openstack/net-virt-providers/src/test/java/org/opendaylight/ovsdb/openstack/netvirt/providers/openflow13/services/IngressAclServiceTest.java

   1 /*
   2  * Copyright (c) 2015 Inocybe and others.  All rights reserved.
   3  *
   4  * This program and the accompanying materials are made available under the
   5  * terms of the Eclipse Public License v1.0 which accompanies this distribution,
   6  * and is available at http://www.eclipse.org/legal/epl-v10.html
   7  */
   8
   9 package org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.services;
  10
  11 import static org.mockito.Matchers.any;
  12 import static org.mockito.Matchers.anyBoolean;
  13 import static org.mockito.Matchers.eq;
  14 import static org.mockito.Mockito.mock;
  15 import static org.mockito.Mockito.times;
  16 import static org.mockito.Mockito.verify;
  17 import static org.mockito.Mockito.when;
  18
  19 import java.util.ArrayList;
  20 import java.util.List;
  21
  22 import org.junit.Assert;
  23 import org.junit.Before;
  24 import org.junit.Test;
  25 import org.junit.runner.RunWith;
  26 import org.mockito.InjectMocks;
  27 import org.mockito.Mock;
  28 import org.mockito.invocation.InvocationOnMock;
  29 import org.mockito.stubbing.Answer;
  30 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
  31 import org.opendaylight.controller.md.sal.binding.api.WriteTransaction;
  32 import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
  33 import org.opendaylight.controller.md.sal.common.api.data.TransactionCommitFailedException;
  34 import org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronSecurityGroup;
  35 import org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronSecurityRule;
  36 import org.opendaylight.ovsdb.openstack.netvirt.translator.Neutron_IPs;
  37 import org.opendaylight.ovsdb.openstack.netvirt.api.SecurityGroupCacheManger;
  38 import org.opendaylight.ovsdb.openstack.netvirt.api.SecurityServicesManager;
  39 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.PipelineOrchestrator;
  40 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.Service;
  41 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.inventory.rev130819.tables.table.FlowBuilder;
  42 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.nodes.Node;
  43 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.nodes.NodeBuilder;
  44 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.Match;
  45 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.EthernetMatch;
  46 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.Icmpv4Match;
  47 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._4.match.TcpMatch;
  48 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._4.match.UdpMatch;
  49 import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
  50 import org.powermock.api.mockito.PowerMockito;
  51 import org.powermock.modules.junit4.PowerMockRunner;
  52
  53 import com.google.common.util.concurrent.CheckedFuture;
  54
  55 /**
  56  * Unit test fort {@link IngressAclService}
  57  */
  58 @RunWith(PowerMockRunner.class)
  59 @SuppressWarnings("unchecked")
  60 public class IngressAclServiceTest {
  61
  62     @InjectMocks private IngressAclService ingressAclService = new IngressAclService();
  63     private IngressAclService ingressAclServiceSpy;
  64
  65     @Mock private DataBroker dataBroker;
  66     @Mock private PipelineOrchestrator orchestrator;
  67
  68     @Mock private WriteTransaction writeTransaction;
  69     @Mock private CheckedFuture<Void, TransactionCommitFailedException> commitFuture;
  70
  71     @Mock private NeutronSecurityGroup securityGroup;
  72     @Mock private NeutronSecurityRule portSecurityRule;
  73     @Mock private SecurityServicesManager securityServices;
  74     @Mock private SecurityGroupCacheManger securityGroupCacheManger;
  75
  76     private List<Neutron_IPs> neutronSrcIpList = new ArrayList<>();
  77     private List<Neutron_IPs> neutronDestIpList = new ArrayList<>();
  78     private Neutron_IPs neutron_ip_src;
  79     private Neutron_IPs neutron_ip_dest_1;
  80     private Neutron_IPs neutron_ip_dest_2;
  81
  82     private static final String SEGMENTATION_ID = "2";
  83     private static final int PRIORITY = 1;
  84     private static final String HOST_ADDRESS = "127.0.0.1/32";
  85     private static final String MAC_ADDRESS = "87:1D:5E:02:40:B8";
  86     private static final String SRC_IP = "192.168.0.1";
  87     private static final String DEST_IP_1 = "192.169.0.1";
  88     private static final String DEST_IP_2 = "192.169.0.2";
  89     private static final String SECURITY_GROUP_UUID = "85cc3048-abc3-43cc-89b3-377341426ac5";
  90     private static final String PORT_UUID = "95cc3048-abc3-43cc-89b3-377341426ac5";
  91     private static final String SEGMENT_ID = "2";
  92     private static final Long DP_ID_LONG = (long) 1554;
  93     private static final Long LOCAL_PORT = (long) 124;
  94     private static final int PORT_RANGE_MIN = 1;
  95     private static final int PORT_RANGE_MAX = 65535;
  96     private static FlowBuilder flowBuilder;
  97     private static NodeBuilder nodeBuilder;
  98
  99     private static Answer<Object> answer() {
 100         return new Answer<Object>() {
 101             @Override
 102             public CheckedFuture<Void, TransactionCommitFailedException> answer(InvocationOnMock invocation)
 103                     throws Throwable {
 104                 flowBuilder = (FlowBuilder) invocation.getArguments()[0];
 105                 nodeBuilder = (NodeBuilder) invocation.getArguments()[1];
 106                 return null;
 107             }
 108         };
 109     }
 110
 111     @Before
 112     public void setUp() {
 113         ingressAclServiceSpy = PowerMockito.spy(ingressAclService);
 114
 115         when(writeTransaction.submit()).thenReturn(commitFuture);
