openstack/net-virt-providers/src/test/java/org/opendaylight/ovsdb/openstack/netvirt/providers/openflow13/services/IngressAclServiceTest.java

   1 /*
   2  * Copyright (c) 2015 Inocybe and others.  All rights reserved.
   3  *
   4  * This program and the accompanying materials are made available under the
   5  * terms of the Eclipse Public License v1.0 which accompanies this distribution,
   6  * and is available at http://www.eclipse.org/legal/epl-v10.html
   7  */
   8
   9 package org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.services;
  10
  11 import static org.mockito.Matchers.any;
  12 import static org.mockito.Matchers.anyBoolean;
  13 import static org.mockito.Matchers.anyInt;
  14 import static org.mockito.Matchers.anyLong;
  15 import static org.mockito.Matchers.anyString;
  16 import static org.mockito.Matchers.eq;
  17 import static org.mockito.Mockito.mock;
  18 import static org.mockito.Mockito.times;
  19 import static org.mockito.Mockito.verify;
  20 import static org.mockito.Mockito.when;
  21
  22 import java.util.ArrayList;
  23 import java.util.List;
  24
  25 import org.junit.Assert;
  26 import org.junit.Before;
  27 import org.junit.Test;
  28 import org.junit.runner.RunWith;
  29 import org.mockito.InjectMocks;
  30 import org.mockito.Mock;
  31 import org.mockito.Mockito;
  32 import org.mockito.Spy;
  33 import org.mockito.invocation.InvocationOnMock;
  34 import org.mockito.runners.MockitoJUnitRunner;
  35 import org.mockito.stubbing.Answer;
  36 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
  37 import org.opendaylight.controller.md.sal.binding.api.WriteTransaction;
  38 import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
  39 import org.opendaylight.controller.md.sal.common.api.data.TransactionCommitFailedException;
  40 import org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronSecurityGroup;
  41 import org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronSecurityRule;
  42 import org.opendaylight.ovsdb.openstack.netvirt.translator.Neutron_IPs;
  43 import org.opendaylight.ovsdb.openstack.netvirt.api.Constants;
  44 import org.opendaylight.ovsdb.openstack.netvirt.api.SecurityGroupCacheManger;
  45 import org.opendaylight.ovsdb.openstack.netvirt.api.SecurityServicesManager;
  46 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.PipelineOrchestrator;
  47 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.Service;
  48 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.inventory.rev130819.tables.table.FlowBuilder;
  49 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.nodes.Node;
  50 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.nodes.NodeBuilder;
  51 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.Match;
  52 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.EthernetMatch;
  53 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.Icmpv4Match;
  54 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._4.match.TcpMatch;
  55 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._4.match.UdpMatch;
  56 import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
  57 import org.powermock.api.mockito.PowerMockito;
  58 import org.powermock.modules.junit4.PowerMockRunner;
  59
  60 import com.google.common.util.concurrent.CheckedFuture;
  61
  62 /**
  63  * Unit test fort {@link IngressAclService}
  64  */
  65 @RunWith(PowerMockRunner.class)
  66 @SuppressWarnings("unchecked")
  67 public class IngressAclServiceTest {
  68
  69     @InjectMocks private IngressAclService ingressAclService = new IngressAclService();
  70     private IngressAclService ingressAclServiceSpy;
  71
  72     @Mock private DataBroker dataBroker;
  73     @Mock private PipelineOrchestrator orchestrator;
  74
  75     @Mock private WriteTransaction writeTransaction;
  76     @Mock private CheckedFuture<Void, TransactionCommitFailedException> commitFuture;
  77
  78     @Mock private NeutronSecurityGroup securityGroup;
  79     @Mock private NeutronSecurityRule portSecurityRule;
  80     @Mock private SecurityServicesManager securityServices;
  81     @Mock private SecurityGroupCacheManger securityGroupCacheManger;
  82
  83     private List<Neutron_IPs> neutronSrcIpList = new ArrayList<Neutron_IPs>();
  84     private List<Neutron_IPs> neutronDestIpList = new ArrayList<Neutron_IPs>();
  85     private Neutron_IPs neutron_ip_src;
  86     private Neutron_IPs neutron_ip_dest_1;
  87     private Neutron_IPs neutron_ip_dest_2;
  88
  89     private static final String SEGMENTATION_ID = "2";
  90     private static final int PRIORITY = 1;
  91     private static final String HOST_ADDRESS = "127.0.0.1/32";
  92     private static final String MAC_ADDRESS = "87:1D:5E:02:40:B8";
  93     private static final String SRC_IP = "192.168.0.1";
  94     private static final String DEST_IP_1 = "192.169.0.1";
  95     private static final String DEST_IP_2 = "192.169.0.2";
  96     private static final String SECURITY_GROUP_UUID = "85cc3048-abc3-43cc-89b3-377341426ac5";
  97     private static final String PORT_UUID = "95cc3048-abc3-43cc-89b3-377341426ac5";
  98     private static final String SEGMENT_ID = "2";
  99     private static final Long DP_ID_LONG = (long) 1554;
 100     private static final Long LOCAL_PORT = (long) 124;
 101     private static final int PORT_RANGE_MIN = 1;
 102     private static final int PORT_RANGE_MAX = 65535;
 103     private static FlowBuilder flowBuilder;
 104     private static NodeBuilder nodeBuilder;
 105
 106     private static Answer<Object> answer() {
 107         return new Answer<Object>() {
 108             @Override
 109             public CheckedFuture<Void, TransactionCommitFailedException> answer(InvocationOnMock invocation)
