2 * Copyright (c) 2015 Inocybe and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
9 package org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.services;
11 import static org.mockito.Matchers.any;
12 import static org.mockito.Matchers.anyBoolean;
13 import static org.mockito.Matchers.eq;
14 import static org.mockito.Mockito.mock;
15 import static org.mockito.Mockito.times;
16 import static org.mockito.Mockito.verify;
17 import static org.mockito.Mockito.when;
19 import java.util.ArrayList;
20 import java.util.List;
22 import org.junit.Assert;
23 import org.junit.Before;
24 import org.junit.Test;
25 import org.junit.runner.RunWith;
26 import org.mockito.InjectMocks;
27 import org.mockito.Mock;
28 import org.mockito.invocation.InvocationOnMock;
29 import org.mockito.stubbing.Answer;
30 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
31 import org.opendaylight.controller.md.sal.binding.api.WriteTransaction;
32 import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
33 import org.opendaylight.controller.md.sal.common.api.data.TransactionCommitFailedException;
34 import org.opendaylight.neutron.spi.NeutronSecurityGroup;
35 import org.opendaylight.neutron.spi.NeutronSecurityRule;
36 import org.opendaylight.neutron.spi.Neutron_IPs;
37 import org.opendaylight.ovsdb.openstack.netvirt.api.SecurityServicesManager;
38 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.PipelineOrchestrator;
39 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.Service;
40 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.inventory.rev130819.tables.table.FlowBuilder;
41 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.nodes.Node;
42 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.nodes.NodeBuilder;
43 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.Match;
44 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.EthernetMatch;
45 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.Icmpv4Match;
46 import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
47 import org.powermock.api.mockito.PowerMockito;
48 import org.powermock.modules.junit4.PowerMockRunner;
50 import com.google.common.util.concurrent.CheckedFuture;
52 * Unit test for {@link EgressAclService}
54 @RunWith(PowerMockRunner.class)
55 @SuppressWarnings("unchecked")
56 public class EgressAclServiceTest {
58 @InjectMocks private EgressAclService egressAclService = new EgressAclService();
59 private EgressAclService egressAclServiceSpy;
61 @Mock private DataBroker dataBroker;
62 @Mock private PipelineOrchestrator orchestrator;
64 @Mock private WriteTransaction writeTransaction;
65 @Mock private CheckedFuture<Void, TransactionCommitFailedException> commitFuture;
67 @Mock private NeutronSecurityGroup securityGroup;
68 @Mock private NeutronSecurityRule portSecurityRule;
70 @Mock private SecurityServicesManager securityServices;
72 private Neutron_IPs neutron_ip_src;
73 private Neutron_IPs neutron_ip_dest_1;
74 private Neutron_IPs neutron_ip_dest_2;
75 private List<Neutron_IPs> neutronSrcIpList = new ArrayList<Neutron_IPs>();
76 private List<Neutron_IPs> neutronDestIpList = new ArrayList<Neutron_IPs>();
77 private static final String HOST_ADDRESS = "127.0.0.1/32";
78 private static final String MAC_ADDRESS = "87:1D:5E:02:40:B7";
79 private static final String SRC_IP = "192.168.0.1";
80 private static final String DEST_IP_1 = "192.169.0.1";
81 private static final String DEST_IP_2 = "192.169.0.2";
82 private static final String DEST_IP_1_WITH_MASK = "192.169.0.1/32";
83 private static final String DEST_IP_2_WITH_MASK = "192.169.0.2/32";
84 private static final String SECURITY_GROUP_UUID = "85cc3048-abc3-43cc-89b3-377341426ac5";
85 private static final String SEGMENT_ID = "2";
86 private static final Long DP_ID_LONG = (long) 1554;
87 private static final Long LOCAL_PORT = (long) 124;
88 private static FlowBuilder flowBuilder;
89 private static NodeBuilder nodeBuilder;
91 private static Answer<Object> answer() {
92 return new Answer<Object>() {
94 public CheckedFuture<Void, TransactionCommitFailedException> answer(InvocationOnMock invocation)
96 flowBuilder = (FlowBuilder) invocation.getArguments()[0];
97 nodeBuilder = (NodeBuilder) invocation.getArguments()[1];
104 public void setUp() {
105 egressAclServiceSpy = PowerMockito.spy(egressAclService);
107 when(writeTransaction.submit()).thenReturn(commitFuture);
109 when(dataBroker.newWriteOnlyTransaction()).thenReturn(writeTransaction);
111 when(orchestrator.getNextServiceInPipeline(any(Service.class))).thenReturn(Service.ARP_RESPONDER);
113 portSecurityRule = mock(NeutronSecurityRule.class);
115 when(portSecurityRule.getSecurityRuleEthertype()).thenReturn("IPv4");
116 when(portSecurityRule.getSecurityRuleDirection()).thenReturn("egress");
118 List<NeutronSecurityRule> portSecurityList = new ArrayList<NeutronSecurityRule>();
119 portSecurityList.add(portSecurityRule);
121 neutron_ip_src = new Neutron_IPs();
122 neutron_ip_src.setIpAddress(SRC_IP);
123 neutronSrcIpList.add(neutron_ip_src);
125 neutron_ip_dest_1 = new Neutron_IPs();
126 neutron_ip_dest_1.setIpAddress(DEST_IP_1);
127 neutronDestIpList.add(neutron_ip_dest_1);
129 neutron_ip_dest_2 = new Neutron_IPs();
130 neutron_ip_dest_2.setIpAddress(DEST_IP_2);
131 neutronDestIpList.add(neutron_ip_dest_2);
133 when(securityGroup.getSecurityRules()).thenReturn(portSecurityList);
134 when(securityServices.getVmListForSecurityGroup(neutronSrcIpList, SECURITY_GROUP_UUID)).thenReturn(neutronDestIpList);
138 * Rule 1: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (True), IP Prefix (True)
141 public void testProgramPortSecurityACLRule1() throws Exception {
142 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
143 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(1);
144 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
