openstack/net-virt-providers/src/test/java/org/opendaylight/ovsdb/openstack/netvirt/providers/openflow13/services/IngressAclServiceTest.java

   1 /*
   2  * Copyright (c) 2015 Inocybe and others.  All rights reserved.
   3  *
   4  * This program and the accompanying materials are made available under the
   5  * terms of the Eclipse Public License v1.0 which accompanies this distribution,
   6  * and is available at http://www.eclipse.org/legal/epl-v10.html
   7  */
   8
   9 package org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.services;
  10
  11 import static org.mockito.Matchers.any;
  12 import static org.mockito.Matchers.anyBoolean;
  13 import static org.mockito.Matchers.anyInt;
  14 import static org.mockito.Matchers.anyLong;
  15 import static org.mockito.Matchers.anyString;
  16 import static org.mockito.Matchers.eq;
  17 import static org.mockito.Mockito.mock;
  18 import static org.mockito.Mockito.times;
  19 import static org.mockito.Mockito.verify;
  20 import static org.mockito.Mockito.when;
  21
  22 import java.util.ArrayList;
  23 import java.util.List;
  24
  25 import org.junit.Assert;
  26 import org.junit.Before;
  27 import org.junit.Test;
  28 import org.junit.runner.RunWith;
  29 import org.mockito.InjectMocks;
  30 import org.mockito.Mock;
  31 import org.mockito.Mockito;
  32 import org.mockito.Spy;
  33 import org.mockito.invocation.InvocationOnMock;
  34 import org.mockito.runners.MockitoJUnitRunner;
  35 import org.mockito.stubbing.Answer;
  36 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
  37 import org.opendaylight.controller.md.sal.binding.api.WriteTransaction;
  38 import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
  39 import org.opendaylight.controller.md.sal.common.api.data.TransactionCommitFailedException;
  40 import org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronSecurityGroup;
  41 import org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronSecurityRule;
  42 import org.opendaylight.ovsdb.openstack.netvirt.translator.Neutron_IPs;
  43 import org.opendaylight.ovsdb.openstack.netvirt.api.Constants;
  44 import org.opendaylight.ovsdb.openstack.netvirt.api.SecurityServicesManager;
  45 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.PipelineOrchestrator;
  46 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.Service;
  47 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.inventory.rev130819.tables.table.FlowBuilder;
  48 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.nodes.Node;
  49 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.nodes.NodeBuilder;
  50 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.Match;
  51 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.EthernetMatch;
  52 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.Icmpv4Match;
  53 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._4.match.TcpMatch;
  54 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._4.match.UdpMatch;
  55 import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
  56 import org.powermock.api.mockito.PowerMockito;
  57 import org.powermock.modules.junit4.PowerMockRunner;
  58
  59 import com.google.common.util.concurrent.CheckedFuture;
  60
  61 /**
  62  * Unit test fort {@link IngressAclService}
  63  */
  64 @RunWith(PowerMockRunner.class)
  65 @SuppressWarnings("unchecked")
  66 public class IngressAclServiceTest {
  67
  68     @InjectMocks private IngressAclService ingressAclService = new IngressAclService();
  69     private IngressAclService ingressAclServiceSpy;
  70
  71     @Mock private DataBroker dataBroker;
  72     @Mock private PipelineOrchestrator orchestrator;
  73
  74     @Mock private WriteTransaction writeTransaction;
  75     @Mock private CheckedFuture<Void, TransactionCommitFailedException> commitFuture;
  76
  77     @Mock private NeutronSecurityGroup securityGroup;
  78     @Mock private NeutronSecurityRule portSecurityRule;
  79     @Mock private SecurityServicesManager securityServices;
  80
  81     private List<Neutron_IPs> neutronSrcIpList = new ArrayList<Neutron_IPs>();
  82     private List<Neutron_IPs> neutronDestIpList = new ArrayList<Neutron_IPs>();
  83     private Neutron_IPs neutron_ip_src;
  84     private Neutron_IPs neutron_ip_dest_1;
  85     private Neutron_IPs neutron_ip_dest_2;
  86
  87     private static final String SEGMENTATION_ID = "2";
  88     private static final int PRIORITY = 1;
  89     private static final String HOST_ADDRESS = "127.0.0.1/32";
  90     private static final String MAC_ADDRESS = "87:1D:5E:02:40:B8";
  91     private static final String SRC_IP = "192.168.0.1";
  92     private static final String DEST_IP_1 = "192.169.0.1";
  93     private static final String DEST_IP_2 = "192.169.0.2";
  94     private static final String SECURITY_GROUP_UUID = "85cc3048-abc3-43cc-89b3-377341426ac5";
  95     private static final String SEGMENT_ID = "2";
  96     private static final Long DP_ID_LONG = (long) 1554;
  97     private static final Long LOCAL_PORT = (long) 124;
  98     private static final int PORT_RANGE_MIN = 1;
  99     private static final int PORT_RANGE_MAX = 65535;
 100     private static FlowBuilder flowBuilder;
 101     private static NodeBuilder nodeBuilder;
 102
 103     private static Answer<Object> answer() {
 104         return new Answer<Object>() {
 105             @Override
 106             public CheckedFuture<Void, TransactionCommitFailedException> answer(InvocationOnMock invocation)
 107                     throws Throwable {
 108                 flowBuilder = (FlowBuilder) invocation.getArguments()[0];
 109                 nodeBuilder = (NodeBuilder) invocation.getArguments()[1];
 110                 return null;
 111             }
 112         };
 113     }
 114
 115     @Before
 116     public void setUp() {
 117         ingressAclServiceSpy = PowerMockito.spy(ingressAclService);
 118
 119         when(writeTransaction.submit()).thenReturn(commitFuture);
 120
 121         when(dataBroker.newWriteOnlyTransaction()).thenReturn(writeTransaction);
 122
