2 * Copyright (c) 2015 Inocybe and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
9 package org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.services;
11 import static org.mockito.Matchers.any;
12 import static org.mockito.Matchers.anyBoolean;
13 import static org.mockito.Matchers.eq;
14 import static org.mockito.Mockito.mock;
15 import static org.mockito.Mockito.times;
16 import static org.mockito.Mockito.verify;
17 import static org.mockito.Mockito.when;
19 import java.util.ArrayList;
20 import java.util.List;
22 import org.junit.Assert;
23 import org.junit.Before;
24 import org.junit.Test;
25 import org.junit.runner.RunWith;
26 import org.mockito.InjectMocks;
27 import org.mockito.Mock;
28 import org.mockito.invocation.InvocationOnMock;
29 import org.mockito.stubbing.Answer;
30 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
31 import org.opendaylight.controller.md.sal.binding.api.WriteTransaction;
32 import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
33 import org.opendaylight.controller.md.sal.common.api.data.TransactionCommitFailedException;
34 import org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronSecurityGroup;
35 import org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronSecurityRule;
36 import org.opendaylight.ovsdb.openstack.netvirt.translator.Neutron_IPs;
37 import org.opendaylight.ovsdb.openstack.netvirt.api.SecurityGroupCacheManger;
38 import org.opendaylight.ovsdb.openstack.netvirt.api.SecurityServicesManager;
39 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.PipelineOrchestrator;
40 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.Service;
41 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.inventory.rev130819.tables.table.FlowBuilder;
42 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.nodes.Node;
43 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.nodes.NodeBuilder;
44 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.Match;
45 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.EthernetMatch;
46 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.Icmpv4Match;
47 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._4.match.TcpMatch;
48 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._4.match.UdpMatch;
49 import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
50 import org.powermock.api.mockito.PowerMockito;
51 import org.powermock.modules.junit4.PowerMockRunner;
53 import com.google.common.util.concurrent.CheckedFuture;
56 * Unit test fort {@link IngressAclService}
58 @RunWith(PowerMockRunner.class)
59 @SuppressWarnings("unchecked")
60 public class IngressAclServiceTest {
62 @InjectMocks private IngressAclService ingressAclService = new IngressAclService();
63 private IngressAclService ingressAclServiceSpy;
65 @Mock private DataBroker dataBroker;
66 @Mock private PipelineOrchestrator orchestrator;
68 @Mock private WriteTransaction writeTransaction;
69 @Mock private CheckedFuture<Void, TransactionCommitFailedException> commitFuture;
71 @Mock private NeutronSecurityGroup securityGroup;
72 @Mock private NeutronSecurityRule portSecurityRule;
73 @Mock private SecurityServicesManager securityServices;
74 @Mock private SecurityGroupCacheManger securityGroupCacheManger;
76 private List<Neutron_IPs> neutronSrcIpList = new ArrayList<>();
77 private List<Neutron_IPs> neutronDestIpList = new ArrayList<>();
78 private Neutron_IPs neutron_ip_src;
79 private Neutron_IPs neutron_ip_dest_1;
80 private Neutron_IPs neutron_ip_dest_2;
82 private static final String SEGMENTATION_ID = "2";
83 private static final int PRIORITY = 1;
84 private static final String HOST_ADDRESS = "127.0.0.1/32";
85 private static final String MAC_ADDRESS = "87:1D:5E:02:40:B8";
86 private static final String SRC_IP = "192.168.0.1";
87 private static final String DEST_IP_1 = "192.169.0.1";
88 private static final String DEST_IP_2 = "192.169.0.2";
89 private static final String SECURITY_GROUP_UUID = "85cc3048-abc3-43cc-89b3-377341426ac5";
90 private static final String PORT_UUID = "95cc3048-abc3-43cc-89b3-377341426ac5";
91 private static final String SEGMENT_ID = "2";
92 private static final Long DP_ID_LONG = (long) 1554;
93 private static final Long LOCAL_PORT = (long) 124;
94 private static final int PORT_RANGE_MIN = 1;
95 private static final int PORT_RANGE_MAX = 65535;
96 private static FlowBuilder flowBuilder;
97 private static NodeBuilder nodeBuilder;
99 private static Answer<Object> answer() {
100 return new Answer<Object>() {
102 public CheckedFuture<Void, TransactionCommitFailedException> answer(InvocationOnMock invocation)
104 flowBuilder = (FlowBuilder) invocation.getArguments()[0];
105 nodeBuilder = (NodeBuilder) invocation.getArguments()[1];
112 public void setUp() {
113 ingressAclServiceSpy = PowerMockito.spy(ingressAclService);
115 when(writeTransaction.submit()).thenReturn(commitFuture);