145 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
147 egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
148 verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
149 verify(egressAclServiceSpy, times(1)).egressACLTcpPortWithPrefix(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyString(), anyInt());
150 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
151 verify(writeTransaction, times(2)).submit();
152 verify(commitFuture, times(2)).get();
156 * Rule 2: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (False), IP Prefix (True)
159 public void testProgramPortSecurityACLRule2() throws Exception {
160 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
161 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
162 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
163 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
165 egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
166 verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
167 verify(egressAclServiceSpy, times(1)).egressACLTcpPortWithPrefix(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyString(), anyInt());
168 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
169 verify(writeTransaction, times(2)).submit();
170 verify(commitFuture, times(2)).get();
174 * Rule 3: TCP Proto (True), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (True)
177 public void testProgramPortSecurityACLRule3() throws Exception {
178 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
179 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
180 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
181 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
183 egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
184 verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
185 verify(egressAclServiceSpy, times(1)).egressACLPermitAllProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
186 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
187 verify(writeTransaction, times(2)).submit();
188 verify(commitFuture, times(2)).get();
192 * Rule 4: TCP Proto (False), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (True)
195 public void testProgramPortSecurityACLRule4() throws Exception {
196 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
197 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
198 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
199 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
201 egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
202 verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
203 verify(egressAclServiceSpy, times(1)).egressACLPermitAllProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
204 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
205 verify(writeTransaction, times(2)).submit();
206 verify(commitFuture, times(2)).get();
210 * Rule 5: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (True), IP Prefix (False)
213 public void testProgramPortSecurityACLRule5() throws Exception {
214 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
215 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(1);
216 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
217 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
219 egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
220 verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
221 verify(egressAclServiceSpy, times(1)).egressACLTcpSyn(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyInt());
222 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
223 verify(writeTransaction, times(2)).submit();
224 verify(commitFuture, times(2)).get();
228 * Rule 6: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (False), IP Prefix (False)
231 public void testProgramPortSecurityACLRule6() throws Exception {
232 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
233 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
234 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
235 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
237 egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
238 verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
239 verify(egressAclServiceSpy, times(1)).egressACLTcpSyn(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyInt());
240 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
241 verify(writeTransaction, times(2)).submit();
242 verify(commitFuture, times(2)).get();
246 * Rule 7: TCP Proto (True), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (False or 0.0.0.0/0)
249 public void testProgramPortSecurityACLRule7() throws Exception {
250 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
251 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
252 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
253 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
255 egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
256 verify(egressAclServiceSpy, times(1)).egressAllowProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
257 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
258 verify(writeTransaction, times(1)).submit();
259 verify(commitFuture, times(1)).get();
263 * Test method {@link EgressAclService#egressACLDefaultTcpDrop(Long, String, String, int, boolean)}
266 public void testEgressACLDefaultTcpDrop() throws Exception {
267 egressAclService.egressACLDefaultTcpDrop(Long.valueOf(123), "2", MAC_ADDRESS, 1, true);
268 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
269 verify(writeTransaction, times(1)).submit();
270 verify(commitFuture, times(1)).get();
272 egressAclService.egressACLDefaultTcpDrop(Long.valueOf(123), "2", MAC_ADDRESS, 1, false);
273 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
274 verify(writeTransaction, times(2)).submit();
275 verify(commitFuture, times(2)).get(); // 1 + 1 above
279 * Test IPv4 add test case.
