2 * Copyright (c) 2015 Inocybe and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
9 package org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.services;
11 import static org.mockito.Matchers.any;
12 import static org.mockito.Matchers.anyBoolean;
13 import static org.mockito.Matchers.eq;
14 import static org.mockito.Mockito.mock;
15 import static org.mockito.Mockito.times;
16 import static org.mockito.Mockito.verify;
17 import static org.mockito.Mockito.when;
19 import java.util.ArrayList;
20 import java.util.List;
22 import org.junit.Assert;
23 import org.junit.Before;
24 import org.junit.Test;
25 import org.junit.runner.RunWith;
26 import org.mockito.InjectMocks;
27 import org.mockito.Mock;
28 import org.mockito.invocation.InvocationOnMock;
29 import org.mockito.stubbing.Answer;
30 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
31 import org.opendaylight.controller.md.sal.binding.api.WriteTransaction;
32 import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
33 import org.opendaylight.controller.md.sal.common.api.data.TransactionCommitFailedException;
34 import org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronSecurityGroup;
35 import org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronSecurityRule;
36 import org.opendaylight.ovsdb.openstack.netvirt.translator.Neutron_IPs;
37 import org.opendaylight.ovsdb.openstack.netvirt.api.SecurityGroupCacheManger;
38 import org.opendaylight.ovsdb.openstack.netvirt.api.SecurityServicesManager;
39 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.PipelineOrchestrator;
40 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.Service;
41 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.inventory.rev130819.tables.table.FlowBuilder;
42 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.nodes.Node;
43 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.nodes.NodeBuilder;
44 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.Match;
45 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.EthernetMatch;
46 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.Icmpv4Match;
47 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._4.match.TcpMatch;
48 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._4.match.UdpMatch;
49 import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
50 import org.powermock.api.mockito.PowerMockito;
51 import org.powermock.modules.junit4.PowerMockRunner;
53 import com.google.common.util.concurrent.CheckedFuture;
56 * Unit test fort {@link IngressAclService}
58 @RunWith(PowerMockRunner.class)
59 @SuppressWarnings("unchecked")
60 public class IngressAclServiceTest {
62 @InjectMocks private IngressAclService ingressAclService = new IngressAclService();
63 private IngressAclService ingressAclServiceSpy;
65 @Mock private DataBroker dataBroker;
66 @Mock private PipelineOrchestrator orchestrator;
68 @Mock private WriteTransaction writeTransaction;
69 @Mock private CheckedFuture<Void, TransactionCommitFailedException> commitFuture;
71 @Mock private NeutronSecurityGroup securityGroup;
72 @Mock private NeutronSecurityRule portSecurityRule;
73 @Mock private SecurityServicesManager securityServices;
74 @Mock private SecurityGroupCacheManger securityGroupCacheManger;
76 private List<Neutron_IPs> neutronSrcIpList = new ArrayList<>();
77 private List<Neutron_IPs> neutronDestIpList = new ArrayList<>();
78 private Neutron_IPs neutron_ip_src;
79 private Neutron_IPs neutron_ip_dest_1;
80 private Neutron_IPs neutron_ip_dest_2;
82 private static final String SEGMENTATION_ID = "2";
83 private static final int PRIORITY = 1;
84 private static final String HOST_ADDRESS = "127.0.0.1/32";
85 private static final String MAC_ADDRESS = "87:1D:5E:02:40:B8";
86 private static final String SRC_IP = "192.168.0.1";
87 private static final String DEST_IP_1 = "192.169.0.1";
88 private static final String DEST_IP_2 = "192.169.0.2";
89 private static final String SECURITY_GROUP_UUID = "85cc3048-abc3-43cc-89b3-377341426ac5";
90 private static final String PORT_UUID = "95cc3048-abc3-43cc-89b3-377341426ac5";
91 private static final String SEGMENT_ID = "2";
92 private static final Long DP_ID_LONG = (long) 1554;
93 private static final Long LOCAL_PORT = (long) 124;
94 private static final int PORT_RANGE_MIN = 1;
95 private static final int PORT_RANGE_MAX = 65535;
96 private static FlowBuilder flowBuilder;
97 private static NodeBuilder nodeBuilder;
99 private static Answer<Object> answer() {
100 return new Answer<Object>() {
102 public CheckedFuture<Void, TransactionCommitFailedException> answer(InvocationOnMock invocation)
104 flowBuilder = (FlowBuilder) invocation.getArguments()[0];
105 nodeBuilder = (NodeBuilder) invocation.getArguments()[1];
112 public void setUp() {
113 ingressAclServiceSpy = PowerMockito.spy(ingressAclService);
115 when(writeTransaction.submit()).thenReturn(commitFuture);
117 when(dataBroker.newWriteOnlyTransaction()).thenReturn(writeTransaction);
119 when(orchestrator.getNextServiceInPipeline(any(Service.class))).thenReturn(Service.ARP_RESPONDER);
121 portSecurityRule = mock(NeutronSecurityRule.class);
122 when(portSecurityRule.getSecurityRuleEthertype()).thenReturn("IPv4");
123 when(portSecurityRule.getSecurityRuleDirection()).thenReturn("ingress");
125 List<NeutronSecurityRule> portSecurityList = new ArrayList<>();
126 portSecurityList.add(portSecurityRule);
128 neutron_ip_src = new Neutron_IPs();
129 neutron_ip_src.setIpAddress(SRC_IP);
130 neutronSrcIpList.add(neutron_ip_src);
132 neutron_ip_dest_1 = new Neutron_IPs();
133 neutron_ip_dest_1.setIpAddress(DEST_IP_1);
134 neutronDestIpList.add(neutron_ip_dest_1);
136 neutron_ip_dest_2 = new Neutron_IPs();
137 neutron_ip_dest_2.setIpAddress(DEST_IP_2);
