egressAllowProto(Long.valueOf(123), "2", MAC_ADDRESS, false, HOST_ADDRESS, 1);
254 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
255 verify(writeTransaction, times(2)).submit();
256 verify(commitFuture, times(2)).get(); // 1 + 1 above
260 * Test method {@link EgressAclService#egressACLPermitAllProto(Long, String, String, boolean, String, Integer)}
263 public void testEgressACLPermitAllProto() throws Exception {
264 egressAclService.egressACLPermitAllProto(Long.valueOf(123), "2", MAC_ADDRESS, true, HOST_ADDRESS, 1);
265 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
266 verify(writeTransaction, times(1)).submit();
267 verify(commitFuture, times(1)).get();
269 egressAclService.egressACLPermitAllProto(Long.valueOf(123), "2", MAC_ADDRESS, false, HOST_ADDRESS, 1);
270 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
271 verify(writeTransaction, times(2)).submit();
272 verify(commitFuture, times(2)).get(); // 1 + 1 above
276 * Test method {@link EgressAclService#egressACLTcpSyn(Long, String, String, boolean, Integer, Integer)}
279 public void testEgressACLTcpSyn() throws Exception {
280 egressAclService.egressACLTcpSyn(Long.valueOf(123), "2", MAC_ADDRESS, true, 1, 1);
281 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
282 verify(writeTransaction, times(1)).submit();
283 verify(commitFuture, times(1)).get();
285 egressAclService.egressACLTcpSyn(Long.valueOf(123), "2", MAC_ADDRESS, false, 1, 1);
286 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
287 verify(writeTransaction, times(2)).submit();
288 verify(commitFuture, times(2)).get(); // 1 + 1 above