2 * Copyright (c) 2015 Inocybe and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
9 package org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.services;
11 import static org.mockito.Matchers.any;
12 import static org.mockito.Matchers.anyBoolean;
13 import static org.mockito.Matchers.anyInt;
14 import static org.mockito.Matchers.anyLong;
15 import static org.mockito.Matchers.anyString;
16 import static org.mockito.Matchers.eq;
17 import static org.mockito.Mockito.mock;
18 import static org.mockito.Mockito.times;
19 import static org.mockito.Mockito.verify;
20 import static org.mockito.Mockito.when;
22 import java.util.ArrayList;
23 import java.util.List;
25 import org.junit.Assert;
26 import org.junit.Before;
27 import org.junit.Test;
28 import org.junit.runner.RunWith;
29 import org.mockito.InjectMocks;
30 import org.mockito.Mock;
31 import org.mockito.Mockito;
32 import org.mockito.Spy;
33 import org.mockito.invocation.InvocationOnMock;
34 import org.mockito.runners.MockitoJUnitRunner;
35 import org.mockito.stubbing.Answer;
36 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
37 import org.opendaylight.controller.md.sal.binding.api.WriteTransaction;
38 import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
39 import org.opendaylight.controller.md.sal.common.api.data.TransactionCommitFailedException;
40 import org.opendaylight.neutron.spi.NeutronSecurityGroup;
41 import org.opendaylight.neutron.spi.NeutronSecurityRule;
42 import org.opendaylight.neutron.spi.Neutron_IPs;
43 import org.opendaylight.ovsdb.openstack.netvirt.api.Constants;
44 import org.opendaylight.ovsdb.openstack.netvirt.api.SecurityServicesManager;
45 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.PipelineOrchestrator;
46 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.Service;
47 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.inventory.rev130819.tables.table.FlowBuilder;
48 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.nodes.Node;
49 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.nodes.NodeBuilder;
50 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.Match;
51 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.EthernetMatch;
52 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.Icmpv4Match;
53 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._4.match.TcpMatch;
54 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._4.match.UdpMatch;
55 import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
56 import org.powermock.api.mockito.PowerMockito;
57 import org.powermock.modules.junit4.PowerMockRunner;
59 import com.google.common.util.concurrent.CheckedFuture;
62 * Unit test fort {@link IngressAclService}
64 @RunWith(PowerMockRunner.class)
65 @SuppressWarnings("unchecked")
66 public class IngressAclServiceTest {
68 @InjectMocks private IngressAclService ingressAclService = new IngressAclService();
69 private IngressAclService ingressAclServiceSpy;
71 @Mock private DataBroker dataBroker;
72 @Mock private PipelineOrchestrator orchestrator;
74 @Mock private WriteTransaction writeTransaction;
75 @Mock private CheckedFuture<Void, TransactionCommitFailedException> commitFuture;
77 @Mock private NeutronSecurityGroup securityGroup;
78 @Mock private NeutronSecurityRule portSecurityRule;
79 @Mock private SecurityServicesManager securityServices;
81 private List<Neutron_IPs> neutronSrcIpList = new ArrayList<Neutron_IPs>();
82 private List<Neutron_IPs> neutronDestIpList = new ArrayList<Neutron_IPs>();
83 private Neutron_IPs neutron_ip_src;
84 private Neutron_IPs neutron_ip_dest_1;
85 private Neutron_IPs neutron_ip_dest_2;
87 private static final String SEGMENTATION_ID = "2";
88 private static final int PRIORITY = 1;
89 private static final String HOST_ADDRESS = "127.0.0.1/32";
90 private static final String MAC_ADDRESS = "87:1D:5E:02:40:B8";
91 private static final String SRC_IP = "192.168.0.1";
92 private static final String DEST_IP_1 = "192.169.0.1";
93 private static final String DEST_IP_2 = "192.169.0.2";
94 private static final String SECURITY_GROUP_UUID = "85cc3048-abc3-43cc-89b3-377341426ac5";
95 private static final String SEGMENT_ID = "2";
96 private static final Long DP_ID_LONG = (long) 1554;
97 private static final Long LOCAL_PORT = (long) 124;
98 private static final int PORT_RANGE_MIN = 1;
99 private static final int PORT_RANGE_MAX = 65535;
100 private static FlowBuilder flowBuilder;
101 private static NodeBuilder nodeBuilder;
103 private static Answer<Object> answer() {
104 return new Answer<Object>() {
106 public CheckedFuture<Void, TransactionCommitFailedException> answer(InvocationOnMock invocation)
108 flowBuilder = (FlowBuilder) invocation.getArguments()[0];
109 nodeBuilder = (NodeBuilder) invocation.getArguments()[1];
116 public void setUp() {
117 ingressAclServiceSpy = PowerMockito.spy(ingressAclService);
119 when(writeTransaction.submit()).thenReturn(commitFuture);
121 when(dataBroker.newWriteOnlyTransaction()).thenReturn(writeTransaction);
123 when(orchestrator.getNextServiceInPipeline(any(Service.class))).thenReturn(Service.ARP_RESPONDER);
125 portSecurityRule = mock(NeutronSecurityRule.class);
126 when(portSecurityRule.getSecurityRuleEthertype()).thenReturn("IPv4");
127 when(portSecurityRule.getSecurityRuleDirection()).thenReturn("ingress");
129 List<NeutronSecurityRule> portSecurityList = new ArrayList<NeutronSecurityRule>();
130 portSecurityList.add(portSecurityRule);
132 neutron_ip_src = new Neutron_IPs();
133 neutron_ip_src.setIpAddress(SRC_IP);
134 neutronSrcIpList.add(neutron_ip_src);
136 neutron_ip_dest_1 = new Neutron_IPs();
137 neutron_ip_dest_1.setIpAddress(DEST_IP_1);
138 neutronDestIpList.add(neutron_ip_dest_1);
140 neutron_ip_dest_2 = new Neutron_IPs();
141 neutron_ip_dest_2.setIpAddress(DEST_IP_2);