 110                     throws Throwable {
 111                 flowBuilder = (FlowBuilder) invocation.getArguments()[0];
 112                 nodeBuilder = (NodeBuilder) invocation.getArguments()[1];
 113                 return null;
 114             }
 115         };
 116     }
 117
 118     @Before
 119     public void setUp() {
 120         ingressAclServiceSpy = PowerMockito.spy(ingressAclService);
 121
 122         when(writeTransaction.submit()).thenReturn(commitFuture);
 123
 124         when(dataBroker.newWriteOnlyTransaction()).thenReturn(writeTransaction);
 125
 126         when(orchestrator.getNextServiceInPipeline(any(Service.class))).thenReturn(Service.ARP_RESPONDER);
 127
 128         portSecurityRule = mock(NeutronSecurityRule.class);
 129         when(portSecurityRule.getSecurityRuleEthertype()).thenReturn("IPv4");
 130         when(portSecurityRule.getSecurityRuleDirection()).thenReturn("ingress");
 131
 132         List<NeutronSecurityRule> portSecurityList = new ArrayList<NeutronSecurityRule>();
 133         portSecurityList.add(portSecurityRule);
 134
 135         neutron_ip_src = new Neutron_IPs();
 136         neutron_ip_src.setIpAddress(SRC_IP);
 137         neutronSrcIpList.add(neutron_ip_src);
 138
 139         neutron_ip_dest_1 = new Neutron_IPs();
 140         neutron_ip_dest_1.setIpAddress(DEST_IP_1);
 141         neutronDestIpList.add(neutron_ip_dest_1);
 142
 143         neutron_ip_dest_2 = new Neutron_IPs();
 144         neutron_ip_dest_2.setIpAddress(DEST_IP_2);
 145         neutronDestIpList.add(neutron_ip_dest_2);
 146
 147
 148         when(securityGroup.getSecurityRules()).thenReturn(portSecurityList);
 149         when(securityServices.getVmListForSecurityGroup
 150              (PORT_UUID, SECURITY_GROUP_UUID)).thenReturn(neutronDestIpList);
 151     }
 152
 153    /* *//**
 154      * Rule 1: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (True), IP Prefix (True)
 155      *//*
 156     @Test
 157     public void testProgramPortSecurityACLRule1() throws Exception {
 158         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 159         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(1);
 160         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
 161         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
 162
 163         ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
 164         verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 165         verify(ingressAclServiceSpy, times(1)).ingressACLTcpPortWithPrefix(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyString(), anyInt());
 166         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 167         verify(writeTransaction, times(2)).submit();
 168         verify(commitFuture, times(2)).get();
 169     }
 170
 171
 172     *//**
 173      * Rule 2: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (False), IP Prefix (True)
 174      *//*
 175     @Test
 176     public void testProgramPortSecurityACLRule2() throws Exception {
 177         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 178         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 179         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
 180         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
 181
 182         ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
 183         verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 184         verify(ingressAclServiceSpy, times(1)).ingressACLTcpPortWithPrefix(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyString(), anyInt());
 185         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 186         verify(writeTransaction, times(2)).submit();
 187         verify(commitFuture, times(2)).get();
 188     }
 189
 190     *//**
 191      * Rule 3: TCP Proto (True), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (True)
 192      *//*
 193     @Test
 194     public void testProgramPortSecurityACLRule3() throws Exception {
 195         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 196         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 197         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
 198         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
 199
 200         ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
 201         verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 202         verify(ingressAclServiceSpy, times(1)).ingressACLPermitAllProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
 203         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 204         verify(writeTransaction, times(2)).submit();
 205         verify(commitFuture, times(2)).get();
 206     }
 207
 208     *//**
 209      * Rule 4: TCP Proto (False), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (True)
 210      *//*
 211     @Test
 212     public void testProgramPortSecurityACLRule4() throws Exception {
 213         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
 214         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 215         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
 216         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
 217
 218         ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
 219         verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 220         verify(ingressAclServiceSpy, times(1)).ingressACLPermitAllProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
 221         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 222         verify(writeTransaction, times(2)).submit();
 223         verify(commitFuture, times(2)).get();
 224     }
 225
 226     *//**
