2 * Copyright (c) 2015 Inocybe and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
9 package org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.services;
11 import static org.mockito.Matchers.any;
12 import static org.mockito.Matchers.anyBoolean;
13 import static org.mockito.Matchers.anyInt;
14 import static org.mockito.Matchers.anyLong;
15 import static org.mockito.Matchers.anyString;
16 import static org.mockito.Matchers.eq;
17 import static org.mockito.Mockito.mock;
18 import static org.mockito.Mockito.times;
19 import static org.mockito.Mockito.verify;
20 import static org.mockito.Mockito.when;
22 import java.util.ArrayList;
23 import java.util.List;
25 import org.junit.Assert;
26 import org.junit.Before;
27 import org.junit.Test;
28 import org.junit.runner.RunWith;
29 import org.mockito.InjectMocks;
30 import org.mockito.Mock;
31 import org.mockito.Mockito;
32 import org.mockito.Spy;
33 import org.mockito.invocation.InvocationOnMock;
34 import org.mockito.runners.MockitoJUnitRunner;
35 import org.mockito.stubbing.Answer;
36 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
37 import org.opendaylight.controller.md.sal.binding.api.WriteTransaction;
38 import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
39 import org.opendaylight.controller.md.sal.common.api.data.TransactionCommitFailedException;
40 import org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronSecurityGroup;
41 import org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronSecurityRule;
42 import org.opendaylight.ovsdb.openstack.netvirt.translator.Neutron_IPs;
43 import org.opendaylight.ovsdb.openstack.netvirt.api.Constants;
44 import org.opendaylight.ovsdb.openstack.netvirt.api.SecurityGroupCacheManger;
45 import org.opendaylight.ovsdb.openstack.netvirt.api.SecurityServicesManager;
46 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.PipelineOrchestrator;
47 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.Service;
48 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.inventory.rev130819.tables.table.FlowBuilder;
49 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.nodes.Node;
50 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.nodes.NodeBuilder;
51 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.Match;
52 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.EthernetMatch;
53 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.Icmpv4Match;
54 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._4.match.TcpMatch;
55 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._4.match.UdpMatch;
56 import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
57 import org.powermock.api.mockito.PowerMockito;
58 import org.powermock.modules.junit4.PowerMockRunner;
60 import com.google.common.util.concurrent.CheckedFuture;
63 * Unit test fort {@link IngressAclService}
65 @RunWith(PowerMockRunner.class)
66 @SuppressWarnings("unchecked")
67 public class IngressAclServiceTest {
69 @InjectMocks private IngressAclService ingressAclService = new IngressAclService();
70 private IngressAclService ingressAclServiceSpy;
72 @Mock private DataBroker dataBroker;
73 @Mock private PipelineOrchestrator orchestrator;
75 @Mock private WriteTransaction writeTransaction;
76 @Mock private CheckedFuture<Void, TransactionCommitFailedException> commitFuture;
78 @Mock private NeutronSecurityGroup securityGroup;
79 @Mock private NeutronSecurityRule portSecurityRule;
80 @Mock private SecurityServicesManager securityServices;
81 @Mock private SecurityGroupCacheManger securityGroupCacheManger;
83 private List<Neutron_IPs> neutronSrcIpList = new ArrayList<Neutron_IPs>();
84 private List<Neutron_IPs> neutronDestIpList = new ArrayList<Neutron_IPs>();
85 private Neutron_IPs neutron_ip_src;
86 private Neutron_IPs neutron_ip_dest_1;
87 private Neutron_IPs neutron_ip_dest_2;
89 private static final String SEGMENTATION_ID = "2";
90 private static final int PRIORITY = 1;
91 private static final String HOST_ADDRESS = "127.0.0.1/32";
92 private static final String MAC_ADDRESS = "87:1D:5E:02:40:B8";
93 private static final String SRC_IP = "192.168.0.1";
94 private static final String DEST_IP_1 = "192.169.0.1";
95 private static final String DEST_IP_2 = "192.169.0.2";
96 private static final String SECURITY_GROUP_UUID = "85cc3048-abc3-43cc-89b3-377341426ac5";
97 private static final String PORT_UUID = "95cc3048-abc3-43cc-89b3-377341426ac5";
98 private static final String SEGMENT_ID = "2";
99 private static final Long DP_ID_LONG = (long) 1554;
100 private static final Long LOCAL_PORT = (long) 124;
101 private static final int PORT_RANGE_MIN = 1;
102 private static final int PORT_RANGE_MAX = 65535;
103 private static FlowBuilder flowBuilder;
104 private static NodeBuilder nodeBuilder;
106 private static Answer<Object> answer() {
107 return new Answer<Object>() {
109 public CheckedFuture<Void, TransactionCommitFailedException> answer(InvocationOnMock invocation)
111 flowBuilder = (FlowBuilder) invocation.getArguments()[0];
112 nodeBuilder = (NodeBuilder) invocation.getArguments()[1];
119 public void setUp() {
120 ingressAclServiceSpy = PowerMockito.spy(ingressAclService);
122 when(writeTransaction.submit()).thenReturn(commitFuture);
124 when(dataBroker.newWriteOnlyTransaction()).thenReturn(writeTransaction);
126 when(orchestrator.getNextServiceInPipeline(any(Service.class))).thenReturn(Service.ARP_RESPONDER);
128 portSecurityRule = mock(NeutronSecurityRule.class);
129 when(portSecurityRule.getSecurityRuleEthertype()).thenReturn("IPv4");
130 when(portSecurityRule.getSecurityRuleDirection()).thenReturn("ingress");
132 List<NeutronSecurityRule> portSecurityList = new ArrayList<NeutronSecurityRule>();
133 portSecurityList.add(portSecurityRule);
135 neutron_ip_src = new Neutron_IPs();
136 neutron_ip_src.setIpAddress(SRC_IP);
137 neutronSrcIpList.add(neutron_ip_src);
139 neutron_ip_dest_1 = new Neutron_IPs();
