openstack/net-virt-providers/src/test/java/org/opendaylight/ovsdb/openstack/netvirt/providers/openflow13/services/EgressAclServiceTest.java

   1 /*
   2  * Copyright (c) 2015 Inocybe and others.  All rights reserved.
   3  *
   4  * This program and the accompanying materials are made available under the
   5  * terms of the Eclipse Public License v1.0 which accompanies this distribution,
   6  * and is available at http://www.eclipse.org/legal/epl-v10.html
   7  */
   8
   9 package org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.services;
  10
  11 import static org.mockito.Matchers.any;
  12 import static org.mockito.Matchers.anyBoolean;
  13 import static org.mockito.Matchers.anyInt;
  14 import static org.mockito.Matchers.anyLong;
  15 import static org.mockito.Matchers.anyString;
  16 import static org.mockito.Mockito.mock;
  17 import static org.mockito.Mockito.times;
  18 import static org.mockito.Mockito.verify;
  19 import static org.mockito.Mockito.when;
  20
  21 import java.util.ArrayList;
  22 import java.util.List;
  23
  24 import org.junit.Before;
  25 import org.junit.Test;
  26 import org.junit.runner.RunWith;
  27 import org.mockito.InjectMocks;
  28 import org.mockito.Mock;
  29 import org.mockito.Mockito;
  30 import org.mockito.Spy;
  31 import org.mockito.runners.MockitoJUnitRunner;
  32 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
  33 import org.opendaylight.controller.md.sal.binding.api.WriteTransaction;
  34 import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
  35 import org.opendaylight.controller.md.sal.common.api.data.TransactionCommitFailedException;
  36 import org.opendaylight.neutron.spi.NeutronSecurityGroup;
  37 import org.opendaylight.neutron.spi.NeutronSecurityRule;
  38 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.PipelineOrchestrator;
  39 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.Service;
  40 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.nodes.Node;
  41 import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
  42
  43 import com.google.common.util.concurrent.CheckedFuture;
  44 /**
  45  * Unit test for {@link EgressAclService}
  46  */
  47 @RunWith(MockitoJUnitRunner.class)
  48 @SuppressWarnings("unchecked")
  49 public class EgressAclServiceTest {
  50
  51     @InjectMocks private EgressAclService egressAclService = new EgressAclService();
  52     @Spy private EgressAclService egressAclServiceSpy;
  53
  54     @Mock private DataBroker dataBroker;
  55     @Mock private PipelineOrchestrator orchestrator;
  56
  57     @Mock private WriteTransaction writeTransaction;
  58     @Mock private CheckedFuture<Void, TransactionCommitFailedException> commitFuture;
  59
  60     @Mock private NeutronSecurityGroup securityGroup;
  61     @Mock private NeutronSecurityRule portSecurityRule;
  62
  63     private static final String HOST_ADDRESS = "127.0.0.1/32";
  64     private static final String MAC_ADDRESS = "87:1D:5E:02:40:B7";
  65
  66     @Before
  67     public void setUp() {
  68         egressAclServiceSpy = Mockito.spy(egressAclService);
  69
  70         when(writeTransaction.submit()).thenReturn(commitFuture);
  71
  72         when(dataBroker.newWriteOnlyTransaction()).thenReturn(writeTransaction);
  73
  74         when(orchestrator.getNextServiceInPipeline(any(Service.class))).thenReturn(Service.ARP_RESPONDER);
  75
  76         portSecurityRule = mock(NeutronSecurityRule.class);
  77         when(portSecurityRule.getSecurityRuleEthertype()).thenReturn("IPv4");
  78         when(portSecurityRule.getSecurityRuleDirection()).thenReturn("egress");
  79
  80         List<NeutronSecurityRule> portSecurityList = new ArrayList<NeutronSecurityRule>();
  81         portSecurityList.add(portSecurityRule);
  82
  83         when(securityGroup.getSecurityRules()).thenReturn(portSecurityList);
  84     }
  85
  86     /**
  87      * Rule 1: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (True), IP Prefix (True)
  88      */
  89     @Test
  90     public void testProgramPortSecurityACLRule1() throws Exception {
  91         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
  92         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(1);
  93         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
  94         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
  95
  96         egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
  97         verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
  98         verify(egressAclServiceSpy, times(1)).egressACLTcpPortWithPrefix(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyString(), anyInt());
  99         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 100         verify(writeTransaction, times(2)).submit();
 101         verify(commitFuture, times(2)).get();
 102     }
 103
 104     /**
 105      * Rule 2: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (False), IP Prefix (True)
 106      */
 107     @Test
 108     public void testProgramPortSecurityACLRule2() throws Exception {
 109         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 110         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 111         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
 112         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
 113
 114         egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
 115         verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 116         verify(egressAclServiceSpy, times(1)).egressACLTcpPortWithPrefix(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyString(), anyInt());
 117         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 118         verify(writeTransaction, times(2)).submit();
 119         verify(commitFuture, times(2)).get();
 120     }
 121
 122     /**
 123      * Rule 3: TCP Proto (True), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (True)
 124      */
 125     @Test
 126     public void testProgramPortSecurityACLRule3() throws Exception {
 127         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 128         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 129         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
 130         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
 131
 132         egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
 133         verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 134         verify(egressAclServiceSpy, times(1)).egressACLPermitAllProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
 135         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 136         verify(writeTransaction, times(2)).submit();
 137         verify(commitFuture, times(2)).get();
 138     }
 139
 140     /**
 141      * Rule 4: TCP Proto (False), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (True)
 142      */
 143     @Test
 144     public void testProgramPortSecurityACLRule4() throws Exception {
 145         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
 146         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 147         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
 148         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
 149
 150         egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