117 when(dataBroker.newWriteOnlyTransaction()).thenReturn(writeTransaction);
119 when(orchestrator.getNextServiceInPipeline(any(Service.class))).thenReturn(Service.ARP_RESPONDER);
121 portSecurityRule = mock(NeutronSecurityRule.class);
122 when(portSecurityRule.getSecurityRuleEthertype()).thenReturn("IPv4");
123 when(portSecurityRule.getSecurityRuleDirection()).thenReturn("ingress");
125 List<NeutronSecurityRule> portSecurityList = new ArrayList<>();
126 portSecurityList.add(portSecurityRule);
128 neutron_ip_src = new Neutron_IPs();
129 neutron_ip_src.setIpAddress(SRC_IP);
130 neutronSrcIpList.add(neutron_ip_src);
132 neutron_ip_dest_1 = new Neutron_IPs();
133 neutron_ip_dest_1.setIpAddress(DEST_IP_1);
134 neutronDestIpList.add(neutron_ip_dest_1);
136 neutron_ip_dest_2 = new Neutron_IPs();
137 neutron_ip_dest_2.setIpAddress(DEST_IP_2);
138 neutronDestIpList.add(neutron_ip_dest_2);
141 when(securityGroup.getSecurityRules()).thenReturn(portSecurityList);
142 when(securityServices.getVmListForSecurityGroup
143 (PORT_UUID, SECURITY_GROUP_UUID)).thenReturn(neutronDestIpList);
147 * Rule 1: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (True), IP Prefix (True)
150 public void testProgramPortSecurityACLRule1() throws Exception {
151 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
152 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(1);
153 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
154 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
156 ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
157 verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
158 verify(ingressAclServiceSpy, times(1)).ingressACLTcpPortWithPrefix(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyString(), anyInt());
159 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
160 verify(writeTransaction, times(2)).submit();
161 verify(commitFuture, times(2)).get();
166 * Rule 2: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (False), IP Prefix (True)
169 public void testProgramPortSecurityACLRule2() throws Exception {
170 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
171 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
172 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
173 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
175 ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
176 verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
177 verify(ingressAclServiceSpy, times(1)).ingressACLTcpPortWithPrefix(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyString(), anyInt());
178 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
179 verify(writeTransaction, times(2)).submit();
180 verify(commitFuture, times(2)).get();
184 * Rule 3: TCP Proto (True), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (True)
187 public void testProgramPortSecurityACLRule3() throws Exception {
188 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
189 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
190 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
191 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
193 ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
194 verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
195 verify(ingressAclServiceSpy, times(1)).ingressACLPermitAllProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
196 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
197 verify(writeTransaction, times(2)).submit();
198 verify(commitFuture, times(2)).get();
202 * Rule 4: TCP Proto (False), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (True)
205 public void testProgramPortSecurityACLRule4() throws Exception {
206 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
207 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
208 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
209 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
211 ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
212 verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
213 verify(ingressAclServiceSpy, times(1)).ingressACLPermitAllProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
214 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
215 verify(writeTransaction, times(2)).submit();
216 verify(commitFuture, times(2)).get();
220 * Rule 5: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (True), IP Prefix (False)
223 public void testProgramPortSecurityACLRule5() throws Exception {
224 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
225 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(1);
226 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
227 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
229 ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
230 verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
