openstack/net-virt-providers/src/test/java/org/opendaylight/ovsdb/openstack/netvirt/providers/openflow13/services/IngressAclServiceTest.java

   1 /*
   2  * Copyright (c) 2015 Inocybe and others.  All rights reserved.
   3  *
   4  * This program and the accompanying materials are made available under the
   5  * terms of the Eclipse Public License v1.0 which accompanies this distribution,
   6  * and is available at http://www.eclipse.org/legal/epl-v10.html
   7  */
   8
   9 package org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.services;
  10
  11 import static org.mockito.Matchers.any;
  12 import static org.mockito.Matchers.anyBoolean;
  13 import static org.mockito.Matchers.anyInt;
  14 import static org.mockito.Matchers.anyLong;
  15 import static org.mockito.Matchers.anyString;
  16 import static org.mockito.Mockito.mock;
  17 import static org.mockito.Mockito.times;
  18 import static org.mockito.Mockito.verify;
  19 import static org.mockito.Mockito.when;
  20
  21 import java.util.ArrayList;
  22 import java.util.List;
  23
  24 import org.junit.Before;
  25 import org.junit.Ignore;
  26 import org.junit.Test;
  27 import org.junit.runner.RunWith;
  28 import org.mockito.InjectMocks;
  29 import org.mockito.Mock;
  30 import org.mockito.Mockito;
  31 import org.mockito.Spy;
  32 import org.mockito.runners.MockitoJUnitRunner;
  33 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
  34 import org.opendaylight.controller.md.sal.binding.api.ReadWriteTransaction;
  35 import org.opendaylight.controller.md.sal.binding.api.WriteTransaction;
  36 import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
  37 import org.opendaylight.controller.md.sal.common.api.data.TransactionCommitFailedException;
  38 import org.opendaylight.neutron.spi.NeutronSecurityGroup;
  39 import org.opendaylight.neutron.spi.NeutronSecurityRule;
  40 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.PipelineOrchestrator;
  41 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.Service;
  42 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.nodes.Node;
  43 import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
  44
  45 import com.google.common.util.concurrent.CheckedFuture;
  46
  47 /**
  48  * Unit test fort {@link IngressAclService}
  49  */
  50 @Ignore // TODO SB_MIGRATION
  51 @RunWith(MockitoJUnitRunner.class)
  52 public class IngressAclServiceTest {
  53
  54     @InjectMocks private IngressAclService ingressAclService = new IngressAclService();
  55     @Spy private IngressAclService ingressAclServiceSpy;
  56
  57     //@Mock private MdsalConsumer mdsalConsumer;
  58     @Mock private PipelineOrchestrator orchestrator;
  59
  60     @Mock private ReadWriteTransaction readWriteTransaction;
  61     @Mock private WriteTransaction writeTransaction;
  62     @Mock private CheckedFuture<Void, TransactionCommitFailedException> commitFuture;
  63
  64     @Mock private NeutronSecurityGroup securityGroup;
  65     @Mock private NeutronSecurityRule portSecurityRule;
  66
  67     private static final String SEGMENTATION_ID = "2";
  68     private static final int PRIORITY = 1;
  69     private static final String HOST_ADDRESS = "127.0.0.1/32";
  70     private static final String MAC_ADDRESS = "87:1D:5E:02:40:B8";
  71
  72     @Before
  73     public void setUp() {
  74         ingressAclServiceSpy = Mockito.spy(ingressAclService);
  75
  76         when(readWriteTransaction.submit()).thenReturn(commitFuture);
  77         when(writeTransaction.submit()).thenReturn(commitFuture);
  78
  79         DataBroker dataBroker = mock(DataBroker.class);
  80         when(dataBroker.newReadWriteTransaction()).thenReturn(readWriteTransaction);
  81         when(dataBroker.newWriteOnlyTransaction()).thenReturn(writeTransaction);
  82
  83         //when(mdsalConsumer.getDataBroker()).thenReturn(dataBroker);
  84
  85         when(orchestrator.getNextServiceInPipeline(any(Service.class))).thenReturn(Service.ARP_RESPONDER);
  86
  87         portSecurityRule = mock(NeutronSecurityRule.class);
  88         when(portSecurityRule.getSecurityRuleEthertype()).thenReturn("IPv4");
  89         when(portSecurityRule.getSecurityRuleDirection()).thenReturn("ingress");
  90
  91         List<NeutronSecurityRule> portSecurityList = new ArrayList();
  92         portSecurityList.add(portSecurityRule);
  93
  94         when(securityGroup.getSecurityRules()).thenReturn(portSecurityList);
  95     }
  96
  97     /**
  98      * Rule 1: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (True), IP Prefix (True)
  99      */
 100     @Test
 101     public void testProgramPortSecurityACLRule1() throws Exception {
 102         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 103         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(1);
 104         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
 105         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
 106
 107         ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
 108         verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 109         verify(ingressAclServiceSpy, times(1)).ingressACLTcpPortWithPrefix(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyString(), anyInt());