 227      * Rule 5: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (True), IP Prefix (False)
 228      *//*
 229     @Test
 230     public void testProgramPortSecurityACLRule5() throws Exception {
 231         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 232         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(1);
 233         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
 234         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
 235
 236         ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
 237         verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 238         verify(ingressAclServiceSpy, times(1)).ingressACLTcpSyn(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyInt());
 239         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 240         verify(writeTransaction, times(2)).submit();
 241         verify(commitFuture, times(2)).get();
 242     }
 243
 244     *//**
 245      * Rule 6: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (False), IP Prefix (False)
 246      *//*
 247     @Test
 248     public void testProgramPortSecurityACLRule6() throws Exception {
 249         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 250         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 251         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
 252         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
 253
 254         ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
 255         verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 256         verify(ingressAclServiceSpy, times(1)).ingressACLTcpSyn(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyInt());
 257         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 258         verify(writeTransaction, times(2)).submit();
 259         verify(commitFuture, times(2)).get();
 260     }
 261
 262     *//**
 263      * Rule 7: TCP Proto (True), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (False or 0.0.0.0/0)
 264      *//*
 265     @Test
 266     public void testProgramPortSecurityACLRule7() throws Exception {
 267         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 268         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 269         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
 270         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
 271
 272         ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
 273         verify(ingressAclServiceSpy, times(1)).handleIngressAllowProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
 274         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 275         verify(writeTransaction, times(1)).submit();
 276         verify(commitFuture, times(1)).get();
 277     }
 278 */
 279     /**
 280      *  Test IPv4 add test case.
 281      */
 282     @Test
 283     public void testProgramPortSecurityACLRuleAddIpv4() throws Exception {
 284         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
 285         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 286         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
 287         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
 288
 289         ingressAclServiceSpy.programPortSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,PORT_UUID,true);
 290
 291         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
 292         verify(writeTransaction, times(1)).submit();
 293         verify(commitFuture, times(1)).get();
 294     }
 295
 296     /**
 297      *  Test IPv4 remove test case.
 298      */
 299     @Test
 300     public void testProgramPortSecurityACLRuleRemoveIpv4() throws Exception {
 301         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
 302         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 303         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
 304         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
 305
 306         ingressAclServiceSpy.programPortSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,PORT_UUID,false);
 307
 308         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 309         verify(writeTransaction, times(1)).submit();
 310         verify(commitFuture, times(1)).get();
 311     }
 312
 313     /**
 314      *  Test TCP add with port no and CIDR selected.
 315      */
 316     @Test
 317     public void testProgramPortSecurityACLRuleAddTcp1() throws Exception {
 318         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 319         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(20);
 320         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(20);
 321         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 322         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 323                                              any(NodeBuilder.class));
 324
 325         ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 326                                                       PORT_UUID, true);
 327
 328         Match match = flowBuilder.getMatch();
 329         EthernetMatch ethMatch = match.getEthernetMatch();
 330         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 331
 332         Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
 333         TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
 334         Assert.assertEquals(20, layer4Match.getTcpDestinationPort().getValue().intValue());
 335         int port = portSecurityRule.getSecurityRulePortMin();
 336         Assert.assertEquals("Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
 337                             "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
 338     }
 339
 340     /**
 341      *  Test TCP remove with port no and CIDR selected.
