openstack/net-virt-providers/src/test/java/org/opendaylight/ovsdb/openstack/netvirt/providers/openflow13/services/IngressAclServiceTest.java

   1 /*
   2  * Copyright (c) 2015 Inocybe and others.  All rights reserved.
   3  *
   4  * This program and the accompanying materials are made available under the
   5  * terms of the Eclipse Public License v1.0 which accompanies this distribution,
   6  * and is available at http://www.eclipse.org/legal/epl-v10.html
   7  */
   8
   9 package org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.services;
  10
  11 import static org.mockito.Matchers.any;
  12 import static org.mockito.Matchers.anyBoolean;
  13 import static org.mockito.Matchers.anyInt;
  14 import static org.mockito.Matchers.anyLong;
  15 import static org.mockito.Matchers.anyString;
  16 import static org.mockito.Matchers.eq;
  17 import static org.mockito.Mockito.mock;
  18 import static org.mockito.Mockito.times;
  19 import static org.mockito.Mockito.verify;
  20 import static org.mockito.Mockito.when;
  21
  22 import java.util.ArrayList;
  23 import java.util.List;
  24
  25 import org.junit.Assert;
  26 import org.junit.Before;
  27 import org.junit.Test;
  28 import org.junit.runner.RunWith;
  29 import org.mockito.InjectMocks;
  30 import org.mockito.Mock;
  31 import org.mockito.Mockito;
  32 import org.mockito.Spy;
  33 import org.mockito.invocation.InvocationOnMock;
  34 import org.mockito.runners.MockitoJUnitRunner;
  35 import org.mockito.stubbing.Answer;
  36 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
  37 import org.opendaylight.controller.md.sal.binding.api.WriteTransaction;
  38 import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
  39 import org.opendaylight.controller.md.sal.common.api.data.TransactionCommitFailedException;
  40 import org.opendaylight.neutron.spi.NeutronSecurityGroup;
  41 import org.opendaylight.neutron.spi.NeutronSecurityRule;
  42 import org.opendaylight.neutron.spi.Neutron_IPs;
  43 import org.opendaylight.ovsdb.openstack.netvirt.api.Constants;
  44 import org.opendaylight.ovsdb.openstack.netvirt.api.SecurityServicesManager;
  45 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.PipelineOrchestrator;
  46 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.Service;
  47 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.inventory.rev130819.tables.table.FlowBuilder;
  48 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.nodes.Node;
  49 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.nodes.NodeBuilder;
  50 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.Match;
  51 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.EthernetMatch;
  52 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.Icmpv4Match;
  53 import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
  54 import org.powermock.api.mockito.PowerMockito;
  55 import org.powermock.modules.junit4.PowerMockRunner;
  56
  57 import com.google.common.util.concurrent.CheckedFuture;
  58
  59 /**
  60  * Unit test fort {@link IngressAclService}
  61  */
  62 @RunWith(PowerMockRunner.class)
  63 @SuppressWarnings("unchecked")
  64 public class IngressAclServiceTest {
  65
  66     @InjectMocks private IngressAclService ingressAclService = new IngressAclService();
  67     private IngressAclService ingressAclServiceSpy;
  68
  69     @Mock private DataBroker dataBroker;
  70     @Mock private PipelineOrchestrator orchestrator;
  71
  72     @Mock private WriteTransaction writeTransaction;
  73     @Mock private CheckedFuture<Void, TransactionCommitFailedException> commitFuture;
  74
  75     @Mock private NeutronSecurityGroup securityGroup;
  76     @Mock private NeutronSecurityRule portSecurityRule;
  77     @Mock private SecurityServicesManager securityServices;
  78
  79     private List<Neutron_IPs> neutronSrcIpList = new ArrayList<Neutron_IPs>();
  80     private List<Neutron_IPs> neutronDestIpList = new ArrayList<Neutron_IPs>();
  81     private Neutron_IPs neutron_ip_src;
  82     private Neutron_IPs neutron_ip_dest_1;
  83     private Neutron_IPs neutron_ip_dest_2;
  84
  85     private static final String SEGMENTATION_ID = "2";
  86     private static final int PRIORITY = 1;
  87     private static final String HOST_ADDRESS = "127.0.0.1/32";
  88     private static final String MAC_ADDRESS = "87:1D:5E:02:40:B8";
  89     private static final String SRC_IP = "192.168.0.1";
  90     private static final String DEST_IP_1 = "192.169.0.1";
  91     private static final String DEST_IP_2 = "192.169.0.2";
  92     private static final String SECURITY_GROUP_UUID = "85cc3048-abc3-43cc-89b3-377341426ac5";
  93     private static final String SEGMENT_ID = "2";
  94     private static final Long DP_ID_LONG = (long) 1554;
  95     private static final Long LOCAL_PORT = (long) 124;
  96     private static FlowBuilder flowBuilder;
  97     private static NodeBuilder nodeBuilder;
  98
  99     private static Answer<Object> answer() {
 100         return new Answer<Object>() {
 101             @Override
 102             public CheckedFuture<Void, TransactionCommitFailedException> answer(InvocationOnMock invocation)
 103                     throws Throwable {
 104                 flowBuilder = (FlowBuilder) invocation.getArguments()[0];
 105                 nodeBuilder = (NodeBuilder) invocation.getArguments()[1];
 106                 return null;
 107             }
 108         };
 109     }
 110
 111     @Before
 112     public void setUp() {
 113         ingressAclServiceSpy = PowerMockito.spy(ingressAclService);
 114
 115         when(writeTransaction.submit()).thenReturn(commitFuture);
 116
 117         when(dataBroker.newWriteOnlyTransaction()).thenReturn(writeTransaction);
 118
 119         when(orchestrator.getNextServiceInPipeline(any(Service.class))).thenReturn(Service.ARP_RESPONDER);