 110         verify(readWriteTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 111         verify(readWriteTransaction, times(2)).submit();
 112         verify(commitFuture, times(2)).get();
 113     }
 114
 115
 116     /**
 117      * Rule 2: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (False), IP Prefix (True)
 118      */
 119     @Test
 120     public void testProgramPortSecurityACLRule2() throws Exception {
 121         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 122         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 123         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
 124         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
 125
 126         ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
 127         verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 128         verify(ingressAclServiceSpy, times(1)).ingressACLTcpPortWithPrefix(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyString(), anyInt());
 129         verify(readWriteTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 130         verify(readWriteTransaction, times(2)).submit();
 131         verify(commitFuture, times(2)).get();
 132     }
 133
 134     /**
 135      * Rule 3: TCP Proto (True), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (True)
 136      */
 137     @Test
 138     public void testProgramPortSecurityACLRule3() throws Exception {
 139         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 140         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 141         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
 142         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
 143
 144         ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
 145         verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 146         verify(ingressAclServiceSpy, times(1)).ingressACLPermitAllProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
 147         verify(readWriteTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 148         verify(readWriteTransaction, times(2)).submit();
 149         verify(commitFuture, times(2)).get();
 150     }
 151
 152     /**
 153      * Rule 4: TCP Proto (False), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (True)
 154      */
 155     @Test
 156     public void testProgramPortSecurityACLRule4() throws Exception {
 157         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
 158         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 159         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
 160         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
 161
 162         ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
 163         verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 164         verify(ingressAclServiceSpy, times(1)).ingressACLPermitAllProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
 165         verify(readWriteTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 166         verify(readWriteTransaction, times(2)).submit();
 167         verify(commitFuture, times(2)).get();
 168     }
 169
 170     /**
 171      * Rule 5: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (True), IP Prefix (False)
 172      */
 173     @Test
 174     public void testProgramPortSecurityACLRule5() throws Exception {
 175         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 176         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(1);
 177         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
 178         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
 179
 180         ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
 181         verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 182         verify(ingressAclServiceSpy, times(1)).ingressACLTcpSyn(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyInt());
 183         verify(readWriteTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 184         verify(readWriteTransaction, times(2)).submit();
 185         verify(commitFuture, times(2)).get();
 186     }
 187
 188     /**
 189      * Rule 6: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (False), IP Prefix (False)
 190      */
 191     @Test
 192     public void testProgramPortSecurityACLRule6() throws Exception {
 193         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 194         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 195         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
 196         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
 197
 198         ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
 199         verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 200         verify(ingressAclServiceSpy, times(1)).ingressACLTcpSyn(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyInt());
 201         verify(readWriteTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 202         verify(readWriteTransaction, times(2)).submit();
 203         verify(commitFuture, times(2)).get();
 204     }
 205
 206     /**
 207      * Rule 7: TCP Proto (True), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (False or 0.0.0.0/0)
 208      */
 209     @Test
 210     public void testProgramPortSecurityACLRule7() throws Exception {