 342      */
 343     @Test
 344     public void testProgramPortSecurityACLRuleRemoveTcp1() throws Exception {
 345         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 346         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(15);
 347         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(15);
 348         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 349         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 350                                              any(NodeBuilder.class));
 351
 352         ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 353                                                       PORT_UUID, false);
 354
 355         Match match = flowBuilder.getMatch();
 356         EthernetMatch ethMatch = match.getEthernetMatch();
 357         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 358
 359         Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
 360         TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
 361         Assert.assertEquals(15, layer4Match.getTcpDestinationPort().getValue().intValue());
 362         int port = portSecurityRule.getSecurityRulePortMin();
 363         Assert.assertEquals("Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
 364                             "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
 365     }
 366
 367     /**
 368      *  Test TCP add with port no and remote SG selected.
 369      */
 370     @Test
 371     public void testProgramPortSecurityACLRuleAddTcp2() throws Exception {
 372         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 373         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
 374         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
 375         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 376         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 377         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 378                                              any(NodeBuilder.class));
 379         ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 380                                                       PORT_UUID, true);
 381
 382         Match match = flowBuilder.getMatch();
 383         EthernetMatch ethMatch = match.getEthernetMatch();
 384         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 385
 386         Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
 387         TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
 388         Assert.assertEquals(50, layer4Match.getTcpDestinationPort().getValue().intValue());
 389         int port = portSecurityRule.getSecurityRulePortMin();
 390         String expectedFlowId1 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_1 +
 391                 "_Permit";
 392         String expectedFlowId2 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_2 +
 393                 "_Permit";
 394         String actualFlowId = flowBuilder.getFlowName();
 395         if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 396             Assert.assertTrue(true);
 397         } else {
 398             Assert.assertTrue(false);
 399         }
 400     }
 401
 402     /**
 403      *  Test TCP remove with port no and remote SG selected.
 404      */
 405     @Test
 406     public void testProgramPortSecurityACLRuleRemoveTcp2() throws Exception {
 407         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 408         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
 409         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
 410         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 411         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 412         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 413                                              any(NodeBuilder.class));
 414
 415         ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 416                                                       PORT_UUID, false);
 417
 418         Match match = flowBuilder.getMatch();
 419         EthernetMatch ethMatch = match.getEthernetMatch();
 420         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 421
 422         Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
 423         TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
 424         Assert.assertEquals(50, layer4Match.getTcpDestinationPort().getValue().intValue());
 425         int port = portSecurityRule.getSecurityRulePortMin();
 426         String expectedFlowId1 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_1 +
 427                 "_Permit";
 428         String expectedFlowId2 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_2 +
 429                 "_Permit";
 430         String actualFlowId = flowBuilder.getFlowName();
 431         if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 432             Assert.assertTrue(true);
 433         } else {
 434             Assert.assertTrue(false);
 435         }
 436     }
 437
 438
 439     /**
 440      *  Test TCP add with port (All TCP) and CIDR selected.
 441      */
 442     @Test
 443     public void testProgramPortSecurityACLRuleAddTcpAll1() throws Exception {
 444         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 445         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
 446         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
 447         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 448         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 449                                              any(NodeBuilder.class));
 450
 451         ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 452                                                       PORT_UUID, true);
 453
 454         Match match = flowBuilder.getMatch();
 455         EthernetMatch ethMatch = match.getEthernetMatch();
 456         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 457
 458         Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
 459         Assert.assertEquals("Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
 460                             PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
 461     }
 462
 463     /**
 464      *  Test TCP remove with port (All TCP) and CIDR selected.
 465      */
 466     @Test
 467     public void testProgramPortSecurityACLRuleRemoveTcpAll1() throws Exception {
 468         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 469         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
 470         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
 471         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 472         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 473                                              any(NodeBuilder.class));
 474
 475         ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 476                                                       PORT_UUID, false);
 477
 478         Match match = flowBuilder.getMatch();
 479         EthernetMatch ethMatch = match.getEthernetMatch();
 480         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 481
 482         Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
 483         Assert.assertEquals("Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
 484                             PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
 485     }
 486
 487     /**
 488      *  Test TCP add with port (All TCP) and remote SG selected.
 489      */
 490     @Test
 491     public void testProgramPortSecurityACLRuleAddTcpAll2() throws Exception {
 492         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 493         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
 494         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
 495         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 496         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 497                                              any(NodeBuilder.class));
 498         ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 499                                                       PORT_UUID, true);
 500
 501         Match match = flowBuilder.getMatch();
 502         EthernetMatch ethMatch = match.getEthernetMatch();
 503         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 504
 505         Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
 506         String expectedFlowId1 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
 507                             PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
 508         String expectedFlowId2 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
 509                 PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
 510         String actualFlowId = flowBuilder.getFlowName();
 511         if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 512             Assert.assertTrue(true);
 513         } else {
 514             Assert.assertTrue(false);
 515         }
 516     }
 517
 518     /**
 519      *  Test TCP remove with port (All TCP) and remote SG selected.