 120
 121         portSecurityRule = mock(NeutronSecurityRule.class);
 122         when(portSecurityRule.getSecurityRuleEthertype()).thenReturn("IPv4");
 123         when(portSecurityRule.getSecurityRuleDirection()).thenReturn("ingress");
 124
 125         List<NeutronSecurityRule> portSecurityList = new ArrayList<NeutronSecurityRule>();
 126         portSecurityList.add(portSecurityRule);
 127
 128         neutron_ip_src = new Neutron_IPs();
 129         neutron_ip_src.setIpAddress(SRC_IP);
 130         neutronSrcIpList.add(neutron_ip_src);
 131
 132         neutron_ip_dest_1 = new Neutron_IPs();
 133         neutron_ip_dest_1.setIpAddress(DEST_IP_1);
 134         neutronDestIpList.add(neutron_ip_dest_1);
 135
 136         neutron_ip_dest_2 = new Neutron_IPs();
 137         neutron_ip_dest_2.setIpAddress(DEST_IP_2);
 138         neutronDestIpList.add(neutron_ip_dest_2);
 139
 140
 141         when(securityGroup.getSecurityRules()).thenReturn(portSecurityList);
 142         when(securityServices.getVmListForSecurityGroup
 143              (neutronSrcIpList, SECURITY_GROUP_UUID)).thenReturn(neutronDestIpList);
 144     }
 145
 146    /* *//**
 147      * Rule 1: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (True), IP Prefix (True)
 148      *//*
 149     @Test
 150     public void testProgramPortSecurityACLRule1() throws Exception {
 151         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 152         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(1);
 153         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
 154         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
 155
 156         ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
 157         verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 158         verify(ingressAclServiceSpy, times(1)).ingressACLTcpPortWithPrefix(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyString(), anyInt());
 159         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 160         verify(writeTransaction, times(2)).submit();
 161         verify(commitFuture, times(2)).get();
 162     }
 163
 164
 165     *//**
 166      * Rule 2: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (False), IP Prefix (True)
 167      *//*
 168     @Test
 169     public void testProgramPortSecurityACLRule2() throws Exception {
 170         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 171         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 172         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
 173         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
 174
 175         ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
 176         verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 177         verify(ingressAclServiceSpy, times(1)).ingressACLTcpPortWithPrefix(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyString(), anyInt());
 178         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 179         verify(writeTransaction, times(2)).submit();
 180         verify(commitFuture, times(2)).get();
 181     }
 182
 183     *//**
 184      * Rule 3: TCP Proto (True), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (True)
 185      *//*
 186     @Test
 187     public void testProgramPortSecurityACLRule3() throws Exception {
 188         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 189         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 190         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
 191         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
 192
 193         ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
 194         verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 195         verify(ingressAclServiceSpy, times(1)).ingressACLPermitAllProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
 196         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 197         verify(writeTransaction, times(2)).submit();
 198         verify(commitFuture, times(2)).get();
 199     }
 200
 201     *//**
 202      * Rule 4: TCP Proto (False), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (True)
 203      *//*
 204     @Test
 205     public void testProgramPortSecurityACLRule4() throws Exception {
 206         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
 207         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 208         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
 209         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
 210
 211         ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
 212         verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 213         verify(ingressAclServiceSpy, times(1)).ingressACLPermitAllProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
 214         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 215         verify(writeTransaction, times(2)).submit();
 216         verify(commitFuture, times(2)).get();
 217     }
 218
 219     *//**
 220      * Rule 5: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (True), IP Prefix (False)
 221      *//*
 222     @Test
 223     public void testProgramPortSecurityACLRule5() throws Exception {
 224         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 225         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(1);
 226         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
 227         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
 228
 229         ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
 230         verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 231         verify(ingressAclServiceSpy, times(1)).ingressACLTcpSyn(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyInt());