231 verify(ingressAclServiceSpy, times(1)).ingressACLTcpSyn(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyInt());
232 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
233 verify(writeTransaction, times(2)).submit();
234 verify(commitFuture, times(2)).get();
238 * Rule 6: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (False), IP Prefix (False)
241 public void testProgramPortSecurityACLRule6() throws Exception {
242 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
243 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
244 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
245 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
247 ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
248 verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
249 verify(ingressAclServiceSpy, times(1)).ingressACLTcpSyn(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyInt());
250 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
251 verify(writeTransaction, times(2)).submit();
252 verify(commitFuture, times(2)).get();
256 * Rule 7: TCP Proto (True), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (False or 0.0.0.0/0)
259 public void testProgramPortSecurityACLRule7() throws Exception {
260 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
261 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
262 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
263 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
265 ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
266 verify(ingressAclServiceSpy, times(1)).handleIngressAllowProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
267 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
268 verify(writeTransaction, times(1)).submit();
269 verify(commitFuture, times(1)).get();
273 * Test method {@link EgressAclService#programPortSecurityGroup(java.lang.Long, java.lang.String,
274 * java.lang.String, long, org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronSecurityGroup,
275 * java.lang.String, boolean)} when portSecurityRule is incomplete
278 public void testProgramPortSecurityGroupWithIncompleteRule() throws Exception {
279 NeutronSecurityRule portSecurityRule1 = mock(NeutronSecurityRule.class);
280 when(portSecurityRule1.getSecurityRuleEthertype()).thenReturn("IPv4");
281 when(portSecurityRule1.getSecurityRuleDirection()).thenReturn("not_ingress"); // other direction
283 NeutronSecurityRule portSecurityRule2 = mock(NeutronSecurityRule.class);
284 when(portSecurityRule2.getSecurityRuleEthertype()).thenReturn(null);
285 when(portSecurityRule2.getSecurityRuleDirection()).thenReturn("ingress");
287 NeutronSecurityRule portSecurityRule3 = mock(NeutronSecurityRule.class);
288 when(portSecurityRule3.getSecurityRuleEthertype()).thenReturn("IPv4");
289 when(portSecurityRule3.getSecurityRuleDirection()).thenReturn(null);
291 NeutronSecurityRule portSecurityRule4 = mock(NeutronSecurityRule.class);
292 when(portSecurityRule4.getSecurityRuleEthertype()).thenReturn(null);
293 when(portSecurityRule4.getSecurityRuleDirection()).thenReturn(null);
295 List<NeutronSecurityRule> portSecurityList = new ArrayList<>();
296 portSecurityList.add(null);
297 portSecurityList.add(portSecurityRule1);
298 portSecurityList.add(portSecurityRule2);
299 portSecurityList.add(portSecurityRule3);
300 portSecurityList.add(portSecurityRule4);
302 NeutronSecurityGroup localSecurityGroup = mock(NeutronSecurityGroup.class);
303 when(localSecurityGroup.getSecurityRules()).thenReturn(portSecurityList);
305 ingressAclServiceSpy.programPortSecurityGroup(
306 Long.valueOf(1554), "2", MAC_ADDRESS, 124, localSecurityGroup, PORT_UUID, false);
310 * Test IPv4 add test case.
313 public void testProgramPortSecurityACLRuleAddIpv4() throws Exception {
314 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
315 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
316 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
317 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
319 ingressAclServiceSpy.programPortSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,PORT_UUID,true);
321 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
322 verify(writeTransaction, times(1)).submit();
323 verify(commitFuture, times(1)).get();
327 * Test IPv4 remove test case.
330 public void testProgramPortSecurityACLRuleRemoveIpv4() throws Exception {
331 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
332 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
333 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
334 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
336 ingressAclServiceSpy.programPortSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,PORT_UUID,false);
338 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
339 verify(writeTransaction, times(1)).submit();
340 verify(commitFuture, times(1)).get();
344 * Test TCP add with port no and CIDR selected.