 123         when(orchestrator.getNextServiceInPipeline(any(Service.class))).thenReturn(Service.ARP_RESPONDER);
 124
 125         portSecurityRule = mock(NeutronSecurityRule.class);
 126         when(portSecurityRule.getSecurityRuleEthertype()).thenReturn("IPv4");
 127         when(portSecurityRule.getSecurityRuleDirection()).thenReturn("ingress");
 128
 129         List<NeutronSecurityRule> portSecurityList = new ArrayList<NeutronSecurityRule>();
 130         portSecurityList.add(portSecurityRule);
 131
 132         neutron_ip_src = new Neutron_IPs();
 133         neutron_ip_src.setIpAddress(SRC_IP);
 134         neutronSrcIpList.add(neutron_ip_src);
 135
 136         neutron_ip_dest_1 = new Neutron_IPs();
 137         neutron_ip_dest_1.setIpAddress(DEST_IP_1);
 138         neutronDestIpList.add(neutron_ip_dest_1);
 139
 140         neutron_ip_dest_2 = new Neutron_IPs();
 141         neutron_ip_dest_2.setIpAddress(DEST_IP_2);
 142         neutronDestIpList.add(neutron_ip_dest_2);
 143
 144
 145         when(securityGroup.getSecurityRules()).thenReturn(portSecurityList);
 146         when(securityServices.getVmListForSecurityGroup
 147              (neutronSrcIpList, SECURITY_GROUP_UUID)).thenReturn(neutronDestIpList);
 148     }
 149
 150    /* *//**
 151      * Rule 1: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (True), IP Prefix (True)
 152      *//*
 153     @Test
 154     public void testProgramPortSecurityACLRule1() throws Exception {
 155         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 156         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(1);
 157         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
 158         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
 159
 160         ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
 161         verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 162         verify(ingressAclServiceSpy, times(1)).ingressACLTcpPortWithPrefix(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyString(), anyInt());
 163         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 164         verify(writeTransaction, times(2)).submit();
 165         verify(commitFuture, times(2)).get();
 166     }
 167
 168
 169     *//**
 170      * Rule 2: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (False), IP Prefix (True)
 171      *//*
 172     @Test
 173     public void testProgramPortSecurityACLRule2() throws Exception {
 174         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 175         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 176         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
 177         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
 178
 179         ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
 180         verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 181         verify(ingressAclServiceSpy, times(1)).ingressACLTcpPortWithPrefix(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyString(), anyInt());
 182         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 183         verify(writeTransaction, times(2)).submit();
 184         verify(commitFuture, times(2)).get();
 185     }
 186
 187     *//**
 188      * Rule 3: TCP Proto (True), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (True)
 189      *//*
 190     @Test
 191     public void testProgramPortSecurityACLRule3() throws Exception {
 192         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 193         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 194         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
 195         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
 196
 197         ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
 198         verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 199         verify(ingressAclServiceSpy, times(1)).ingressACLPermitAllProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
 200         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 201         verify(writeTransaction, times(2)).submit();
 202         verify(commitFuture, times(2)).get();
 203     }
 204
 205     *//**
 206      * Rule 4: TCP Proto (False), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (True)
 207      *//*
 208     @Test
 209     public void testProgramPortSecurityACLRule4() throws Exception {
 210         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
 211         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 212         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
 213         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
 214
 215         ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
 216         verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 217         verify(ingressAclServiceSpy, times(1)).ingressACLPermitAllProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
 218         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 219         verify(writeTransaction, times(2)).submit();
 220         verify(commitFuture, times(2)).get();
 221     }
 222
 223     *//**
 224      * Rule 5: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (True), IP Prefix (False)
 225      *//*
 226     @Test
 227     public void testProgramPortSecurityACLRule5() throws Exception {
 228         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 229         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(1);
 230         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
 231         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
 232
 233         ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
 234         verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 235         verify(ingressAclServiceSpy, times(1)).ingressACLTcpSyn(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyInt());
 236         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 237         verify(writeTransaction, times(2)).submit();
 238         verify(commitFuture, times(2)).get();
 239     }
 240
 241     *//**
 242      * Rule 6: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (False), IP Prefix (False)