140 neutron_ip_dest_1.setIpAddress(DEST_IP_1);
141 neutronDestIpList.add(neutron_ip_dest_1);
143 neutron_ip_dest_2 = new Neutron_IPs();
144 neutron_ip_dest_2.setIpAddress(DEST_IP_2);
145 neutronDestIpList.add(neutron_ip_dest_2);
148 when(securityGroup.getSecurityRules()).thenReturn(portSecurityList);
149 when(securityServices.getVmListForSecurityGroup
150 (PORT_UUID, SECURITY_GROUP_UUID)).thenReturn(neutronDestIpList);
154 * Rule 1: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (True), IP Prefix (True)
157 public void testProgramPortSecurityACLRule1() throws Exception {
158 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
159 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(1);
160 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
161 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
163 ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
164 verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
165 verify(ingressAclServiceSpy, times(1)).ingressACLTcpPortWithPrefix(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyString(), anyInt());
166 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
167 verify(writeTransaction, times(2)).submit();
168 verify(commitFuture, times(2)).get();
173 * Rule 2: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (False), IP Prefix (True)
176 public void testProgramPortSecurityACLRule2() throws Exception {
177 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
178 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
179 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
180 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
182 ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
183 verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
184 verify(ingressAclServiceSpy, times(1)).ingressACLTcpPortWithPrefix(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyString(), anyInt());
185 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
186 verify(writeTransaction, times(2)).submit();
187 verify(commitFuture, times(2)).get();
191 * Rule 3: TCP Proto (True), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (True)
194 public void testProgramPortSecurityACLRule3() throws Exception {
195 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
196 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
197 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
198 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
200 ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
201 verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
202 verify(ingressAclServiceSpy, times(1)).ingressACLPermitAllProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
203 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
204 verify(writeTransaction, times(2)).submit();
205 verify(commitFuture, times(2)).get();
209 * Rule 4: TCP Proto (False), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (True)
212 public void testProgramPortSecurityACLRule4() throws Exception {
213 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
214 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
215 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
216 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
218 ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
219 verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
220 verify(ingressAclServiceSpy, times(1)).ingressACLPermitAllProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
221 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
222 verify(writeTransaction, times(2)).submit();
223 verify(commitFuture, times(2)).get();
227 * Rule 5: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (True), IP Prefix (False)
230 public void testProgramPortSecurityACLRule5() throws Exception {
231 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
232 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(1);
233 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
234 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
236 ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
237 verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
238 verify(ingressAclServiceSpy, times(1)).ingressACLTcpSyn(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyInt());
239 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
240 verify(writeTransaction, times(2)).submit();
241 verify(commitFuture, times(2)).get();
245 * Rule 6: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (False), IP Prefix (False)
248 public void testProgramPortSecurityACLRule6() throws Exception {
249 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
250 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
251 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
252 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
254 ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
255 verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
256 verify(ingressAclServiceSpy, times(1)).ingressACLTcpSyn(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyInt());
257 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
258 verify(writeTransaction, times(2)).submit();
259 verify(commitFuture, times(2)).get();
263 * Rule 7: TCP Proto (True), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (False or 0.0.0.0/0)
266 public void testProgramPortSecurityACLRule7() throws Exception {
267 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
268 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
269 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
270 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
272 ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
273 verify(ingressAclServiceSpy, times(1)).handleIngressAllowProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
274 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
275 verify(writeTransaction, times(1)).submit();
276 verify(commitFuture, times(1)).get();
280 * Test IPv4 add test case.