347 public void testProgramPortSecurityACLRuleAddTcp1() throws Exception {
348 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
349 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(20);
350 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(20);
351 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
352 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
353 any(NodeBuilder.class));
355 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
358 Match match = flowBuilder.getMatch();
359 EthernetMatch ethMatch = match.getEthernetMatch();
360 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
362 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
363 TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
364 Assert.assertEquals(20, layer4Match.getTcpDestinationPort().getValue().intValue());
365 int port = portSecurityRule.getSecurityRulePortMin();
366 Assert.assertEquals("Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
367 "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
371 * Test TCP remove with port no and CIDR selected.
374 public void testProgramPortSecurityACLRuleRemoveTcp1() throws Exception {
375 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
376 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(15);
377 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(15);
378 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
379 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
380 any(NodeBuilder.class));
382 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
385 Match match = flowBuilder.getMatch();
386 EthernetMatch ethMatch = match.getEthernetMatch();
387 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
389 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
390 TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
391 Assert.assertEquals(15, layer4Match.getTcpDestinationPort().getValue().intValue());
392 int port = portSecurityRule.getSecurityRulePortMin();
393 Assert.assertEquals("Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
394 "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
398 * Test TCP add with port no and remote SG selected.
401 public void testProgramPortSecurityACLRuleAddTcp2() throws Exception {
402 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
403 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
404 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
405 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
406 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
407 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
408 any(NodeBuilder.class));
409 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
412 Match match = flowBuilder.getMatch();
413 EthernetMatch ethMatch = match.getEthernetMatch();
414 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
416 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
417 TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
418 Assert.assertEquals(50, layer4Match.getTcpDestinationPort().getValue().intValue());
419 int port = portSecurityRule.getSecurityRulePortMin();
420 String expectedFlowId1 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_1 +
422 String expectedFlowId2 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_2 +
424 String actualFlowId = flowBuilder.getFlowName();
425 if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
426 Assert.assertTrue(true);
428 Assert.assertTrue(false);
433 * Test TCP remove with port no and remote SG selected.
436 public void testProgramPortSecurityACLRuleRemoveTcp2() throws Exception {
437 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
438 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
439 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
440 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
441 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
442 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
443 any(NodeBuilder.class));
445 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
448 Match match = flowBuilder.getMatch();
449 EthernetMatch ethMatch = match.getEthernetMatch();
450 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
452 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
453 TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
454 Assert.assertEquals(50, layer4Match.getTcpDestinationPort().getValue().intValue());
455 int port = portSecurityRule.getSecurityRulePortMin();
456 String expectedFlowId1 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_1 +
458 String expectedFlowId2 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_2 +
460 String actualFlowId = flowBuilder.getFlowName();
461 if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
462 Assert.assertTrue(true);
464 Assert.assertTrue(false);
470 * Test TCP add with port (All TCP) and CIDR selected.
473 public void testProgramPortSecurityACLRuleAddTcpAll1() throws Exception {
474 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
475 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
476 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
477 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
478 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
479 any(NodeBuilder.class));
481 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
484 Match match = flowBuilder.getMatch();
485 EthernetMatch ethMatch = match.getEthernetMatch();
486 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
488 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
489 Assert.assertEquals("Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
490 PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
494 * Test TCP remove with port (All TCP) and CIDR selected.
497 public void testProgramPortSecurityACLRuleRemoveTcpAll1() throws Exception {
498 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
499 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
500 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
501 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
502 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
503 any(NodeBuilder.class));
505 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
508 Match match = flowBuilder.getMatch();
509 EthernetMatch ethMatch = match.getEthernetMatch();
510 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
512 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
513 Assert.assertEquals("Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
514 PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
518 * Test TCP add with port (All TCP) and remote SG selected.