 151         verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 152         verify(egressAclServiceSpy, times(1)).egressACLPermitAllProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
 153         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 154         verify(writeTransaction, times(2)).submit();
 155         verify(commitFuture, times(2)).get();
 156     }
 157
 158     /**
 159      * Rule 5: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (True), IP Prefix (False)
 160      */
 161     @Test
 162     public void testProgramPortSecurityACLRule5() throws Exception {
 163         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 164         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(1);
 165         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
 166         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
 167
 168         egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
 169         verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 170         verify(egressAclServiceSpy, times(1)).egressACLTcpSyn(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyInt());
 171         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 172         verify(writeTransaction, times(2)).submit();
 173         verify(commitFuture, times(2)).get();
 174     }
 175
 176     /**
 177      * Rule 6: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (False), IP Prefix (False)
 178      */
 179     @Test
 180     public void testProgramPortSecurityACLRule6() throws Exception {
 181         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 182         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 183         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
 184         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
 185
 186         egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
 187         verify(egressAclServiceSpy, times(1)).egressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 188         verify(egressAclServiceSpy, times(1)).egressACLTcpSyn(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyInt());
 189         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 190         verify(writeTransaction, times(2)).submit();
 191         verify(commitFuture, times(2)).get();
 192     }
 193
 194     /**
 195      * Rule 7: TCP Proto (True), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (False or 0.0.0.0/0)
 196      */
 197     @Test
 198     public void testProgramPortSecurityACLRule7() throws Exception {
 199         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 200         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 201         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
 202         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
 203
 204         egressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup);
 205         verify(egressAclServiceSpy, times(1)).egressAllowProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
 206         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 207         verify(writeTransaction, times(1)).submit();
 208         verify(commitFuture, times(1)).get();
 209     }
 210
 211     /**
 212      * Test method {@link EgressAclService#egressACLDefaultTcpDrop(Long, String, String, int, boolean)}
 213      */
 214     @Test
 215     public void testEgressACLDefaultTcpDrop() throws Exception {
 216         egressAclService.egressACLDefaultTcpDrop(Long.valueOf(123), "2", MAC_ADDRESS, 1, true);
 217         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 218         verify(writeTransaction, times(1)).submit();
 219         verify(commitFuture, times(1)).get();
 220
 221         egressAclService.egressACLDefaultTcpDrop(Long.valueOf(123), "2", MAC_ADDRESS, 1, false);
 222         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 223         verify(writeTransaction, times(2)).submit();
 224         verify(commitFuture, times(2)).get(); // 1 + 1 above
 225     }
 226
 227     /**
 228      * Test method {@link EgressAclService#egressACLTcpPortWithPrefix(Long, String, String, boolean, Integer, String, Integer)}
 229      */
 230     @Test
 231     public void testEgressACLTcpPortWithPrefix() throws Exception {
 232         egressAclService.egressACLTcpPortWithPrefix(Long.valueOf(123), "2", MAC_ADDRESS, true, 1, HOST_ADDRESS, 1);
 233         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 234         verify(writeTransaction, times(1)).submit();
 235         verify(commitFuture, times(1)).get();
 236
 237         egressAclService.egressACLTcpPortWithPrefix(Long.valueOf(123), "2", MAC_ADDRESS, false, 1, HOST_ADDRESS, 1);
 238         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 239         verify(writeTransaction, times(2)).submit();
 240         verify(commitFuture, times(2)).get(); // 1 + 1 above
 241     }
 242
 243     /**
 244      * Test method {@link EgressAclService#egressAllowProto(Long, String, String, boolean, String, Integer)}
 245      */
 246     @Test
 247     public void testEgressAllowProto() throws Exception {
 248         egressAclService.egressAllowProto(Long.valueOf(123), "2", MAC_ADDRESS, true, HOST_ADDRESS, 1);
 249         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 250         verify(writeTransaction, times(1)).submit();
 251         verify(commitFuture, times(1)).get();
 252
 253         egressAclService.egressAllowProto(Long.valueOf(123), "2", MAC_ADDRESS, false, HOST_ADDRESS, 1);
 254         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 255         verify(writeTransaction, times(2)).submit();
 256         verify(commitFuture, times(2)).get(); // 1 + 1 above
 257     }
 258
 259     /**
 260      * Test method {@link EgressAclService#egressACLPermitAllProto(Long, String, String, boolean, String, Integer)}
 261      */
 262     @Test
 263     public void testEgressACLPermitAllProto() throws Exception {
 264         egressAclService.egressACLPermitAllProto(Long.valueOf(123), "2", MAC_ADDRESS, true, HOST_ADDRESS, 1);
 265         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 266         verify(writeTransaction, times(1)).submit();
 267         verify(commitFuture, times(1)).get();
 268
 269         egressAclService.egressACLPermitAllProto(Long.valueOf(123), "2", MAC_ADDRESS, false, HOST_ADDRESS, 1);
 270         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 271         verify(writeTransaction, times(2)).submit();
 272         verify(commitFuture, times(2)).get(); // 1 + 1 above
 273     }
 274
 275     /**
 276      * Test method {@link EgressAclService#egressACLTcpSyn(Long, String, String, boolean, Integer, Integer)}
 277      */
 278     @Test
 279     public void testEgressACLTcpSyn() throws Exception {
 280         egressAclService.egressACLTcpSyn(Long.valueOf(123), "2", MAC_ADDRESS, true, 1, 1);
 281         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 282         verify(writeTransaction, times(1)).submit();
 283         verify(commitFuture, times(1)).get();
 284
 285         egressAclService.egressACLTcpSyn(Long.valueOf(123), "2", MAC_ADDRESS, false, 1, 1);
 286         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 287         verify(writeTransaction, times(2)).submit();
 288         verify(commitFuture, times(2)).get(); // 1 + 1 above
 289     }
 290 }