283 public void testProgramPortSecurityACLRuleAddIpv4() throws Exception {
284 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
285 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
286 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
287 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
289 ingressAclServiceSpy.programPortSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,PORT_UUID,true);
291 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
292 verify(writeTransaction, times(1)).submit();
293 verify(commitFuture, times(1)).get();
297 * Test IPv4 remove test case.
300 public void testProgramPortSecurityACLRuleRemoveIpv4() throws Exception {
301 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
302 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
303 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
304 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
306 ingressAclServiceSpy.programPortSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,PORT_UUID,false);
308 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
309 verify(writeTransaction, times(1)).submit();
310 verify(commitFuture, times(1)).get();
314 * Test TCP add with port no and CIDR selected.
317 public void testProgramPortSecurityACLRuleAddTcp1() throws Exception {
318 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
319 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(20);
320 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(20);
321 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
322 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
323 any(NodeBuilder.class));
325 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
328 Match match = flowBuilder.getMatch();
329 EthernetMatch ethMatch = match.getEthernetMatch();
330 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
332 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
333 TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
334 Assert.assertEquals(20, layer4Match.getTcpDestinationPort().getValue().intValue());
335 int port = portSecurityRule.getSecurityRulePortMin();
336 Assert.assertEquals("Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
337 "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
341 * Test TCP remove with port no and CIDR selected.
344 public void testProgramPortSecurityACLRuleRemoveTcp1() throws Exception {
345 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
346 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(15);
347 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(15);
348 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
349 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
350 any(NodeBuilder.class));
352 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
355 Match match = flowBuilder.getMatch();
356 EthernetMatch ethMatch = match.getEthernetMatch();
357 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
359 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
360 TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
361 Assert.assertEquals(15, layer4Match.getTcpDestinationPort().getValue().intValue());
362 int port = portSecurityRule.getSecurityRulePortMin();
363 Assert.assertEquals("Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
364 "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
368 * Test TCP add with port no and remote SG selected.
371 public void testProgramPortSecurityACLRuleAddTcp2() throws Exception {
372 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
373 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
374 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
375 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
376 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
377 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
378 any(NodeBuilder.class));
379 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
382 Match match = flowBuilder.getMatch();
383 EthernetMatch ethMatch = match.getEthernetMatch();
384 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
386 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
387 TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
388 Assert.assertEquals(50, layer4Match.getTcpDestinationPort().getValue().intValue());
389 int port = portSecurityRule.getSecurityRulePortMin();
390 String expectedFlowId1 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_1 +
392 String expectedFlowId2 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_2 +
394 String actualFlowId = flowBuilder.getFlowName();
395 if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
396 Assert.assertTrue(true);
398 Assert.assertTrue(false);
403 * Test TCP remove with port no and remote SG selected.