 520      */
 521     @Test
 522     public void testProgramPortSecurityACLRuleRemoveTcpAll2() throws Exception {
 523         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 524         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
 525         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
 526         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 527         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 528                                              any(NodeBuilder.class));
 529
 530         ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 531                                                       PORT_UUID, false);
 532
 533         Match match = flowBuilder.getMatch();
 534         EthernetMatch ethMatch = match.getEthernetMatch();
 535         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 536
 537         Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
 538         TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
 539         String expectedFlowId1 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + PORT_RANGE_MIN + "_" +
 540                                 PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
 541         String expectedFlowId2 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + PORT_RANGE_MIN + "_" +
 542                                 PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
 543         String actualFlowId = flowBuilder.getFlowName();
 544         if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 545             Assert.assertTrue(true);
 546         } else {
 547             Assert.assertTrue(false);
 548         }
 549     }
 550
 551     /**
 552      *  Test UDP add with port no and CIDR selected.
 553      */
 554     @Test
 555     public void testProgramPortSecurityACLRuleAddUdp1() throws Exception {
 556         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
 557         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
 558         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
 559         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 560         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 561                                              any(NodeBuilder.class));
 562
 563         ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 564                                                       PORT_UUID, true);
 565
 566         Match match = flowBuilder.getMatch();
 567         EthernetMatch ethMatch = match.getEthernetMatch();
 568         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 569
 570         Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
 571         UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
 572         Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
 573         int port = portSecurityRule.getSecurityRulePortMin();
 574         Assert.assertEquals("Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
 575                             "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
 576     }
 577
 578     /**
 579      *  Test UDP remove with port no and CIDR selected.
 580      */
 581     @Test
 582     public void testProgramPortSecurityACLRuleRemoveUdp1() throws Exception {
 583         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
 584         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
 585         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
 586         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 587         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 588                                              any(NodeBuilder.class));
 589
 590         ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 591                                                       PORT_UUID, false);
 592
 593         Match match = flowBuilder.getMatch();
 594         EthernetMatch ethMatch = match.getEthernetMatch();
 595         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 596
 597         Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
 598         UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
 599         Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
 600         int port = portSecurityRule.getSecurityRulePortMin();
 601         Assert.assertEquals("Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
 602                             "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
 603     }
 604
 605     /**
 606      *  Test UDP add with port no and remote SG selected.
 607      */
 608     @Test
 609     public void testProgramPortSecurityACLRuleAddUdp2() throws Exception {
 610         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
 611         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
 612         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
 613         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 614         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 615         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 616                                              any(NodeBuilder.class));
 617         ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 618                                                       PORT_UUID, true);
 619
 620         Match match = flowBuilder.getMatch();
 621         EthernetMatch ethMatch = match.getEthernetMatch();
 622         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 623
 624         Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
 625         UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
 626         Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
 627         int port = portSecurityRule.getSecurityRulePortMin();
 628         String expectedFlowId1 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_1 +
 629                 "_Permit";
 630         String expectedFlowId2 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_2 +
 631                 "_Permit";
 632         String actualFlowId = flowBuilder.getFlowName();
 633         if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 634             Assert.assertTrue(true);
 635         } else {
 636             Assert.assertTrue(false);
 637         }
 638     }
 639
 640     /**
 641      *  Test UDP remove with port no and remote SG selected.
 642      */
 643     @Test
 644     public void testProgramPortSecurityACLRuleRemoveUdp2() throws Exception {
 645         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
 646         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
 647         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
 648         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 649         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 650         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 651                                              any(NodeBuilder.class));
 652         ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 653                                                       PORT_UUID, false);
 654
 655         Match match = flowBuilder.getMatch();
 656         EthernetMatch ethMatch = match.getEthernetMatch();
 657         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 658
 659         Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
 660         UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
 661         Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
 662         int port = portSecurityRule.getSecurityRulePortMin();
 663         String expectedFlowId1 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_1 +
 664                 "_Permit";
 665         String expectedFlowId2 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_2 +
 666                 "_Permit";
 667         String actualFlowId = flowBuilder.getFlowName();
 668         if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 669             Assert.assertTrue(true);
 670         } else {
 671             Assert.assertTrue(false);
 672         }
 673     }
 674
 675     /**
 676      *  Test UDP add with ports (All UDP) and CIDR selected.