 243      *//*
 244     @Test
 245     public void testProgramPortSecurityACLRule6() throws Exception {
 246         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 247         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 248         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
 249         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
 250
 251         ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
 252         verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 253         verify(ingressAclServiceSpy, times(1)).ingressACLTcpSyn(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyInt());
 254         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 255         verify(writeTransaction, times(2)).submit();
 256         verify(commitFuture, times(2)).get();
 257     }
 258
 259     *//**
 260      * Rule 7: TCP Proto (True), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (False or 0.0.0.0/0)
 261      *//*
 262     @Test
 263     public void testProgramPortSecurityACLRule7() throws Exception {
 264         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 265         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 266         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
 267         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
 268
 269         ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
 270         verify(ingressAclServiceSpy, times(1)).handleIngressAllowProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
 271         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 272         verify(writeTransaction, times(1)).submit();
 273         verify(commitFuture, times(1)).get();
 274     }
 275 */
 276     /**
 277      *  Test IPv4 add test case.
 278      */
 279     @Test
 280     public void testProgramPortSecurityACLRuleAddIpv4() throws Exception {
 281         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
 282         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 283         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
 284         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
 285
 286         ingressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,true);
 287
 288         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
 289         verify(writeTransaction, times(1)).submit();
 290         verify(commitFuture, times(1)).get();
 291     }
 292
 293     /**
 294      *  Test IPv4 remove test case.
 295      */
 296     @Test
 297     public void testProgramPortSecurityACLRuleRemoveIpv4() throws Exception {
 298         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
 299         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 300         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
 301         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
 302
 303         ingressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false);
 304
 305         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 306         verify(writeTransaction, times(1)).submit();
 307         verify(commitFuture, times(1)).get();
 308     }
 309
 310     /**
 311      *  Test TCP add with port no and CIDR selected.
 312      */
 313     @Test
 314     public void testProgramPortSecurityACLRuleAddTcp1() throws Exception {
 315         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 316         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(20);
 317         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(20);
 318         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 319         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 320                                              any(NodeBuilder.class));
 321
 322         ingressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 323                                                    neutronSrcIpList, true);
 324
 325         Match match = flowBuilder.getMatch();
 326         EthernetMatch ethMatch = match.getEthernetMatch();
 327         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 328
 329         Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
 330         TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
 331         Assert.assertEquals(20, layer4Match.getTcpDestinationPort().getValue().intValue());
 332         int port = portSecurityRule.getSecurityRulePortMin();
 333         Assert.assertEquals("Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
 334                             "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
 335     }
 336
 337     /**
 338      *  Test TCP remove with port no and CIDR selected.
 339      */
 340     @Test
 341     public void testProgramPortSecurityACLRuleRemoveTcp1() throws Exception {
 342         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 343         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(15);
 344         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(15);
 345         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 346         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 347                                              any(NodeBuilder.class));
 348
 349         ingressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 350                                                    neutronSrcIpList, false);
 351
 352         Match match = flowBuilder.getMatch();
 353         EthernetMatch ethMatch = match.getEthernetMatch();
 354         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 355
 356         Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
 357         TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
 358         Assert.assertEquals(15, layer4Match.getTcpDestinationPort().getValue().intValue());
 359         int port = portSecurityRule.getSecurityRulePortMin();
 360         Assert.assertEquals("Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
 361                             "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
 362     }
 363
 364     /**
 365      *  Test TCP add with port no and remote SG selected.
