openstack/net-virt-providers/src/test/java/org/opendaylight/ovsdb/openstack/netvirt/providers/openflow13/services/IngressAclServiceTest.java

   1 /*
   2  * Copyright (c) 2015 Inocybe and others.  All rights reserved.
   3  *
   4  * This program and the accompanying materials are made available under the
   5  * terms of the Eclipse Public License v1.0 which accompanies this distribution,
   6  * and is available at http://www.eclipse.org/legal/epl-v10.html
   7  */
   8
   9 package org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.services;
  10
  11 import static org.mockito.Matchers.any;
  12 import static org.mockito.Matchers.anyBoolean;
  13 import static org.mockito.Matchers.eq;
  14 import static org.mockito.Mockito.mock;
  15 import static org.mockito.Mockito.times;
  16 import static org.mockito.Mockito.verify;
  17 import static org.mockito.Mockito.when;
  18
  19 import java.util.ArrayList;
  20 import java.util.List;
  21
  22 import org.junit.Assert;
  23 import org.junit.Before;
  24 import org.junit.Test;
  25 import org.junit.runner.RunWith;
  26 import org.mockito.InjectMocks;
  27 import org.mockito.Mock;
  28 import org.mockito.invocation.InvocationOnMock;
  29 import org.mockito.stubbing.Answer;
  30 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
  31 import org.opendaylight.controller.md.sal.binding.api.WriteTransaction;
  32 import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
  33 import org.opendaylight.controller.md.sal.common.api.data.TransactionCommitFailedException;
  34 import org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronSecurityGroup;
  35 import org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronSecurityRule;
  36 import org.opendaylight.ovsdb.openstack.netvirt.translator.Neutron_IPs;
  37 import org.opendaylight.ovsdb.openstack.netvirt.api.SecurityGroupCacheManger;
  38 import org.opendaylight.ovsdb.openstack.netvirt.api.SecurityServicesManager;
  39 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.PipelineOrchestrator;
  40 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.Service;
  41 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.inventory.rev130819.tables.table.FlowBuilder;
  42 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.nodes.Node;
  43 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.nodes.NodeBuilder;
  44 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.Match;
  45 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.EthernetMatch;
  46 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.Icmpv4Match;
  47 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._4.match.TcpMatch;
  48 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._4.match.UdpMatch;
  49 import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
  50 import org.powermock.api.mockito.PowerMockito;
  51 import org.powermock.modules.junit4.PowerMockRunner;
  52
  53 import com.google.common.util.concurrent.CheckedFuture;
  54
  55 /**
  56  * Unit test fort {@link IngressAclService}
  57  */
  58 @RunWith(PowerMockRunner.class)
  59 @SuppressWarnings("unchecked")
  60 public class IngressAclServiceTest {
  61
  62     @InjectMocks private IngressAclService ingressAclService = new IngressAclService();
  63     private IngressAclService ingressAclServiceSpy;
  64
  65     @Mock private DataBroker dataBroker;
  66     @Mock private PipelineOrchestrator orchestrator;
  67
  68     @Mock private WriteTransaction writeTransaction;
  69     @Mock private CheckedFuture<Void, TransactionCommitFailedException> commitFuture;
  70
  71     @Mock private NeutronSecurityGroup securityGroup;
  72     @Mock private NeutronSecurityRule portSecurityRule;
  73     @Mock private SecurityServicesManager securityServices;
  74     @Mock private SecurityGroupCacheManger securityGroupCacheManger;
  75
  76     private List<Neutron_IPs> neutronSrcIpList = new ArrayList<>();
  77     private List<Neutron_IPs> neutronDestIpList = new ArrayList<>();
  78     private Neutron_IPs neutron_ip_src;
  79     private Neutron_IPs neutron_ip_dest_1;
  80     private Neutron_IPs neutron_ip_dest_2;
  81
  82     private static final String SEGMENTATION_ID = "2";
  83     private static final int PRIORITY = 1;
  84     private static final String HOST_ADDRESS = "127.0.0.1/32";
  85     private static final String MAC_ADDRESS = "87:1D:5E:02:40:B8";
  86     private static final String SRC_IP = "192.168.0.1";
  87     private static final String DEST_IP_1 = "192.169.0.1";
  88     private static final String DEST_IP_2 = "192.169.0.2";
  89     private static final String SECURITY_GROUP_UUID = "85cc3048-abc3-43cc-89b3-377341426ac5";
  90     private static final String PORT_UUID = "95cc3048-abc3-43cc-89b3-377341426ac5";
  91     private static final String SEGMENT_ID = "2";
  92     private static final Long DP_ID_LONG = (long) 1554;
  93     private static final Long LOCAL_PORT = (long) 124;
  94     private static final int PORT_RANGE_MIN = 1;
  95     private static final int PORT_RANGE_MAX = 65535;
  96     private static FlowBuilder flowBuilder;
  97     private static NodeBuilder nodeBuilder;
  98
  99     private static Answer<Object> answer() {
 100         return new Answer<Object>() {
 101             @Override
 102             public CheckedFuture<Void, TransactionCommitFailedException> answer(InvocationOnMock invocation)
 103                     throws Throwable {
 104                 flowBuilder = (FlowBuilder) invocation.getArguments()[0];
 105                 nodeBuilder = (NodeBuilder) invocation.getArguments()[1];
 106                 return null;
 107             }
 108         };
 109     }
 110
 111     @Before
 112     public void setUp() {
 113         ingressAclServiceSpy = PowerMockito.spy(ingressAclService);
 114
 115         when(writeTransaction.submit()).thenReturn(commitFuture);
 116
 117         when(dataBroker.newWriteOnlyTransaction()).thenReturn(writeTransaction);
 118
 119         when(orchestrator.getNextServiceInPipeline(any(Service.class))).thenReturn(Service.ARP_RESPONDER);
 120
