2 * Copyright (c) 2015 Inocybe and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
9 package org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.services;
11 import static org.mockito.Matchers.any;
12 import static org.mockito.Matchers.anyBoolean;
13 import static org.mockito.Matchers.anyInt;
14 import static org.mockito.Matchers.anyLong;
15 import static org.mockito.Matchers.anyString;
16 import static org.mockito.Matchers.eq;
17 import static org.mockito.Mockito.mock;
18 import static org.mockito.Mockito.times;
19 import static org.mockito.Mockito.verify;
20 import static org.mockito.Mockito.when;
22 import java.util.ArrayList;
23 import java.util.List;
25 import org.junit.Assert;
26 import org.junit.Before;
27 import org.junit.Test;
28 import org.junit.runner.RunWith;
29 import org.mockito.InjectMocks;
30 import org.mockito.Mock;
31 import org.mockito.Mockito;
32 import org.mockito.Spy;
33 import org.mockito.invocation.InvocationOnMock;
34 import org.mockito.runners.MockitoJUnitRunner;
35 import org.mockito.stubbing.Answer;
36 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
37 import org.opendaylight.controller.md.sal.binding.api.WriteTransaction;
38 import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
39 import org.opendaylight.controller.md.sal.common.api.data.TransactionCommitFailedException;
40 import org.opendaylight.neutron.spi.NeutronSecurityGroup;
41 import org.opendaylight.neutron.spi.NeutronSecurityRule;
42 import org.opendaylight.neutron.spi.Neutron_IPs;
43 import org.opendaylight.ovsdb.openstack.netvirt.api.Constants;
44 import org.opendaylight.ovsdb.openstack.netvirt.api.SecurityServicesManager;
45 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.PipelineOrchestrator;
46 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.Service;
47 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.inventory.rev130819.tables.table.FlowBuilder;
48 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.nodes.Node;
49 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.nodes.NodeBuilder;
50 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.Match;
51 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.EthernetMatch;
52 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.Icmpv4Match;
53 import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
54 import org.powermock.api.mockito.PowerMockito;
55 import org.powermock.modules.junit4.PowerMockRunner;
57 import com.google.common.util.concurrent.CheckedFuture;
60 * Unit test fort {@link IngressAclService}
62 @RunWith(PowerMockRunner.class)
63 @SuppressWarnings("unchecked")
64 public class IngressAclServiceTest {
66 @InjectMocks private IngressAclService ingressAclService = new IngressAclService();
67 private IngressAclService ingressAclServiceSpy;
69 @Mock private DataBroker dataBroker;
70 @Mock private PipelineOrchestrator orchestrator;
72 @Mock private WriteTransaction writeTransaction;
73 @Mock private CheckedFuture<Void, TransactionCommitFailedException> commitFuture;
75 @Mock private NeutronSecurityGroup securityGroup;
76 @Mock private NeutronSecurityRule portSecurityRule;
77 @Mock private SecurityServicesManager securityServices;
79 private List<Neutron_IPs> neutronSrcIpList = new ArrayList<Neutron_IPs>();
80 private List<Neutron_IPs> neutronDestIpList = new ArrayList<Neutron_IPs>();
81 private Neutron_IPs neutron_ip_src;
82 private Neutron_IPs neutron_ip_dest_1;
83 private Neutron_IPs neutron_ip_dest_2;
85 private static final String SEGMENTATION_ID = "2";
86 private static final int PRIORITY = 1;
87 private static final String HOST_ADDRESS = "127.0.0.1/32";
88 private static final String MAC_ADDRESS = "87:1D:5E:02:40:B8";
89 private static final String SRC_IP = "192.168.0.1";
90 private static final String DEST_IP_1 = "192.169.0.1";
91 private static final String DEST_IP_2 = "192.169.0.2";
92 private static final String SECURITY_GROUP_UUID = "85cc3048-abc3-43cc-89b3-377341426ac5";
93 private static final String SEGMENT_ID = "2";
94 private static final Long DP_ID_LONG = (long) 1554;
95 private static final Long LOCAL_PORT = (long) 124;
96 private static FlowBuilder flowBuilder;
97 private static NodeBuilder nodeBuilder;
99 private static Answer<Object> answer() {
100 return new Answer<Object>() {
102 public CheckedFuture<Void, TransactionCommitFailedException> answer(InvocationOnMock invocation)
104 flowBuilder = (FlowBuilder) invocation.getArguments()[0];
105 nodeBuilder = (NodeBuilder) invocation.getArguments()[1];
112 public void setUp() {
113 ingressAclServiceSpy = PowerMockito.spy(ingressAclService);
115 when(writeTransaction.submit()).thenReturn(commitFuture);
117 when(dataBroker.newWriteOnlyTransaction()).thenReturn(writeTransaction);
119 when(orchestrator.getNextServiceInPipeline(any(Service.class))).thenReturn(Service.ARP_RESPONDER);
121 portSecurityRule = mock(NeutronSecurityRule.class);
122 when(portSecurityRule.getSecurityRuleEthertype()).thenReturn("IPv4");
123 when(portSecurityRule.getSecurityRuleDirection()).thenReturn("ingress");
125 List<NeutronSecurityRule> portSecurityList = new ArrayList<NeutronSecurityRule>();
126 portSecurityList.add(portSecurityRule);
128 neutron_ip_src = new Neutron_IPs();
129 neutron_ip_src.setIpAddress(SRC_IP);
130 neutronSrcIpList.add(neutron_ip_src);
132 neutron_ip_dest_1 = new Neutron_IPs();
133 neutron_ip_dest_1.setIpAddress(DEST_IP_1);
134 neutronDestIpList.add(neutron_ip_dest_1);
136 neutron_ip_dest_2 = new Neutron_IPs();
137 neutron_ip_dest_2.setIpAddress(DEST_IP_2);
138 neutronDestIpList.add(neutron_ip_dest_2);
141 when(securityGroup.getSecurityRules()).thenReturn(portSecurityList);