142 neutronDestIpList.add(neutron_ip_dest_2);
145 when(securityGroup.getSecurityRules()).thenReturn(portSecurityList);
146 when(securityServices.getVmListForSecurityGroup
147 (neutronSrcIpList, SECURITY_GROUP_UUID)).thenReturn(neutronDestIpList);
151 * Rule 1: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (True), IP Prefix (True)
154 public void testProgramPortSecurityACLRule1() throws Exception {
155 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
156 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(1);
157 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
158 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
160 ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
161 verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
162 verify(ingressAclServiceSpy, times(1)).ingressACLTcpPortWithPrefix(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyString(), anyInt());
163 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
164 verify(writeTransaction, times(2)).submit();
165 verify(commitFuture, times(2)).get();
170 * Rule 2: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (False), IP Prefix (True)
173 public void testProgramPortSecurityACLRule2() throws Exception {
174 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
175 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
176 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
177 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
179 ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
180 verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
181 verify(ingressAclServiceSpy, times(1)).ingressACLTcpPortWithPrefix(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyString(), anyInt());
182 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
183 verify(writeTransaction, times(2)).submit();
184 verify(commitFuture, times(2)).get();
188 * Rule 3: TCP Proto (True), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (True)
191 public void testProgramPortSecurityACLRule3() throws Exception {
192 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
193 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
194 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
195 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
197 ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
198 verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
199 verify(ingressAclServiceSpy, times(1)).ingressACLPermitAllProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
200 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
201 verify(writeTransaction, times(2)).submit();
202 verify(commitFuture, times(2)).get();
206 * Rule 4: TCP Proto (False), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (True)
209 public void testProgramPortSecurityACLRule4() throws Exception {
210 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
211 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
212 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
213 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
215 ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
216 verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
217 verify(ingressAclServiceSpy, times(1)).ingressACLPermitAllProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
218 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
219 verify(writeTransaction, times(2)).submit();
220 verify(commitFuture, times(2)).get();
224 * Rule 5: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (True), IP Prefix (False)
227 public void testProgramPortSecurityACLRule5() throws Exception {
228 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
229 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(1);
230 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
231 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
233 ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
234 verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
235 verify(ingressAclServiceSpy, times(1)).ingressACLTcpSyn(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyInt());
236 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
237 verify(writeTransaction, times(2)).submit();
238 verify(commitFuture, times(2)).get();
242 * Rule 6: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (False), IP Prefix (False)
245 public void testProgramPortSecurityACLRule6() throws Exception {
246 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
247 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
248 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
249 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
251 ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
252 verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
253 verify(ingressAclServiceSpy, times(1)).ingressACLTcpSyn(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyInt());
254 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
255 verify(writeTransaction, times(2)).submit();
256 verify(commitFuture, times(2)).get();
260 * Rule 7: TCP Proto (True), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (False or 0.0.0.0/0)
263 public void testProgramPortSecurityACLRule7() throws Exception {
264 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
265 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
266 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
267 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
269 ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
270 verify(ingressAclServiceSpy, times(1)).handleIngressAllowProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
271 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
272 verify(writeTransaction, times(1)).submit();
273 verify(commitFuture, times(1)).get();
277 * Test IPv4 add test case.