138 neutronDestIpList.add(neutron_ip_dest_2);
141 when(securityGroup.getSecurityRules()).thenReturn(portSecurityList);
142 when(securityServices.getVmListForSecurityGroup
143 (PORT_UUID, SECURITY_GROUP_UUID)).thenReturn(neutronDestIpList);
147 * Rule 1: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (True), IP Prefix (True)
150 public void testProgramPortSecurityACLRule1() throws Exception {
151 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
152 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(1);
153 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
154 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
156 ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
157 verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
158 verify(ingressAclServiceSpy, times(1)).ingressACLTcpPortWithPrefix(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyString(), anyInt());
159 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
160 verify(writeTransaction, times(2)).submit();
161 verify(commitFuture, times(2)).get();
166 * Rule 2: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (False), IP Prefix (True)
169 public void testProgramPortSecurityACLRule2() throws Exception {
170 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
171 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
172 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
173 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
175 ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
176 verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
177 verify(ingressAclServiceSpy, times(1)).ingressACLTcpPortWithPrefix(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyString(), anyInt());
178 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
179 verify(writeTransaction, times(2)).submit();
180 verify(commitFuture, times(2)).get();
184 * Rule 3: TCP Proto (True), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (True)
187 public void testProgramPortSecurityACLRule3() throws Exception {
188 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
189 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
190 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
191 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
193 ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
194 verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
195 verify(ingressAclServiceSpy, times(1)).ingressACLPermitAllProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
196 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
197 verify(writeTransaction, times(2)).submit();
198 verify(commitFuture, times(2)).get();
202 * Rule 4: TCP Proto (False), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (True)
205 public void testProgramPortSecurityACLRule4() throws Exception {
206 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
207 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
208 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
209 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
211 ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
212 verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
213 verify(ingressAclServiceSpy, times(1)).ingressACLPermitAllProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
214 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
215 verify(writeTransaction, times(2)).submit();
216 verify(commitFuture, times(2)).get();
220 * Rule 5: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (True), IP Prefix (False)
223 public void testProgramPortSecurityACLRule5() throws Exception {
224 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
225 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(1);
226 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
227 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
229 ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
230 verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
231 verify(ingressAclServiceSpy, times(1)).ingressACLTcpSyn(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyInt());
232 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
233 verify(writeTransaction, times(2)).submit();
234 verify(commitFuture, times(2)).get();
238 * Rule 6: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (False), IP Prefix (False)
241 public void testProgramPortSecurityACLRule6() throws Exception {
242 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
243 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
244 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
245 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
247 ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
248 verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
249 verify(ingressAclServiceSpy, times(1)).ingressACLTcpSyn(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyInt());
250 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
251 verify(writeTransaction, times(2)).submit();
252 verify(commitFuture, times(2)).get();
256 * Rule 7: TCP Proto (True), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (False or 0.0.0.0/0)
259 public void testProgramPortSecurityACLRule7() throws Exception {
260 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
261 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
262 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
263 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
265 ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
266 verify(ingressAclServiceSpy, times(1)).handleIngressAllowProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
267 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
268 verify(writeTransaction, times(1)).submit();
269 verify(commitFuture, times(1)).get();
273 * Test IPv4 add test case.