142 when(securityServices.getVmListForSecurityGroup
143 (neutronSrcIpList, SECURITY_GROUP_UUID)).thenReturn(neutronDestIpList);
147 * Rule 1: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (True), IP Prefix (True)
150 public void testProgramPortSecurityACLRule1() throws Exception {
151 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
152 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(1);
153 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
154 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
156 ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
157 verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
158 verify(ingressAclServiceSpy, times(1)).ingressACLTcpPortWithPrefix(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyString(), anyInt());
159 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
160 verify(writeTransaction, times(2)).submit();
161 verify(commitFuture, times(2)).get();
166 * Rule 2: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (False), IP Prefix (True)
169 public void testProgramPortSecurityACLRule2() throws Exception {
170 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
171 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
172 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
173 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
175 ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
176 verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
177 verify(ingressAclServiceSpy, times(1)).ingressACLTcpPortWithPrefix(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyString(), anyInt());
178 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
179 verify(writeTransaction, times(2)).submit();
180 verify(commitFuture, times(2)).get();
184 * Rule 3: TCP Proto (True), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (True)
187 public void testProgramPortSecurityACLRule3() throws Exception {
188 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
189 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
190 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
191 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
193 ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
194 verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
195 verify(ingressAclServiceSpy, times(1)).ingressACLPermitAllProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
196 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
197 verify(writeTransaction, times(2)).submit();
198 verify(commitFuture, times(2)).get();
202 * Rule 4: TCP Proto (False), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (True)
205 public void testProgramPortSecurityACLRule4() throws Exception {
206 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
207 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
208 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
209 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
211 ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
212 verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
213 verify(ingressAclServiceSpy, times(1)).ingressACLPermitAllProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
214 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
215 verify(writeTransaction, times(2)).submit();
216 verify(commitFuture, times(2)).get();
220 * Rule 5: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (True), IP Prefix (False)
223 public void testProgramPortSecurityACLRule5() throws Exception {
224 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
225 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(1);
226 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
227 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
229 ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
230 verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
231 verify(ingressAclServiceSpy, times(1)).ingressACLTcpSyn(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyInt());
232 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
233 verify(writeTransaction, times(2)).submit();
234 verify(commitFuture, times(2)).get();
238 * Rule 6: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (False), IP Prefix (False)
241 public void testProgramPortSecurityACLRule6() throws Exception {
242 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
243 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
244 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
245 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
247 ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
248 verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
249 verify(ingressAclServiceSpy, times(1)).ingressACLTcpSyn(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyInt());
250 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
251 verify(writeTransaction, times(2)).submit();
252 verify(commitFuture, times(2)).get();
256 * Rule 7: TCP Proto (True), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (False or 0.0.0.0/0)
259 public void testProgramPortSecurityACLRule7() throws Exception {
260 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
261 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
262 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
263 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
265 ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
266 verify(ingressAclServiceSpy, times(1)).handleIngressAllowProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
267 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
268 verify(writeTransaction, times(1)).submit();
269 verify(commitFuture, times(1)).get();
273 * Test IPv4 add test case.