280 public void testProgramPortSecurityACLRuleAddIpv4() throws Exception {
281 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
282 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
283 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
284 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
286 ingressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,true);
288 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
289 verify(writeTransaction, times(1)).submit();
290 verify(commitFuture, times(1)).get();
294 * Test IPv4 remove test case.
297 public void testProgramPortSecurityACLRuleRemoveIpv4() throws Exception {
298 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
299 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
300 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
301 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
303 ingressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false);
305 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
306 verify(writeTransaction, times(1)).submit();
307 verify(commitFuture, times(1)).get();
311 * Test TCP add with port no and CIDR selected.
314 public void testProgramPortSecurityACLRuleAddTcp1() throws Exception {
315 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
316 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(20);
317 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(20);
318 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
319 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
320 any(NodeBuilder.class));
322 ingressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
323 neutronSrcIpList, true);
325 Match match = flowBuilder.getMatch();
326 EthernetMatch ethMatch = match.getEthernetMatch();
327 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
329 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
330 TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
331 Assert.assertEquals(20, layer4Match.getTcpDestinationPort().getValue().intValue());
332 int port = portSecurityRule.getSecurityRulePortMin();
333 Assert.assertEquals("Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
334 "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
338 * Test TCP remove with port no and CIDR selected.
341 public void testProgramPortSecurityACLRuleRemoveTcp1() throws Exception {
342 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
343 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(15);
344 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(15);
345 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
346 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
347 any(NodeBuilder.class));
349 ingressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
350 neutronSrcIpList, false);
352 Match match = flowBuilder.getMatch();
353 EthernetMatch ethMatch = match.getEthernetMatch();
354 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
356 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
357 TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
358 Assert.assertEquals(15, layer4Match.getTcpDestinationPort().getValue().intValue());
359 int port = portSecurityRule.getSecurityRulePortMin();
360 Assert.assertEquals("Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
361 "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
365 * Test TCP add with port no and remote SG selected.
368 public void testProgramPortSecurityACLRuleAddTcp2() throws Exception {
369 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
370 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
371 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
372 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
373 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
374 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
375 any(NodeBuilder.class));
376 ingressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
377 neutronSrcIpList, true);
379 Match match = flowBuilder.getMatch();
380 EthernetMatch ethMatch = match.getEthernetMatch();
381 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
383 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
384 TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
385 Assert.assertEquals(50, layer4Match.getTcpDestinationPort().getValue().intValue());
386 int port = portSecurityRule.getSecurityRulePortMin();
387 String expectedFlowId1 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_1 +
389 String expectedFlowId2 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_2 +
391 String actualFlowId = flowBuilder.getFlowName();
392 if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
393 Assert.assertTrue(true);
395 Assert.assertTrue(false);
400 * Test TCP remove with port no and remote SG selected.
403 public void testProgramPortSecurityACLRuleRemoveTcp2() throws Exception {
404 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
405 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
406 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
407 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
408 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
409 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
410 any(NodeBuilder.class));
412 ingressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
413 neutronSrcIpList, false);
415 Match match = flowBuilder.getMatch();
416 EthernetMatch ethMatch = match.getEthernetMatch();
417 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
419 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
420 TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
421 Assert.assertEquals(50, layer4Match.getTcpDestinationPort().getValue().intValue());
422 int port = portSecurityRule.getSecurityRulePortMin();
423 String expectedFlowId1 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_1 +
425 String expectedFlowId2 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_2 +
427 String actualFlowId = flowBuilder.getFlowName();
428 if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
429 Assert.assertTrue(true);
431 Assert.assertTrue(false);
437 * Test TCP add with port (All TCP) and CIDR selected.