 121         portSecurityRule = mock(NeutronSecurityRule.class);
 122         when(portSecurityRule.getSecurityRuleEthertype()).thenReturn("IPv4");
 123         when(portSecurityRule.getSecurityRuleDirection()).thenReturn("ingress");
 124
 125         List<NeutronSecurityRule> portSecurityList = new ArrayList<>();
 126         portSecurityList.add(portSecurityRule);
 127
 128         neutron_ip_src = new Neutron_IPs();
 129         neutron_ip_src.setIpAddress(SRC_IP);
 130         neutronSrcIpList.add(neutron_ip_src);
 131
 132         neutron_ip_dest_1 = new Neutron_IPs();
 133         neutron_ip_dest_1.setIpAddress(DEST_IP_1);
 134         neutronDestIpList.add(neutron_ip_dest_1);
 135
 136         neutron_ip_dest_2 = new Neutron_IPs();
 137         neutron_ip_dest_2.setIpAddress(DEST_IP_2);
 138         neutronDestIpList.add(neutron_ip_dest_2);
 139
 140
 141         when(securityGroup.getSecurityRules()).thenReturn(portSecurityList);
 142         when(securityServices.getVmListForSecurityGroup
 143              (PORT_UUID, SECURITY_GROUP_UUID)).thenReturn(neutronDestIpList);
 144     }
 145
 146    /* *//**
 147      * Rule 1: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (True), IP Prefix (True)
 148      *//*
 149     @Test
 150     public void testProgramPortSecurityACLRule1() throws Exception {
 151         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 152         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(1);
 153         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
 154         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
 155
 156         ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
 157         verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 158         verify(ingressAclServiceSpy, times(1)).ingressACLTcpPortWithPrefix(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyString(), anyInt());
 159         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 160         verify(writeTransaction, times(2)).submit();
 161         verify(commitFuture, times(2)).get();
 162     }
 163
 164
 165     *//**
 166      * Rule 2: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (False), IP Prefix (True)
 167      *//*
 168     @Test
 169     public void testProgramPortSecurityACLRule2() throws Exception {
 170         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 171         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 172         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
 173         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
 174
 175         ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
 176         verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 177         verify(ingressAclServiceSpy, times(1)).ingressACLTcpPortWithPrefix(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyString(), anyInt());
 178         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 179         verify(writeTransaction, times(2)).submit();
 180         verify(commitFuture, times(2)).get();
 181     }
 182
 183     *//**
 184      * Rule 3: TCP Proto (True), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (True)
 185      *//*
 186     @Test
 187     public void testProgramPortSecurityACLRule3() throws Exception {
 188         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 189         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 190         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
 191         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
 192
 193         ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
 194         verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 195         verify(ingressAclServiceSpy, times(1)).ingressACLPermitAllProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
 196         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 197         verify(writeTransaction, times(2)).submit();
 198         verify(commitFuture, times(2)).get();
 199     }
 200
 201     *//**
 202      * Rule 4: TCP Proto (False), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (True)
 203      *//*
 204     @Test
 205     public void testProgramPortSecurityACLRule4() throws Exception {
 206         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
 207         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 208         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
 209         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
 210
 211         ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
 212         verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 213         verify(ingressAclServiceSpy, times(1)).ingressACLPermitAllProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
 214         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 215         verify(writeTransaction, times(2)).submit();
 216         verify(commitFuture, times(2)).get();
 217     }
 218
 219     *//**
 220      * Rule 5: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (True), IP Prefix (False)
 221      *//*
 222     @Test
 223     public void testProgramPortSecurityACLRule5() throws Exception {
 224         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 225         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(1);
 226         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
 227         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
 228
 229         ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
 230         verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 231         verify(ingressAclServiceSpy, times(1)).ingressACLTcpSyn(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyInt());
 232         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 233         verify(writeTransaction, times(2)).submit();
 234         verify(commitFuture, times(2)).get();
 235     }
 236
 237     *//**
 238      * Rule 6: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (False), IP Prefix (False)
 239      *//*
 240     @Test
 241     public void testProgramPortSecurityACLRule6() throws Exception {