 232         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 233         verify(writeTransaction, times(2)).submit();
 234         verify(commitFuture, times(2)).get();
 235     }
 236
 237     *//**
 238      * Rule 6: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (False), IP Prefix (False)
 239      *//*
 240     @Test
 241     public void testProgramPortSecurityACLRule6() throws Exception {
 242         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 243         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 244         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
 245         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
 246
 247         ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
 248         verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 249         verify(ingressAclServiceSpy, times(1)).ingressACLTcpSyn(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyInt());
 250         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 251         verify(writeTransaction, times(2)).submit();
 252         verify(commitFuture, times(2)).get();
 253     }
 254
 255     *//**
 256      * Rule 7: TCP Proto (True), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (False or 0.0.0.0/0)
 257      *//*
 258     @Test
 259     public void testProgramPortSecurityACLRule7() throws Exception {
 260         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 261         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 262         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
 263         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
 264
 265         ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
 266         verify(ingressAclServiceSpy, times(1)).handleIngressAllowProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
 267         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 268         verify(writeTransaction, times(1)).submit();
 269         verify(commitFuture, times(1)).get();
 270     }
 271 */
 272     /**
 273      *  Test IPv4 add test case.
 274      */
 275     @Test
 276     public void testProgramPortSecurityACLRuleAddIpv4() throws Exception {
 277         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
 278         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 279         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
 280         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
 281
 282         ingressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,true);
 283
 284         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
 285         verify(writeTransaction, times(1)).submit();
 286         verify(commitFuture, times(1)).get();
 287     }
 288
 289     /**
 290      *  Test IPv4 remove test case.
 291      */
 292     @Test
 293     public void testProgramPortSecurityACLRuleRemoveIpv4() throws Exception {
 294         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
 295         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 296         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
 297         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
 298
 299         ingressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false);
 300
 301         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 302         verify(writeTransaction, times(1)).submit();
 303         verify(commitFuture, times(1)).get();
 304     }
 305
 306     /**
 307      *  Test TCP add with port no and CIDR selected.
 308      */
 309     @Test
 310     public void testProgramPortSecurityACLRuleAddTcp1() throws Exception {
 311         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 312         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
 313         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
 314         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 315
 316         ingressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,true);
 317
 318         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
 319         verify(writeTransaction, times(1)).submit();
 320         verify(commitFuture, times(1)).get();
 321     }
 322
 323     /**
 324      *  Test TCP remove with port no and CIDR selected.
 325      */
 326     @Test
 327     public void testProgramPortSecurityACLRuleRemoveTcp1() throws Exception {
 328         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 329         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
 330         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
 331         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 332
 333         ingressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false);
 334
 335         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 336         verify(writeTransaction, times(1)).submit();
 337         verify(commitFuture, times(1)).get();
 338     }
 339
 340     /**
 341      *  Test TCP add with port no and remote SG selected.
 342      */
 343     @Test
 344     public void testProgramPortSecurityACLRuleAddTcp2() throws Exception {
 345         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 346         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
 347         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
 348         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 349         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 350
 351         ingressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,true);
 352
 353         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
 354         verify(writeTransaction, times(2)).submit();
 355         verify(commitFuture, times(2)).get();
 356     }
 357
 358     /**
 359      *  Test TCP remove with port no and remote SG selected.