 366      */
 367     @Test
 368     public void testProgramPortSecurityACLRuleAddTcp2() throws Exception {
 369         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 370         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
 371         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
 372         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 373         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 374         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 375                                              any(NodeBuilder.class));
 376         ingressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 377                                                    neutronSrcIpList, true);
 378
 379         Match match = flowBuilder.getMatch();
 380         EthernetMatch ethMatch = match.getEthernetMatch();
 381         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 382
 383         Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
 384         TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
 385         Assert.assertEquals(50, layer4Match.getTcpDestinationPort().getValue().intValue());
 386         int port = portSecurityRule.getSecurityRulePortMin();
 387         String expectedFlowId1 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_1 +
 388                 "_Permit";
 389         String expectedFlowId2 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_2 +
 390                 "_Permit";
 391         String actualFlowId = flowBuilder.getFlowName();
 392         if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 393             Assert.assertTrue(true);
 394         } else {
 395             Assert.assertTrue(false);
 396         }
 397     }
 398
 399     /**
 400      *  Test TCP remove with port no and remote SG selected.
 401      */
 402     @Test
 403     public void testProgramPortSecurityACLRuleRemoveTcp2() throws Exception {
 404         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 405         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
 406         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
 407         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 408         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 409         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 410                                              any(NodeBuilder.class));
 411
 412         ingressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 413                                                    neutronSrcIpList, false);
 414
 415         Match match = flowBuilder.getMatch();
 416         EthernetMatch ethMatch = match.getEthernetMatch();
 417         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 418
 419         Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
 420         TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
 421         Assert.assertEquals(50, layer4Match.getTcpDestinationPort().getValue().intValue());
 422         int port = portSecurityRule.getSecurityRulePortMin();
 423         String expectedFlowId1 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_1 +
 424                 "_Permit";
 425         String expectedFlowId2 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_2 +
 426                 "_Permit";
 427         String actualFlowId = flowBuilder.getFlowName();
 428         if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 429             Assert.assertTrue(true);
 430         } else {
 431             Assert.assertTrue(false);
 432         }
 433     }
 434
 435
 436     /**
 437      *  Test TCP add with port (All TCP) and CIDR selected.
 438      */
 439     @Test
 440     public void testProgramPortSecurityACLRuleAddTcpAll1() throws Exception {
 441         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 442         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
 443         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
 444         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 445         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 446                                              any(NodeBuilder.class));
 447
 448         ingressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 449                                                    neutronSrcIpList, true);
 450
 451         Match match = flowBuilder.getMatch();
 452         EthernetMatch ethMatch = match.getEthernetMatch();
 453         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 454
 455         Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
 456         Assert.assertEquals("Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
 457                             PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
 458     }
 459
 460     /**
 461      *  Test TCP remove with port (All TCP) and CIDR selected.
 462      */
 463     @Test
 464     public void testProgramPortSecurityACLRuleRemoveTcpAll1() throws Exception {
 465         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 466         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
 467         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
 468         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 469         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 470                                              any(NodeBuilder.class));
 471
 472         ingressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 473                                                    neutronSrcIpList, false);
 474
 475         Match match = flowBuilder.getMatch();
 476         EthernetMatch ethMatch = match.getEthernetMatch();
 477         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 478
 479         Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
 480         Assert.assertEquals("Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
 481                             PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
 482     }
 483
 484     /**
 485      *  Test TCP add with port (All TCP) and remote SG selected.
 486      */
 487     @Test
 488     public void testProgramPortSecurityACLRuleAddTcpAll2() throws Exception {
 489         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 490         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
 491         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
 492         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 493         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 494                                              any(NodeBuilder.class));
 495         ingressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 496                                                    neutronSrcIpList, true);
 497
 498         Match match = flowBuilder.getMatch();
 499         EthernetMatch ethMatch = match.getEthernetMatch();
 500         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 501
 502         Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
 503         String expectedFlowId1 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
 504                             PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
 505         String expectedFlowId2 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
 506                 PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
 507         String actualFlowId = flowBuilder.getFlowName();
 508         if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 509             Assert.assertTrue(true);
 510         } else {
 511             Assert.assertTrue(false);
 512         }
 513     }
 514
 515     /**
 516      *  Test TCP remove with port (All TCP) and remote SG selected.