276 public void testProgramPortSecurityACLRuleAddIpv4() throws Exception {
277 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
278 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
279 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
280 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
282 ingressAclServiceSpy.programPortSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,PORT_UUID,true);
284 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
285 verify(writeTransaction, times(1)).submit();
286 verify(commitFuture, times(1)).get();
290 * Test IPv4 remove test case.
293 public void testProgramPortSecurityACLRuleRemoveIpv4() throws Exception {
294 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
295 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
296 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
297 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
299 ingressAclServiceSpy.programPortSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,PORT_UUID,false);
301 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
302 verify(writeTransaction, times(1)).submit();
303 verify(commitFuture, times(1)).get();
307 * Test TCP add with port no and CIDR selected.
310 public void testProgramPortSecurityACLRuleAddTcp1() throws Exception {
311 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
312 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(20);
313 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(20);
314 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
315 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
316 any(NodeBuilder.class));
318 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
321 Match match = flowBuilder.getMatch();
322 EthernetMatch ethMatch = match.getEthernetMatch();
323 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
325 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
326 TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
327 Assert.assertEquals(20, layer4Match.getTcpDestinationPort().getValue().intValue());
328 int port = portSecurityRule.getSecurityRulePortMin();
329 Assert.assertEquals("Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
330 "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
334 * Test TCP remove with port no and CIDR selected.
337 public void testProgramPortSecurityACLRuleRemoveTcp1() throws Exception {
338 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
339 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(15);
340 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(15);
341 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
342 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
343 any(NodeBuilder.class));
345 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
348 Match match = flowBuilder.getMatch();
349 EthernetMatch ethMatch = match.getEthernetMatch();
350 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
352 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
353 TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
354 Assert.assertEquals(15, layer4Match.getTcpDestinationPort().getValue().intValue());
355 int port = portSecurityRule.getSecurityRulePortMin();
356 Assert.assertEquals("Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
357 "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
361 * Test TCP add with port no and remote SG selected.
364 public void testProgramPortSecurityACLRuleAddTcp2() throws Exception {
365 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
366 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
367 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
368 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
369 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
370 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
371 any(NodeBuilder.class));
372 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
375 Match match = flowBuilder.getMatch();
376 EthernetMatch ethMatch = match.getEthernetMatch();
377 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
379 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
380 TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
381 Assert.assertEquals(50, layer4Match.getTcpDestinationPort().getValue().intValue());
382 int port = portSecurityRule.getSecurityRulePortMin();
383 String expectedFlowId1 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_1 +
385 String expectedFlowId2 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_2 +
387 String actualFlowId = flowBuilder.getFlowName();
388 if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
389 Assert.assertTrue(true);
391 Assert.assertTrue(false);
396 * Test TCP remove with port no and remote SG selected.
399 public void testProgramPortSecurityACLRuleRemoveTcp2() throws Exception {
400 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
401 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
402 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
403 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
404 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
405 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
406 any(NodeBuilder.class));
408 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
411 Match match = flowBuilder.getMatch();
412 EthernetMatch ethMatch = match.getEthernetMatch();
413 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
415 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
416 TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
417 Assert.assertEquals(50, layer4Match.getTcpDestinationPort().getValue().intValue());
418 int port = portSecurityRule.getSecurityRulePortMin();
419 String expectedFlowId1 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_1 +
421 String expectedFlowId2 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_2 +
423 String actualFlowId = flowBuilder.getFlowName();
424 if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
425 Assert.assertTrue(true);
427 Assert.assertTrue(false);
433 * Test TCP add with port (All TCP) and CIDR selected.
