openstack/net-virt-providers/src/test/java/org/opendaylight/ovsdb/openstack/netvirt/providers/openflow13/services/IngressAclServiceTest.java

   1 /*
   2  * Copyright (c) 2015 Inocybe and others.  All rights reserved.
   3  *
   4  * This program and the accompanying materials are made available under the
   5  * terms of the Eclipse Public License v1.0 which accompanies this distribution,
   6  * and is available at http://www.eclipse.org/legal/epl-v10.html
   7  */
   8
   9 package org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.services;
  10
  11 import static org.mockito.Matchers.any;
  12 import static org.mockito.Matchers.anyBoolean;
  13 import static org.mockito.Matchers.anyInt;
  14 import static org.mockito.Matchers.anyLong;
  15 import static org.mockito.Matchers.anyString;
  16 import static org.mockito.Mockito.mock;
  17 import static org.mockito.Mockito.times;
  18 import static org.mockito.Mockito.verify;
  19 import static org.mockito.Mockito.when;
  20
  21 import java.util.ArrayList;
  22 import java.util.List;
  23
  24 import org.junit.Before;
  25 import org.junit.Test;
  26 import org.junit.runner.RunWith;
  27 import org.mockito.InjectMocks;
  28 import org.mockito.Mock;
  29 import org.mockito.Mockito;
  30 import org.mockito.Spy;
  31 import org.mockito.runners.MockitoJUnitRunner;
  32 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
  33 import org.opendaylight.controller.md.sal.binding.api.ReadWriteTransaction;
  34 import org.opendaylight.controller.md.sal.binding.api.WriteTransaction;
  35 import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
  36 import org.opendaylight.controller.md.sal.common.api.data.TransactionCommitFailedException;
  37 import org.opendaylight.neutron.spi.NeutronSecurityGroup;
  38 import org.opendaylight.neutron.spi.NeutronSecurityRule;
  39 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.MdsalConsumer;
  40 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.PipelineOrchestrator;
  41 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.Service;
  42 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.nodes.Node;
  43 import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
  44
  45 import com.google.common.util.concurrent.CheckedFuture;
  46
  47 /**
  48  * Unit test fort {@link IngressAclService}
  49  */
  50 @RunWith(MockitoJUnitRunner.class)
  51 public class IngressAclServiceTest {
  52
  53     @InjectMocks private IngressAclService ingressAclService = new IngressAclService();
  54     @Spy private IngressAclService ingressAclServiceSpy;
  55
  56     @Mock private MdsalConsumer mdsalConsumer;
  57     @Mock private PipelineOrchestrator orchestrator;
  58
  59     @Mock private ReadWriteTransaction readWriteTransaction;
  60     @Mock private WriteTransaction writeTransaction;
  61     @Mock private CheckedFuture<Void, TransactionCommitFailedException> commitFuture;
  62
  63     @Mock private NeutronSecurityGroup securityGroup;
  64     @Mock private NeutronSecurityRule portSecurityRule;
  65
  66     private static final String SEGMENTATION_ID = "2";
  67     private static final int PRIORITY = 1;
  68     private static final String HOST_ADDRESS = "127.0.0.1/32";
  69     private static final String MAC_ADDRESS = "87:1D:5E:02:40:B8";
  70
  71     @Before
  72     public void setUp() {
  73         ingressAclServiceSpy = Mockito.spy(ingressAclService);
  74
  75         when(readWriteTransaction.submit()).thenReturn(commitFuture);
  76         when(writeTransaction.submit()).thenReturn(commitFuture);
  77
  78         DataBroker dataBroker = mock(DataBroker.class);
  79         when(dataBroker.newReadWriteTransaction()).thenReturn(readWriteTransaction);
  80         when(dataBroker.newWriteOnlyTransaction()).thenReturn(writeTransaction);
  81
  82         when(mdsalConsumer.getDataBroker()).thenReturn(dataBroker);
  83
  84         when(orchestrator.getNextServiceInPipeline(any(Service.class))).thenReturn(Service.ARP_RESPONDER);
  85
  86         portSecurityRule = mock(NeutronSecurityRule.class);
  87         when(portSecurityRule.getSecurityRuleEthertype()).thenReturn("IPv4");
  88         when(portSecurityRule.getSecurityRuleDirection()).thenReturn("ingress");
  89
  90         List<NeutronSecurityRule> portSecurityList = new ArrayList();
  91         portSecurityList.add(portSecurityRule);
  92
  93         when(securityGroup.getSecurityRules()).thenReturn(portSecurityList);
  94     }
  95
  96     /**
  97      * Rule 1: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (True), IP Prefix (True)
  98      */
  99     @Test
 100     public void testProgramPortSecurityACLRule1() throws Exception {
 101         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 102         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(1);
 103         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
 104         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
 105
 106         ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
 107         verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 108         verify(ingressAclServiceSpy, times(1)).ingressACLTcpPortWithPrefix(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyString(), anyInt());