282 public void testProgramPortSecurityACLRuleAddIpv4() throws Exception {
283 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
284 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
285 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
286 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
288 egressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,true);
290 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
291 verify(writeTransaction, times(1)).submit();
292 verify(commitFuture, times(1)).get();
296 * Test IPv4 remove test case.
299 public void testProgramPortSecurityACLRuleRemoveIpv4() throws Exception {
300 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
301 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
302 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
303 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
305 egressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false);
306 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
307 verify(writeTransaction, times(1)).submit();
308 verify(commitFuture, times(1)).get();
312 * Test TCP add with port no and CIDR selected.
315 public void testProgramPortSecurityACLRuleAddTcp1() throws Exception {
316 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
317 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
318 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
319 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
321 egressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,true);
323 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
324 verify(writeTransaction, times(1)).submit();
325 verify(commitFuture, times(1)).get();
329 * Test TCP remove with port no and CIDR selected.
332 public void testProgramPortSecurityACLRuleRemoveTcp1() throws Exception {
333 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
334 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
335 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
336 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
338 egressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false);
340 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
341 verify(writeTransaction, times(1)).submit();
342 verify(commitFuture, times(1)).get();
346 * Test TCP add with port no and remote SG selected.
349 public void testProgramPortSecurityACLRuleAddTcp2() throws Exception {
350 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
351 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
352 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
353 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
354 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
356 egressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,true);
358 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
359 verify(writeTransaction, times(2)).submit();
360 verify(commitFuture, times(2)).get();
364 * Test TCP remove with port no and remote SG selected.
367 public void testProgramPortSecurityACLRuleRemoveTcp2() throws Exception {
368 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
369 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
370 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
371 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
372 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
374 egressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false);
376 verify(writeTransaction, times(2)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
377 verify(writeTransaction, times(2)).submit();
378 verify(commitFuture, times(2)).get();
382 * Test UDP add with port no and CIDR selected.
385 public void testProgramPortSecurityACLRuleAddUdp1() throws Exception {
386 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
387 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
388 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
389 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
391 egressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,true);
393 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
394 verify(writeTransaction, times(1)).submit();
395 verify(commitFuture, times(1)).get();
399 * Test UDP add with port no and CIDR selected.
402 public void testProgramPortSecurityACLRuleRemoveUdp1() throws Exception {
403 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
404 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
405 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
406 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
408 egressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false);
410 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
411 verify(writeTransaction, times(1)).submit();
412 verify(commitFuture, times(1)).get();
416 * Test UDP add with port no and remote SG selected.
419 public void testProgramPortSecurityACLRuleAddUdp2() throws Exception {
420 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
421 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
422 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
423 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
424 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
426 egressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,true);
428 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
429 verify(writeTransaction, times(2)).submit();
430 verify(commitFuture, times(2)).get();
434 * Test UDP add with port no and remote SG selected.
437 public void testProgramPortSecurityACLRuleRemoveUdp2() throws Exception {
438 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
439 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
440 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
441 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
442 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
444 egressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false);
446 verify(writeTransaction, times(2)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
447 verify(writeTransaction, times(2)).submit();
448 verify(commitFuture, times(2)).get();
452 * Test ICMP add with code, type and CIDR selected.
455 public void testProgramPortSecurityACLRuleAddIcmp1() throws Exception {
456 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
457 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(10);
458 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(10);
459 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
460 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
461 any(NodeBuilder.class));
463 egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
464 neutronSrcIpList, true);
466 Match match = flowBuilder.getMatch();
467 Icmpv4Match icmpv4Match = match.getIcmpv4Match();
468 Assert.assertEquals(10, icmpv4Match.getIcmpv4Type().shortValue());
469 Assert.assertEquals(10, icmpv4Match.getIcmpv4Code().shortValue());
470 EthernetMatch ethMatch = match.getEthernetMatch();
471 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
472 Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
473 Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
474 Assert.assertEquals("Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
475 "_" + type + "_" + code + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
479 * Test ICMP remove with code, type and CIDR selected.