 517      */
 518     @Test
 519     public void testProgramPortSecurityACLRuleRemoveTcpAll2() throws Exception {
 520         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 521         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
 522         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
 523         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 524         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 525                                              any(NodeBuilder.class));
 526
 527         ingressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 528                                                    neutronSrcIpList, false);
 529
 530         Match match = flowBuilder.getMatch();
 531         EthernetMatch ethMatch = match.getEthernetMatch();
 532         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 533
 534         Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
 535         TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
 536         String expectedFlowId1 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + PORT_RANGE_MIN + "_" +
 537                                 PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
 538         String expectedFlowId2 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + PORT_RANGE_MIN + "_" +
 539                                 PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
 540         String actualFlowId = flowBuilder.getFlowName();
 541         if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 542             Assert.assertTrue(true);
 543         } else {
 544             Assert.assertTrue(false);
 545         }
 546     }
 547
 548     /**
 549      *  Test UDP add with port no and CIDR selected.
 550      */
 551     @Test
 552     public void testProgramPortSecurityACLRuleAddUdp1() throws Exception {
 553         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
 554         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
 555         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
 556         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 557         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 558                                              any(NodeBuilder.class));
 559
 560         ingressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 561                                                    neutronSrcIpList, true);
 562
 563         Match match = flowBuilder.getMatch();
 564         EthernetMatch ethMatch = match.getEthernetMatch();
 565         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 566
 567         Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
 568         UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
 569         Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
 570         int port = portSecurityRule.getSecurityRulePortMin();
 571         Assert.assertEquals("Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
 572                             "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
 573     }
 574
 575     /**
 576      *  Test UDP remove with port no and CIDR selected.
 577      */
 578     @Test
 579     public void testProgramPortSecurityACLRuleRemoveUdp1() throws Exception {
 580         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
 581         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
 582         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
 583         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 584         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 585                                              any(NodeBuilder.class));
 586
 587         ingressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 588                                                    neutronSrcIpList, false);
 589
 590         Match match = flowBuilder.getMatch();
 591         EthernetMatch ethMatch = match.getEthernetMatch();
 592         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 593
 594         Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
 595         UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
 596         Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
 597         int port = portSecurityRule.getSecurityRulePortMin();
 598         Assert.assertEquals("Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
 599                             "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
 600     }
 601
 602     /**
 603      *  Test UDP add with port no and remote SG selected.
 604      */
 605     @Test
 606     public void testProgramPortSecurityACLRuleAddUdp2() throws Exception {
 607         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
 608         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
 609         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
 610         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 611         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 612         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 613                                              any(NodeBuilder.class));
 614         ingressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 615                                                    neutronSrcIpList, true);
 616
 617         Match match = flowBuilder.getMatch();
 618         EthernetMatch ethMatch = match.getEthernetMatch();
 619         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 620
 621         Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
 622         UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
 623         Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
 624         int port = portSecurityRule.getSecurityRulePortMin();
 625         String expectedFlowId1 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_1 +
 626                 "_Permit";
 627         String expectedFlowId2 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_2 +
 628                 "_Permit";
 629         String actualFlowId = flowBuilder.getFlowName();
 630         if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 631             Assert.assertTrue(true);
 632         } else {
 633             Assert.assertTrue(false);
 634         }
 635     }
 636
 637     /**
 638      *  Test UDP remove with port no and remote SG selected.
 639      */
 640     @Test
 641     public void testProgramPortSecurityACLRuleRemoveUdp2() throws Exception {
 642         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
 643         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
 644         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
 645         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 646         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 647         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 648                                              any(NodeBuilder.class));
 649         ingressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 650                                                    neutronSrcIpList, false);
 651
 652         Match match = flowBuilder.getMatch();
 653         EthernetMatch ethMatch = match.getEthernetMatch();
 654         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 655
 656         Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
 657         UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
 658         Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
 659         int port = portSecurityRule.getSecurityRulePortMin();
 660         String expectedFlowId1 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_1 +
 661                 "_Permit";
 662         String expectedFlowId2 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_2 +
 663                 "_Permit";
 664         String actualFlowId = flowBuilder.getFlowName();
 665         if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 666             Assert.assertTrue(true);
 667         } else {
 668             Assert.assertTrue(false);
 669         }
 670     }
 671
 672     /**
 673      *  Test UDP add with ports (All UDP) and CIDR selected.