440 public void testProgramPortSecurityACLRuleAddTcpAll1() throws Exception {
441 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
442 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
443 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
444 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
445 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
446 any(NodeBuilder.class));
448 ingressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
449 neutronSrcIpList, true);
451 Match match = flowBuilder.getMatch();
452 EthernetMatch ethMatch = match.getEthernetMatch();
453 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
455 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
456 Assert.assertEquals("Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
457 PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
461 * Test TCP remove with port (All TCP) and CIDR selected.
464 public void testProgramPortSecurityACLRuleRemoveTcpAll1() throws Exception {
465 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
466 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
467 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
468 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
469 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
470 any(NodeBuilder.class));
472 ingressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
473 neutronSrcIpList, false);
475 Match match = flowBuilder.getMatch();
476 EthernetMatch ethMatch = match.getEthernetMatch();
477 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
479 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
480 Assert.assertEquals("Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
481 PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
485 * Test TCP add with port (All TCP) and remote SG selected.
488 public void testProgramPortSecurityACLRuleAddTcpAll2() throws Exception {
489 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
490 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
491 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
492 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
493 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
494 any(NodeBuilder.class));
495 ingressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
496 neutronSrcIpList, true);
498 Match match = flowBuilder.getMatch();
499 EthernetMatch ethMatch = match.getEthernetMatch();
500 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
502 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
503 String expectedFlowId1 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
504 PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
505 String expectedFlowId2 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
506 PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
507 String actualFlowId = flowBuilder.getFlowName();
508 if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
509 Assert.assertTrue(true);
511 Assert.assertTrue(false);
516 * Test TCP remove with port (All TCP) and remote SG selected.
519 public void testProgramPortSecurityACLRuleRemoveTcpAll2() throws Exception {
520 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
521 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
522 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
523 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
524 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
525 any(NodeBuilder.class));
527 ingressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
528 neutronSrcIpList, false);
530 Match match = flowBuilder.getMatch();
531 EthernetMatch ethMatch = match.getEthernetMatch();
532 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
534 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
535 TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
536 String expectedFlowId1 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + PORT_RANGE_MIN + "_" +
537 PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
538 String expectedFlowId2 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + PORT_RANGE_MIN + "_" +
539 PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
540 String actualFlowId = flowBuilder.getFlowName();
541 if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
542 Assert.assertTrue(true);
544 Assert.assertTrue(false);
549 * Test UDP add with port no and CIDR selected.
552 public void testProgramPortSecurityACLRuleAddUdp1() throws Exception {
553 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
554 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
555 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
556 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
557 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
558 any(NodeBuilder.class));
560 ingressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
561 neutronSrcIpList, true);
563 Match match = flowBuilder.getMatch();
564 EthernetMatch ethMatch = match.getEthernetMatch();
565 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
567 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
568 UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
569 Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
570 int port = portSecurityRule.getSecurityRulePortMin();
571 Assert.assertEquals("Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
572 "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
576 * Test UDP remove with port no and CIDR selected.
579 public void testProgramPortSecurityACLRuleRemoveUdp1() throws Exception {
580 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
581 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
582 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
583 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
584 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
585 any(NodeBuilder.class));
587 ingressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
588 neutronSrcIpList, false);
590 Match match = flowBuilder.getMatch();
591 EthernetMatch ethMatch = match.getEthernetMatch();
592 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
594 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
595 UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
596 Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
597 int port = portSecurityRule.getSecurityRulePortMin();
598 Assert.assertEquals("Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
599 "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
603 * Test UDP add with port no and remote SG selected.
606 public void testProgramPortSecurityACLRuleAddUdp2() throws Exception {
607 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
608 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
609 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
610 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
611 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
612 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
613 any(NodeBuilder.class));
614 ingressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
615 neutronSrcIpList, true);
617 Match match = flowBuilder.getMatch();
618 EthernetMatch ethMatch = match.getEthernetMatch();
619 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
621 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
622 UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
623 Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
624 int port = portSecurityRule.getSecurityRulePortMin();
625 String expectedFlowId1 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_1 +
627 String expectedFlowId2 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_2 +
629 String actualFlowId = flowBuilder.getFlowName();
630 if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
631 Assert.assertTrue(true);
633 Assert.assertTrue(false);
638 * Test UDP remove with port no and remote SG selected.