406 public void testProgramPortSecurityACLRuleRemoveTcp2() throws Exception {
407 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
408 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
409 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
410 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
411 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
412 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
413 any(NodeBuilder.class));
415 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
418 Match match = flowBuilder.getMatch();
419 EthernetMatch ethMatch = match.getEthernetMatch();
420 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
422 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
423 TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
424 Assert.assertEquals(50, layer4Match.getTcpDestinationPort().getValue().intValue());
425 int port = portSecurityRule.getSecurityRulePortMin();
426 String expectedFlowId1 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_1 +
428 String expectedFlowId2 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_2 +
430 String actualFlowId = flowBuilder.getFlowName();
431 if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
432 Assert.assertTrue(true);
434 Assert.assertTrue(false);
440 * Test TCP add with port (All TCP) and CIDR selected.
443 public void testProgramPortSecurityACLRuleAddTcpAll1() throws Exception {
444 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
445 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
446 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
447 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
448 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
449 any(NodeBuilder.class));
451 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
454 Match match = flowBuilder.getMatch();
455 EthernetMatch ethMatch = match.getEthernetMatch();
456 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
458 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
459 Assert.assertEquals("Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
460 PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
464 * Test TCP remove with port (All TCP) and CIDR selected.
467 public void testProgramPortSecurityACLRuleRemoveTcpAll1() throws Exception {
468 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
469 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
470 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
471 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
472 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
473 any(NodeBuilder.class));
475 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
478 Match match = flowBuilder.getMatch();
479 EthernetMatch ethMatch = match.getEthernetMatch();
480 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
482 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
483 Assert.assertEquals("Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
484 PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
488 * Test TCP add with port (All TCP) and remote SG selected.
491 public void testProgramPortSecurityACLRuleAddTcpAll2() throws Exception {
492 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
493 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
494 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
495 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
496 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
497 any(NodeBuilder.class));
498 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
501 Match match = flowBuilder.getMatch();
502 EthernetMatch ethMatch = match.getEthernetMatch();
503 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
505 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
506 String expectedFlowId1 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
507 PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
508 String expectedFlowId2 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
509 PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
510 String actualFlowId = flowBuilder.getFlowName();
511 if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
512 Assert.assertTrue(true);
514 Assert.assertTrue(false);
519 * Test TCP remove with port (All TCP) and remote SG selected.
522 public void testProgramPortSecurityACLRuleRemoveTcpAll2() throws Exception {
523 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
524 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
525 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
526 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
527 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
528 any(NodeBuilder.class));
530 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
533 Match match = flowBuilder.getMatch();
534 EthernetMatch ethMatch = match.getEthernetMatch();
535 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
537 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
538 TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
539 String expectedFlowId1 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + PORT_RANGE_MIN + "_" +
540 PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
541 String expectedFlowId2 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + PORT_RANGE_MIN + "_" +
542 PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
543 String actualFlowId = flowBuilder.getFlowName();
544 if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
545 Assert.assertTrue(true);
547 Assert.assertTrue(false);
552 * Test UDP add with port no and CIDR selected.
555 public void testProgramPortSecurityACLRuleAddUdp1() throws Exception {
556 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
557 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
558 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
559 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
560 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
561 any(NodeBuilder.class));
563 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
566 Match match = flowBuilder.getMatch();
567 EthernetMatch ethMatch = match.getEthernetMatch();
568 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
570 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
571 UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
572 Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
573 int port = portSecurityRule.getSecurityRulePortMin();
574 Assert.assertEquals("Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
575 "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
579 * Test UDP remove with port no and CIDR selected.
582 public void testProgramPortSecurityACLRuleRemoveUdp1() throws Exception {
583 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
584 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
585 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
586 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
587 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
588 any(NodeBuilder.class));
590 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
593 Match match = flowBuilder.getMatch();
594 EthernetMatch ethMatch = match.getEthernetMatch();
595 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
597 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
598 UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
599 Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
600 int port = portSecurityRule.getSecurityRulePortMin();
601 Assert.assertEquals("Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
602 "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
606 * Test UDP add with port no and remote SG selected.
