2 * Copyright (c) 2015 Inocybe and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
9 package org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.services;
11 import static org.mockito.Matchers.any;
12 import static org.mockito.Matchers.anyBoolean;
13 import static org.mockito.Matchers.anyInt;
14 import static org.mockito.Matchers.anyLong;
15 import static org.mockito.Matchers.anyString;
16 import static org.mockito.Mockito.mock;
17 import static org.mockito.Mockito.times;
18 import static org.mockito.Mockito.verify;
19 import static org.mockito.Mockito.when;
21 import java.util.ArrayList;
22 import java.util.List;
24 import org.junit.Before;
25 import org.junit.Test;
26 import org.junit.runner.RunWith;
27 import org.mockito.InjectMocks;
28 import org.mockito.Mock;
29 import org.mockito.Mockito;
30 import org.mockito.Spy;
31 import org.mockito.runners.MockitoJUnitRunner;
32 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
33 import org.opendaylight.controller.md.sal.binding.api.ReadWriteTransaction;
34 import org.opendaylight.controller.md.sal.binding.api.WriteTransaction;
35 import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
36 import org.opendaylight.controller.md.sal.common.api.data.TransactionCommitFailedException;
37 import org.opendaylight.neutron.spi.NeutronSecurityGroup;
38 import org.opendaylight.neutron.spi.NeutronSecurityRule;
39 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.MdsalConsumer;
40 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.PipelineOrchestrator;
41 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.Service;
42 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.nodes.Node;
43 import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
45 import com.google.common.util.concurrent.CheckedFuture;
48 * Unit test fort {@link IngressAclService}
50 @RunWith(MockitoJUnitRunner.class)
51 public class IngressAclServiceTest {
53 @InjectMocks private IngressAclService ingressAclService = new IngressAclService();
54 @Spy private IngressAclService ingressAclServiceSpy;
56 @Mock private MdsalConsumer mdsalConsumer;
57 @Mock private PipelineOrchestrator orchestrator;
59 @Mock private ReadWriteTransaction readWriteTransaction;
60 @Mock private WriteTransaction writeTransaction;
61 @Mock private CheckedFuture<Void, TransactionCommitFailedException> commitFuture;
63 @Mock private NeutronSecurityGroup securityGroup;
64 @Mock private NeutronSecurityRule portSecurityRule;
66 private static final String SEGMENTATION_ID = "2";
67 private static final int PRIORITY = 1;
68 private static final String HOST_ADDRESS = "127.0.0.1/32";
69 private static final String MAC_ADDRESS = "87:1D:5E:02:40:B8";
73 ingressAclServiceSpy = Mockito.spy(ingressAclService);
75 when(readWriteTransaction.submit()).thenReturn(commitFuture);
76 when(writeTransaction.submit()).thenReturn(commitFuture);
78 DataBroker dataBroker = mock(DataBroker.class);
79 when(dataBroker.newReadWriteTransaction()).thenReturn(readWriteTransaction);
80 when(dataBroker.newWriteOnlyTransaction()).thenReturn(writeTransaction);
82 when(mdsalConsumer.getDataBroker()).thenReturn(dataBroker);
84 when(orchestrator.getNextServiceInPipeline(any(Service.class))).thenReturn(Service.ARP_RESPONDER);
86 portSecurityRule = mock(NeutronSecurityRule.class);
87 when(portSecurityRule.getSecurityRuleEthertype()).thenReturn("IPv4");
88 when(portSecurityRule.getSecurityRuleDirection()).thenReturn("ingress");
90 List<NeutronSecurityRule> portSecurityList = new ArrayList();
91 portSecurityList.add(portSecurityRule);
93 when(securityGroup.getSecurityRules()).thenReturn(portSecurityList);
97 * Rule 1: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (True), IP Prefix (True)
100 public void testProgramPortSecurityACLRule1() throws Exception {
101 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
102 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(1);
103 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
104 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
106 ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
107 verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
108 verify(ingressAclServiceSpy, times(1)).ingressACLTcpPortWithPrefix(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyString(), anyInt());
109 verify(readWriteTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
110 verify(readWriteTransaction, times(2)).submit();
111 verify(commitFuture, times(2)).get();
116 * Rule 2: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (False), IP Prefix (True)
119 public void testProgramPortSecurityACLRule2() throws Exception {
120 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
121 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
122 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
123 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
125 ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
126 verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
127 verify(ingressAclServiceSpy, times(1)).ingressACLTcpPortWithPrefix(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyString(), anyInt());
128 verify(readWriteTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
129 verify(readWriteTransaction, times(2)).submit();
130 verify(commitFuture, times(2)).get();
134 * Rule 3: TCP Proto (True), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (True)
137 public void testProgramPortSecurityACLRule3() throws Exception {
138 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
139 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
140 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
141 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
143 ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
144 verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
145 verify(ingressAclServiceSpy, times(1)).ingressACLPermitAllProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
146 verify(readWriteTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
147 verify(readWriteTransaction, times(2)).submit();
148 verify(commitFuture, times(2)).get();
152 * Rule 4: TCP Proto (False), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (True)
155 public void testProgramPortSecurityACLRule4() throws Exception {
156 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
157 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
158 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
159 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
161 ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