482 public void testProgramPortSecurityACLRuleRemoveIcmp1() throws Exception {
483 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
484 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(20);
485 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(20);
486 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
487 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
488 any(NodeBuilder.class));
490 egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
491 neutronSrcIpList, false);
493 Match match = flowBuilder.getMatch();
494 Icmpv4Match icmpv4Match = match.getIcmpv4Match();
495 Assert.assertEquals(20, icmpv4Match.getIcmpv4Type().shortValue());
496 Assert.assertEquals(20, icmpv4Match.getIcmpv4Code().shortValue());
497 EthernetMatch ethMatch = match.getEthernetMatch();
498 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
499 Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
500 Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
501 Assert.assertEquals("Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
502 "_" + type + "_" + code + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
506 * Test ICMP add with code, type and remote SG selected.
509 public void testProgramPortSecurityACLRuleAddIcmp2() throws Exception {
510 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
511 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(30);
512 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(30);
513 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
514 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
515 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
516 any(NodeBuilder.class));
518 egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
519 neutronSrcIpList, true);
521 Match match = flowBuilder.getMatch();
522 Icmpv4Match icmpv4Match = match.getIcmpv4Match();
523 Assert.assertEquals(30, icmpv4Match.getIcmpv4Type().shortValue());
524 Assert.assertEquals(30, icmpv4Match.getIcmpv4Code().shortValue());
525 EthernetMatch ethMatch = match.getEthernetMatch();
526 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
527 Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
528 Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
529 String expectedFlowId1 = "Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + type + "_" + code + "_"
530 + DEST_IP_1 + "_Permit";
531 String expectedFlowId2 = "Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + type + "_" + code + "_"
532 + DEST_IP_2 + "_Permit";
533 String actualFlowId = flowBuilder.getFlowName();
534 if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
535 Assert.assertTrue(true);
537 Assert.assertTrue(false);
542 * Test ICMP remove with code, type and remote SG selected.
545 public void testProgramPortSecurityACLRuleRemoveIcmp2() throws Exception {
546 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
547 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(40);
548 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(40);
549 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
550 PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
551 any(NodeBuilder.class));
553 egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
554 neutronSrcIpList, false);
556 Match match = flowBuilder.getMatch();
557 Icmpv4Match icmpv4Match = match.getIcmpv4Match();
558 Assert.assertEquals(40, icmpv4Match.getIcmpv4Type().shortValue());
559 Assert.assertEquals(40, icmpv4Match.getIcmpv4Code().shortValue());
560 EthernetMatch ethMatch = match.getEthernetMatch();
561 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
562 Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
563 Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
564 String expectedFlowId1 = "Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + type + "_" + code + "_"
565 + DEST_IP_1 + "_Permit";
566 String expectedFlowId2 = "Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + type + "_" + code + "_"
567 + DEST_IP_2 + "_Permit";
568 String actualFlowId = flowBuilder.getFlowName();
569 if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
570 Assert.assertTrue(true);
572 Assert.assertTrue(false);
577 * Test IPv4 invalid ether type test case.
580 public void testProgramPortSecurityACLRuleInvalidEther() throws Exception {
581 when(portSecurityRule.getSecurityRuleEthertype()).thenReturn("IPV6");
583 egressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false);
585 verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
586 verify(writeTransaction, times(0)).submit();
587 verify(commitFuture, times(0)).get();
591 * Test IPv4 invalid direction type test case.
594 public void testProgramPortSecurityACLRuleInvalidDirection() throws Exception {
595 when(portSecurityRule.getSecurityRuleDirection()).thenReturn("ingress");
597 egressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false);
599 verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
600 verify(writeTransaction, times(0)).submit();
601 verify(commitFuture, times(0)).get();
605 * Test With isLastPortInBridge false isComputeNode false
608 public void testProgramFixedSecurityACLAdd1() throws Exception {
609 egressAclServiceSpy.programFixedSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, false, false, true);
611 verify(writeTransaction, times(0)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
612 verify(writeTransaction, times(0)).submit();
613 verify(commitFuture, times(0)).get();
616 * Test With isLastPortInBridge false isComputeNode false
619 public void testProgramFixedSecurityACLRemove1() throws Exception {