276 public void testProgramPortSecurityACLRuleAddIpv4() throws Exception {
277 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
278 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
279 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
280 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
282 ingressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,true);
284 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
285 verify(writeTransaction, times(1)).submit();
286 verify(commitFuture, times(1)).get();
290 * Test IPv4 remove test case.
293 public void testProgramPortSecurityACLRuleRemoveIpv4() throws Exception {
294 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
295 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
296 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
297 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
299 ingressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false);
301 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
302 verify(writeTransaction, times(1)).submit();
303 verify(commitFuture, times(1)).get();
307 * Test TCP add with port no and CIDR selected.
310 public void testProgramPortSecurityACLRuleAddTcp1() throws Exception {
311 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
312 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
313 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
314 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
316 ingressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,true);
318 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
319 verify(writeTransaction, times(1)).submit();
320 verify(commitFuture, times(1)).get();
324 * Test TCP remove with port no and CIDR selected.
327 public void testProgramPortSecurityACLRuleRemoveTcp1() throws Exception {
328 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
329 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
330 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
331 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
333 ingressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false);
335 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
336 verify(writeTransaction, times(1)).submit();
337 verify(commitFuture, times(1)).get();
341 * Test TCP add with port no and remote SG selected.
344 public void testProgramPortSecurityACLRuleAddTcp2() throws Exception {
345 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
346 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
347 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
348 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
349 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
351 ingressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,true);
353 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
354 verify(writeTransaction, times(2)).submit();
355 verify(commitFuture, times(2)).get();
359 * Test TCP remove with port no and remote SG selected.
362 public void testProgramPortSecurityACLRuleRemoveTcp2() throws Exception {
363 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
364 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
365 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
366 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
367 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
369 ingressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false);
371 verify(writeTransaction, times(2)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
372 verify(writeTransaction, times(2)).submit();
373 verify(commitFuture, times(2)).get();
377 * Test UDP add with port no and CIDR selected.
380 public void testProgramPortSecurityACLRuleAddUdp1() throws Exception {
381 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
382 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
383 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
384 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
386 ingressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,true);
388 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
389 verify(writeTransaction, times(1)).submit();
390 verify(commitFuture, times(1)).get();
394 * Test UDP add with port no and CIDR selected.
397 public void testProgramPortSecurityACLRuleRemoveUdp1() throws Exception {
398 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
399 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
400 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
401 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
403 ingressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false);
405 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
406 verify(writeTransaction, times(1)).submit();
407 verify(commitFuture, times(1)).get();
411 * Test UDP add with port no and remote SG selected.
414 public void testProgramPortSecurityACLRuleAddUdp2() throws Exception {
415 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
416 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
417 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
418 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
419 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
421 ingressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,true);
423 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
424 verify(writeTransaction, times(2)).submit();
425 verify(commitFuture, times(2)).get();
429 * Test UDP add with port no and remote SG selected.
432 public void testProgramPortSecurityACLRuleRemoveUdp2() throws Exception {
433 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
434 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
435 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
436 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
437 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
439 ingressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false);
441 verify(writeTransaction, times(2)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
442 verify(writeTransaction, times(2)).submit();
443 verify(commitFuture, times(2)).get();
447 * Test ICMP add with code, type and CIDR selected.