 211         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 212         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 213         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
 214         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
 215
 216         ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
 217         verify(ingressAclServiceSpy, times(1)).handleIngressAllowProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
 218         verify(readWriteTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 219         verify(readWriteTransaction, times(1)).submit();
 220         verify(commitFuture, times(1)).get();
 221     }
 222
 223     /**
 224      * Test method {@link IgressAclService#egressACLDefaultTcpDrop(Long, String, String, int, boolean)}
 225      */
 226     @Test
 227     public void testIgressACLDefaultTcpDrop() throws Exception {
 228         ingressAclService.ingressACLDefaultTcpDrop(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, PRIORITY, true);
 229         verify(readWriteTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 230         verify(readWriteTransaction, times(1)).submit();
 231         verify(commitFuture, times(1)).get();
 232
 233         ingressAclService.ingressACLDefaultTcpDrop(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, PRIORITY, false);
 234         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 235         verify(readWriteTransaction, times(1)).submit();
 236         verify(commitFuture, times(2)).get(); // 1 + 1 above
 237     }
 238
 239     /**
 240      * Test method {@link IgressAclService#ingressACLTcpPortWithPrefix(Long, String, String, boolean, Integer, String, Integer)}
 241      */
 242     @Test
 243     public void testIngressACLTcpPortWithPrefix() throws Exception {
 244         ingressAclService.ingressACLTcpPortWithPrefix(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, true, 1, HOST_ADDRESS, PRIORITY);
 245         verify(readWriteTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 246         verify(readWriteTransaction, times(1)).submit();
 247         verify(commitFuture, times(1)).get();
 248
 249         ingressAclService.ingressACLTcpPortWithPrefix(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, false, 1, HOST_ADDRESS, PRIORITY);
 250         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 251         verify(readWriteTransaction, times(1)).submit();
 252         verify(commitFuture, times(2)).get(); // 1 + 1 above
 253     }
 254
 255     /**
 256      * Test method {@link IgressAclService#handleIngressAllowProto(Long, String, String, boolean, String, Integer)}
 257      */
 258     @Test
 259     public void testIngressAllowProto() throws Exception {
 260         ingressAclService.handleIngressAllowProto(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, true, HOST_ADDRESS, PRIORITY);
 261         verify(readWriteTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 262         verify(readWriteTransaction, times(1)).submit();
 263         verify(commitFuture, times(1)).get();
 264
 265         ingressAclService.handleIngressAllowProto(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, false, HOST_ADDRESS, PRIORITY);
 266         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 267         verify(readWriteTransaction, times(1)).submit();
 268         verify(commitFuture, times(2)).get(); // 1 + 1 above
 269     }
 270
 271     /**
 272      * Test method {@link IgressAclService#ingressACLPermitAllProto(Long, String, String, boolean, String, Integer)}
 273      */
 274     @Test
 275     public void testIngressACLPermitAllProto() throws Exception {
 276         ingressAclService.ingressACLPermitAllProto(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, true, HOST_ADDRESS, PRIORITY);
 277         verify(readWriteTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 278         verify(readWriteTransaction, times(1)).submit();
 279         verify(commitFuture, times(1)).get();
 280
 281         ingressAclService.ingressACLPermitAllProto(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, false, HOST_ADDRESS, PRIORITY);
 282         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 283         verify(readWriteTransaction, times(1)).submit();
 284         verify(commitFuture, times(2)).get(); // 1 + 1 above
 285     }
 286
 287     /**
 288      * Test method {@link IgressAclService#ingressACLTcpSyn(Long, String, String, boolean, Integer, Integer)}
 289      */
 290     @Test
 291     public void testIngressACLTcpSyn() throws Exception {
 292         ingressAclService.ingressACLTcpSyn(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, true, 1, PRIORITY);
 293         verify(readWriteTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 294         verify(readWriteTransaction, times(1)).submit();
 295         verify(commitFuture, times(1)).get();
 296
 297         ingressAclService.ingressACLTcpSyn(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, false, 1, PRIORITY);
 298         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 299         verify(readWriteTransaction, times(1)).submit();
 300         verify(commitFuture, times(2)).get(); // 1 + 1 above
 301     }
 302 }