521 public void testProgramPortSecurityACLRuleAddTcpAll2() throws Exception {
522 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
523 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
524 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
525 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
526 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
527 any(NodeBuilder.class));
528 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
531 Match match = flowBuilder.getMatch();
532 EthernetMatch ethMatch = match.getEthernetMatch();
533 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
535 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
536 String expectedFlowId1 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
537 PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
538 String expectedFlowId2 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
539 PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
540 String actualFlowId = flowBuilder.getFlowName();
541 if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
542 Assert.assertTrue(true);
544 Assert.assertTrue(false);
549 * Test TCP remove with port (All TCP) and remote SG selected.
552 public void testProgramPortSecurityACLRuleRemoveTcpAll2() throws Exception {
553 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
554 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
555 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
556 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
557 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
558 any(NodeBuilder.class));
560 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
563 Match match = flowBuilder.getMatch();
564 EthernetMatch ethMatch = match.getEthernetMatch();
565 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
567 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
568 TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
569 String expectedFlowId1 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + PORT_RANGE_MIN + "_" +
570 PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
571 String expectedFlowId2 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + PORT_RANGE_MIN + "_" +
572 PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
573 String actualFlowId = flowBuilder.getFlowName();
574 if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
575 Assert.assertTrue(true);
577 Assert.assertTrue(false);
582 * Test UDP add with port no and CIDR selected.
585 public void testProgramPortSecurityACLRuleAddUdp1() throws Exception {
586 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
587 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
588 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
589 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
590 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
591 any(NodeBuilder.class));
593 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
596 Match match = flowBuilder.getMatch();
597 EthernetMatch ethMatch = match.getEthernetMatch();
598 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
600 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
601 UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
602 Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
603 int port = portSecurityRule.getSecurityRulePortMin();
604 Assert.assertEquals("Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
605 "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
609 * Test UDP remove with port no and CIDR selected.
612 public void testProgramPortSecurityACLRuleRemoveUdp1() throws Exception {
613 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
614 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
615 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
616 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
617 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
618 any(NodeBuilder.class));
620 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
623 Match match = flowBuilder.getMatch();
624 EthernetMatch ethMatch = match.getEthernetMatch();
625 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
627 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
628 UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
629 Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
630 int port = portSecurityRule.getSecurityRulePortMin();
631 Assert.assertEquals("Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
632 "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
636 * Test UDP add with port no and remote SG selected.
639 public void testProgramPortSecurityACLRuleAddUdp2() throws Exception {
640 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
641 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
642 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
643 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
644 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
645 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
646 any(NodeBuilder.class));
647 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
650 Match match = flowBuilder.getMatch();
651 EthernetMatch ethMatch = match.getEthernetMatch();
652 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
654 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
655 UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
656 Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
657 int port = portSecurityRule.getSecurityRulePortMin();
658 String expectedFlowId1 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_1 +
660 String expectedFlowId2 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_2 +
662 String actualFlowId = flowBuilder.getFlowName();
663 if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
664 Assert.assertTrue(true);
666 Assert.assertTrue(false);
671 * Test UDP remove with port no and remote SG selected.
674 public void testProgramPortSecurityACLRuleRemoveUdp2() throws Exception {
675 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
676 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
677 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
678 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
679 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
680 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
681 any(NodeBuilder.class));
682 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
685 Match match = flowBuilder.getMatch();
686 EthernetMatch ethMatch = match.getEthernetMatch();
687 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
689 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
690 UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
691 Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
692 int port = portSecurityRule.getSecurityRulePortMin();
693 String expectedFlowId1 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_1 +
695 String expectedFlowId2 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_2 +
697 String actualFlowId = flowBuilder.getFlowName();
698 if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
699 Assert.assertTrue(true);
701 Assert.assertTrue(false);
706 * Test UDP add with ports (All UDP) and CIDR selected.
