Code Review / netvirt.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
Custom ICMP SG Rule:
[netvirt.git] / openstack / net-virt-providers / src / test / java / org / opendaylight / ovsdb / openstack / netvirt / providers / openflow13 / services / EgressAclServiceTest.java
1 /*
2  * Copyright (c) 2015 Inocybe and others.  All rights reserved.
3  *
4  * This program and the accompanying materials are made available under the
5  * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6  * and is available at http://www.eclipse.org/legal/epl-v10.html
7  */
8
9 package org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.services;
10
11 import static org.mockito.Matchers.any;
12 import static org.mockito.Matchers.anyBoolean;
13 import static org.mockito.Matchers.eq;
14 import static org.mockito.Mockito.mock;
15 import static org.mockito.Mockito.times;
16 import static org.mockito.Mockito.verify;
17 import static org.mockito.Mockito.when;
18
19 import java.util.ArrayList;
20 import java.util.List;
21
22 import org.junit.Assert;
23 import org.junit.Before;
24 import org.junit.Test;
25 import org.junit.runner.RunWith;
26 import org.mockito.InjectMocks;
27 import org.mockito.Mock;
28 import org.mockito.invocation.InvocationOnMock;
29 import org.mockito.stubbing.Answer;
30 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
31 import org.opendaylight.controller.md.sal.binding.api.WriteTransaction;
32 import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
33 import org.opendaylight.controller.md.sal.common.api.data.TransactionCommitFailedException;
34 import org.opendaylight.neutron.spi.NeutronSecurityGroup;
35 import org.opendaylight.neutron.spi.NeutronSecurityRule;
36 import org.opendaylight.neutron.spi.Neutron_IPs;
37 import org.opendaylight.ovsdb.openstack.netvirt.api.SecurityServicesManager;
38 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.PipelineOrchestrator;
39 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.Service;
40 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.inventory.rev130819.tables.table.FlowBuilder;
41 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.nodes.Node;
42 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.nodes.NodeBuilder;
43 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.Match;
44 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.EthernetMatch;
45 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.Icmpv4Match;
46 import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
47 import org.powermock.api.mockito.PowerMockito;
48 import org.powermock.modules.junit4.PowerMockRunner;
49
50 import com.google.common.util.concurrent.CheckedFuture;
51 /**
52  * Unit test for {@link EgressAclService}
53  */
54 @RunWith(PowerMockRunner.class)
55 @SuppressWarnings("unchecked")
56 public class EgressAclServiceTest {
57
58     @InjectMocks private EgressAclService egressAclService = new EgressAclService();
59     private EgressAclService egressAclServiceSpy;
60
61     @Mock private DataBroker dataBroker;
62     @Mock private PipelineOrchestrator orchestrator;
63
64     @Mock private WriteTransaction writeTransaction;
65     @Mock private CheckedFuture<Void, TransactionCommitFailedException> commitFuture;
66
67     @Mock private NeutronSecurityGroup securityGroup;
68     @Mock private NeutronSecurityRule portSecurityRule;
69
70     @Mock private SecurityServicesManager securityServices;
71
72     private Neutron_IPs neutron_ip_src;
73     private Neutron_IPs neutron_ip_dest_1;
74     private Neutron_IPs neutron_ip_dest_2;
75     private List<Neutron_IPs> neutronSrcIpList = new ArrayList<Neutron_IPs>();
76     private List<Neutron_IPs> neutronDestIpList = new ArrayList<Neutron_IPs>();
77     private static final String HOST_ADDRESS = "127.0.0.1/32";
78     private static final String MAC_ADDRESS = "87:1D:5E:02:40:B7";
79     private static final String SRC_IP = "192.168.0.1";
80     private static final String DEST_IP_1 = "192.169.0.1";
81     private static final String DEST_IP_2 = "192.169.0.2";
82     private static final String DEST_IP_1_WITH_MASK = "192.169.0.1/32";
83     private static final String DEST_IP_2_WITH_MASK = "192.169.0.2/32";
84     private static final String SECURITY_GROUP_UUID = "85cc3048-abc3-43cc-89b3-377341426ac5";
85     private static final String SEGMENT_ID = "2";
86     private static final Long DP_ID_LONG = (long) 1554;
87     private static final Long LOCAL_PORT = (long) 124;
88     private static FlowBuilder flowBuilder;
89     private static NodeBuilder nodeBuilder;
90
91     private static Answer<Object> answer() {
92         return new Answer<Object>() {
93             @Override
94             public CheckedFuture<Void, TransactionCommitFailedException> answer(InvocationOnMock invocation)
95                     throws Throwable {
96                 flowBuilder = (FlowBuilder) invocation.getArguments()[0];
97                 nodeBuilder = (NodeBuilder) invocation.getArguments()[1];
98                 return null;
99             }
100         };
101     }
102
103     @Before
104     public void setUp() {
105         egressAclServiceSpy = PowerMockito.spy(egressAclService);
106
107         when(writeTransaction.submit()).thenReturn(commitFuture);
108
109         when(dataBroker.newWriteOnlyTransaction()).thenReturn(writeTransaction);
110
111         when(orchestrator.getNextServiceInPipeline(any(Service.class))).thenReturn(Service.ARP_RESPONDER);
112
113         portSecurityRule = mock(NeutronSecurityRule.class);
114
115         when(portSecurityRule.getSecurityRuleEthertype()).thenReturn("IPv4");
116         when(portSecurityRule.getSecurityRuleDirection()).thenReturn("egress");
117
118         List<NeutronSecurityRule> portSecurityList = new ArrayList<NeutronSecurityRule>();
119         portSecurityList.add(portSecurityRule);
120
121         neutron_ip_src = new Neutron_IPs();
122         neutron_ip_src.setIpAddress(SRC_IP);
123         neutronSrcIpList.add(neutron_ip_src);
124
125         neutron_ip_dest_1 = new Neutron_IPs();
126         neutron_ip_dest_1.setIpAddress(DEST_IP_1);