 360      */
 361     @Test
 362     public void testProgramPortSecurityACLRuleRemoveTcp2() throws Exception {
 363         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 364         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
 365         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
 366         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 367         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 368
 369         ingressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false);
 370
 371         verify(writeTransaction, times(2)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 372         verify(writeTransaction, times(2)).submit();
 373         verify(commitFuture, times(2)).get();
 374     }
 375
 376     /**
 377      *  Test UDP add with port no and CIDR selected.
 378      */
 379     @Test
 380     public void testProgramPortSecurityACLRuleAddUdp1() throws Exception {
 381         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
 382         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
 383         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
 384         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 385
 386         ingressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,true);
 387
 388         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
 389         verify(writeTransaction, times(1)).submit();
 390         verify(commitFuture, times(1)).get();
 391     }
 392
 393     /**
 394      *  Test UDP add with port no and CIDR selected.
 395      */
 396     @Test
 397     public void testProgramPortSecurityACLRuleRemoveUdp1() throws Exception {
 398         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
 399         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
 400         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
 401         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 402
 403         ingressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false);
 404
 405         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 406         verify(writeTransaction, times(1)).submit();
 407         verify(commitFuture, times(1)).get();
 408     }
 409
 410     /**
 411      *  Test UDP add with port no and remote SG selected.
 412      */
 413     @Test
 414     public void testProgramPortSecurityACLRuleAddUdp2() throws Exception {
 415         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
 416         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
 417         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
 418         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 419         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 420
 421         ingressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,true);
 422
 423         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
 424         verify(writeTransaction, times(2)).submit();
 425         verify(commitFuture, times(2)).get();
 426     }
 427
 428     /**
 429      *  Test UDP add with port no and remote SG selected.
 430      */
 431     @Test
 432     public void testProgramPortSecurityACLRuleRemoveUdp2() throws Exception {
 433         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
 434         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
 435         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
 436         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 437         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 438
 439         ingressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false);
 440
 441         verify(writeTransaction, times(2)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 442         verify(writeTransaction, times(2)).submit();
 443         verify(commitFuture, times(2)).get();
 444     }
 445
 446     /**
 447      *  Test ICMP add with code, type and CIDR selected.
 448      */
 449     @Test
 450     public void testProgramPortSecurityACLRuleAddIcmp1() throws Exception {
 451         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
 452         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(10);
 453         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(10);
 454         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 455
 456         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 457                                              any(NodeBuilder.class));
 458         ingressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID,
 459                                                     MAC_ADDRESS, LOCAL_PORT, securityGroup, neutronSrcIpList, true);
 460         Match match = flowBuilder.getMatch();
 461         Icmpv4Match icmpv4Match = match.getIcmpv4Match();
 462         Assert.assertEquals(10, icmpv4Match.getIcmpv4Type().shortValue());
 463         Assert.assertEquals(10, icmpv4Match.getIcmpv4Code().shortValue());
 464         EthernetMatch ethMatch = match.getEthernetMatch();
 465         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 466         Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
 467         Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
 468         Assert.assertEquals("Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code
 469                             + "_0.0.0.0/24_Permit",
 470                             flowBuilder.getFlowName());
 471     }
 472
 473     /**
 474      *  Test ICMP remove with code, type and CIDR selected.
 475      */
 476     @Test
 477     public void testProgramPortSecurityACLRuleRemoveIcmp1() throws Exception {
 478         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
 479         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(20);
 480         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(20);
 481         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 482         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 483                                              any(NodeBuilder.class));
 484
 485         ingressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID,
 486                                                     MAC_ADDRESS, LOCAL_PORT, securityGroup, neutronSrcIpList, false);
 487         Match match = flowBuilder.getMatch();
 488         Icmpv4Match icmpv4Match = match.getIcmpv4Match();
 489         Assert.assertEquals(20, icmpv4Match.getIcmpv4Type().shortValue());
 490         Assert.assertEquals(20, icmpv4Match.getIcmpv4Code().shortValue());
 491         EthernetMatch ethMatch = match.getEthernetMatch();
 492         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 493         Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
 494         Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
 495         Assert.assertEquals("Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code
 496                             + "_0.0.0.0/24_Permit",
 497                             flowBuilder.getFlowName());
 498     }
 499
 500     /**
 501      *  Test ICMP add with code, type and remote SG selected.