 674      */
 675     @Test
 676     public void testProgramPortSecurityACLRuleAddUdpAll1() throws Exception {
 677         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
 678         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
 679         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
 680         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 681         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 682                                              any(NodeBuilder.class));
 683
 684         ingressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 685                                                    neutronSrcIpList, true);
 686
 687         Match match = flowBuilder.getMatch();
 688         EthernetMatch ethMatch = match.getEthernetMatch();
 689         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 690
 691         Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
 692         Assert.assertEquals("Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN  + "_" +
 693                             PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
 694     }
 695
 696     /**
 697      *  Test UDP remove with ports (All UDP) and CIDR selected.
 698      */
 699     @Test
 700     public void testProgramPortSecurityACLRuleRemoveUdpAll1() throws Exception {
 701         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
 702         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
 703         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
 704         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 705         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 706                                              any(NodeBuilder.class));
 707
 708         ingressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 709                                                    neutronSrcIpList, false);
 710
 711         Match match = flowBuilder.getMatch();
 712         EthernetMatch ethMatch = match.getEthernetMatch();
 713         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 714
 715         Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
 716         Assert.assertEquals("Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN  + "_" +
 717                 PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
 718     }
 719
 720     /**
 721      *  Test UDP add with ports (All UDP) and remote SG selected.
 722      */
 723     @Test
 724     public void testProgramPortSecurityACLRuleAddUdpAll2() throws Exception {
 725         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
 726         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
 727         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
 728         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 729         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 730         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 731                                              any(NodeBuilder.class));
 732         ingressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 733                                                    neutronSrcIpList, true);
 734
 735         Match match = flowBuilder.getMatch();
 736         EthernetMatch ethMatch = match.getEthernetMatch();
 737         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 738
 739         Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
 740         String expectedFlowId1 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + PORT_RANGE_MIN + "_" +
 741                         PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
 742         String expectedFlowId2 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + PORT_RANGE_MIN + "_" +
 743                 PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
 744         String actualFlowId = flowBuilder.getFlowName();
 745         if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 746             Assert.assertTrue(true);
 747         } else {
 748             Assert.assertTrue(false);
 749         }
 750     }
 751
 752     /**
 753      *  Test UDP remove with ports (All UDP) and remote SG selected.
 754      */
 755     @Test
 756     public void testProgramPortSecurityACLRuleRemoveUdpAll2() throws Exception {
 757         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
 758         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
 759         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
 760         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 761         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 762         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 763                                              any(NodeBuilder.class));
 764         ingressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 765                                                    neutronSrcIpList, false);
 766
 767         Match match = flowBuilder.getMatch();
 768         EthernetMatch ethMatch = match.getEthernetMatch();
 769         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 770
 771         Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
 772         String expectedFlowId1 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + PORT_RANGE_MIN + "_" +
 773                         PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
 774         String expectedFlowId2 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + PORT_RANGE_MIN + "_" +
 775                 PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
 776         String actualFlowId = flowBuilder.getFlowName();
 777         if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 778             Assert.assertTrue(true);
 779         } else {
 780             Assert.assertTrue(false);
 781         }
 782     }
 783
 784     /**
 785      *  Test ICMP add with code, type and CIDR selected.
 786      */
 787     @Test
 788     public void testProgramPortSecurityACLRuleAddIcmp1() throws Exception {
 789         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
 790         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(10);
 791         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(10);
 792         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 793
 794         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 795                                              any(NodeBuilder.class));
 796         ingressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID,
 797                                                     MAC_ADDRESS, LOCAL_PORT, securityGroup, neutronSrcIpList, true);
 798         Match match = flowBuilder.getMatch();
 799         Icmpv4Match icmpv4Match = match.getIcmpv4Match();
 800         Assert.assertEquals(10, icmpv4Match.getIcmpv4Type().shortValue());
 801         Assert.assertEquals(10, icmpv4Match.getIcmpv4Code().shortValue());
 802         EthernetMatch ethMatch = match.getEthernetMatch();
 803         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 804         Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
 805         Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
 806         Assert.assertEquals("Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code
 807                             + "_0.0.0.0/24_Permit",
 808                             flowBuilder.getFlowName());
 809     }
 810
 811     /**
 812      *  Test ICMP remove with code, type and CIDR selected.