 116
 117         when(dataBroker.newWriteOnlyTransaction()).thenReturn(writeTransaction);
 118
 119         when(orchestrator.getNextServiceInPipeline(any(Service.class))).thenReturn(Service.ARP_RESPONDER);
 120
 121         portSecurityRule = mock(NeutronSecurityRule.class);
 122         when(portSecurityRule.getSecurityRuleEthertype()).thenReturn("IPv4");
 123         when(portSecurityRule.getSecurityRuleDirection()).thenReturn("ingress");
 124
 125         List<NeutronSecurityRule> portSecurityList = new ArrayList<>();
 126         portSecurityList.add(portSecurityRule);
 127
 128         neutron_ip_src = new Neutron_IPs();
 129         neutron_ip_src.setIpAddress(SRC_IP);
 130         neutronSrcIpList.add(neutron_ip_src);
 131
 132         neutron_ip_dest_1 = new Neutron_IPs();
 133         neutron_ip_dest_1.setIpAddress(DEST_IP_1);
 134         neutronDestIpList.add(neutron_ip_dest_1);
 135
 136         neutron_ip_dest_2 = new Neutron_IPs();
 137         neutron_ip_dest_2.setIpAddress(DEST_IP_2);
 138         neutronDestIpList.add(neutron_ip_dest_2);
 139
 140
 141         when(securityGroup.getSecurityRules()).thenReturn(portSecurityList);
 142         when(securityServices.getVmListForSecurityGroup
 143              (PORT_UUID, SECURITY_GROUP_UUID)).thenReturn(neutronDestIpList);
 144     }
 145
 146    /* *//**
 147      * Rule 1: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (True), IP Prefix (True)
 148      *//*
 149     @Test
 150     public void testProgramPortSecurityACLRule1() throws Exception {
 151         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 152         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(1);
 153         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
 154         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
 155
 156         ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
 157         verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 158         verify(ingressAclServiceSpy, times(1)).ingressACLTcpPortWithPrefix(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyString(), anyInt());
 159         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 160         verify(writeTransaction, times(2)).submit();
 161         verify(commitFuture, times(2)).get();
 162     }
 163
 164
 165     *//**
 166      * Rule 2: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (False), IP Prefix (True)
 167      *//*
 168     @Test
 169     public void testProgramPortSecurityACLRule2() throws Exception {
 170         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 171         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 172         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
 173         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
 174
 175         ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
 176         verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 177         verify(ingressAclServiceSpy, times(1)).ingressACLTcpPortWithPrefix(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyString(), anyInt());
 178         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 179         verify(writeTransaction, times(2)).submit();
 180         verify(commitFuture, times(2)).get();
 181     }
 182
 183     *//**
 184      * Rule 3: TCP Proto (True), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (True)
 185      *//*
 186     @Test
 187     public void testProgramPortSecurityACLRule3() throws Exception {
 188         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 189         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 190         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
 191         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
 192
 193         ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
 194         verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 195         verify(ingressAclServiceSpy, times(1)).ingressACLPermitAllProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
 196         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 197         verify(writeTransaction, times(2)).submit();
 198         verify(commitFuture, times(2)).get();
 199     }
 200
 201     *//**
 202      * Rule 4: TCP Proto (False), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (True)
 203      *//*
 204     @Test
 205     public void testProgramPortSecurityACLRule4() throws Exception {
 206         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
 207         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 208         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
 209         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
 210
 211         ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
 212         verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 213         verify(ingressAclServiceSpy, times(1)).ingressACLPermitAllProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
 214         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 215         verify(writeTransaction, times(2)).submit();
 216         verify(commitFuture, times(2)).get();
 217     }
 218
 219     *//**
 220      * Rule 5: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (True), IP Prefix (False)
 221      *//*
 222     @Test
 223     public void testProgramPortSecurityACLRule5() throws Exception {
 224         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 225         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(1);
 226         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
 227         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
 228
 229         ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
 230         verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 231         verify(ingressAclServiceSpy, times(1)).ingressACLTcpSyn(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyInt());