 677      */
 678     @Test
 679     public void testProgramPortSecurityACLRuleAddUdpAll1() throws Exception {
 680         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
 681         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
 682         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
 683         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 684         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 685                                              any(NodeBuilder.class));
 686
 687         ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 688                                                       PORT_UUID, true);
 689
 690         Match match = flowBuilder.getMatch();
 691         EthernetMatch ethMatch = match.getEthernetMatch();
 692         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 693
 694         Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
 695         Assert.assertEquals("Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN  + "_" +
 696                             PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
 697     }
 698
 699     /**
 700      *  Test UDP remove with ports (All UDP) and CIDR selected.
 701      */
 702     @Test
 703     public void testProgramPortSecurityACLRuleRemoveUdpAll1() throws Exception {
 704         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
 705         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
 706         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
 707         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 708         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 709                                              any(NodeBuilder.class));
 710
 711         ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 712                                                       PORT_UUID, false);
 713
 714         Match match = flowBuilder.getMatch();
 715         EthernetMatch ethMatch = match.getEthernetMatch();
 716         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 717
 718         Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
 719         Assert.assertEquals("Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN  + "_" +
 720                 PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
 721     }
 722
 723     /**
 724      *  Test UDP add with ports (All UDP) and remote SG selected.
 725      */
 726     @Test
 727     public void testProgramPortSecurityACLRuleAddUdpAll2() throws Exception {
 728         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
 729         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
 730         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
 731         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 732         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 733         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 734                                              any(NodeBuilder.class));
 735         ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 736                                                       PORT_UUID, true);
 737
 738         Match match = flowBuilder.getMatch();
 739         EthernetMatch ethMatch = match.getEthernetMatch();
 740         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 741
 742         Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
 743         String expectedFlowId1 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + PORT_RANGE_MIN + "_" +
 744                         PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
 745         String expectedFlowId2 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + PORT_RANGE_MIN + "_" +
 746                 PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
 747         String actualFlowId = flowBuilder.getFlowName();
 748         if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 749             Assert.assertTrue(true);
 750         } else {
 751             Assert.assertTrue(false);
 752         }
 753     }
 754
 755     /**
 756      *  Test UDP remove with ports (All UDP) and remote SG selected.
 757      */
 758     @Test
 759     public void testProgramPortSecurityACLRuleRemoveUdpAll2() throws Exception {
 760         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
 761         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
 762         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
 763         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 764         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 765         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 766                                              any(NodeBuilder.class));
 767         ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 768                                                       PORT_UUID, false);
 769
 770         Match match = flowBuilder.getMatch();
 771         EthernetMatch ethMatch = match.getEthernetMatch();
 772         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 773
 774         Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
 775         String expectedFlowId1 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + PORT_RANGE_MIN + "_" +
 776                         PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
 777         String expectedFlowId2 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + PORT_RANGE_MIN + "_" +
 778                 PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
 779         String actualFlowId = flowBuilder.getFlowName();
 780         if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 781             Assert.assertTrue(true);
 782         } else {
 783             Assert.assertTrue(false);
 784         }
 785     }
 786
 787     /**
 788      *  Test ICMP add with code, type and CIDR selected.
 789      */
 790     @Test
 791     public void testProgramPortSecurityACLRuleAddIcmp1() throws Exception {
 792         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
 793         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(10);
 794         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(10);
 795         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 796
 797         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 798                                              any(NodeBuilder.class));
 799         ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID,
 800                                                     MAC_ADDRESS, LOCAL_PORT, securityGroup, PORT_UUID, true);
 801         Match match = flowBuilder.getMatch();
 802         Icmpv4Match icmpv4Match = match.getIcmpv4Match();
 803         Assert.assertEquals(10, icmpv4Match.getIcmpv4Type().shortValue());
 804         Assert.assertEquals(10, icmpv4Match.getIcmpv4Code().shortValue());
 805         EthernetMatch ethMatch = match.getEthernetMatch();
 806         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 807         Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
 808         Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
 809         Assert.assertEquals("Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code
 810                             + "_0.0.0.0/24_Permit",
 811                             flowBuilder.getFlowName());
 812     }
 813
 814     /**
 815      *  Test ICMP remove with code, type and CIDR selected.