127         neutronDestIpList.add(neutron_ip_dest_1);
128
129         neutron_ip_dest_2 = new Neutron_IPs();
130         neutron_ip_dest_2.setIpAddress(DEST_IP_2);
131         neutronDestIpList.add(neutron_ip_dest_2);
132
133         when(securityGroup.getSecurityRules()).thenReturn(portSecurityList);
134         when(securityServices.getVmListForSecurityGroup(neutronSrcIpList, SECURITY_GROUP_UUID)).thenReturn(neutronDestIpList);
135     }
136
137     /**
138      * Rule 1: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (True), IP Prefix (True)
139      */
140     /*@Test
141     public void testProgramPortSecurityACLRule1() throws Exception {
142         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
143         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(1);
144         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
145         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
146
147         egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
148         verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
149         verify(egressAclServiceSpy, times(1)).egressACLTcpPortWithPrefix(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyString(), anyInt());
150         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
151         verify(writeTransaction, times(2)).submit();
152         verify(commitFuture, times(2)).get();
153     }
154
155     *//**
156      * Rule 2: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (False), IP Prefix (True)
157      *//*
158     @Test
159     public void testProgramPortSecurityACLRule2() throws Exception {
160         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
161         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
162         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
163         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
164
165         egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
166         verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
167         verify(egressAclServiceSpy, times(1)).egressACLTcpPortWithPrefix(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyString(), anyInt());
168         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
169         verify(writeTransaction, times(2)).submit();
170         verify(commitFuture, times(2)).get();
171     }
172
173     *//**
174      * Rule 3: TCP Proto (True), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (True)
175      *//*
176     @Test
177     public void testProgramPortSecurityACLRule3() throws Exception {
178         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
179         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
180         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
181         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
182
183         egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
184         verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
185         verify(egressAclServiceSpy, times(1)).egressACLPermitAllProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
186         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
187         verify(writeTransaction, times(2)).submit();
188         verify(commitFuture, times(2)).get();
189     }
190
191     *//**
192      * Rule 4: TCP Proto (False), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (True)
193      *//*
194     @Test
195     public void testProgramPortSecurityACLRule4() throws Exception {
196         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
197         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
198         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
199         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
200
201         egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
202         verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
203         verify(egressAclServiceSpy, times(1)).egressACLPermitAllProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
204         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
205         verify(writeTransaction, times(2)).submit();
206         verify(commitFuture, times(2)).get();
207     }
208
209     *//**
210      * Rule 5: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (True), IP Prefix (False)
211      *//*
212     @Test
213     public void testProgramPortSecurityACLRule5() throws Exception {
214         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
215         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(1);
216         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
217         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
218
219         egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
220         verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
221         verify(egressAclServiceSpy, times(1)).egressACLTcpSyn(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyInt());
222         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
223         verify(writeTransaction, times(2)).submit();
224         verify(commitFuture, times(2)).get();
225     }
226
227     *//**
228      * Rule 6: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (False), IP Prefix (False)
229      *//*
230     @Test
231     public void testProgramPortSecurityACLRule6() throws Exception {
232         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
233         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
234         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
235         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
236
237         egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
238         verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
239         verify(egressAclServiceSpy, times(1)).egressACLTcpSyn(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyInt());
240         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
241         verify(writeTransaction, times(2)).submit();
242         verify(commitFuture, times(2)).get();
243     }
244
245     *//**