 813      */
 814     @Test
 815     public void testProgramPortSecurityACLRuleRemoveIcmp1() throws Exception {
 816         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
 817         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(20);
 818         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(20);
 819         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 820         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 821                                              any(NodeBuilder.class));
 822
 823         ingressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID,
 824                                                     MAC_ADDRESS, LOCAL_PORT, securityGroup, neutronSrcIpList, false);
 825         Match match = flowBuilder.getMatch();
 826         Icmpv4Match icmpv4Match = match.getIcmpv4Match();
 827         Assert.assertEquals(20, icmpv4Match.getIcmpv4Type().shortValue());
 828         Assert.assertEquals(20, icmpv4Match.getIcmpv4Code().shortValue());
 829         EthernetMatch ethMatch = match.getEthernetMatch();
 830         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 831         Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
 832         Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
 833         Assert.assertEquals("Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code
 834                             + "_0.0.0.0/24_Permit",
 835                             flowBuilder.getFlowName());
 836     }
 837
 838     /**
 839      *  Test ICMP add with code, type and remote SG selected.
 840      */
 841     @Test
 842     public void testProgramPortSecurityACLRuleAddIcmp2() throws Exception {
 843         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
 844         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(30);
 845         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(30);
 846         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 847         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 848                                              any(NodeBuilder.class));
 849
 850         ingressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID,
 851                                                     MAC_ADDRESS, LOCAL_PORT, securityGroup, neutronSrcIpList, true);
 852         Match match = flowBuilder.getMatch();
 853         Icmpv4Match icmpv4Match =match.getIcmpv4Match();
 854         Assert.assertEquals(30, icmpv4Match.getIcmpv4Type().shortValue());
 855         Assert.assertEquals(30, icmpv4Match.getIcmpv4Code().shortValue());
 856         EthernetMatch ethMatch = match.getEthernetMatch();
 857         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 858         Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
 859         Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
 860         String expectedFlowId1 = "Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + type + "_" + code + "_"
 861                                 + DEST_IP_1 + "_Permit";
 862         String expectedFlowId2 = "Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + type + "_" + code + "_"
 863                                 + DEST_IP_2 + "_Permit";
 864         String actualFlowId = flowBuilder.getFlowName();
 865         if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 866             Assert.assertTrue(true);
 867         } else {
 868             Assert.assertTrue(false);
 869         }
 870     }
 871
 872     /**
 873      *  Test ICMP remove with code, type and remote SG selected.
 874      */
 875     @Test
 876     public void testProgramPortSecurityACLRuleRemoveIcmp2() throws Exception {
 877         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
 878         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(40);
 879         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(40);
 880         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 881         PowerMockito.doAnswer(answer())
 882         .when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class), any(NodeBuilder.class));
 883
 884         ingressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID,
 885                                                     MAC_ADDRESS, LOCAL_PORT, securityGroup, neutronSrcIpList, false);
 886         Match match = flowBuilder.getMatch();
 887         Icmpv4Match icmpv4Match = match.getIcmpv4Match();
 888         Assert.assertEquals(40, icmpv4Match.getIcmpv4Type().shortValue());
 889         Assert.assertEquals(40, icmpv4Match.getIcmpv4Code().shortValue());
 890         EthernetMatch ethMatch = match.getEthernetMatch();
 891         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 892         Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
 893         Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
 894         String expectedFlowId1 = "Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + type + "_" + code + "_"
 895                                 + DEST_IP_1 + "_Permit";
 896         String expectedFlowId2 = "Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + type + "_" + code + "_"
 897                                 + DEST_IP_2 + "_Permit";
 898         String actualFlowId = flowBuilder.getFlowName();
 899         if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 900             Assert.assertTrue(true);
 901         } else {
 902             Assert.assertTrue(false);
 903         }
 904     }
 905
 906     /**
 907      *  Test IPv4 invalid ether type test case.
 908      */
 909     @Test
 910     public void testProgramPortSecurityACLRuleInvalidEther() throws Exception {
 911         when(portSecurityRule.getSecurityRuleEthertype()).thenReturn("IPV6");
 912
 913         ingressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false);
 914
 915         verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 916         verify(writeTransaction, times(0)).submit();
 917         verify(commitFuture, times(0)).get();
 918     }
 919
 920     /**
 921      *  Test IPv4 invalid direction type test case.