609 public void testProgramPortSecurityACLRuleAddUdp2() throws Exception {
610 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
611 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
612 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
613 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
614 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
615 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
616 any(NodeBuilder.class));
617 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
620 Match match = flowBuilder.getMatch();
621 EthernetMatch ethMatch = match.getEthernetMatch();
622 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
624 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
625 UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
626 Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
627 int port = portSecurityRule.getSecurityRulePortMin();
628 String expectedFlowId1 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_1 +
630 String expectedFlowId2 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_2 +
632 String actualFlowId = flowBuilder.getFlowName();
633 if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
634 Assert.assertTrue(true);
636 Assert.assertTrue(false);
641 * Test UDP remove with port no and remote SG selected.
644 public void testProgramPortSecurityACLRuleRemoveUdp2() throws Exception {
645 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
646 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
647 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
648 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
649 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
650 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
651 any(NodeBuilder.class));
652 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
655 Match match = flowBuilder.getMatch();
656 EthernetMatch ethMatch = match.getEthernetMatch();
657 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
659 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
660 UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
661 Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
662 int port = portSecurityRule.getSecurityRulePortMin();
663 String expectedFlowId1 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_1 +
665 String expectedFlowId2 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_2 +
667 String actualFlowId = flowBuilder.getFlowName();
668 if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
669 Assert.assertTrue(true);
671 Assert.assertTrue(false);
676 * Test UDP add with ports (All UDP) and CIDR selected.
679 public void testProgramPortSecurityACLRuleAddUdpAll1() throws Exception {
680 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
681 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
682 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
683 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
684 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
685 any(NodeBuilder.class));
687 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
690 Match match = flowBuilder.getMatch();
691 EthernetMatch ethMatch = match.getEthernetMatch();
692 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
694 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
695 Assert.assertEquals("Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
696 PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
700 * Test UDP remove with ports (All UDP) and CIDR selected.
703 public void testProgramPortSecurityACLRuleRemoveUdpAll1() throws Exception {
704 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
705 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
706 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
707 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
708 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
709 any(NodeBuilder.class));
711 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
714 Match match = flowBuilder.getMatch();
715 EthernetMatch ethMatch = match.getEthernetMatch();
716 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
718 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
719 Assert.assertEquals("Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
720 PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
724 * Test UDP add with ports (All UDP) and remote SG selected.
727 public void testProgramPortSecurityACLRuleAddUdpAll2() throws Exception {
728 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
729 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
730 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
731 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
732 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
733 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
734 any(NodeBuilder.class));
735 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
738 Match match = flowBuilder.getMatch();
739 EthernetMatch ethMatch = match.getEthernetMatch();
740 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
742 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
743 String expectedFlowId1 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + PORT_RANGE_MIN + "_" +
744 PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
745 String expectedFlowId2 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + PORT_RANGE_MIN + "_" +
746 PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
747 String actualFlowId = flowBuilder.getFlowName();
748 if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
749 Assert.assertTrue(true);
751 Assert.assertTrue(false);
756 * Test UDP remove with ports (All UDP) and remote SG selected.
759 public void testProgramPortSecurityACLRuleRemoveUdpAll2() throws Exception {
760 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
761 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
762 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
763 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
764 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
765 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
766 any(NodeBuilder.class));
767 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
770 Match match = flowBuilder.getMatch();
771 EthernetMatch ethMatch = match.getEthernetMatch();
772 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
774 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
775 String expectedFlowId1 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + PORT_RANGE_MIN + "_" +
776 PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
777 String expectedFlowId2 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + PORT_RANGE_MIN + "_" +
778 PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
779 String actualFlowId = flowBuilder.getFlowName();
780 if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
781 Assert.assertTrue(true);
783 Assert.assertTrue(false);
788 * Test ICMP add with code, type and CIDR selected.
791 public void testProgramPortSecurityACLRuleAddIcmp1() throws Exception {
792 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
793 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(10);
794 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(10);
795 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
797 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
798 any(NodeBuilder.class));
799 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID,
800 MAC_ADDRESS, LOCAL_PORT, securityGroup, PORT_UUID, true);
801 Match match = flowBuilder.getMatch();
802 Icmpv4Match icmpv4Match = match.getIcmpv4Match();
803 Assert.assertEquals(10, icmpv4Match.getIcmpv4Type().shortValue());
804 Assert.assertEquals(10, icmpv4Match.getIcmpv4Code().shortValue());
805 EthernetMatch ethMatch = match.getEthernetMatch();
806 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
807 Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
808 Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
809 Assert.assertEquals("Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code
810 + "_0.0.0.0/24_Permit",
811 flowBuilder.getFlowName());
815 * Test ICMP remove with code, type and CIDR selected.