 502      */
 503     @Test
 504     public void testProgramPortSecurityACLRuleAddIcmp2() throws Exception {
 505         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
 506         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(30);
 507         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(30);
 508         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 509         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 510                                              any(NodeBuilder.class));
 511
 512         ingressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID,
 513                                                     MAC_ADDRESS, LOCAL_PORT, securityGroup, neutronSrcIpList, true);
 514         Match match = flowBuilder.getMatch();
 515         Icmpv4Match icmpv4Match =match.getIcmpv4Match();
 516         Assert.assertEquals(30, icmpv4Match.getIcmpv4Type().shortValue());
 517         Assert.assertEquals(30, icmpv4Match.getIcmpv4Code().shortValue());
 518         EthernetMatch ethMatch = match.getEthernetMatch();
 519         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 520         Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
 521         Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
 522         String expectedFlowId1 = "Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + type + "_" + code + "_"
 523                                 + DEST_IP_1 + "_Permit";
 524         String expectedFlowId2 = "Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + type + "_" + code + "_"
 525                                 + DEST_IP_2 + "_Permit";
 526         String actualFlowId = flowBuilder.getFlowName();
 527         if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 528             Assert.assertTrue(true);
 529         } else {
 530             Assert.assertTrue(false);
 531         }
 532     }
 533
 534     /**
 535      *  Test ICMP remove with code, type and remote SG selected.
 536      */
 537     @Test
 538     public void testProgramPortSecurityACLRuleRemoveIcmp2() throws Exception {
 539         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
 540         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(40);
 541         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(40);
 542         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 543         PowerMockito.doAnswer(answer())
 544         .when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class), any(NodeBuilder.class));
 545
 546         ingressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID,
 547                                                     MAC_ADDRESS, LOCAL_PORT, securityGroup, neutronSrcIpList, false);
 548         Match match = flowBuilder.getMatch();
 549         Icmpv4Match icmpv4Match = match.getIcmpv4Match();
 550         Assert.assertEquals(40, icmpv4Match.getIcmpv4Type().shortValue());
 551         Assert.assertEquals(40, icmpv4Match.getIcmpv4Code().shortValue());
 552         EthernetMatch ethMatch = match.getEthernetMatch();
 553         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 554         Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
 555         Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
 556         String expectedFlowId1 = "Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + type + "_" + code + "_"
 557                                 + DEST_IP_1 + "_Permit";
 558         String expectedFlowId2 = "Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + type + "_" + code + "_"
 559                                 + DEST_IP_2 + "_Permit";
 560         String actualFlowId = flowBuilder.getFlowName();
 561         if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 562             Assert.assertTrue(true);
 563         } else {
 564             Assert.assertTrue(false);
 565         }
 566     }
 567
 568     /**
 569      *  Test IPv4 invalid ether type test case.
 570      */
 571     @Test
 572     public void testProgramPortSecurityACLRuleInvalidEther() throws Exception {
 573         when(portSecurityRule.getSecurityRuleEthertype()).thenReturn("IPV6");
 574
 575         ingressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false);
 576
 577         verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 578         verify(writeTransaction, times(0)).submit();
 579         verify(commitFuture, times(0)).get();
 580     }
 581
 582     /**
 583      *  Test IPv4 invalid direction type test case.