246      * Rule 7: TCP Proto (True), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (False or 0.0.0.0/0)
247      *//*
248     @Test
249     public void testProgramPortSecurityACLRule7() throws Exception {
250         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
251         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
252         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
253         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
254
255         egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
256         verify(egressAclServiceSpy, times(1)).egressAllowProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
257         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
258         verify(writeTransaction, times(1)).submit();
259         verify(commitFuture, times(1)).get();
260     }
261 */
262     /**
263      * Test method {@link EgressAclService#egressACLDefaultTcpDrop(Long, String, String, int, boolean)}
264      */
265     @Test
266     public void testEgressACLDefaultTcpDrop() throws Exception {
267         egressAclService.egressACLDefaultTcpDrop(Long.valueOf(123), "2", MAC_ADDRESS, 1, true);
268         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
269         verify(writeTransaction, times(1)).submit();
270         verify(commitFuture, times(1)).get();
271
272         egressAclService.egressACLDefaultTcpDrop(Long.valueOf(123), "2", MAC_ADDRESS, 1, false);
273         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
274         verify(writeTransaction, times(2)).submit();
275         verify(commitFuture, times(2)).get(); // 1 + 1 above
276     }
277
278     /**
279      *  Test IPv4 add test case.
280      */
281     @Test
282     public void testProgramPortSecurityACLRuleAddIpv4() throws Exception {
283         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
284         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
285         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
286         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
287
288         egressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,true);
289
290         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
291         verify(writeTransaction, times(1)).submit();
292         verify(commitFuture, times(1)).get();
293     }
294
295     /**
296      *  Test IPv4 remove test case.
297      */
298     @Test
299     public void testProgramPortSecurityACLRuleRemoveIpv4() throws Exception {
300         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
301         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
302         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
303         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
304
305         egressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false);
306         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
307         verify(writeTransaction, times(1)).submit();
308         verify(commitFuture, times(1)).get();
309     }
310
311     /**
312      *  Test TCP add with port no and CIDR selected.
313      */
314     @Test
315     public void testProgramPortSecurityACLRuleAddTcp1() throws Exception {
316         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
317         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
318         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
319         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
320
321         egressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,true);
322
323         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
324         verify(writeTransaction, times(1)).submit();
325         verify(commitFuture, times(1)).get();
326     }
327
328     /**
329      *  Test TCP remove with port no and CIDR selected.
330      */
331     @Test
332     public void testProgramPortSecurityACLRuleRemoveTcp1() throws Exception {
333         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
334         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
335         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
336         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
337
338         egressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false);
339
340         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
341         verify(writeTransaction, times(1)).submit();
342         verify(commitFuture, times(1)).get();
343     }
344
345     /**
346      *  Test TCP add with port no and remote SG selected.
347      */
348     @Test
349     public void testProgramPortSecurityACLRuleAddTcp2() throws Exception {
350         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
351         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
352         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
353         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
354         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
355
356         egressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,true);
357
358         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
359         verify(writeTransaction, times(2)).submit();
360         verify(commitFuture, times(2)).get();
361     }
362
363     /**
364      *  Test TCP remove with port no and remote SG selected.
365      */
366     @Test
367     public void testProgramPortSecurityACLRuleRemoveTcp2() throws Exception {
368         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
369         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
370         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
371         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
372         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
373
374         egressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false);
375
376         verify(writeTransaction, times(2)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
377         verify(writeTransaction, times(2)).submit();
378         verify(commitFuture, times(2)).get();
379     }
380
381     /**
382      *  Test UDP add with port no and CIDR selected.