 232         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 233         verify(writeTransaction, times(2)).submit();
 234         verify(commitFuture, times(2)).get();
 235     }
 236
 237     *//**
 238      * Rule 6: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (False), IP Prefix (False)
 239      *//*
 240     @Test
 241     public void testProgramPortSecurityACLRule6() throws Exception {
 242         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 243         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 244         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
 245         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
 246
 247         ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
 248         verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 249         verify(ingressAclServiceSpy, times(1)).ingressACLTcpSyn(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyInt());
 250         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 251         verify(writeTransaction, times(2)).submit();
 252         verify(commitFuture, times(2)).get();
 253     }
 254
 255     *//**
 256      * Rule 7: TCP Proto (True), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (False or 0.0.0.0/0)
 257      *//*
 258     @Test
 259     public void testProgramPortSecurityACLRule7() throws Exception {
 260         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 261         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 262         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
 263         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
 264
 265         ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
 266         verify(ingressAclServiceSpy, times(1)).handleIngressAllowProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
 267         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 268         verify(writeTransaction, times(1)).submit();
 269         verify(commitFuture, times(1)).get();
 270     }
 271 */
 272     /**
 273      * Test method {@link EgressAclService#programPortSecurityGroup(java.lang.Long, java.lang.String,
 274      * java.lang.String, long, org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronSecurityGroup,
 275      * java.lang.String, boolean)} when portSecurityRule is incomplete
 276      */
 277     @Test
 278     public void testProgramPortSecurityGroupWithIncompleteRule() throws Exception {
 279         NeutronSecurityRule portSecurityRule1 = mock(NeutronSecurityRule.class);
 280         when(portSecurityRule1.getSecurityRuleEthertype()).thenReturn("IPv4");
 281         when(portSecurityRule1.getSecurityRuleDirection()).thenReturn("not_ingress");  // other direction
 282
 283         NeutronSecurityRule portSecurityRule2 = mock(NeutronSecurityRule.class);
 284         when(portSecurityRule2.getSecurityRuleEthertype()).thenReturn(null);
 285         when(portSecurityRule2.getSecurityRuleDirection()).thenReturn("ingress");
 286
 287         NeutronSecurityRule portSecurityRule3 = mock(NeutronSecurityRule.class);
 288         when(portSecurityRule3.getSecurityRuleEthertype()).thenReturn("IPv4");
 289         when(portSecurityRule3.getSecurityRuleDirection()).thenReturn(null);
 290
 291         NeutronSecurityRule portSecurityRule4 = mock(NeutronSecurityRule.class);
 292         when(portSecurityRule4.getSecurityRuleEthertype()).thenReturn(null);
 293         when(portSecurityRule4.getSecurityRuleDirection()).thenReturn(null);
 294
 295         List<NeutronSecurityRule> portSecurityList = new ArrayList<>();
 296         portSecurityList.add(null);
 297         portSecurityList.add(portSecurityRule1);
 298         portSecurityList.add(portSecurityRule2);
 299         portSecurityList.add(portSecurityRule3);
 300         portSecurityList.add(portSecurityRule4);
 301
 302         NeutronSecurityGroup localSecurityGroup = mock(NeutronSecurityGroup.class);
 303         when(localSecurityGroup.getSecurityRules()).thenReturn(portSecurityList);
 304
 305         ingressAclServiceSpy.programPortSecurityGroup(
 306                 Long.valueOf(1554), "2", MAC_ADDRESS, 124, localSecurityGroup, PORT_UUID, false);
 307     }
 308
 309     /**
 310      *  Test IPv4 add test case.
 311      */
 312     @Test
 313     public void testProgramPortSecurityACLRuleAddIpv4() throws Exception {
 314         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
 315         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 316         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
 317         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
 318
 319         ingressAclServiceSpy.programPortSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,PORT_UUID,true);
 320
 321         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
 322         verify(writeTransaction, times(1)).submit();
 323         verify(commitFuture, times(1)).get();
 324     }
 325
 326     /**
 327      *  Test IPv4 remove test case.
 328      */
 329     @Test
 330     public void testProgramPortSecurityACLRuleRemoveIpv4() throws Exception {
 331         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
 332         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 333         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
 334         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
 335
 336         ingressAclServiceSpy.programPortSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,PORT_UUID,false);
 337
 338         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 339         verify(writeTransaction, times(1)).submit();
 340         verify(commitFuture, times(1)).get();
 341     }
 342
 343     /**
 344      *  Test TCP add with port no and CIDR selected.