 816      */
 817     @Test
 818     public void testProgramPortSecurityACLRuleRemoveIcmp1() throws Exception {
 819         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
 820         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(20);
 821         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(20);
 822         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 823         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 824                                              any(NodeBuilder.class));
 825
 826         ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID,
 827                                                     MAC_ADDRESS, LOCAL_PORT, securityGroup, PORT_UUID, false);
 828         Match match = flowBuilder.getMatch();
 829         Icmpv4Match icmpv4Match = match.getIcmpv4Match();
 830         Assert.assertEquals(20, icmpv4Match.getIcmpv4Type().shortValue());
 831         Assert.assertEquals(20, icmpv4Match.getIcmpv4Code().shortValue());
 832         EthernetMatch ethMatch = match.getEthernetMatch();
 833         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 834         Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
 835         Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
 836         Assert.assertEquals("Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code
 837                             + "_0.0.0.0/24_Permit",
 838                             flowBuilder.getFlowName());
 839     }
 840
 841     /**
 842      *  Test ICMP add with code, type and remote SG selected.
 843      */
 844     @Test
 845     public void testProgramPortSecurityACLRuleAddIcmp2() throws Exception {
 846         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
 847         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(30);
 848         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(30);
 849         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 850         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 851                                              any(NodeBuilder.class));
 852
 853         ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID,
 854                                                     MAC_ADDRESS, LOCAL_PORT, securityGroup, PORT_UUID, true);
 855         Match match = flowBuilder.getMatch();
 856         Icmpv4Match icmpv4Match =match.getIcmpv4Match();
 857         Assert.assertEquals(30, icmpv4Match.getIcmpv4Type().shortValue());
 858         Assert.assertEquals(30, icmpv4Match.getIcmpv4Code().shortValue());
 859         EthernetMatch ethMatch = match.getEthernetMatch();
 860         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 861         Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
 862         Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
 863         String expectedFlowId1 = "Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + type + "_" + code + "_"
 864                                 + DEST_IP_1 + "_Permit";
 865         String expectedFlowId2 = "Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + type + "_" + code + "_"
 866                                 + DEST_IP_2 + "_Permit";
 867         String actualFlowId = flowBuilder.getFlowName();
 868         if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 869             Assert.assertTrue(true);
 870         } else {
 871             Assert.assertTrue(false);
 872         }
 873     }
 874
 875     /**
 876      *  Test ICMP remove with code, type and remote SG selected.
 877      */
 878     @Test
 879     public void testProgramPortSecurityACLRuleRemoveIcmp2() throws Exception {
 880         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
 881         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(40);
 882         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(40);
 883         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 884         PowerMockito.doAnswer(answer())
 885         .when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class), any(NodeBuilder.class));
 886
 887         ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID,
 888                                                     MAC_ADDRESS, LOCAL_PORT, securityGroup, PORT_UUID, false);
 889         Match match = flowBuilder.getMatch();
 890         Icmpv4Match icmpv4Match = match.getIcmpv4Match();
 891         Assert.assertEquals(40, icmpv4Match.getIcmpv4Type().shortValue());
 892         Assert.assertEquals(40, icmpv4Match.getIcmpv4Code().shortValue());
 893         EthernetMatch ethMatch = match.getEthernetMatch();
 894         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 895         Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
 896         Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
 897         String expectedFlowId1 = "Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + type + "_" + code + "_"
 898                                 + DEST_IP_1 + "_Permit";
 899         String expectedFlowId2 = "Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + type + "_" + code + "_"
 900                                 + DEST_IP_2 + "_Permit";
 901         String actualFlowId = flowBuilder.getFlowName();
 902         if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 903             Assert.assertTrue(true);
 904         } else {
 905             Assert.assertTrue(false);
 906         }
 907     }
 908
 909     /**
 910      *  Test IPv4 invalid ether type test case.
 911      */
 912     @Test
 913     public void testProgramPortSecurityACLRuleInvalidEther() throws Exception {
 914         when(portSecurityRule.getSecurityRuleEthertype()).thenReturn("IPV6");
 915
 916         ingressAclServiceSpy.programPortSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,PORT_UUID,false);
 917
 918         verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 919         verify(writeTransaction, times(0)).submit();
 920         verify(commitFuture, times(0)).get();
 921     }
 922
 923     /**
 924      *  Test IPv4 invalid direction type test case.