383      */
384     @Test
385     public void testProgramPortSecurityACLRuleAddUdp1() throws Exception {
386         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
387         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
388         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
389         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
390
391         egressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,true);
392
393         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
394         verify(writeTransaction, times(1)).submit();
395         verify(commitFuture, times(1)).get();
396     }
397
398     /**
399      *  Test UDP add with port no and CIDR selected.
400      */
401     @Test
402     public void testProgramPortSecurityACLRuleRemoveUdp1() throws Exception {
403         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
404         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
405         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
406         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
407
408         egressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false);
409
410         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
411         verify(writeTransaction, times(1)).submit();
412         verify(commitFuture, times(1)).get();
413     }
414
415     /**
416      *  Test UDP add with port no and remote SG selected.
417      */
418     @Test
419     public void testProgramPortSecurityACLRuleAddUdp2() throws Exception {
420         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
421         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
422         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
423         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
424         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
425
426         egressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,true);
427
428         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
429         verify(writeTransaction, times(2)).submit();
430         verify(commitFuture, times(2)).get();
431     }
432
433     /**
434      *  Test UDP add with port no and remote SG selected.
435      */
436     @Test
437     public void testProgramPortSecurityACLRuleRemoveUdp2() throws Exception {
438         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
439         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
440         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
441         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
442         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
443
444         egressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false);
445
446         verify(writeTransaction, times(2)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
447         verify(writeTransaction, times(2)).submit();
448         verify(commitFuture, times(2)).get();
449     }
450
451     /**
452      *  Test ICMP add with code, type and CIDR selected.
453      */
454     @Test
455     public void testProgramPortSecurityACLRuleAddIcmp1() throws Exception {
456         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
457         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(10);
458         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(10);
459         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
460         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
461                                              any(NodeBuilder.class));
462
463         egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
464                                                    neutronSrcIpList, true);
465
466         Match match = flowBuilder.getMatch();
467         Icmpv4Match icmpv4Match = match.getIcmpv4Match();
468         Assert.assertEquals(10, icmpv4Match.getIcmpv4Type().shortValue());
469         Assert.assertEquals(10, icmpv4Match.getIcmpv4Code().shortValue());
470         EthernetMatch ethMatch = match.getEthernetMatch();
471         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
472         Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
473         Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
474         Assert.assertEquals("Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
475                             "_" + type + "_" + code + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
476     }
477
478     /**
479      *  Test ICMP remove with code, type and CIDR selected.
480      */
481     @Test
482     public void testProgramPortSecurityACLRuleRemoveIcmp1() throws Exception {
483         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
484         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(20);
485         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(20);
486         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
487         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
488                                              any(NodeBuilder.class));
489
490         egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
491                                                    neutronSrcIpList, false);
492
493         Match match = flowBuilder.getMatch();
494         Icmpv4Match icmpv4Match = match.getIcmpv4Match();
495         Assert.assertEquals(20, icmpv4Match.getIcmpv4Type().shortValue());
496         Assert.assertEquals(20, icmpv4Match.getIcmpv4Code().shortValue());
497         EthernetMatch ethMatch = match.getEthernetMatch();
498         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
499         Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
500         Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
501         Assert.assertEquals("Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
502                             "_" + type + "_" + code + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
503     }
504
505     /**
506      *  Test ICMP add with code, type and remote SG selected.
507      */
508     @Test
509     public void testProgramPortSecurityACLRuleAddIcmp2() throws Exception {
510         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
511         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(30);
512         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(30);
513         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
514         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
515         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
516                                              any(NodeBuilder.class));
517
518         egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
519                                                    neutronSrcIpList, true);
520
521         Match match = flowBuilder.getMatch();
522         Icmpv4Match icmpv4Match = match.getIcmpv4Match();
523         Assert.assertEquals(30, icmpv4Match.getIcmpv4Type().shortValue());
524         Assert.assertEquals(30, icmpv4Match.getIcmpv4Code().shortValue());
525         EthernetMatch ethMatch = match.getEthernetMatch();
526         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
527         Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
528         Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
529         String expectedFlowId1 = "Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + type + "_" + code + "_"
530                                 + DEST_IP_1 + "_Permit";
531         String expectedFlowId2 = "Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + type + "_" + code + "_"
532                                 + DEST_IP_2 + "_Permit";
533         String actualFlowId = flowBuilder.getFlowName();
534         if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
535             Assert.assertTrue(true);
536         } else {
537             Assert.assertTrue(false);
538         };
539     }
540
541     /**
542      *  Test ICMP remove with code, type and remote SG selected.