 345      */
 346     @Test
 347     public void testProgramPortSecurityACLRuleAddTcp1() throws Exception {
 348         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 349         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(20);
 350         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(20);
 351         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 352         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 353                                              any(NodeBuilder.class));
 354
 355         ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 356                                                       PORT_UUID, true);
 357
 358         Match match = flowBuilder.getMatch();
 359         EthernetMatch ethMatch = match.getEthernetMatch();
 360         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 361
 362         Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
 363         TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
 364         Assert.assertEquals(20, layer4Match.getTcpDestinationPort().getValue().intValue());
 365         int port = portSecurityRule.getSecurityRulePortMin();
 366         Assert.assertEquals("Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
 367                             "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
 368     }
 369
 370     /**
 371      *  Test TCP remove with port no and CIDR selected.
 372      */
 373     @Test
 374     public void testProgramPortSecurityACLRuleRemoveTcp1() throws Exception {
 375         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 376         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(15);
 377         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(15);
 378         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 379         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 380                                              any(NodeBuilder.class));
 381
 382         ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 383                                                       PORT_UUID, false);
 384
 385         Match match = flowBuilder.getMatch();
 386         EthernetMatch ethMatch = match.getEthernetMatch();
 387         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 388
 389         Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
 390         TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
 391         Assert.assertEquals(15, layer4Match.getTcpDestinationPort().getValue().intValue());
 392         int port = portSecurityRule.getSecurityRulePortMin();
 393         Assert.assertEquals("Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
 394                             "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
 395     }
 396
 397     /**
 398      *  Test TCP add with port no and remote SG selected.
 399      */
 400     @Test
 401     public void testProgramPortSecurityACLRuleAddTcp2() throws Exception {
 402         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 403         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
 404         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
 405         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 406         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 407         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 408                                              any(NodeBuilder.class));
 409         ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 410                                                       PORT_UUID, true);
 411
 412         Match match = flowBuilder.getMatch();
 413         EthernetMatch ethMatch = match.getEthernetMatch();
 414         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 415
 416         Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
 417         TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
 418         Assert.assertEquals(50, layer4Match.getTcpDestinationPort().getValue().intValue());
 419         int port = portSecurityRule.getSecurityRulePortMin();
 420         String expectedFlowId1 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_1 +
 421                 "_Permit";
 422         String expectedFlowId2 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_2 +
 423                 "_Permit";
 424         String actualFlowId = flowBuilder.getFlowName();
 425         if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 426             Assert.assertTrue(true);
 427         } else {
 428             Assert.assertTrue(false);
 429         }
 430     }
 431
 432     /**
 433      *  Test TCP remove with port no and remote SG selected.
 434      */
 435     @Test
 436     public void testProgramPortSecurityACLRuleRemoveTcp2() throws Exception {
 437         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 438         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
 439         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
 440         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 441         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 442         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 443                                              any(NodeBuilder.class));
 444
 445         ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 446                                                       PORT_UUID, false);
 447
 448         Match match = flowBuilder.getMatch();
 449         EthernetMatch ethMatch = match.getEthernetMatch();
 450         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 451
 452         Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
 453         TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
 454         Assert.assertEquals(50, layer4Match.getTcpDestinationPort().getValue().intValue());
 455         int port = portSecurityRule.getSecurityRulePortMin();
 456         String expectedFlowId1 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_1 +
 457                 "_Permit";
 458         String expectedFlowId2 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_2 +
 459                 "_Permit";
 460         String actualFlowId = flowBuilder.getFlowName();
 461         if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 462             Assert.assertTrue(true);
 463         } else {
 464             Assert.assertTrue(false);
 465         }
 466     }
 467
 468
 469     /**
 470      *  Test TCP add with port (All TCP) and CIDR selected.
 471      */
 472     @Test
 473     public void testProgramPortSecurityACLRuleAddTcpAll1() throws Exception {
 474         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 475         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
 476         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
 477         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 478         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 479                                              any(NodeBuilder.class));
 480
 481         ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 482                                                       PORT_UUID, true);
 483
 484         Match match = flowBuilder.getMatch();
 485         EthernetMatch ethMatch = match.getEthernetMatch();
 486         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 487
 488         Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
 489         Assert.assertEquals("Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
 490                             PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
 491     }
 492
 493     /**
 494      *  Test TCP remove with port (All TCP) and CIDR selected.
 495      */
 496     @Test
 497     public void testProgramPortSecurityACLRuleRemoveTcpAll1() throws Exception {
 498         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 499         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
 500         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
 501         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 502         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 503                                              any(NodeBuilder.class));
 504
 505         ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 506                                                       PORT_UUID, false);
 507
 508         Match match = flowBuilder.getMatch();
 509         EthernetMatch ethMatch = match.getEthernetMatch();
 510         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 511
 512         Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
 513         Assert.assertEquals("Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
 514                             PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
 515     }
 516
 517     /**
 518      *  Test TCP add with port (All TCP) and remote SG selected.