641 public void testProgramPortSecurityACLRuleRemoveUdp2() throws Exception {
642 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
643 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
644 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
645 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
646 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
647 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
648 any(NodeBuilder.class));
649 ingressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
650 neutronSrcIpList, false);
652 Match match = flowBuilder.getMatch();
653 EthernetMatch ethMatch = match.getEthernetMatch();
654 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
656 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
657 UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
658 Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
659 int port = portSecurityRule.getSecurityRulePortMin();
660 String expectedFlowId1 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_1 +
662 String expectedFlowId2 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_2 +
664 String actualFlowId = flowBuilder.getFlowName();
665 if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
666 Assert.assertTrue(true);
668 Assert.assertTrue(false);
673 * Test UDP add with ports (All UDP) and CIDR selected.
676 public void testProgramPortSecurityACLRuleAddUdpAll1() throws Exception {
677 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
678 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
679 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
680 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
681 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
682 any(NodeBuilder.class));
684 ingressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
685 neutronSrcIpList, true);
687 Match match = flowBuilder.getMatch();
688 EthernetMatch ethMatch = match.getEthernetMatch();
689 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
691 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
692 Assert.assertEquals("Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
693 PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
697 * Test UDP remove with ports (All UDP) and CIDR selected.
700 public void testProgramPortSecurityACLRuleRemoveUdpAll1() throws Exception {
701 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
702 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
703 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
704 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
705 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
706 any(NodeBuilder.class));
708 ingressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
709 neutronSrcIpList, false);
711 Match match = flowBuilder.getMatch();
712 EthernetMatch ethMatch = match.getEthernetMatch();
713 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
715 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
716 Assert.assertEquals("Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
717 PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
721 * Test UDP add with ports (All UDP) and remote SG selected.
724 public void testProgramPortSecurityACLRuleAddUdpAll2() throws Exception {
725 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
726 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
727 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
728 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
729 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
730 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
731 any(NodeBuilder.class));
732 ingressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
733 neutronSrcIpList, true);
735 Match match = flowBuilder.getMatch();
736 EthernetMatch ethMatch = match.getEthernetMatch();
737 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
739 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
740 String expectedFlowId1 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + PORT_RANGE_MIN + "_" +
741 PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
742 String expectedFlowId2 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + PORT_RANGE_MIN + "_" +
743 PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
744 String actualFlowId = flowBuilder.getFlowName();
745 if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
746 Assert.assertTrue(true);
748 Assert.assertTrue(false);
753 * Test UDP remove with ports (All UDP) and remote SG selected.
756 public void testProgramPortSecurityACLRuleRemoveUdpAll2() throws Exception {
757 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
758 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
759 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
760 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
761 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
762 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
763 any(NodeBuilder.class));
764 ingressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
765 neutronSrcIpList, false);
767 Match match = flowBuilder.getMatch();
768 EthernetMatch ethMatch = match.getEthernetMatch();
769 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
771 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
772 String expectedFlowId1 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + PORT_RANGE_MIN + "_" +
773 PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
774 String expectedFlowId2 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + PORT_RANGE_MIN + "_" +
775 PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
776 String actualFlowId = flowBuilder.getFlowName();
777 if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
778 Assert.assertTrue(true);
780 Assert.assertTrue(false);
785 * Test ICMP add with code, type and CIDR selected.
788 public void testProgramPortSecurityACLRuleAddIcmp1() throws Exception {
789 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
790 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(10);
791 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(10);
792 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
794 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
795 any(NodeBuilder.class));
796 ingressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID,
797 MAC_ADDRESS, LOCAL_PORT, securityGroup, neutronSrcIpList, true);
798 Match match = flowBuilder.getMatch();
799 Icmpv4Match icmpv4Match = match.getIcmpv4Match();
800 Assert.assertEquals(10, icmpv4Match.getIcmpv4Type().shortValue());
801 Assert.assertEquals(10, icmpv4Match.getIcmpv4Code().shortValue());
802 EthernetMatch ethMatch = match.getEthernetMatch();
803 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
804 Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
805 Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
806 Assert.assertEquals("Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code
807 + "_0.0.0.0/24_Permit",
808 flowBuilder.getFlowName());
812 * Test ICMP remove with code, type and CIDR selected.