709 public void testProgramPortSecurityACLRuleAddUdpAll1() throws Exception {
710 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
711 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
712 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
713 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
714 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
715 any(NodeBuilder.class));
717 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
720 Match match = flowBuilder.getMatch();
721 EthernetMatch ethMatch = match.getEthernetMatch();
722 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
724 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
725 Assert.assertEquals("Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
726 PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
730 * Test UDP remove with ports (All UDP) and CIDR selected.
733 public void testProgramPortSecurityACLRuleRemoveUdpAll1() throws Exception {
734 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
735 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
736 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
737 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
738 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
739 any(NodeBuilder.class));
741 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
744 Match match = flowBuilder.getMatch();
745 EthernetMatch ethMatch = match.getEthernetMatch();
746 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
748 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
749 Assert.assertEquals("Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
750 PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
754 * Test UDP add with ports (All UDP) and remote SG selected.
757 public void testProgramPortSecurityACLRuleAddUdpAll2() throws Exception {
758 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
759 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
760 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
761 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
762 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
763 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
764 any(NodeBuilder.class));
765 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
768 Match match = flowBuilder.getMatch();
769 EthernetMatch ethMatch = match.getEthernetMatch();
770 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
772 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
773 String expectedFlowId1 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + PORT_RANGE_MIN + "_" +
774 PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
775 String expectedFlowId2 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + PORT_RANGE_MIN + "_" +
776 PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
777 String actualFlowId = flowBuilder.getFlowName();
778 if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
779 Assert.assertTrue(true);
781 Assert.assertTrue(false);
786 * Test UDP remove with ports (All UDP) and remote SG selected.
789 public void testProgramPortSecurityACLRuleRemoveUdpAll2() throws Exception {
790 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
791 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
792 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
793 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
794 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
795 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
796 any(NodeBuilder.class));
797 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
800 Match match = flowBuilder.getMatch();
801 EthernetMatch ethMatch = match.getEthernetMatch();
802 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
804 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
805 String expectedFlowId1 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + PORT_RANGE_MIN + "_" +
806 PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
807 String expectedFlowId2 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + PORT_RANGE_MIN + "_" +
808 PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
809 String actualFlowId = flowBuilder.getFlowName();
810 if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
811 Assert.assertTrue(true);
813 Assert.assertTrue(false);
818 * Test ICMP add with code, type and CIDR selected.
821 public void testProgramPortSecurityACLRuleAddIcmp1() throws Exception {
822 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
823 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(10);
824 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(10);
825 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
827 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
828 any(NodeBuilder.class));
829 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID,
830 MAC_ADDRESS, LOCAL_PORT, securityGroup, PORT_UUID, true);
831 Match match = flowBuilder.getMatch();
832 Icmpv4Match icmpv4Match = match.getIcmpv4Match();
833 Assert.assertEquals(10, icmpv4Match.getIcmpv4Type().shortValue());
834 Assert.assertEquals(10, icmpv4Match.getIcmpv4Code().shortValue());
835 EthernetMatch ethMatch = match.getEthernetMatch();
836 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
837 Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
838 Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
839 Assert.assertEquals("Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code
840 + "_0.0.0.0/24_Permit",
841 flowBuilder.getFlowName());
845 * Test ICMP remove with code, type and CIDR selected.
848 public void testProgramPortSecurityACLRuleRemoveIcmp1() throws Exception {
849 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
850 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(20);
851 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(20);
852 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
853 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
854 any(NodeBuilder.class));
856 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID,
857 MAC_ADDRESS, LOCAL_PORT, securityGroup, PORT_UUID, false);
858 Match match = flowBuilder.getMatch();
859 Icmpv4Match icmpv4Match = match.getIcmpv4Match();
860 Assert.assertEquals(20, icmpv4Match.getIcmpv4Type().shortValue());
861 Assert.assertEquals(20, icmpv4Match.getIcmpv4Code().shortValue());
862 EthernetMatch ethMatch = match.getEthernetMatch();
863 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
864 Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
865 Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
866 Assert.assertEquals("Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code
867 + "_0.0.0.0/24_Permit",
868 flowBuilder.getFlowName());
872 * Test ICMP add with code, type and remote SG selected.