 109         verify(readWriteTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 110         verify(readWriteTransaction, times(2)).submit();
 111         verify(commitFuture, times(2)).get();
 112     }
 113
 114
 115     /**
 116      * Rule 2: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (False), IP Prefix (True)
 117      */
 118     @Test
 119     public void testProgramPortSecurityACLRule2() throws Exception {
 120         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 121         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 122         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
 123         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
 124
 125         ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
 126         verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 127         verify(ingressAclServiceSpy, times(1)).ingressACLTcpPortWithPrefix(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyString(), anyInt());
 128         verify(readWriteTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 129         verify(readWriteTransaction, times(2)).submit();
 130         verify(commitFuture, times(2)).get();
 131     }
 132
 133     /**
 134      * Rule 3: TCP Proto (True), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (True)
 135      */
 136     @Test
 137     public void testProgramPortSecurityACLRule3() throws Exception {
 138         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 139         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 140         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
 141         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
 142
 143         ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
 144         verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 145         verify(ingressAclServiceSpy, times(1)).ingressACLPermitAllProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
 146         verify(readWriteTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 147         verify(readWriteTransaction, times(2)).submit();
 148         verify(commitFuture, times(2)).get();
 149     }
 150
 151     /**
 152      * Rule 4: TCP Proto (False), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (True)
 153      */
 154     @Test
 155     public void testProgramPortSecurityACLRule4() throws Exception {
 156         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
 157         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 158         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
 159         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
 160
 161         ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
 162         verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 163         verify(ingressAclServiceSpy, times(1)).ingressACLPermitAllProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
 164         verify(readWriteTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 165         verify(readWriteTransaction, times(2)).submit();
 166         verify(commitFuture, times(2)).get();
 167     }
 168
 169     /**
 170      * Rule 5: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (True), IP Prefix (False)
 171      */
 172     @Test
 173     public void testProgramPortSecurityACLRule5() throws Exception {
 174         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 175         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(1);
 176         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
 177         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
 178
 179         ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
 180         verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 181         verify(ingressAclServiceSpy, times(1)).ingressACLTcpSyn(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyInt());
 182         verify(readWriteTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 183         verify(readWriteTransaction, times(2)).submit();
 184         verify(commitFuture, times(2)).get();
 185     }
 186
 187     /**
 188      * Rule 6: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (False), IP Prefix (False)
 189      */
 190     @Test
 191     public void testProgramPortSecurityACLRule6() throws Exception {
 192         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 193         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 194         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
 195         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
 196
 197         ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
 198         verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 199         verify(ingressAclServiceSpy, times(1)).ingressACLTcpSyn(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyInt());
 200         verify(readWriteTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 201         verify(readWriteTransaction, times(2)).submit();
 202         verify(commitFuture, times(2)).get();
 203     }
 204
 205     /**
 206      * Rule 7: TCP Proto (True), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (False or 0.0.0.0/0)
 207      */
 208     @Test
 209     public void testProgramPortSecurityACLRule7() throws Exception {