815 public void testProgramPortSecurityACLRuleRemoveIcmp1() throws Exception {
816 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
817 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(20);
818 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(20);
819 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
820 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
821 any(NodeBuilder.class));
823 ingressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID,
824 MAC_ADDRESS, LOCAL_PORT, securityGroup, neutronSrcIpList, false);
825 Match match = flowBuilder.getMatch();
826 Icmpv4Match icmpv4Match = match.getIcmpv4Match();
827 Assert.assertEquals(20, icmpv4Match.getIcmpv4Type().shortValue());
828 Assert.assertEquals(20, icmpv4Match.getIcmpv4Code().shortValue());
829 EthernetMatch ethMatch = match.getEthernetMatch();
830 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
831 Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
832 Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
833 Assert.assertEquals("Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code
834 + "_0.0.0.0/24_Permit",
835 flowBuilder.getFlowName());
839 * Test ICMP add with code, type and remote SG selected.
842 public void testProgramPortSecurityACLRuleAddIcmp2() throws Exception {
843 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
844 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(30);
845 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(30);
846 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
847 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
848 any(NodeBuilder.class));
850 ingressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID,
851 MAC_ADDRESS, LOCAL_PORT, securityGroup, neutronSrcIpList, true);
852 Match match = flowBuilder.getMatch();
853 Icmpv4Match icmpv4Match =match.getIcmpv4Match();
854 Assert.assertEquals(30, icmpv4Match.getIcmpv4Type().shortValue());
855 Assert.assertEquals(30, icmpv4Match.getIcmpv4Code().shortValue());
856 EthernetMatch ethMatch = match.getEthernetMatch();
857 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
858 Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
859 Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
860 String expectedFlowId1 = "Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + type + "_" + code + "_"
861 + DEST_IP_1 + "_Permit";
862 String expectedFlowId2 = "Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + type + "_" + code + "_"
863 + DEST_IP_2 + "_Permit";
864 String actualFlowId = flowBuilder.getFlowName();
865 if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
866 Assert.assertTrue(true);
868 Assert.assertTrue(false);
873 * Test ICMP remove with code, type and remote SG selected.
876 public void testProgramPortSecurityACLRuleRemoveIcmp2() throws Exception {
877 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
878 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(40);
879 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(40);
880 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
881 PowerMockito.doAnswer(answer())
882 .when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class), any(NodeBuilder.class));
884 ingressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID,
885 MAC_ADDRESS, LOCAL_PORT, securityGroup, neutronSrcIpList, false);
886 Match match = flowBuilder.getMatch();
887 Icmpv4Match icmpv4Match = match.getIcmpv4Match();
888 Assert.assertEquals(40, icmpv4Match.getIcmpv4Type().shortValue());
889 Assert.assertEquals(40, icmpv4Match.getIcmpv4Code().shortValue());
890 EthernetMatch ethMatch = match.getEthernetMatch();
891 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
892 Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
893 Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
894 String expectedFlowId1 = "Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + type + "_" + code + "_"
895 + DEST_IP_1 + "_Permit";
896 String expectedFlowId2 = "Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + type + "_" + code + "_"
897 + DEST_IP_2 + "_Permit";
898 String actualFlowId = flowBuilder.getFlowName();
899 if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
900 Assert.assertTrue(true);
902 Assert.assertTrue(false);
907 * Test IPv4 invalid ether type test case.
910 public void testProgramPortSecurityACLRuleInvalidEther() throws Exception {
911 when(portSecurityRule.getSecurityRuleEthertype()).thenReturn("IPV6");
913 ingressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false);
915 verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
916 verify(writeTransaction, times(0)).submit();
917 verify(commitFuture, times(0)).get();
921 * Test IPv4 invalid direction type test case.