 519      */
 520     @Test
 521     public void testProgramPortSecurityACLRuleAddTcpAll2() throws Exception {
 522         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 523         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
 524         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
 525         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 526         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 527                                              any(NodeBuilder.class));
 528         ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 529                                                       PORT_UUID, true);
 530
 531         Match match = flowBuilder.getMatch();
 532         EthernetMatch ethMatch = match.getEthernetMatch();
 533         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 534
 535         Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
 536         String expectedFlowId1 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
 537                             PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
 538         String expectedFlowId2 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
 539                 PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
 540         String actualFlowId = flowBuilder.getFlowName();
 541         if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 542             Assert.assertTrue(true);
 543         } else {
 544             Assert.assertTrue(false);
 545         }
 546     }
 547
 548     /**
 549      *  Test TCP remove with port (All TCP) and remote SG selected.
 550      */
 551     @Test
 552     public void testProgramPortSecurityACLRuleRemoveTcpAll2() throws Exception {
 553         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 554         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
 555         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
 556         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 557         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 558                                              any(NodeBuilder.class));
 559
 560         ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 561                                                       PORT_UUID, false);
 562
 563         Match match = flowBuilder.getMatch();
 564         EthernetMatch ethMatch = match.getEthernetMatch();
 565         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 566
 567         Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
 568         TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
 569         String expectedFlowId1 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + PORT_RANGE_MIN + "_" +
 570                                 PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
 571         String expectedFlowId2 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + PORT_RANGE_MIN + "_" +
 572                                 PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
 573         String actualFlowId = flowBuilder.getFlowName();
 574         if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 575             Assert.assertTrue(true);
 576         } else {
 577             Assert.assertTrue(false);
 578         }
 579     }
 580
 581     /**
 582      *  Test UDP add with port no and CIDR selected.
 583      */
 584     @Test
 585     public void testProgramPortSecurityACLRuleAddUdp1() throws Exception {
 586         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
 587         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
 588         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
 589         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 590         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 591                                              any(NodeBuilder.class));
 592
 593         ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 594                                                       PORT_UUID, true);
 595
 596         Match match = flowBuilder.getMatch();
 597         EthernetMatch ethMatch = match.getEthernetMatch();
 598         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 599
 600         Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
 601         UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
 602         Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
 603         int port = portSecurityRule.getSecurityRulePortMin();
 604         Assert.assertEquals("Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
 605                             "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
 606     }
 607
 608     /**
 609      *  Test UDP remove with port no and CIDR selected.
 610      */
 611     @Test
 612     public void testProgramPortSecurityACLRuleRemoveUdp1() throws Exception {
 613         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
 614         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
 615         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
 616         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 617         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 618                                              any(NodeBuilder.class));
 619
 620         ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 621                                                       PORT_UUID, false);
 622
 623         Match match = flowBuilder.getMatch();
 624         EthernetMatch ethMatch = match.getEthernetMatch();
 625         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 626
 627         Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
 628         UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
 629         Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
 630         int port = portSecurityRule.getSecurityRulePortMin();
 631         Assert.assertEquals("Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
 632                             "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
 633     }
 634
 635     /**
 636      *  Test UDP add with port no and remote SG selected.
 637      */
 638     @Test
 639     public void testProgramPortSecurityACLRuleAddUdp2() throws Exception {
 640         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
 641         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
 642         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
 643         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 644         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 645         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 646                                              any(NodeBuilder.class));
 647         ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 648                                                       PORT_UUID, true);
 649
 650         Match match = flowBuilder.getMatch();
 651         EthernetMatch ethMatch = match.getEthernetMatch();
 652         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 653
 654         Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
 655         UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
 656         Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
 657         int port = portSecurityRule.getSecurityRulePortMin();
 658         String expectedFlowId1 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_1 +
 659                 "_Permit";
 660         String expectedFlowId2 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_2 +
 661                 "_Permit";
 662         String actualFlowId = flowBuilder.getFlowName();
 663         if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 664             Assert.assertTrue(true);
 665         } else {
 666             Assert.assertTrue(false);
 667         }
 668     }
 669
 670     /**
 671      *  Test UDP remove with port no and remote SG selected.
 672      */
 673     @Test
 674     public void testProgramPortSecurityACLRuleRemoveUdp2() throws Exception {
 675         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
 676         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
 677         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
 678         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 679         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 680         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 681                                              any(NodeBuilder.class));
 682         ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 683                                                       PORT_UUID, false);
 684
 685         Match match = flowBuilder.getMatch();
 686         EthernetMatch ethMatch = match.getEthernetMatch();
 687         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 688
 689         Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
 690         UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
 691         Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
 692         int port = portSecurityRule.getSecurityRulePortMin();
 693         String expectedFlowId1 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_1 +
 694                 "_Permit";
 695         String expectedFlowId2 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_2 +
 696                 "_Permit";
 697         String actualFlowId = flowBuilder.getFlowName();
 698         if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 699             Assert.assertTrue(true);
 700         } else {
 701             Assert.assertTrue(false);
 702         }
 703     }
 704
 705     /**
 706      *  Test UDP add with ports (All UDP) and CIDR selected.