 925      */
 926     @Test
 927     public void testProgramPortSecurityACLRuleInvalidDirection() throws Exception {
 928         when(portSecurityRule.getSecurityRuleDirection()).thenReturn("edgress");
 929
 930         ingressAclServiceSpy.programPortSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,PORT_UUID,false);
 931
 932         verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 933         verify(writeTransaction, times(0)).submit();
 934         verify(commitFuture, times(0)).get();
 935     }
 936
 937     /**
 938      *  Test With isLastPortInBridge false isComputeNode false
 939      */
 940     @Test
 941     public void testProgramFixedSecurityACLAdd1() throws Exception {
 942         ingressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, false, false, true);
 943
 944         verify(writeTransaction, times(0)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
 945         verify(writeTransaction, times(0)).submit();
 946         verify(commitFuture, times(0)).get();
 947     }
 948     /**
 949      *  Test With isLastPortInBridge false isComputeNode false
 950      */
 951     @Test
 952     public void testProgramFixedSecurityACLRemove1() throws Exception {
 953
 954         ingressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, false, false, false);
 955
 956         verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 957         verify(writeTransaction, times(0)).submit();
 958         verify(commitFuture, times(0)).get();
 959     }
 960
 961     /**
 962      * Test method {@link IgressAclService#egressACLDefaultTcpDrop(Long, String, String, int, boolean)}
 963      */
 964     @Test
 965     public void testIgressACLDefaultTcpDrop() throws Exception {
 966         ingressAclService.ingressACLDefaultTcpDrop(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, PRIORITY, true);
 967         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 968         verify(writeTransaction, times(1)).submit();
 969         verify(commitFuture, times(1)).get();
 970
 971         ingressAclService.ingressACLDefaultTcpDrop(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, PRIORITY, false);
 972         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 973         verify(writeTransaction, times(2)).submit();
 974         verify(commitFuture, times(2)).get(); // 1 + 1 above
 975     }
 976
 977     /**
 978      * Test method {@link IgressAclService#ingressACLTcpPortWithPrefix(Long, String, String, boolean, Integer, String, Integer)}
 979      */
 980     @Test
 981     public void testIngressACLTcpPortWithPrefix() throws Exception {
 982         ingressAclService.ingressACLTcpPortWithPrefix(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, true, 1, HOST_ADDRESS, PRIORITY);
 983         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 984         verify(writeTransaction, times(1)).submit();
 985         verify(commitFuture, times(1)).get();
 986
 987         ingressAclService.ingressACLTcpPortWithPrefix(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, false, 1, HOST_ADDRESS, PRIORITY);
 988         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 989         verify(writeTransaction, times(2)).submit();
 990         verify(commitFuture, times(2)).get(); // 1 + 1 above
 991     }
 992
 993     /**
 994      * Test method {@link IgressAclService#handleIngressAllowProto(Long, String, String, boolean, String, Integer)}
 995      */
 996     @Test
 997     public void testIngressAllowProto() throws Exception {
 998         ingressAclService.handleIngressAllowProto(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, true, HOST_ADDRESS, PRIORITY);
 999         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
1000         verify(writeTransaction, times(1)).submit();
1001         verify(commitFuture, times(1)).get();
1002
1003         ingressAclService.handleIngressAllowProto(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, false, HOST_ADDRESS, PRIORITY);
1004         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1005         verify(writeTransaction, times(2)).submit();
1006         verify(commitFuture, times(2)).get(); // 1 + 1 above
1007     }
1008
1009     /**
1010      * Test method {@link IgressAclService#ingressACLPermitAllProto(Long, String, String, boolean, String, Integer)}
1011      */
1012     @Test
1013     public void testIngressACLPermitAllProto() throws Exception {
1014         ingressAclService.ingressACLPermitAllProto(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, true, HOST_ADDRESS, PRIORITY);
1015         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
1016         verify(writeTransaction, times(1)).submit();
1017         verify(commitFuture, times(1)).get();
1018
1019         ingressAclService.ingressACLPermitAllProto(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, false, HOST_ADDRESS, PRIORITY);
1020         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1021         verify(writeTransaction, times(2)).submit();
1022         verify(commitFuture, times(2)).get(); // 1 + 1 above
1023     }
1024
1025     /**
1026      * Test method {@link IgressAclService#ingressACLTcpSyn(Long, String, String, boolean, Integer, Integer)}
1027      */
1028     @Test
1029     public void testIngressACLTcpSyn() throws Exception {
1030         ingressAclService.ingressACLTcpSyn(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, true, 1, PRIORITY);
1031         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
1032         verify(writeTransaction, times(1)).submit();
1033         verify(commitFuture, times(1)).get();
1034
1035         ingressAclService.ingressACLTcpSyn(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, false, 1, PRIORITY);
1036         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1037         verify(writeTransaction, times(2)).submit();
1038         verify(commitFuture, times(2)).get(); // 1 + 1 above
1039     }
1040 }