875 public void testProgramPortSecurityACLRuleAddIcmp2() throws Exception {
876 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
877 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(30);
878 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(30);
879 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
880 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
881 any(NodeBuilder.class));
883 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID,
884 MAC_ADDRESS, LOCAL_PORT, securityGroup, PORT_UUID, true);
885 Match match = flowBuilder.getMatch();
886 Icmpv4Match icmpv4Match =match.getIcmpv4Match();
887 Assert.assertEquals(30, icmpv4Match.getIcmpv4Type().shortValue());
888 Assert.assertEquals(30, icmpv4Match.getIcmpv4Code().shortValue());
889 EthernetMatch ethMatch = match.getEthernetMatch();
890 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
891 Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
892 Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
893 String expectedFlowId1 = "Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + type + "_" + code + "_"
894 + DEST_IP_1 + "_Permit";
895 String expectedFlowId2 = "Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + type + "_" + code + "_"
896 + DEST_IP_2 + "_Permit";
897 String actualFlowId = flowBuilder.getFlowName();
898 if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
899 Assert.assertTrue(true);
901 Assert.assertTrue(false);
906 * Test ICMP remove with code, type and remote SG selected.
909 public void testProgramPortSecurityACLRuleRemoveIcmp2() throws Exception {
910 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
911 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(40);
912 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(40);
913 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
914 PowerMockito.doAnswer(answer())
915 .when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class), any(NodeBuilder.class));
917 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID,
918 MAC_ADDRESS, LOCAL_PORT, securityGroup, PORT_UUID, false);
919 Match match = flowBuilder.getMatch();
920 Icmpv4Match icmpv4Match = match.getIcmpv4Match();
921 Assert.assertEquals(40, icmpv4Match.getIcmpv4Type().shortValue());
922 Assert.assertEquals(40, icmpv4Match.getIcmpv4Code().shortValue());
923 EthernetMatch ethMatch = match.getEthernetMatch();
924 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
925 Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
926 Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
927 String expectedFlowId1 = "Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + type + "_" + code + "_"
928 + DEST_IP_1 + "_Permit";
929 String expectedFlowId2 = "Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + type + "_" + code + "_"
930 + DEST_IP_2 + "_Permit";
931 String actualFlowId = flowBuilder.getFlowName();
932 if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
933 Assert.assertTrue(true);
935 Assert.assertTrue(false);
940 * Test IPv4 invalid ether type test case.
943 public void testProgramPortSecurityACLRuleInvalidEther() throws Exception {
944 when(portSecurityRule.getSecurityRuleEthertype()).thenReturn("IPV6");
946 ingressAclServiceSpy.programPortSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,PORT_UUID,false);
948 verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
949 verify(writeTransaction, times(0)).submit();
950 verify(commitFuture, times(0)).get();
954 * Test IPv4 invalid direction type test case.