 242         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 243         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 244         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
 245         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
 246
 247         ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
 248         verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
 249         verify(ingressAclServiceSpy, times(1)).ingressACLTcpSyn(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyInt());
 250         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 251         verify(writeTransaction, times(2)).submit();
 252         verify(commitFuture, times(2)).get();
 253     }
 254
 255     *//**
 256      * Rule 7: TCP Proto (True), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (False or 0.0.0.0/0)
 257      *//*
 258     @Test
 259     public void testProgramPortSecurityACLRule7() throws Exception {
 260         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 261         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 262         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
 263         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
 264
 265         ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
 266         verify(ingressAclServiceSpy, times(1)).handleIngressAllowProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
 267         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 268         verify(writeTransaction, times(1)).submit();
 269         verify(commitFuture, times(1)).get();
 270     }
 271 */
 272     /**
 273      *  Test IPv4 add test case.
 274      */
 275     @Test
 276     public void testProgramPortSecurityACLRuleAddIpv4() throws Exception {
 277         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
 278         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 279         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
 280         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
 281
 282         ingressAclServiceSpy.programPortSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,PORT_UUID,true);
 283
 284         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
 285         verify(writeTransaction, times(1)).submit();
 286         verify(commitFuture, times(1)).get();
 287     }
 288
 289     /**
 290      *  Test IPv4 remove test case.
 291      */
 292     @Test
 293     public void testProgramPortSecurityACLRuleRemoveIpv4() throws Exception {
 294         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
 295         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
 296         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
 297         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
 298
 299         ingressAclServiceSpy.programPortSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,PORT_UUID,false);
 300
 301         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 302         verify(writeTransaction, times(1)).submit();
 303         verify(commitFuture, times(1)).get();
 304     }
 305
 306     /**
 307      *  Test TCP add with port no and CIDR selected.
 308      */
 309     @Test
 310     public void testProgramPortSecurityACLRuleAddTcp1() throws Exception {
 311         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 312         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(20);
 313         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(20);
 314         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 315         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 316                                              any(NodeBuilder.class));
 317
 318         ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 319                                                       PORT_UUID, true);
 320
 321         Match match = flowBuilder.getMatch();
 322         EthernetMatch ethMatch = match.getEthernetMatch();
 323         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 324
 325         Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
 326         TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
 327         Assert.assertEquals(20, layer4Match.getTcpDestinationPort().getValue().intValue());
 328         int port = portSecurityRule.getSecurityRulePortMin();
 329         Assert.assertEquals("Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
 330                             "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
 331     }
 332
 333     /**
 334      *  Test TCP remove with port no and CIDR selected.
 335      */
 336     @Test
 337     public void testProgramPortSecurityACLRuleRemoveTcp1() throws Exception {
 338         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 339         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(15);
 340         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(15);
 341         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 342         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 343                                              any(NodeBuilder.class));
 344
 345         ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 346                                                       PORT_UUID, false);
 347
 348         Match match = flowBuilder.getMatch();
 349         EthernetMatch ethMatch = match.getEthernetMatch();
 350         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 351
 352         Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
 353         TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
 354         Assert.assertEquals(15, layer4Match.getTcpDestinationPort().getValue().intValue());
 355         int port = portSecurityRule.getSecurityRulePortMin();
 356         Assert.assertEquals("Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
 357                             "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
 358     }
 359
 360     /**
 361      *  Test TCP add with port no and remote SG selected.