 707      */
 708     @Test
 709     public void testProgramPortSecurityACLRuleAddUdpAll1() throws Exception {
 710         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
 711         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
 712         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
 713         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 714         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 715                                              any(NodeBuilder.class));
 716
 717         ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 718                                                       PORT_UUID, true);
 719
 720         Match match = flowBuilder.getMatch();
 721         EthernetMatch ethMatch = match.getEthernetMatch();
 722         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 723
 724         Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
 725         Assert.assertEquals("Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN  + "_" +
 726                             PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
 727     }
 728
 729     /**
 730      *  Test UDP remove with ports (All UDP) and CIDR selected.
 731      */
 732     @Test
 733     public void testProgramPortSecurityACLRuleRemoveUdpAll1() throws Exception {
 734         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
 735         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
 736         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
 737         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 738         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 739                                              any(NodeBuilder.class));
 740
 741         ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 742                                                       PORT_UUID, false);
 743
 744         Match match = flowBuilder.getMatch();
 745         EthernetMatch ethMatch = match.getEthernetMatch();
 746         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 747
 748         Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
 749         Assert.assertEquals("Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN  + "_" +
 750                 PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
 751     }
 752
 753     /**
 754      *  Test UDP add with ports (All UDP) and remote SG selected.
 755      */
 756     @Test
 757     public void testProgramPortSecurityACLRuleAddUdpAll2() throws Exception {
 758         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
 759         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
 760         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
 761         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 762         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 763         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 764                                              any(NodeBuilder.class));
 765         ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 766                                                       PORT_UUID, true);
 767
 768         Match match = flowBuilder.getMatch();
 769         EthernetMatch ethMatch = match.getEthernetMatch();
 770         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 771
 772         Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
 773         String expectedFlowId1 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + PORT_RANGE_MIN + "_" +
 774                         PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
 775         String expectedFlowId2 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + PORT_RANGE_MIN + "_" +
 776                 PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
 777         String actualFlowId = flowBuilder.getFlowName();
 778         if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 779             Assert.assertTrue(true);
 780         } else {
 781             Assert.assertTrue(false);
 782         }
 783     }
 784
 785     /**
 786      *  Test UDP remove with ports (All UDP) and remote SG selected.
 787      */
 788     @Test
 789     public void testProgramPortSecurityACLRuleRemoveUdpAll2() throws Exception {
 790         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
 791         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
 792         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
 793         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 794         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 795         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 796                                              any(NodeBuilder.class));
 797         ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 798                                                       PORT_UUID, false);
 799
 800         Match match = flowBuilder.getMatch();
 801         EthernetMatch ethMatch = match.getEthernetMatch();
 802         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 803
 804         Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
 805         String expectedFlowId1 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + PORT_RANGE_MIN + "_" +
 806                         PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
 807         String expectedFlowId2 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + PORT_RANGE_MIN + "_" +
 808                 PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
 809         String actualFlowId = flowBuilder.getFlowName();
 810         if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 811             Assert.assertTrue(true);
 812         } else {
 813             Assert.assertTrue(false);
 814         }
 815     }
 816
 817     /**
 818      *  Test ICMP add with code, type and CIDR selected.
 819      */
 820     @Test
 821     public void testProgramPortSecurityACLRuleAddIcmp1() throws Exception {
 822         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
 823         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(10);
 824         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(10);
 825         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 826
 827         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 828                                              any(NodeBuilder.class));
 829         ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID,
 830                                                     MAC_ADDRESS, LOCAL_PORT, securityGroup, PORT_UUID, true);
 831         Match match = flowBuilder.getMatch();
 832         Icmpv4Match icmpv4Match = match.getIcmpv4Match();
 833         Assert.assertEquals(10, icmpv4Match.getIcmpv4Type().shortValue());
 834         Assert.assertEquals(10, icmpv4Match.getIcmpv4Code().shortValue());
 835         EthernetMatch ethMatch = match.getEthernetMatch();
 836         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 837         Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
 838         Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
 839         Assert.assertEquals("Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code
 840                             + "_0.0.0.0/24_Permit",
 841                             flowBuilder.getFlowName());
 842     }
 843
 844     /**
 845      *  Test ICMP remove with code, type and CIDR selected.