 922      */
 923     @Test
 924     public void testProgramPortSecurityACLRuleInvalidDirection() throws Exception {
 925         when(portSecurityRule.getSecurityRuleDirection()).thenReturn("edgress");
 926
 927         ingressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false);
 928
 929         verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 930         verify(writeTransaction, times(0)).submit();
 931         verify(commitFuture, times(0)).get();
 932     }
 933
 934     /**
 935      *  Test With isLastPortInBridge false isComputeNode false
 936      */
 937     @Test
 938     public void testProgramFixedSecurityACLAdd1() throws Exception {
 939         ingressAclServiceSpy.programFixedSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 1, false, false, true);
 940
 941         verify(writeTransaction, times(0)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
 942         verify(writeTransaction, times(0)).submit();
 943         verify(commitFuture, times(0)).get();
 944     }
 945     /**
 946      *  Test With isLastPortInBridge false isComputeNode false
 947      */
 948     @Test
 949     public void testProgramFixedSecurityACLRemove1() throws Exception {
 950
 951         ingressAclServiceSpy.programFixedSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 1, false, false, false);
 952
 953         verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 954         verify(writeTransaction, times(0)).submit();
 955         verify(commitFuture, times(0)).get();
 956     }
 957
 958     /**
 959      * Test method {@link IgressAclService#egressACLDefaultTcpDrop(Long, String, String, int, boolean)}
 960      */
 961     @Test
 962     public void testIgressACLDefaultTcpDrop() throws Exception {
 963         ingressAclService.ingressACLDefaultTcpDrop(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, PRIORITY, true);
 964         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 965         verify(writeTransaction, times(1)).submit();
 966         verify(commitFuture, times(1)).get();
 967
 968         ingressAclService.ingressACLDefaultTcpDrop(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, PRIORITY, false);
 969         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 970         verify(writeTransaction, times(2)).submit();
 971         verify(commitFuture, times(2)).get(); // 1 + 1 above
 972     }
 973
 974     /**
 975      * Test method {@link IgressAclService#ingressACLTcpPortWithPrefix(Long, String, String, boolean, Integer, String, Integer)}
 976      */
 977     @Test
 978     public void testIngressACLTcpPortWithPrefix() throws Exception {
 979         ingressAclService.ingressACLTcpPortWithPrefix(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, true, 1, HOST_ADDRESS, PRIORITY);
 980         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 981         verify(writeTransaction, times(1)).submit();
 982         verify(commitFuture, times(1)).get();
 983
 984         ingressAclService.ingressACLTcpPortWithPrefix(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, false, 1, HOST_ADDRESS, PRIORITY);
 985         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 986         verify(writeTransaction, times(2)).submit();
 987         verify(commitFuture, times(2)).get(); // 1 + 1 above
 988     }
 989
 990     /**
 991      * Test method {@link IgressAclService#handleIngressAllowProto(Long, String, String, boolean, String, Integer)}
 992      */
 993     @Test
 994     public void testIngressAllowProto() throws Exception {
 995         ingressAclService.handleIngressAllowProto(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, true, HOST_ADDRESS, PRIORITY);
 996         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 997         verify(writeTransaction, times(1)).submit();
 998         verify(commitFuture, times(1)).get();
 999
1000         ingressAclService.handleIngressAllowProto(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, false, HOST_ADDRESS, PRIORITY);
1001         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1002         verify(writeTransaction, times(2)).submit();
1003         verify(commitFuture, times(2)).get(); // 1 + 1 above
1004     }
1005
1006     /**
1007      * Test method {@link IgressAclService#ingressACLPermitAllProto(Long, String, String, boolean, String, Integer)}
1008      */
1009     @Test
1010     public void testIngressACLPermitAllProto() throws Exception {
1011         ingressAclService.ingressACLPermitAllProto(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, true, HOST_ADDRESS, PRIORITY);
1012         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
1013         verify(writeTransaction, times(1)).submit();
1014         verify(commitFuture, times(1)).get();
1015
1016         ingressAclService.ingressACLPermitAllProto(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, false, HOST_ADDRESS, PRIORITY);
1017         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1018         verify(writeTransaction, times(2)).submit();
1019         verify(commitFuture, times(2)).get(); // 1 + 1 above
1020     }
1021
1022     /**
1023      * Test method {@link IgressAclService#ingressACLTcpSyn(Long, String, String, boolean, Integer, Integer)}
1024      */
1025     @Test
1026     public void testIngressACLTcpSyn() throws Exception {
1027         ingressAclService.ingressACLTcpSyn(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, true, 1, PRIORITY);
1028         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
1029         verify(writeTransaction, times(1)).submit();
1030         verify(commitFuture, times(1)).get();
1031
1032         ingressAclService.ingressACLTcpSyn(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, false, 1, PRIORITY);
1033         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1034         verify(writeTransaction, times(2)).submit();
1035         verify(commitFuture, times(2)).get(); // 1 + 1 above
1036     }
1037 }