436 public void testProgramPortSecurityACLRuleAddTcpAll1() throws Exception {
437 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
438 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
439 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
440 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
441 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
442 any(NodeBuilder.class));
444 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
447 Match match = flowBuilder.getMatch();
448 EthernetMatch ethMatch = match.getEthernetMatch();
449 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
451 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
452 Assert.assertEquals("Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
453 PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
457 * Test TCP remove with port (All TCP) and CIDR selected.
460 public void testProgramPortSecurityACLRuleRemoveTcpAll1() throws Exception {
461 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
462 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
463 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
464 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
465 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
466 any(NodeBuilder.class));
468 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
471 Match match = flowBuilder.getMatch();
472 EthernetMatch ethMatch = match.getEthernetMatch();
473 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
475 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
476 Assert.assertEquals("Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
477 PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
481 * Test TCP add with port (All TCP) and remote SG selected.
484 public void testProgramPortSecurityACLRuleAddTcpAll2() throws Exception {
485 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
486 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
487 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
488 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
489 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
490 any(NodeBuilder.class));
491 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
494 Match match = flowBuilder.getMatch();
495 EthernetMatch ethMatch = match.getEthernetMatch();
496 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
498 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
499 String expectedFlowId1 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
500 PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
501 String expectedFlowId2 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
502 PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
503 String actualFlowId = flowBuilder.getFlowName();
504 if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
505 Assert.assertTrue(true);
507 Assert.assertTrue(false);
512 * Test TCP remove with port (All TCP) and remote SG selected.
515 public void testProgramPortSecurityACLRuleRemoveTcpAll2() throws Exception {
516 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
517 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
518 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
519 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
520 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
521 any(NodeBuilder.class));
523 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
526 Match match = flowBuilder.getMatch();
527 EthernetMatch ethMatch = match.getEthernetMatch();
528 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
530 Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
531 TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
532 String expectedFlowId1 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + PORT_RANGE_MIN + "_" +
533 PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
534 String expectedFlowId2 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + PORT_RANGE_MIN + "_" +
535 PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
536 String actualFlowId = flowBuilder.getFlowName();
537 if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
538 Assert.assertTrue(true);
540 Assert.assertTrue(false);
545 * Test UDP add with port no and CIDR selected.
548 public void testProgramPortSecurityACLRuleAddUdp1() throws Exception {
549 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
550 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
551 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
552 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
553 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
554 any(NodeBuilder.class));
556 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
559 Match match = flowBuilder.getMatch();
560 EthernetMatch ethMatch = match.getEthernetMatch();
561 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
563 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
564 UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
565 Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
566 int port = portSecurityRule.getSecurityRulePortMin();
567 Assert.assertEquals("Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
568 "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
572 * Test UDP remove with port no and CIDR selected.
575 public void testProgramPortSecurityACLRuleRemoveUdp1() throws Exception {
576 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
577 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
578 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
579 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
580 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
581 any(NodeBuilder.class));
583 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
586 Match match = flowBuilder.getMatch();
587 EthernetMatch ethMatch = match.getEthernetMatch();
588 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
590 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
591 UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
592 Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
593 int port = portSecurityRule.getSecurityRulePortMin();
594 Assert.assertEquals("Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
595 "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
599 * Test UDP add with port no and remote SG selected.
602 public void testProgramPortSecurityACLRuleAddUdp2() throws Exception {
603 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
604 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
605 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
606 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
607 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
608 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
609 any(NodeBuilder.class));
610 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
613 Match match = flowBuilder.getMatch();
614 EthernetMatch ethMatch = match.getEthernetMatch();
615 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
617 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
618 UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
619 Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
620 int port = portSecurityRule.getSecurityRulePortMin();
621 String expectedFlowId1 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_1 +
623 String expectedFlowId2 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_2 +
625 String actualFlowId = flowBuilder.getFlowName();
626 if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
627 Assert.assertTrue(true);
629 Assert.assertTrue(false);
634 * Test UDP remove with port no and remote SG selected.