621 egressAclServiceSpy.programFixedSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, false, false, false);
623 verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
624 verify(writeTransaction, times(0)).submit();
625 verify(commitFuture, times(0)).get();
629 * Test With isLastPortInBridge false isComputeNode true
632 public void testProgramFixedSecurityACLAdd2() throws Exception {
634 egressAclServiceSpy.programFixedSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, false, true, true);
636 verify(writeTransaction, times(6)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
637 verify(writeTransaction, times(3)).submit();
638 verify(commitFuture, times(3)).get();
642 * Test With isLastPortInBridge false isComputeNode true
645 public void testProgramFixedSecurityACLRemove2() throws Exception {
647 egressAclServiceSpy.programFixedSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, false, true, false);
649 verify(writeTransaction, times(3)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
650 verify(writeTransaction, times(3)).submit();
651 verify(commitFuture, times(3)).get();
655 * Test With isLastPortInBridge true isComputeNode false
658 public void testProgramFixedSecurityACLAdd3() throws Exception {
660 egressAclServiceSpy.programFixedSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, true, false, true);
662 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
663 verify(writeTransaction, times(1)).submit();
664 verify(commitFuture, times(1)).get();
668 * Test With isLastPortInBridge true isComputeNode false
671 public void testProgramFixedSecurityACLRemove3() throws Exception {
673 egressAclServiceSpy.programFixedSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, true, false, false);
675 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
676 verify(writeTransaction, times(1)).submit();
677 verify(commitFuture, times(1)).get();
681 * Test With isLastPortInBridge true isComputeNode true
684 public void testProgramFixedSecurityACLAdd4() throws Exception {
686 egressAclServiceSpy.programFixedSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, true, true, true);
688 verify(writeTransaction, times(8)).put(any(LogicalDatastoreType.class),
689 any(InstanceIdentifier.class), any(Node.class), eq(true));
690 verify(writeTransaction, times(4)).submit();
691 verify(commitFuture, times(4)).get();
695 * Test With isLastPortInBridge true isComputeNode true
698 public void testProgramFixedSecurityACLRemove4() throws Exception {
700 egressAclServiceSpy.programFixedSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, true, true, false);
702 verify(writeTransaction, times(4)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
703 verify(writeTransaction, times(4)).submit();
704 verify(commitFuture, times(4)).get();
708 * Test method {@link EgressAclService#egressACLTcpPortWithPrefix(Long, String, String, boolean, Integer, String, Integer)}
711 public void testEgressACLTcpPortWithPrefix() throws Exception {
712 egressAclService.egressACLTcpPortWithPrefix(Long.valueOf(123), "2", MAC_ADDRESS, true, 1, HOST_ADDRESS, 1);
713 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
714 verify(writeTransaction, times(1)).submit();
715 verify(commitFuture, times(1)).get();
717 egressAclService.egressACLTcpPortWithPrefix(Long.valueOf(123), "2", MAC_ADDRESS, false, 1, HOST_ADDRESS, 1);
718 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
719 verify(writeTransaction, times(2)).submit();
720 verify(commitFuture, times(2)).get(); // 1 + 1 above
724 * Test method {@link EgressAclService#egressAllowProto(Long, String, String, boolean, String, Integer)}
727 public void testEgressAllowProto() throws Exception {
728 egressAclService.egressAllowProto(Long.valueOf(123), "2", MAC_ADDRESS, true, HOST_ADDRESS, 1);
729 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
730 verify(writeTransaction, times(1)).submit();
731 verify(commitFuture, times(1)).get();
733 egressAclService.egressAllowProto(Long.valueOf(123), "2", MAC_ADDRESS, false, HOST_ADDRESS, 1);
734 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
735 verify(writeTransaction, times(2)).submit();
736 verify(commitFuture, times(2)).get(); // 1 + 1 above
740 * Test method {@link EgressAclService#egressACLPermitAllProto(Long, String, String, boolean, String, Integer)}
743 public void testEgressACLPermitAllProto() throws Exception {
744 egressAclService.egressACLPermitAllProto(Long.valueOf(123), "2", MAC_ADDRESS, true, HOST_ADDRESS, 1);
745 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
746 verify(writeTransaction, times(1)).submit();
747 verify(commitFuture, times(1)).get();
749 egressAclService.egressACLPermitAllProto(Long.valueOf(123), "2", MAC_ADDRESS, false, HOST_ADDRESS, 1);
750 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
751 verify(writeTransaction, times(2)).submit();
752 verify(commitFuture, times(2)).get(); // 1 + 1 above
756 * Test method {@link EgressAclService#egressACLTcpSyn(Long, String, String, boolean, Integer, Integer)}
759 public void testEgressACLTcpSyn() throws Exception {
760 egressAclService.egressACLTcpSyn(Long.valueOf(123), "2", MAC_ADDRESS, true, 1, 1);
761 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
762 verify(writeTransaction, times(1)).submit();
763 verify(commitFuture, times(1)).get();
765 egressAclService.egressACLTcpSyn(Long.valueOf(123), "2", MAC_ADDRESS, false, 1, 1);
766 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
767 verify(writeTransaction, times(2)).submit();
768 verify(commitFuture, times(2)).get(); // 1 + 1 above