924 public void testProgramPortSecurityACLRuleInvalidDirection() throws Exception {
925 when(portSecurityRule.getSecurityRuleDirection()).thenReturn("edgress");
927 ingressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false);
929 verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
930 verify(writeTransaction, times(0)).submit();
931 verify(commitFuture, times(0)).get();
935 * Test With isLastPortInBridge false isComputeNode false
938 public void testProgramFixedSecurityACLAdd1() throws Exception {
939 ingressAclServiceSpy.programFixedSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 1, false, false, true);
941 verify(writeTransaction, times(0)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
942 verify(writeTransaction, times(0)).submit();
943 verify(commitFuture, times(0)).get();
946 * Test With isLastPortInBridge false isComputeNode false
949 public void testProgramFixedSecurityACLRemove1() throws Exception {
951 ingressAclServiceSpy.programFixedSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 1, false, false, false);
953 verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
954 verify(writeTransaction, times(0)).submit();
955 verify(commitFuture, times(0)).get();
959 * Test method {@link IgressAclService#egressACLDefaultTcpDrop(Long, String, String, int, boolean)}
962 public void testIgressACLDefaultTcpDrop() throws Exception {
963 ingressAclService.ingressACLDefaultTcpDrop(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, PRIORITY, true);
964 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
965 verify(writeTransaction, times(1)).submit();
966 verify(commitFuture, times(1)).get();
968 ingressAclService.ingressACLDefaultTcpDrop(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, PRIORITY, false);
969 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
970 verify(writeTransaction, times(2)).submit();
971 verify(commitFuture, times(2)).get(); // 1 + 1 above
975 * Test method {@link IgressAclService#ingressACLTcpPortWithPrefix(Long, String, String, boolean, Integer, String, Integer)}
978 public void testIngressACLTcpPortWithPrefix() throws Exception {
979 ingressAclService.ingressACLTcpPortWithPrefix(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, true, 1, HOST_ADDRESS, PRIORITY);
980 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
981 verify(writeTransaction, times(1)).submit();
982 verify(commitFuture, times(1)).get();
984 ingressAclService.ingressACLTcpPortWithPrefix(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, false, 1, HOST_ADDRESS, PRIORITY);
985 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
986 verify(writeTransaction, times(2)).submit();
987 verify(commitFuture, times(2)).get(); // 1 + 1 above
991 * Test method {@link IgressAclService#handleIngressAllowProto(Long, String, String, boolean, String, Integer)}
994 public void testIngressAllowProto() throws Exception {
995 ingressAclService.handleIngressAllowProto(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, true, HOST_ADDRESS, PRIORITY);
996 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
997 verify(writeTransaction, times(1)).submit();
998 verify(commitFuture, times(1)).get();
1000 ingressAclService.handleIngressAllowProto(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, false, HOST_ADDRESS, PRIORITY);
1001 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1002 verify(writeTransaction, times(2)).submit();
1003 verify(commitFuture, times(2)).get(); // 1 + 1 above
1007 * Test method {@link IgressAclService#ingressACLPermitAllProto(Long, String, String, boolean, String, Integer)}
1010 public void testIngressACLPermitAllProto() throws Exception {
1011 ingressAclService.ingressACLPermitAllProto(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, true, HOST_ADDRESS, PRIORITY);
1012 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
1013 verify(writeTransaction, times(1)).submit();
1014 verify(commitFuture, times(1)).get();
1016 ingressAclService.ingressACLPermitAllProto(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, false, HOST_ADDRESS, PRIORITY);
1017 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1018 verify(writeTransaction, times(2)).submit();
1019 verify(commitFuture, times(2)).get(); // 1 + 1 above
1023 * Test method {@link IgressAclService#ingressACLTcpSyn(Long, String, String, boolean, Integer, Integer)}
1026 public void testIngressACLTcpSyn() throws Exception {
1027 ingressAclService.ingressACLTcpSyn(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, true, 1, PRIORITY);
1028 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
1029 verify(writeTransaction, times(1)).submit();
1030 verify(commitFuture, times(1)).get();
1032 ingressAclService.ingressACLTcpSyn(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, false, 1, PRIORITY);
1033 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1034 verify(writeTransaction, times(2)).submit();
1035 verify(commitFuture, times(2)).get(); // 1 + 1 above