637 public void testProgramPortSecurityACLRuleRemoveUdp2() throws Exception {
638 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
639 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
640 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
641 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
642 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
643 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
644 any(NodeBuilder.class));
645 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
648 Match match = flowBuilder.getMatch();
649 EthernetMatch ethMatch = match.getEthernetMatch();
650 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
652 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
653 UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
654 Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
655 int port = portSecurityRule.getSecurityRulePortMin();
656 String expectedFlowId1 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_1 +
658 String expectedFlowId2 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_2 +
660 String actualFlowId = flowBuilder.getFlowName();
661 if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
662 Assert.assertTrue(true);
664 Assert.assertTrue(false);
669 * Test UDP add with ports (All UDP) and CIDR selected.
672 public void testProgramPortSecurityACLRuleAddUdpAll1() throws Exception {
673 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
674 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
675 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
676 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
677 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
678 any(NodeBuilder.class));
680 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
683 Match match = flowBuilder.getMatch();
684 EthernetMatch ethMatch = match.getEthernetMatch();
685 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
687 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
688 Assert.assertEquals("Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
689 PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
693 * Test UDP remove with ports (All UDP) and CIDR selected.
696 public void testProgramPortSecurityACLRuleRemoveUdpAll1() throws Exception {
697 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
698 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
699 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
700 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
701 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
702 any(NodeBuilder.class));
704 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
707 Match match = flowBuilder.getMatch();
708 EthernetMatch ethMatch = match.getEthernetMatch();
709 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
711 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
712 Assert.assertEquals("Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
713 PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
717 * Test UDP add with ports (All UDP) and remote SG selected.
720 public void testProgramPortSecurityACLRuleAddUdpAll2() throws Exception {
721 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
722 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
723 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
724 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
725 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
726 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
727 any(NodeBuilder.class));
728 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
731 Match match = flowBuilder.getMatch();
732 EthernetMatch ethMatch = match.getEthernetMatch();
733 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
735 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
736 String expectedFlowId1 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + PORT_RANGE_MIN + "_" +
737 PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
738 String expectedFlowId2 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + PORT_RANGE_MIN + "_" +
739 PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
740 String actualFlowId = flowBuilder.getFlowName();
741 if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
742 Assert.assertTrue(true);
744 Assert.assertTrue(false);
749 * Test UDP remove with ports (All UDP) and remote SG selected.
752 public void testProgramPortSecurityACLRuleRemoveUdpAll2() throws Exception {
753 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
754 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
755 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
756 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
757 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
758 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
759 any(NodeBuilder.class));
760 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
763 Match match = flowBuilder.getMatch();
764 EthernetMatch ethMatch = match.getEthernetMatch();
765 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
767 Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
768 String expectedFlowId1 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + PORT_RANGE_MIN + "_" +
769 PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
770 String expectedFlowId2 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + PORT_RANGE_MIN + "_" +
771 PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
772 String actualFlowId = flowBuilder.getFlowName();
773 if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
774 Assert.assertTrue(true);
776 Assert.assertTrue(false);
781 * Test ICMP add with code, type and CIDR selected.
784 public void testProgramPortSecurityACLRuleAddIcmp1() throws Exception {
785 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
786 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(10);
787 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(10);
788 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
790 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
791 any(NodeBuilder.class));
792 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID,
793 MAC_ADDRESS, LOCAL_PORT, securityGroup, PORT_UUID, true);
794 Match match = flowBuilder.getMatch();
795 Icmpv4Match icmpv4Match = match.getIcmpv4Match();
796 Assert.assertEquals(10, icmpv4Match.getIcmpv4Type().shortValue());
797 Assert.assertEquals(10, icmpv4Match.getIcmpv4Code().shortValue());
798 EthernetMatch ethMatch = match.getEthernetMatch();
799 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
800 Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
801 Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
802 Assert.assertEquals("Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code
803 + "_0.0.0.0/24_Permit",
804 flowBuilder.getFlowName());
808 * Test ICMP remove with code, type and CIDR selected.