818 public void testProgramPortSecurityACLRuleRemoveIcmp1() throws Exception {
819 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
820 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(20);
821 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(20);
822 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
823 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
824 any(NodeBuilder.class));
826 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID,
827 MAC_ADDRESS, LOCAL_PORT, securityGroup, PORT_UUID, false);
828 Match match = flowBuilder.getMatch();
829 Icmpv4Match icmpv4Match = match.getIcmpv4Match();
830 Assert.assertEquals(20, icmpv4Match.getIcmpv4Type().shortValue());
831 Assert.assertEquals(20, icmpv4Match.getIcmpv4Code().shortValue());
832 EthernetMatch ethMatch = match.getEthernetMatch();
833 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
834 Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
835 Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
836 Assert.assertEquals("Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code
837 + "_0.0.0.0/24_Permit",
838 flowBuilder.getFlowName());
842 * Test ICMP add with code, type and remote SG selected.
845 public void testProgramPortSecurityACLRuleAddIcmp2() throws Exception {
846 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
847 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(30);
848 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(30);
849 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
850 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
851 any(NodeBuilder.class));
853 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID,
854 MAC_ADDRESS, LOCAL_PORT, securityGroup, PORT_UUID, true);
855 Match match = flowBuilder.getMatch();
856 Icmpv4Match icmpv4Match =match.getIcmpv4Match();
857 Assert.assertEquals(30, icmpv4Match.getIcmpv4Type().shortValue());
858 Assert.assertEquals(30, icmpv4Match.getIcmpv4Code().shortValue());
859 EthernetMatch ethMatch = match.getEthernetMatch();
860 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
861 Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
862 Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
863 String expectedFlowId1 = "Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + type + "_" + code + "_"
864 + DEST_IP_1 + "_Permit";
865 String expectedFlowId2 = "Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + type + "_" + code + "_"
866 + DEST_IP_2 + "_Permit";
867 String actualFlowId = flowBuilder.getFlowName();
868 if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
869 Assert.assertTrue(true);
871 Assert.assertTrue(false);
876 * Test ICMP remove with code, type and remote SG selected.
879 public void testProgramPortSecurityACLRuleRemoveIcmp2() throws Exception {
880 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
881 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(40);
882 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(40);
883 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
884 PowerMockito.doAnswer(answer())
885 .when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class), any(NodeBuilder.class));
887 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID,
888 MAC_ADDRESS, LOCAL_PORT, securityGroup, PORT_UUID, false);
889 Match match = flowBuilder.getMatch();
890 Icmpv4Match icmpv4Match = match.getIcmpv4Match();
891 Assert.assertEquals(40, icmpv4Match.getIcmpv4Type().shortValue());
892 Assert.assertEquals(40, icmpv4Match.getIcmpv4Code().shortValue());
893 EthernetMatch ethMatch = match.getEthernetMatch();
894 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
895 Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
896 Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
897 String expectedFlowId1 = "Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + type + "_" + code + "_"
898 + DEST_IP_1 + "_Permit";
899 String expectedFlowId2 = "Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + type + "_" + code + "_"
900 + DEST_IP_2 + "_Permit";
901 String actualFlowId = flowBuilder.getFlowName();
902 if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
903 Assert.assertTrue(true);
905 Assert.assertTrue(false);
910 * Test IPv4 invalid ether type test case.
913 public void testProgramPortSecurityACLRuleInvalidEther() throws Exception {
914 when(portSecurityRule.getSecurityRuleEthertype()).thenReturn("IPV6");
916 ingressAclServiceSpy.programPortSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,PORT_UUID,false);
918 verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
919 verify(writeTransaction, times(0)).submit();
920 verify(commitFuture, times(0)).get();
924 * Test IPv4 invalid direction type test case.