450 public void testProgramPortSecurityACLRuleAddIcmp1() throws Exception {
451 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
452 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(10);
453 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(10);
454 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
456 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
457 any(NodeBuilder.class));
458 ingressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID,
459 MAC_ADDRESS, LOCAL_PORT, securityGroup, neutronSrcIpList, true);
460 Match match = flowBuilder.getMatch();
461 Icmpv4Match icmpv4Match = match.getIcmpv4Match();
462 Assert.assertEquals(10, icmpv4Match.getIcmpv4Type().shortValue());
463 Assert.assertEquals(10, icmpv4Match.getIcmpv4Code().shortValue());
464 EthernetMatch ethMatch = match.getEthernetMatch();
465 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
466 Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
467 Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
468 Assert.assertEquals("Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code
469 + "_0.0.0.0/24_Permit",
470 flowBuilder.getFlowName());
474 * Test ICMP remove with code, type and CIDR selected.
477 public void testProgramPortSecurityACLRuleRemoveIcmp1() throws Exception {
478 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
479 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(20);
480 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(20);
481 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
482 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
483 any(NodeBuilder.class));
485 ingressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID,
486 MAC_ADDRESS, LOCAL_PORT, securityGroup, neutronSrcIpList, false);
487 Match match = flowBuilder.getMatch();
488 Icmpv4Match icmpv4Match = match.getIcmpv4Match();
489 Assert.assertEquals(20, icmpv4Match.getIcmpv4Type().shortValue());
490 Assert.assertEquals(20, icmpv4Match.getIcmpv4Code().shortValue());
491 EthernetMatch ethMatch = match.getEthernetMatch();
492 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
493 Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
494 Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
495 Assert.assertEquals("Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code
496 + "_0.0.0.0/24_Permit",
497 flowBuilder.getFlowName());
501 * Test ICMP add with code, type and remote SG selected.
504 public void testProgramPortSecurityACLRuleAddIcmp2() throws Exception {
505 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
506 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(30);
507 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(30);
508 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
509 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
510 any(NodeBuilder.class));
512 ingressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID,
513 MAC_ADDRESS, LOCAL_PORT, securityGroup, neutronSrcIpList, true);
514 Match match = flowBuilder.getMatch();
515 Icmpv4Match icmpv4Match =match.getIcmpv4Match();
516 Assert.assertEquals(30, icmpv4Match.getIcmpv4Type().shortValue());
517 Assert.assertEquals(30, icmpv4Match.getIcmpv4Code().shortValue());
518 EthernetMatch ethMatch = match.getEthernetMatch();
519 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
520 Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
521 Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
522 String expectedFlowId1 = "Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + type + "_" + code + "_"
523 + DEST_IP_1 + "_Permit";
524 String expectedFlowId2 = "Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + type + "_" + code + "_"
525 + DEST_IP_2 + "_Permit";
526 String actualFlowId = flowBuilder.getFlowName();
527 if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
528 Assert.assertTrue(true);
530 Assert.assertTrue(false);
535 * Test ICMP remove with code, type and remote SG selected.
538 public void testProgramPortSecurityACLRuleRemoveIcmp2() throws Exception {
539 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
540 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(40);
541 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(40);
542 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
543 PowerMockito.doAnswer(answer())
544 .when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class), any(NodeBuilder.class));
546 ingressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID,
547 MAC_ADDRESS, LOCAL_PORT, securityGroup, neutronSrcIpList, false);
548 Match match = flowBuilder.getMatch();
549 Icmpv4Match icmpv4Match = match.getIcmpv4Match();
550 Assert.assertEquals(40, icmpv4Match.getIcmpv4Type().shortValue());
551 Assert.assertEquals(40, icmpv4Match.getIcmpv4Code().shortValue());
552 EthernetMatch ethMatch = match.getEthernetMatch();
553 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
554 Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
555 Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
556 String expectedFlowId1 = "Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + type + "_" + code + "_"
557 + DEST_IP_1 + "_Permit";
558 String expectedFlowId2 = "Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + type + "_" + code + "_"
559 + DEST_IP_2 + "_Permit";
560 String actualFlowId = flowBuilder.getFlowName();
561 if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
562 Assert.assertTrue(true);
564 Assert.assertTrue(false);
569 * Test IPv4 invalid ether type test case.
572 public void testProgramPortSecurityACLRuleInvalidEther() throws Exception {
573 when(portSecurityRule.getSecurityRuleEthertype()).thenReturn("IPV6");
575 ingressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false);
577 verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
578 verify(writeTransaction, times(0)).submit();
579 verify(commitFuture, times(0)).get();
583 * Test IPv4 invalid direction type test case.