811 public void testProgramPortSecurityACLRuleRemoveIcmp1() throws Exception {
812 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
813 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(20);
814 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(20);
815 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
816 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
817 any(NodeBuilder.class));
819 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID,
820 MAC_ADDRESS, LOCAL_PORT, securityGroup, PORT_UUID, false);
821 Match match = flowBuilder.getMatch();
822 Icmpv4Match icmpv4Match = match.getIcmpv4Match();
823 Assert.assertEquals(20, icmpv4Match.getIcmpv4Type().shortValue());
824 Assert.assertEquals(20, icmpv4Match.getIcmpv4Code().shortValue());
825 EthernetMatch ethMatch = match.getEthernetMatch();
826 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
827 Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
828 Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
829 Assert.assertEquals("Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code
830 + "_0.0.0.0/24_Permit",
831 flowBuilder.getFlowName());
835 * Test ICMP add with code, type and remote SG selected.
838 public void testProgramPortSecurityACLRuleAddIcmp2() throws Exception {
839 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
840 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(30);
841 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(30);
842 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
843 PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
844 any(NodeBuilder.class));
846 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID,
847 MAC_ADDRESS, LOCAL_PORT, securityGroup, PORT_UUID, true);
848 Match match = flowBuilder.getMatch();
849 Icmpv4Match icmpv4Match =match.getIcmpv4Match();
850 Assert.assertEquals(30, icmpv4Match.getIcmpv4Type().shortValue());
851 Assert.assertEquals(30, icmpv4Match.getIcmpv4Code().shortValue());
852 EthernetMatch ethMatch = match.getEthernetMatch();
853 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
854 Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
855 Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
856 String expectedFlowId1 = "Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + type + "_" + code + "_"
857 + DEST_IP_1 + "_Permit";
858 String expectedFlowId2 = "Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + type + "_" + code + "_"
859 + DEST_IP_2 + "_Permit";
860 String actualFlowId = flowBuilder.getFlowName();
861 if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
862 Assert.assertTrue(true);
864 Assert.assertTrue(false);
869 * Test ICMP remove with code, type and remote SG selected.
872 public void testProgramPortSecurityACLRuleRemoveIcmp2() throws Exception {
873 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
874 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(40);
875 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(40);
876 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
877 PowerMockito.doAnswer(answer())
878 .when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class), any(NodeBuilder.class));
880 ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID,
881 MAC_ADDRESS, LOCAL_PORT, securityGroup, PORT_UUID, false);
882 Match match = flowBuilder.getMatch();
883 Icmpv4Match icmpv4Match = match.getIcmpv4Match();
884 Assert.assertEquals(40, icmpv4Match.getIcmpv4Type().shortValue());
885 Assert.assertEquals(40, icmpv4Match.getIcmpv4Code().shortValue());
886 EthernetMatch ethMatch = match.getEthernetMatch();
887 Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
888 Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
889 Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
890 String expectedFlowId1 = "Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + type + "_" + code + "_"
891 + DEST_IP_1 + "_Permit";
892 String expectedFlowId2 = "Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + type + "_" + code + "_"
893 + DEST_IP_2 + "_Permit";
894 String actualFlowId = flowBuilder.getFlowName();
895 if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
896 Assert.assertTrue(true);
898 Assert.assertTrue(false);
903 * Test IPv4 invalid ether type test case.
906 public void testProgramPortSecurityACLRuleInvalidEther() throws Exception {
907 when(portSecurityRule.getSecurityRuleEthertype()).thenReturn("IPV6");
909 ingressAclServiceSpy.programPortSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,PORT_UUID,false);
911 verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
912 verify(writeTransaction, times(0)).submit();
913 verify(commitFuture, times(0)).get();
917 * Test IPv4 invalid direction type test case.