543      */
544     @Test
545     public void testProgramPortSecurityACLRuleRemoveIcmp2() throws Exception {
546         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
547         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(40);
548         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(40);
549         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
550         PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
551                                              any(NodeBuilder.class));
552
553         egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
554                                                    neutronSrcIpList, false);
555
556         Match match = flowBuilder.getMatch();
557         Icmpv4Match icmpv4Match = match.getIcmpv4Match();
558         Assert.assertEquals(40, icmpv4Match.getIcmpv4Type().shortValue());
559         Assert.assertEquals(40, icmpv4Match.getIcmpv4Code().shortValue());
560         EthernetMatch ethMatch = match.getEthernetMatch();
561         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
562         Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
563         Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
564         String expectedFlowId1 = "Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + type + "_" + code + "_"
565                                 + DEST_IP_1 + "_Permit";
566         String expectedFlowId2 = "Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + type + "_" + code + "_"
567                                 + DEST_IP_2 + "_Permit";
568         String actualFlowId = flowBuilder.getFlowName();
569         if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
570             Assert.assertTrue(true);
571         } else {
572             Assert.assertTrue(false);
573         }
574     }
575
576     /**
577      *  Test IPv4 invalid ether type test case.
578      */
579     @Test
580     public void testProgramPortSecurityACLRuleInvalidEther() throws Exception {
581         when(portSecurityRule.getSecurityRuleEthertype()).thenReturn("IPV6");
582
583         egressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false);
584
585         verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
586         verify(writeTransaction, times(0)).submit();
587         verify(commitFuture, times(0)).get();
588     }
589
590     /**
591      *  Test IPv4 invalid direction type test case.
592      */
593     @Test
594     public void testProgramPortSecurityACLRuleInvalidDirection() throws Exception {
595         when(portSecurityRule.getSecurityRuleDirection()).thenReturn("ingress");
596
597         egressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false);
598
599         verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
600         verify(writeTransaction, times(0)).submit();
601         verify(commitFuture, times(0)).get();
602     }
603
604     /**
605      *  Test With isLastPortInBridge false isComputeNode false
606      */
607     @Test
608     public void testProgramFixedSecurityACLAdd1() throws Exception {
609         egressAclServiceSpy.programFixedSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, false, false, true);
610
611         verify(writeTransaction, times(0)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
612         verify(writeTransaction, times(0)).submit();
613         verify(commitFuture, times(0)).get();
614     }
615     /**
616      *  Test With isLastPortInBridge false isComputeNode false
617      */
618     @Test
619     public void testProgramFixedSecurityACLRemove1() throws Exception {
620
621         egressAclServiceSpy.programFixedSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, false, false, false);
622
623         verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
624         verify(writeTransaction, times(0)).submit();
625         verify(commitFuture, times(0)).get();
626     }
627
628     /**
629      *  Test With isLastPortInBridge false isComputeNode true
630      */
631     @Test
632     public void testProgramFixedSecurityACLAdd2() throws Exception {
633
634         egressAclServiceSpy.programFixedSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, false, true, true);
635
636         verify(writeTransaction, times(6)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
637         verify(writeTransaction, times(3)).submit();
638         verify(commitFuture, times(3)).get();
639     }
640
641     /**
642      *  Test With isLastPortInBridge false isComputeNode true
643      */
644     @Test
645     public void testProgramFixedSecurityACLRemove2() throws Exception {
646
647         egressAclServiceSpy.programFixedSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, false, true, false);
648
649         verify(writeTransaction, times(3)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
650         verify(writeTransaction, times(3)).submit();
651         verify(commitFuture, times(3)).get();
652     }
653
654     /**
655      *  Test With isLastPortInBridge true isComputeNode false
656      */
657     @Test
658     public void testProgramFixedSecurityACLAdd3() throws Exception {
659