 846      */
 847     @Test
 848     public void testProgramPortSecurityACLRuleRemoveIcmp1() throws Exception {
 849         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
 850         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(20);
 851         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(20);
 852         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 853         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 854                                              any(NodeBuilder.class));
 855
 856         ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID,
 857                                                     MAC_ADDRESS, LOCAL_PORT, securityGroup, PORT_UUID, false);
 858         Match match = flowBuilder.getMatch();
 859         Icmpv4Match icmpv4Match = match.getIcmpv4Match();
 860         Assert.assertEquals(20, icmpv4Match.getIcmpv4Type().shortValue());
 861         Assert.assertEquals(20, icmpv4Match.getIcmpv4Code().shortValue());
 862         EthernetMatch ethMatch = match.getEthernetMatch();
 863         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 864         Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
 865         Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
 866         Assert.assertEquals("Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code
 867                             + "_0.0.0.0/24_Permit",
 868                             flowBuilder.getFlowName());
 869     }
 870
 871     /**
 872      *  Test ICMP add with code, type and remote SG selected.
 873      */
 874     @Test
 875     public void testProgramPortSecurityACLRuleAddIcmp2() throws Exception {
 876         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
 877         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(30);
 878         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(30);
 879         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 880         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 881                                              any(NodeBuilder.class));
 882
 883         ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID,
 884                                                     MAC_ADDRESS, LOCAL_PORT, securityGroup, PORT_UUID, true);
 885         Match match = flowBuilder.getMatch();
 886         Icmpv4Match icmpv4Match =match.getIcmpv4Match();
 887         Assert.assertEquals(30, icmpv4Match.getIcmpv4Type().shortValue());
 888         Assert.assertEquals(30, icmpv4Match.getIcmpv4Code().shortValue());
 889         EthernetMatch ethMatch = match.getEthernetMatch();
 890         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 891         Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
 892         Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
 893         String expectedFlowId1 = "Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + type + "_" + code + "_"
 894                                 + DEST_IP_1 + "_Permit";
 895         String expectedFlowId2 = "Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + type + "_" + code + "_"
 896                                 + DEST_IP_2 + "_Permit";
 897         String actualFlowId = flowBuilder.getFlowName();
 898         if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 899             Assert.assertTrue(true);
 900         } else {
 901             Assert.assertTrue(false);
 902         }
 903     }
 904
 905     /**
 906      *  Test ICMP remove with code, type and remote SG selected.
 907      */
 908     @Test
 909     public void testProgramPortSecurityACLRuleRemoveIcmp2() throws Exception {
 910         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
 911         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(40);
 912         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(40);
 913         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 914         PowerMockito.doAnswer(answer())
 915         .when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class), any(NodeBuilder.class));
 916
 917         ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID,
 918                                                     MAC_ADDRESS, LOCAL_PORT, securityGroup, PORT_UUID, false);
 919         Match match = flowBuilder.getMatch();
 920         Icmpv4Match icmpv4Match = match.getIcmpv4Match();
 921         Assert.assertEquals(40, icmpv4Match.getIcmpv4Type().shortValue());
 922         Assert.assertEquals(40, icmpv4Match.getIcmpv4Code().shortValue());
 923         EthernetMatch ethMatch = match.getEthernetMatch();
 924         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 925         Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
 926         Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
 927         String expectedFlowId1 = "Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + type + "_" + code + "_"
 928                                 + DEST_IP_1 + "_Permit";
 929         String expectedFlowId2 = "Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + type + "_" + code + "_"
 930                                 + DEST_IP_2 + "_Permit";
 931         String actualFlowId = flowBuilder.getFlowName();
 932         if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 933             Assert.assertTrue(true);
 934         } else {
 935             Assert.assertTrue(false);
 936         }
 937     }
 938
 939     /**
 940      *  Test IPv4 invalid ether type test case.
 941      */
 942     @Test
 943     public void testProgramPortSecurityACLRuleInvalidEther() throws Exception {
 944         when(portSecurityRule.getSecurityRuleEthertype()).thenReturn("IPV6");
 945
 946         ingressAclServiceSpy.programPortSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,PORT_UUID,false);
 947
 948         verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 949         verify(writeTransaction, times(0)).submit();
 950         verify(commitFuture, times(0)).get();
 951     }
 952
 953     /**
 954      *  Test IPv4 invalid direction type test case.