920 public void testProgramPortSecurityACLRuleInvalidDirection() throws Exception {
921 when(portSecurityRule.getSecurityRuleDirection()).thenReturn("edgress");
923 ingressAclServiceSpy.programPortSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,PORT_UUID,false);
925 verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
926 verify(writeTransaction, times(0)).submit();
927 verify(commitFuture, times(0)).get();
931 * Test With isLastPortInBridge false isComputeNode false
934 public void testProgramFixedSecurityACLAdd1() throws Exception {
935 ingressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, false, false, true);
937 verify(writeTransaction, times(0)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
938 verify(writeTransaction, times(0)).submit();
939 verify(commitFuture, times(0)).get();
942 * Test With isLastPortInBridge false isComputeNode false
945 public void testProgramFixedSecurityACLRemove1() throws Exception {
947 ingressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, false, false, false);
949 verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
950 verify(writeTransaction, times(0)).submit();
951 verify(commitFuture, times(0)).get();
955 * Test method {@link IgressAclService#egressACLDefaultTcpDrop(Long, String, String, int, boolean)}
958 public void testIgressACLDefaultTcpDrop() throws Exception {
959 ingressAclService.ingressACLDefaultTcpDrop(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, PRIORITY, true);
960 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
961 verify(writeTransaction, times(1)).submit();
962 verify(commitFuture, times(1)).get();
964 ingressAclService.ingressACLDefaultTcpDrop(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, PRIORITY, false);
965 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
966 verify(writeTransaction, times(2)).submit();
967 verify(commitFuture, times(2)).get(); // 1 + 1 above
971 * Test method {@link IgressAclService#ingressACLTcpPortWithPrefix(Long, String, String, boolean, Integer, String, Integer)}
974 public void testIngressACLTcpPortWithPrefix() throws Exception {
975 ingressAclService.ingressACLTcpPortWithPrefix(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, true, 1, HOST_ADDRESS, PRIORITY);
976 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
977 verify(writeTransaction, times(1)).submit();
978 verify(commitFuture, times(1)).get();
980 ingressAclService.ingressACLTcpPortWithPrefix(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, false, 1, HOST_ADDRESS, PRIORITY);
981 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
982 verify(writeTransaction, times(2)).submit();
983 verify(commitFuture, times(2)).get(); // 1 + 1 above
987 * Test method {@link IgressAclService#handleIngressAllowProto(Long, String, String, boolean, String, Integer)}
990 public void testIngressAllowProto() throws Exception {
991 ingressAclService.handleIngressAllowProto(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, true, HOST_ADDRESS, PRIORITY);
992 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
993 verify(writeTransaction, times(1)).submit();
994 verify(commitFuture, times(1)).get();
996 ingressAclService.handleIngressAllowProto(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, false, HOST_ADDRESS, PRIORITY);
997 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
998 verify(writeTransaction, times(2)).submit();
999 verify(commitFuture, times(2)).get(); // 1 + 1 above
1003 * Test method {@link IgressAclService#ingressACLPermitAllProto(Long, String, String, boolean, String, Integer)}
1006 public void testIngressACLPermitAllProto() throws Exception {
1007 ingressAclService.ingressACLPermitAllProto(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, true, HOST_ADDRESS, PRIORITY);
1008 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
1009 verify(writeTransaction, times(1)).submit();
1010 verify(commitFuture, times(1)).get();
1012 ingressAclService.ingressACLPermitAllProto(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, false, HOST_ADDRESS, PRIORITY);
1013 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1014 verify(writeTransaction, times(2)).submit();
1015 verify(commitFuture, times(2)).get(); // 1 + 1 above
1019 * Test method {@link IgressAclService#ingressACLTcpSyn(Long, String, String, boolean, Integer, Integer)}
1022 public void testIngressACLTcpSyn() throws Exception {
1023 ingressAclService.ingressACLTcpSyn(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, true, 1, PRIORITY);
1024 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
1025 verify(writeTransaction, times(1)).submit();
1026 verify(commitFuture, times(1)).get();
1028 ingressAclService.ingressACLTcpSyn(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, false, 1, PRIORITY);
1029 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1030 verify(writeTransaction, times(2)).submit();
1031 verify(commitFuture, times(2)).get(); // 1 + 1 above