660         egressAclServiceSpy.programFixedSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, true, false, true);
661
662         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
663         verify(writeTransaction, times(1)).submit();
664         verify(commitFuture, times(1)).get();
665     }
666
667     /**
668      *  Test With isLastPortInBridge true isComputeNode false
669      */
670     @Test
671     public void testProgramFixedSecurityACLRemove3() throws Exception {
672
673         egressAclServiceSpy.programFixedSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, true, false, false);
674
675         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
676         verify(writeTransaction, times(1)).submit();
677         verify(commitFuture, times(1)).get();
678     }
679
680     /**
681      *  Test With isLastPortInBridge true isComputeNode true
682      */
683     @Test
684     public void testProgramFixedSecurityACLAdd4() throws Exception {
685
686         egressAclServiceSpy.programFixedSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, true, true, true);
687
688         verify(writeTransaction, times(8)).put(any(LogicalDatastoreType.class),
689                                                any(InstanceIdentifier.class), any(Node.class), eq(true));
690         verify(writeTransaction, times(4)).submit();
691         verify(commitFuture, times(4)).get();
692     }
693
694     /**
695      *  Test With isLastPortInBridge true isComputeNode true
696      */
697     @Test
698     public void testProgramFixedSecurityACLRemove4() throws Exception {
699
700         egressAclServiceSpy.programFixedSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, true, true, false);
701
702         verify(writeTransaction, times(4)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
703         verify(writeTransaction, times(4)).submit();
704         verify(commitFuture, times(4)).get();
705     }
706
707     /**
708      * Test method {@link EgressAclService#egressACLTcpPortWithPrefix(Long, String, String, boolean, Integer, String, Integer)}
709      */
710     @Test
711     public void testEgressACLTcpPortWithPrefix() throws Exception {
712         egressAclService.egressACLTcpPortWithPrefix(Long.valueOf(123), "2", MAC_ADDRESS, true, 1, HOST_ADDRESS, 1);
713         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
714         verify(writeTransaction, times(1)).submit();
715         verify(commitFuture, times(1)).get();
716
717         egressAclService.egressACLTcpPortWithPrefix(Long.valueOf(123), "2", MAC_ADDRESS, false, 1, HOST_ADDRESS, 1);
718         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
719         verify(writeTransaction, times(2)).submit();
720         verify(commitFuture, times(2)).get(); // 1 + 1 above
721     }
722
723     /**
724      * Test method {@link EgressAclService#egressAllowProto(Long, String, String, boolean, String, Integer)}
725      */
726     @Test
727     public void testEgressAllowProto() throws Exception {
728         egressAclService.egressAllowProto(Long.valueOf(123), "2", MAC_ADDRESS, true, HOST_ADDRESS, 1);
729         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
730         verify(writeTransaction, times(1)).submit();
731         verify(commitFuture, times(1)).get();
732
733         egressAclService.egressAllowProto(Long.valueOf(123), "2", MAC_ADDRESS, false, HOST_ADDRESS, 1);
734         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
735         verify(writeTransaction, times(2)).submit();
736         verify(commitFuture, times(2)).get(); // 1 + 1 above
737     }
738
739     /**
740      * Test method {@link EgressAclService#egressACLPermitAllProto(Long, String, String, boolean, String, Integer)}
741      */
742     @Test
743     public void testEgressACLPermitAllProto() throws Exception {
744         egressAclService.egressACLPermitAllProto(Long.valueOf(123), "2", MAC_ADDRESS, true, HOST_ADDRESS, 1);
745         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
746         verify(writeTransaction, times(1)).submit();
747         verify(commitFuture, times(1)).get();
748
749         egressAclService.egressACLPermitAllProto(Long.valueOf(123), "2", MAC_ADDRESS, false, HOST_ADDRESS, 1);
750         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
751         verify(writeTransaction, times(2)).submit();
752         verify(commitFuture, times(2)).get(); // 1 + 1 above
753     }
754
755     /**
756      * Test method {@link EgressAclService#egressACLTcpSyn(Long, String, String, boolean, Integer, Integer)}
757      */
758     @Test
759     public void testEgressACLTcpSyn() throws Exception {
760         egressAclService.egressACLTcpSyn(Long.valueOf(123), "2", MAC_ADDRESS, true, 1, 1);
761         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
762         verify(writeTransaction, times(1)).submit();
763         verify(commitFuture, times(1)).get();
764
765         egressAclService.egressACLTcpSyn(Long.valueOf(123), "2", MAC_ADDRESS, false, 1, 1);
766         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
767         verify(writeTransaction, times(2)).submit();
768         verify(commitFuture, times(2)).get(); // 1 + 1 above
769     }
770 }
NetVirt - Archived