162 verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
163 verify(ingressAclServiceSpy, times(1)).ingressACLPermitAllProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
164 verify(readWriteTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
165 verify(readWriteTransaction, times(2)).submit();
166 verify(commitFuture, times(2)).get();
170 * Rule 5: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (True), IP Prefix (False)
173 public void testProgramPortSecurityACLRule5() throws Exception {
174 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
175 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(1);
176 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
177 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
179 ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
180 verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
181 verify(ingressAclServiceSpy, times(1)).ingressACLTcpSyn(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyInt());
182 verify(readWriteTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
183 verify(readWriteTransaction, times(2)).submit();
184 verify(commitFuture, times(2)).get();
188 * Rule 6: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (False), IP Prefix (False)
191 public void testProgramPortSecurityACLRule6() throws Exception {
192 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
193 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
194 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
195 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
197 ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
198 verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
199 verify(ingressAclServiceSpy, times(1)).ingressACLTcpSyn(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyInt());
200 verify(readWriteTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
201 verify(readWriteTransaction, times(2)).submit();
202 verify(commitFuture, times(2)).get();
206 * Rule 7: TCP Proto (True), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (False or 0.0.0.0/0)
209 public void testProgramPortSecurityACLRule7() throws Exception {
210 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
211 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
212 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
213 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
215 ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
216 verify(ingressAclServiceSpy, times(1)).handleIngressAllowProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
217 verify(readWriteTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
218 verify(readWriteTransaction, times(1)).submit();
219 verify(commitFuture, times(1)).get();
223 * Test method {@link IgressAclService#egressACLDefaultTcpDrop(Long, String, String, int, boolean)}
226 public void testIgressACLDefaultTcpDrop() throws Exception {
227 ingressAclService.ingressACLDefaultTcpDrop(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, PRIORITY, true);
228 verify(readWriteTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
229 verify(readWriteTransaction, times(1)).submit();
230 verify(commitFuture, times(1)).get();
232 ingressAclService.ingressACLDefaultTcpDrop(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, PRIORITY, false);
233 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
234 verify(readWriteTransaction, times(1)).submit();
235 verify(commitFuture, times(2)).get(); // 1 + 1 above
239 * Test method {@link IgressAclService#ingressACLTcpPortWithPrefix(Long, String, String, boolean, Integer, String, Integer)}
242 public void testIngressACLTcpPortWithPrefix() throws Exception {
243 ingressAclService.ingressACLTcpPortWithPrefix(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, true, 1, HOST_ADDRESS, PRIORITY);
244 verify(readWriteTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
245 verify(readWriteTransaction, times(1)).submit();
246 verify(commitFuture, times(1)).get();
248 ingressAclService.ingressACLTcpPortWithPrefix(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, false, 1, HOST_ADDRESS, PRIORITY);
249 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
250 verify(readWriteTransaction, times(1)).submit();
251 verify(commitFuture, times(2)).get(); // 1 + 1 above
255 * Test method {@link IgressAclService#handleIngressAllowProto(Long, String, String, boolean, String, Integer)}
258 public void testIngressAllowProto() throws Exception {
259 ingressAclService.handleIngressAllowProto(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, true, HOST_ADDRESS, PRIORITY);
260 verify(readWriteTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
261 verify(readWriteTransaction, times(1)).submit();
262 verify(commitFuture, times(1)).get();
264 ingressAclService.handleIngressAllowProto(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, false, HOST_ADDRESS, PRIORITY);
265 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
266 verify(readWriteTransaction, times(1)).submit();
267 verify(commitFuture, times(2)).get(); // 1 + 1 above
271 * Test method {@link IgressAclService#ingressACLPermitAllProto(Long, String, String, boolean, String, Integer)}
274 public void testIngressACLPermitAllProto() throws Exception {
275 ingressAclService.ingressACLPermitAllProto(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, true, HOST_ADDRESS, PRIORITY);
276 verify(readWriteTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
277 verify(readWriteTransaction, times(1)).submit();
278 verify(commitFuture, times(1)).get();
280 ingressAclService.ingressACLPermitAllProto(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, false, HOST_ADDRESS, PRIORITY);
281 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
282 verify(readWriteTransaction, times(1)).submit();
283 verify(commitFuture, times(2)).get(); // 1 + 1 above
287 * Test method {@link IgressAclService#ingressACLTcpSyn(Long, String, String, boolean, Integer, Integer)}
290 public void testIngressACLTcpSyn() throws Exception {
291 ingressAclService.ingressACLTcpSyn(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, true, 1, PRIORITY);
292 verify(readWriteTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
293 verify(readWriteTransaction, times(1)).submit();
294 verify(commitFuture, times(1)).get();
296 ingressAclService.ingressACLTcpSyn(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, false, 1, PRIORITY);
297 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
298 verify(readWriteTransaction, times(1)).submit();
299 verify(commitFuture, times(2)).get(); // 1 + 1 above