 362      */
 363     @Test
 364     public void testProgramPortSecurityACLRuleAddTcp2() throws Exception {
 365         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 366         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
 367         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
 368         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 369         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 370         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 371                                              any(NodeBuilder.class));
 372         ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 373                                                       PORT_UUID, true);
 374
 375         Match match = flowBuilder.getMatch();
 376         EthernetMatch ethMatch = match.getEthernetMatch();
 377         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 378
 379         Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
 380         TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
 381         Assert.assertEquals(50, layer4Match.getTcpDestinationPort().getValue().intValue());
 382         int port = portSecurityRule.getSecurityRulePortMin();
 383         String expectedFlowId1 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_1 +
 384                 "_Permit";
 385         String expectedFlowId2 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_2 +
 386                 "_Permit";
 387         String actualFlowId = flowBuilder.getFlowName();
 388         if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 389             Assert.assertTrue(true);
 390         } else {
 391             Assert.assertTrue(false);
 392         }
 393     }
 394
 395     /**
 396      *  Test TCP remove with port no and remote SG selected.
 397      */
 398     @Test
 399     public void testProgramPortSecurityACLRuleRemoveTcp2() throws Exception {
 400         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 401         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
 402         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
 403         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 404         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 405         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 406                                              any(NodeBuilder.class));
 407
 408         ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 409                                                       PORT_UUID, false);
 410
 411         Match match = flowBuilder.getMatch();
 412         EthernetMatch ethMatch = match.getEthernetMatch();
 413         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 414
 415         Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
 416         TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
 417         Assert.assertEquals(50, layer4Match.getTcpDestinationPort().getValue().intValue());
 418         int port = portSecurityRule.getSecurityRulePortMin();
 419         String expectedFlowId1 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_1 +
 420                 "_Permit";
 421         String expectedFlowId2 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_2 +
 422                 "_Permit";
 423         String actualFlowId = flowBuilder.getFlowName();
 424         if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 425             Assert.assertTrue(true);
 426         } else {
 427             Assert.assertTrue(false);
 428         }
 429     }
 430
 431
 432     /**
 433      *  Test TCP add with port (All TCP) and CIDR selected.
 434      */
 435     @Test
 436     public void testProgramPortSecurityACLRuleAddTcpAll1() throws Exception {
 437         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 438         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
 439         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
 440         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 441         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 442                                              any(NodeBuilder.class));
 443
 444         ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 445                                                       PORT_UUID, true);
 446
 447         Match match = flowBuilder.getMatch();
 448         EthernetMatch ethMatch = match.getEthernetMatch();
 449         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 450
 451         Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
 452         Assert.assertEquals("Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
 453                             PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
 454     }
 455
 456     /**
 457      *  Test TCP remove with port (All TCP) and CIDR selected.
 458      */
 459     @Test
 460     public void testProgramPortSecurityACLRuleRemoveTcpAll1() throws Exception {
 461         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 462         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
 463         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
 464         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 465         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 466                                              any(NodeBuilder.class));
 467
 468         ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 469                                                       PORT_UUID, false);
 470
 471         Match match = flowBuilder.getMatch();
 472         EthernetMatch ethMatch = match.getEthernetMatch();
 473         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 474
 475         Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
 476         Assert.assertEquals("Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
 477                             PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
 478     }
 479
 480     /**
 481      *  Test TCP add with port (All TCP) and remote SG selected.
 482      */
 483     @Test
 484     public void testProgramPortSecurityACLRuleAddTcpAll2() throws Exception {
 485         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 486         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
 487         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
 488         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 489         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 490                                              any(NodeBuilder.class));
 491         ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 492                                                       PORT_UUID, true);
 493
 494         Match match = flowBuilder.getMatch();
 495         EthernetMatch ethMatch = match.getEthernetMatch();
 496         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 497
 498         Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
 499         String expectedFlowId1 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
 500                             PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
 501         String expectedFlowId2 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
 502                 PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
 503         String actualFlowId = flowBuilder.getFlowName();
 504         if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 505             Assert.assertTrue(true);
 506         } else {
 507             Assert.assertTrue(false);
 508         }
 509     }
 510
 511     /**
 512      *  Test TCP remove with port (All TCP) and remote SG selected.
 513      */
 514     @Test
 515     public void testProgramPortSecurityACLRuleRemoveTcpAll2() throws Exception {
 516         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
 517         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
 518         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
 519         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 520         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 521                                              any(NodeBuilder.class));
 522
 523         ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 524                                                       PORT_UUID, false);
 525
 526         Match match = flowBuilder.getMatch();
 527         EthernetMatch ethMatch = match.getEthernetMatch();
 528         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 529
 530         Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
 531         TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
 532         String expectedFlowId1 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + PORT_RANGE_MIN + "_" +
 533                                 PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
 534         String expectedFlowId2 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + PORT_RANGE_MIN + "_" +
 535                                 PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
 536         String actualFlowId = flowBuilder.getFlowName();
 537         if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 538             Assert.assertTrue(true);
 539         } else {
 540             Assert.assertTrue(false);
 541         }
 542     }
 543
 544     /**
 545      *  Test UDP add with port no and CIDR selected.