 955      */
 956     @Test
 957     public void testProgramPortSecurityACLRuleInvalidDirection() throws Exception {
 958         when(portSecurityRule.getSecurityRuleDirection()).thenReturn("edgress");
 959
 960         ingressAclServiceSpy.programPortSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,PORT_UUID,false);
 961
 962         verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 963         verify(writeTransaction, times(0)).submit();
 964         verify(commitFuture, times(0)).get();
 965     }
 966
 967     /**
 968      *  Test With isLastPortInBridge false isComputeNode false
 969      */
 970     @Test
 971     public void testProgramFixedSecurityACLAdd1() throws Exception {
 972         ingressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, false, false, true);
 973
 974         verify(writeTransaction, times(0)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
 975         verify(writeTransaction, times(0)).submit();
 976         verify(commitFuture, times(0)).get();
 977     }
 978     /**
 979      *  Test With isLastPortInBridge false isComputeNode false
 980      */
 981     @Test
 982     public void testProgramFixedSecurityACLRemove1() throws Exception {
 983
 984         ingressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, false, false, false);
 985
 986         verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 987         verify(writeTransaction, times(0)).submit();
 988         verify(commitFuture, times(0)).get();
 989     }
 990
 991     /**
 992      * Test method {@link IgressAclService#egressACLDefaultTcpDrop(Long, String, String, int, boolean)}
 993      */
 994     @Test
 995     public void testIgressACLDefaultTcpDrop() throws Exception {
 996         ingressAclService.ingressACLDefaultTcpDrop(123L, SEGMENTATION_ID, MAC_ADDRESS, PRIORITY, true);
 997         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 998         verify(writeTransaction, times(1)).submit();
 999         verify(commitFuture, times(1)).get();
1000
1001         ingressAclService.ingressACLDefaultTcpDrop(123L, SEGMENTATION_ID, MAC_ADDRESS, PRIORITY, false);
1002         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1003         verify(writeTransaction, times(2)).submit();
1004         verify(commitFuture, times(2)).get(); // 1 + 1 above
1005     }
1006
1007     /**
1008      * Test method {@link IgressAclService#ingressACLTcpPortWithPrefix(Long, String, String, boolean, Integer, String, Integer)}
1009      */
1010     @Test
1011     public void testIngressACLTcpPortWithPrefix() throws Exception {
1012         ingressAclService.ingressACLTcpPortWithPrefix(123L, SEGMENTATION_ID, MAC_ADDRESS, true, 1, HOST_ADDRESS, PRIORITY);
1013         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
1014         verify(writeTransaction, times(1)).submit();
1015         verify(commitFuture, times(1)).get();
1016
1017         ingressAclService.ingressACLTcpPortWithPrefix(123L, SEGMENTATION_ID, MAC_ADDRESS, false, 1, HOST_ADDRESS, PRIORITY);
1018         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1019         verify(writeTransaction, times(2)).submit();
1020         verify(commitFuture, times(2)).get(); // 1 + 1 above
1021     }
1022
1023     /**
1024      * Test method {@link IgressAclService#handleIngressAllowProto(Long, String, String, boolean, String, Integer)}
1025      */
1026     @Test
1027     public void testIngressAllowProto() throws Exception {
1028         ingressAclService.handleIngressAllowProto(123L, SEGMENTATION_ID, MAC_ADDRESS, true, HOST_ADDRESS, PRIORITY);
1029         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
1030         verify(writeTransaction, times(1)).submit();
1031         verify(commitFuture, times(1)).get();
1032
1033         ingressAclService.handleIngressAllowProto(123L, SEGMENTATION_ID, MAC_ADDRESS, false, HOST_ADDRESS, PRIORITY);
1034         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1035         verify(writeTransaction, times(2)).submit();
1036         verify(commitFuture, times(2)).get(); // 1 + 1 above
1037     }
1038
1039     /**
1040      * Test method {@link IgressAclService#ingressACLPermitAllProto(Long, String, String, boolean, String, Integer)}
1041      */
1042     @Test
1043     public void testIngressACLPermitAllProto() throws Exception {
1044         ingressAclService.ingressACLPermitAllProto(123L, SEGMENTATION_ID, MAC_ADDRESS, true, HOST_ADDRESS, PRIORITY);
1045         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
1046         verify(writeTransaction, times(1)).submit();
1047         verify(commitFuture, times(1)).get();
1048
1049         ingressAclService.ingressACLPermitAllProto(123L, SEGMENTATION_ID, MAC_ADDRESS, false, HOST_ADDRESS, PRIORITY);
1050         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1051         verify(writeTransaction, times(2)).submit();
1052         verify(commitFuture, times(2)).get(); // 1 + 1 above
1053     }
1054
1055     /**
1056      * Test method {@link IgressAclService#ingressACLTcpSyn(Long, String, String, boolean, Integer, Integer)}
1057      */
1058     @Test
1059     public void testIngressACLTcpSyn() throws Exception {
1060         ingressAclService.ingressACLTcpSyn(123L, SEGMENTATION_ID, MAC_ADDRESS, true, 1, PRIORITY);
1061         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
1062         verify(writeTransaction, times(1)).submit();
1063         verify(commitFuture, times(1)).get();
1064
1065         ingressAclService.ingressACLTcpSyn(123L, SEGMENTATION_ID, MAC_ADDRESS, false, 1, PRIORITY);
1066         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1067         verify(writeTransaction, times(2)).submit();
1068         verify(commitFuture, times(2)).get(); // 1 + 1 above
1069     }
1070 }