 210         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 211         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 212         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
 213         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
 214
 215         ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
 216         verify(ingressAclServiceSpy, times(1)).handleIngressAllowProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
 217         verify(readWriteTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 218         verify(readWriteTransaction, times(1)).submit();
 219         verify(commitFuture, times(1)).get();
 220     }
 221
 222     /**
 223      * Test method {@link IgressAclService#egressACLDefaultTcpDrop(Long, String, String, int, boolean)}
 224      */
 225     @Test
 226     public void testIgressACLDefaultTcpDrop() throws Exception {
 227         ingressAclService.ingressACLDefaultTcpDrop(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, PRIORITY, true);
 228         verify(readWriteTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 229         verify(readWriteTransaction, times(1)).submit();
 230         verify(commitFuture, times(1)).get();
 231
 232         ingressAclService.ingressACLDefaultTcpDrop(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, PRIORITY, false);
 233         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 234         verify(readWriteTransaction, times(1)).submit();
 235         verify(commitFuture, times(2)).get(); // 1 + 1 above
 236     }
 237
 238     /**
 239      * Test method {@link IgressAclService#ingressACLTcpPortWithPrefix(Long, String, String, boolean, Integer, String, Integer)}
 240      */
 241     @Test
 242     public void testIngressACLTcpPortWithPrefix() throws Exception {
 243         ingressAclService.ingressACLTcpPortWithPrefix(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, true, 1, HOST_ADDRESS, PRIORITY);
 244         verify(readWriteTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 245         verify(readWriteTransaction, times(1)).submit();
 246         verify(commitFuture, times(1)).get();
 247
 248         ingressAclService.ingressACLTcpPortWithPrefix(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, false, 1, HOST_ADDRESS, PRIORITY);
 249         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 250         verify(readWriteTransaction, times(1)).submit();
 251         verify(commitFuture, times(2)).get(); // 1 + 1 above
 252     }
 253
 254     /**
 255      * Test method {@link IgressAclService#handleIngressAllowProto(Long, String, String, boolean, String, Integer)}
 256      */
 257     @Test
 258     public void testIngressAllowProto() throws Exception {
 259         ingressAclService.handleIngressAllowProto(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, true, HOST_ADDRESS, PRIORITY);
 260         verify(readWriteTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 261         verify(readWriteTransaction, times(1)).submit();
 262         verify(commitFuture, times(1)).get();
 263
 264         ingressAclService.handleIngressAllowProto(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, false, HOST_ADDRESS, PRIORITY);
 265         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 266         verify(readWriteTransaction, times(1)).submit();
 267         verify(commitFuture, times(2)).get(); // 1 + 1 above
 268     }
 269
 270     /**
 271      * Test method {@link IgressAclService#ingressACLPermitAllProto(Long, String, String, boolean, String, Integer)}
 272      */
 273     @Test
 274     public void testIngressACLPermitAllProto() throws Exception {
 275         ingressAclService.ingressACLPermitAllProto(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, true, HOST_ADDRESS, PRIORITY);
 276         verify(readWriteTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 277         verify(readWriteTransaction, times(1)).submit();
 278         verify(commitFuture, times(1)).get();
 279
 280         ingressAclService.ingressACLPermitAllProto(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, false, HOST_ADDRESS, PRIORITY);
 281         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 282         verify(readWriteTransaction, times(1)).submit();
 283         verify(commitFuture, times(2)).get(); // 1 + 1 above
 284     }
 285
 286     /**
 287      * Test method {@link IgressAclService#ingressACLTcpSyn(Long, String, String, boolean, Integer, Integer)}
 288      */
 289     @Test
 290     public void testIngressACLTcpSyn() throws Exception {
 291         ingressAclService.ingressACLTcpSyn(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, true, 1, PRIORITY);
 292         verify(readWriteTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 293         verify(readWriteTransaction, times(1)).submit();
 294         verify(commitFuture, times(1)).get();
 295
 296         ingressAclService.ingressACLTcpSyn(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, false, 1, PRIORITY);
 297         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 298         verify(readWriteTransaction, times(1)).submit();
 299         verify(commitFuture, times(2)).get(); // 1 + 1 above
 300     }
 301 }