 584      */
 585     @Test
 586     public void testProgramPortSecurityACLRuleInvalidDirection() throws Exception {
 587         when(portSecurityRule.getSecurityRuleDirection()).thenReturn("edgress");
 588
 589         ingressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false);
 590
 591         verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 592         verify(writeTransaction, times(0)).submit();
 593         verify(commitFuture, times(0)).get();
 594     }
 595
 596     /**
 597      *  Test With isLastPortInBridge false isComputeNode false
 598      */
 599     @Test
 600     public void testProgramFixedSecurityACLAdd1() throws Exception {
 601         ingressAclServiceSpy.programFixedSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 1, false, false, true);
 602
 603         verify(writeTransaction, times(0)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
 604         verify(writeTransaction, times(0)).submit();
 605         verify(commitFuture, times(0)).get();
 606     }
 607     /**
 608      *  Test With isLastPortInBridge false isComputeNode false
 609      */
 610     @Test
 611     public void testProgramFixedSecurityACLRemove1() throws Exception {
 612
 613         ingressAclServiceSpy.programFixedSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 1, false, false, false);
 614
 615         verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 616         verify(writeTransaction, times(0)).submit();
 617         verify(commitFuture, times(0)).get();
 618     }
 619
 620     /**
 621      * Test method {@link IgressAclService#egressACLDefaultTcpDrop(Long, String, String, int, boolean)}
 622      */
 623     @Test
 624     public void testIgressACLDefaultTcpDrop() throws Exception {
 625         ingressAclService.ingressACLDefaultTcpDrop(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, PRIORITY, true);
 626         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 627         verify(writeTransaction, times(1)).submit();
 628         verify(commitFuture, times(1)).get();
 629
 630         ingressAclService.ingressACLDefaultTcpDrop(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, PRIORITY, false);
 631         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 632         verify(writeTransaction, times(2)).submit();
 633         verify(commitFuture, times(2)).get(); // 1 + 1 above
 634     }
 635
 636     /**
 637      * Test method {@link IgressAclService#ingressACLTcpPortWithPrefix(Long, String, String, boolean, Integer, String, Integer)}
 638      */
 639     @Test
 640     public void testIngressACLTcpPortWithPrefix() throws Exception {
 641         ingressAclService.ingressACLTcpPortWithPrefix(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, true, 1, HOST_ADDRESS, PRIORITY);
 642         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 643         verify(writeTransaction, times(1)).submit();
 644         verify(commitFuture, times(1)).get();
 645
 646         ingressAclService.ingressACLTcpPortWithPrefix(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, false, 1, HOST_ADDRESS, PRIORITY);
 647         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 648         verify(writeTransaction, times(2)).submit();
 649         verify(commitFuture, times(2)).get(); // 1 + 1 above
 650     }
 651
 652     /**
 653      * Test method {@link IgressAclService#handleIngressAllowProto(Long, String, String, boolean, String, Integer)}
 654      */
 655     @Test
 656     public void testIngressAllowProto() throws Exception {
 657         ingressAclService.handleIngressAllowProto(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, true, HOST_ADDRESS, PRIORITY);
 658         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 659         verify(writeTransaction, times(1)).submit();
 660         verify(commitFuture, times(1)).get();
 661
 662         ingressAclService.handleIngressAllowProto(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, false, HOST_ADDRESS, PRIORITY);
 663         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 664         verify(writeTransaction, times(2)).submit();
 665         verify(commitFuture, times(2)).get(); // 1 + 1 above
 666     }
 667
 668     /**
 669      * Test method {@link IgressAclService#ingressACLPermitAllProto(Long, String, String, boolean, String, Integer)}
 670      */
 671     @Test
 672     public void testIngressACLPermitAllProto() throws Exception {
 673         ingressAclService.ingressACLPermitAllProto(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, true, HOST_ADDRESS, PRIORITY);
 674         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 675         verify(writeTransaction, times(1)).submit();
 676         verify(commitFuture, times(1)).get();
 677
 678         ingressAclService.ingressACLPermitAllProto(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, false, HOST_ADDRESS, PRIORITY);
 679         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 680         verify(writeTransaction, times(2)).submit();
 681         verify(commitFuture, times(2)).get(); // 1 + 1 above
 682     }
 683
 684     /**
 685      * Test method {@link IgressAclService#ingressACLTcpSyn(Long, String, String, boolean, Integer, Integer)}
 686      */
 687     @Test
 688     public void testIngressACLTcpSyn() throws Exception {
 689         ingressAclService.ingressACLTcpSyn(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, true, 1, PRIORITY);
 690         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 691         verify(writeTransaction, times(1)).submit();
 692         verify(commitFuture, times(1)).get();
 693
 694         ingressAclService.ingressACLTcpSyn(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, false, 1, PRIORITY);
 695         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 696         verify(writeTransaction, times(2)).submit();
 697         verify(commitFuture, times(2)).get(); // 1 + 1 above
 698     }
 699 }