586 public void testProgramPortSecurityACLRuleInvalidDirection() throws Exception {
587 when(portSecurityRule.getSecurityRuleDirection()).thenReturn("edgress");
589 ingressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false);
591 verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
592 verify(writeTransaction, times(0)).submit();
593 verify(commitFuture, times(0)).get();
597 * Test With isLastPortInBridge false isComputeNode false
600 public void testProgramFixedSecurityACLAdd1() throws Exception {
601 ingressAclServiceSpy.programFixedSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 1, false, false, true);
603 verify(writeTransaction, times(0)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
604 verify(writeTransaction, times(0)).submit();
605 verify(commitFuture, times(0)).get();
608 * Test With isLastPortInBridge false isComputeNode false
611 public void testProgramFixedSecurityACLRemove1() throws Exception {
613 ingressAclServiceSpy.programFixedSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 1, false, false, false);
615 verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
616 verify(writeTransaction, times(0)).submit();
617 verify(commitFuture, times(0)).get();
621 * Test method {@link IgressAclService#egressACLDefaultTcpDrop(Long, String, String, int, boolean)}
624 public void testIgressACLDefaultTcpDrop() throws Exception {
625 ingressAclService.ingressACLDefaultTcpDrop(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, PRIORITY, true);
626 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
627 verify(writeTransaction, times(1)).submit();
628 verify(commitFuture, times(1)).get();
630 ingressAclService.ingressACLDefaultTcpDrop(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, PRIORITY, false);
631 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
632 verify(writeTransaction, times(2)).submit();
633 verify(commitFuture, times(2)).get(); // 1 + 1 above
637 * Test method {@link IgressAclService#ingressACLTcpPortWithPrefix(Long, String, String, boolean, Integer, String, Integer)}
640 public void testIngressACLTcpPortWithPrefix() throws Exception {
641 ingressAclService.ingressACLTcpPortWithPrefix(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, true, 1, HOST_ADDRESS, PRIORITY);
642 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
643 verify(writeTransaction, times(1)).submit();
644 verify(commitFuture, times(1)).get();
646 ingressAclService.ingressACLTcpPortWithPrefix(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, false, 1, HOST_ADDRESS, PRIORITY);
647 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
648 verify(writeTransaction, times(2)).submit();
649 verify(commitFuture, times(2)).get(); // 1 + 1 above
653 * Test method {@link IgressAclService#handleIngressAllowProto(Long, String, String, boolean, String, Integer)}
656 public void testIngressAllowProto() throws Exception {
657 ingressAclService.handleIngressAllowProto(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, true, HOST_ADDRESS, PRIORITY);
658 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
659 verify(writeTransaction, times(1)).submit();
660 verify(commitFuture, times(1)).get();
662 ingressAclService.handleIngressAllowProto(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, false, HOST_ADDRESS, PRIORITY);
663 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
664 verify(writeTransaction, times(2)).submit();
665 verify(commitFuture, times(2)).get(); // 1 + 1 above
669 * Test method {@link IgressAclService#ingressACLPermitAllProto(Long, String, String, boolean, String, Integer)}
672 public void testIngressACLPermitAllProto() throws Exception {
673 ingressAclService.ingressACLPermitAllProto(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, true, HOST_ADDRESS, PRIORITY);
674 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
675 verify(writeTransaction, times(1)).submit();
676 verify(commitFuture, times(1)).get();
678 ingressAclService.ingressACLPermitAllProto(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, false, HOST_ADDRESS, PRIORITY);
679 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
680 verify(writeTransaction, times(2)).submit();
681 verify(commitFuture, times(2)).get(); // 1 + 1 above
685 * Test method {@link IgressAclService#ingressACLTcpSyn(Long, String, String, boolean, Integer, Integer)}
688 public void testIngressACLTcpSyn() throws Exception {
689 ingressAclService.ingressACLTcpSyn(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, true, 1, PRIORITY);
690 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
691 verify(writeTransaction, times(1)).submit();
692 verify(commitFuture, times(1)).get();
694 ingressAclService.ingressACLTcpSyn(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, false, 1, PRIORITY);
695 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
696 verify(writeTransaction, times(2)).submit();
697 verify(commitFuture, times(2)).get(); // 1 + 1 above