957 public void testProgramPortSecurityACLRuleInvalidDirection() throws Exception {
958 when(portSecurityRule.getSecurityRuleDirection()).thenReturn("edgress");
960 ingressAclServiceSpy.programPortSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,PORT_UUID,false);
962 verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
963 verify(writeTransaction, times(0)).submit();
964 verify(commitFuture, times(0)).get();
968 * Test With isLastPortInBridge false isComputeNode false
971 public void testProgramFixedSecurityACLAdd1() throws Exception {
972 ingressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, false, false, true);
974 verify(writeTransaction, times(0)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
975 verify(writeTransaction, times(0)).submit();
976 verify(commitFuture, times(0)).get();
979 * Test With isLastPortInBridge false isComputeNode false
982 public void testProgramFixedSecurityACLRemove1() throws Exception {
984 ingressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, false, false, false);
986 verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
987 verify(writeTransaction, times(0)).submit();
988 verify(commitFuture, times(0)).get();
992 * Test method {@link IgressAclService#egressACLDefaultTcpDrop(Long, String, String, int, boolean)}
995 public void testIgressACLDefaultTcpDrop() throws Exception {
996 ingressAclService.ingressACLDefaultTcpDrop(123L, SEGMENTATION_ID, MAC_ADDRESS, PRIORITY, true);
997 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
998 verify(writeTransaction, times(1)).submit();
999 verify(commitFuture, times(1)).get();
1001 ingressAclService.ingressACLDefaultTcpDrop(123L, SEGMENTATION_ID, MAC_ADDRESS, PRIORITY, false);
1002 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1003 verify(writeTransaction, times(2)).submit();
1004 verify(commitFuture, times(2)).get(); // 1 + 1 above
1008 * Test method {@link IgressAclService#ingressACLTcpPortWithPrefix(Long, String, String, boolean, Integer, String, Integer)}
1011 public void testIngressACLTcpPortWithPrefix() throws Exception {
1012 ingressAclService.ingressACLTcpPortWithPrefix(123L, SEGMENTATION_ID, MAC_ADDRESS, true, 1, HOST_ADDRESS, PRIORITY);
1013 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
1014 verify(writeTransaction, times(1)).submit();
1015 verify(commitFuture, times(1)).get();
1017 ingressAclService.ingressACLTcpPortWithPrefix(123L, SEGMENTATION_ID, MAC_ADDRESS, false, 1, HOST_ADDRESS, PRIORITY);
1018 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1019 verify(writeTransaction, times(2)).submit();
1020 verify(commitFuture, times(2)).get(); // 1 + 1 above
1024 * Test method {@link IgressAclService#handleIngressAllowProto(Long, String, String, boolean, String, Integer)}
1027 public void testIngressAllowProto() throws Exception {
1028 ingressAclService.handleIngressAllowProto(123L, SEGMENTATION_ID, MAC_ADDRESS, true, HOST_ADDRESS, PRIORITY);
1029 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
1030 verify(writeTransaction, times(1)).submit();
1031 verify(commitFuture, times(1)).get();
1033 ingressAclService.handleIngressAllowProto(123L, SEGMENTATION_ID, MAC_ADDRESS, false, HOST_ADDRESS, PRIORITY);
1034 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1035 verify(writeTransaction, times(2)).submit();
1036 verify(commitFuture, times(2)).get(); // 1 + 1 above
1040 * Test method {@link IgressAclService#ingressACLPermitAllProto(Long, String, String, boolean, String, Integer)}
1043 public void testIngressACLPermitAllProto() throws Exception {
1044 ingressAclService.ingressACLPermitAllProto(123L, SEGMENTATION_ID, MAC_ADDRESS, true, HOST_ADDRESS, PRIORITY);
1045 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
1046 verify(writeTransaction, times(1)).submit();
1047 verify(commitFuture, times(1)).get();
1049 ingressAclService.ingressACLPermitAllProto(123L, SEGMENTATION_ID, MAC_ADDRESS, false, HOST_ADDRESS, PRIORITY);
1050 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1051 verify(writeTransaction, times(2)).submit();
1052 verify(commitFuture, times(2)).get(); // 1 + 1 above
1056 * Test method {@link IgressAclService#ingressACLTcpSyn(Long, String, String, boolean, Integer, Integer)}
1059 public void testIngressACLTcpSyn() throws Exception {
1060 ingressAclService.ingressACLTcpSyn(123L, SEGMENTATION_ID, MAC_ADDRESS, true, 1, PRIORITY);
1061 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
1062 verify(writeTransaction, times(1)).submit();
1063 verify(commitFuture, times(1)).get();
1065 ingressAclService.ingressACLTcpSyn(123L, SEGMENTATION_ID, MAC_ADDRESS, false, 1, PRIORITY);
1066 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1067 verify(writeTransaction, times(2)).submit();
1068 verify(commitFuture, times(2)).get(); // 1 + 1 above