927 public void testProgramPortSecurityACLRuleInvalidDirection() throws Exception {
928 when(portSecurityRule.getSecurityRuleDirection()).thenReturn("edgress");
930 ingressAclServiceSpy.programPortSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,PORT_UUID,false);
932 verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
933 verify(writeTransaction, times(0)).submit();
934 verify(commitFuture, times(0)).get();
938 * Test With isLastPortInBridge false isComputeNode false
941 public void testProgramFixedSecurityACLAdd1() throws Exception {
942 ingressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, false, false, true);
944 verify(writeTransaction, times(0)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
945 verify(writeTransaction, times(0)).submit();
946 verify(commitFuture, times(0)).get();
949 * Test With isLastPortInBridge false isComputeNode false
952 public void testProgramFixedSecurityACLRemove1() throws Exception {
954 ingressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, false, false, false);
956 verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
957 verify(writeTransaction, times(0)).submit();
958 verify(commitFuture, times(0)).get();
962 * Test method {@link IgressAclService#egressACLDefaultTcpDrop(Long, String, String, int, boolean)}
965 public void testIgressACLDefaultTcpDrop() throws Exception {
966 ingressAclService.ingressACLDefaultTcpDrop(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, PRIORITY, true);
967 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
968 verify(writeTransaction, times(1)).submit();
969 verify(commitFuture, times(1)).get();
971 ingressAclService.ingressACLDefaultTcpDrop(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, PRIORITY, false);
972 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
973 verify(writeTransaction, times(2)).submit();
974 verify(commitFuture, times(2)).get(); // 1 + 1 above
978 * Test method {@link IgressAclService#ingressACLTcpPortWithPrefix(Long, String, String, boolean, Integer, String, Integer)}
981 public void testIngressACLTcpPortWithPrefix() throws Exception {
982 ingressAclService.ingressACLTcpPortWithPrefix(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, true, 1, HOST_ADDRESS, PRIORITY);
983 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
984 verify(writeTransaction, times(1)).submit();
985 verify(commitFuture, times(1)).get();
987 ingressAclService.ingressACLTcpPortWithPrefix(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, false, 1, HOST_ADDRESS, PRIORITY);
988 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
989 verify(writeTransaction, times(2)).submit();
990 verify(commitFuture, times(2)).get(); // 1 + 1 above
994 * Test method {@link IgressAclService#handleIngressAllowProto(Long, String, String, boolean, String, Integer)}
997 public void testIngressAllowProto() throws Exception {
998 ingressAclService.handleIngressAllowProto(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, true, HOST_ADDRESS, PRIORITY);
999 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
1000 verify(writeTransaction, times(1)).submit();
1001 verify(commitFuture, times(1)).get();
1003 ingressAclService.handleIngressAllowProto(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, false, HOST_ADDRESS, PRIORITY);
1004 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1005 verify(writeTransaction, times(2)).submit();
1006 verify(commitFuture, times(2)).get(); // 1 + 1 above
1010 * Test method {@link IgressAclService#ingressACLPermitAllProto(Long, String, String, boolean, String, Integer)}
1013 public void testIngressACLPermitAllProto() throws Exception {
1014 ingressAclService.ingressACLPermitAllProto(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, true, HOST_ADDRESS, PRIORITY);
1015 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
1016 verify(writeTransaction, times(1)).submit();
1017 verify(commitFuture, times(1)).get();
1019 ingressAclService.ingressACLPermitAllProto(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, false, HOST_ADDRESS, PRIORITY);
1020 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1021 verify(writeTransaction, times(2)).submit();
1022 verify(commitFuture, times(2)).get(); // 1 + 1 above
1026 * Test method {@link IgressAclService#ingressACLTcpSyn(Long, String, String, boolean, Integer, Integer)}
1029 public void testIngressACLTcpSyn() throws Exception {
1030 ingressAclService.ingressACLTcpSyn(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, true, 1, PRIORITY);
1031 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
1032 verify(writeTransaction, times(1)).submit();
1033 verify(commitFuture, times(1)).get();
1035 ingressAclService.ingressACLTcpSyn(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, false, 1, PRIORITY);
1036 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1037 verify(writeTransaction, times(2)).submit();
1038 verify(commitFuture, times(2)).get(); // 1 + 1 above