 546      */
 547     @Test
 548     public void testProgramPortSecurityACLRuleAddUdp1() throws Exception {
 549         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
 550         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
 551         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
 552         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 553         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 554                                              any(NodeBuilder.class));
 555
 556         ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 557                                                       PORT_UUID, true);
 558
 559         Match match = flowBuilder.getMatch();
 560         EthernetMatch ethMatch = match.getEthernetMatch();
 561         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 562
 563         Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
 564         UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
 565         Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
 566         int port = portSecurityRule.getSecurityRulePortMin();
 567         Assert.assertEquals("Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
 568                             "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
 569     }
 570
 571     /**
 572      *  Test UDP remove with port no and CIDR selected.
 573      */
 574     @Test
 575     public void testProgramPortSecurityACLRuleRemoveUdp1() throws Exception {
 576         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
 577         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
 578         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
 579         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 580         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 581                                              any(NodeBuilder.class));
 582
 583         ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 584                                                       PORT_UUID, false);
 585
 586         Match match = flowBuilder.getMatch();
 587         EthernetMatch ethMatch = match.getEthernetMatch();
 588         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 589
 590         Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
 591         UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
 592         Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
 593         int port = portSecurityRule.getSecurityRulePortMin();
 594         Assert.assertEquals("Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
 595                             "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
 596     }
 597
 598     /**
 599      *  Test UDP add with port no and remote SG selected.
 600      */
 601     @Test
 602     public void testProgramPortSecurityACLRuleAddUdp2() throws Exception {
 603         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
 604         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
 605         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
 606         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 607         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 608         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 609                                              any(NodeBuilder.class));
 610         ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 611                                                       PORT_UUID, true);
 612
 613         Match match = flowBuilder.getMatch();
 614         EthernetMatch ethMatch = match.getEthernetMatch();
 615         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 616
 617         Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
 618         UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
 619         Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
 620         int port = portSecurityRule.getSecurityRulePortMin();
 621         String expectedFlowId1 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_1 +
 622                 "_Permit";
 623         String expectedFlowId2 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_2 +
 624                 "_Permit";
 625         String actualFlowId = flowBuilder.getFlowName();
 626         if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 627             Assert.assertTrue(true);
 628         } else {
 629             Assert.assertTrue(false);
 630         }
 631     }
 632
 633     /**
 634      *  Test UDP remove with port no and remote SG selected.
 635      */
 636     @Test
 637     public void testProgramPortSecurityACLRuleRemoveUdp2() throws Exception {
 638         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
 639         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
 640         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
 641         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 642         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 643         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 644                                              any(NodeBuilder.class));
 645         ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 646                                                       PORT_UUID, false);
 647
 648         Match match = flowBuilder.getMatch();
 649         EthernetMatch ethMatch = match.getEthernetMatch();
 650         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 651
 652         Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
 653         UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
 654         Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
 655         int port = portSecurityRule.getSecurityRulePortMin();
 656         String expectedFlowId1 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_1 +
 657                 "_Permit";
 658         String expectedFlowId2 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_2 +
 659                 "_Permit";
 660         String actualFlowId = flowBuilder.getFlowName();
 661         if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 662             Assert.assertTrue(true);
 663         } else {
 664             Assert.assertTrue(false);
 665         }
 666     }
 667
 668     /**
 669      *  Test UDP add with ports (All UDP) and CIDR selected.
 670      */
 671     @Test
 672     public void testProgramPortSecurityACLRuleAddUdpAll1() throws Exception {
 673         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
 674         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
 675         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
 676         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 677         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 678                                              any(NodeBuilder.class));
 679
 680         ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 681                                                       PORT_UUID, true);
 682
 683         Match match = flowBuilder.getMatch();
 684         EthernetMatch ethMatch = match.getEthernetMatch();
 685         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 686
 687         Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
 688         Assert.assertEquals("Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN  + "_" +
 689                             PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
 690     }
 691
 692     /**
 693      *  Test UDP remove with ports (All UDP) and CIDR selected.
 694      */
 695     @Test
 696     public void testProgramPortSecurityACLRuleRemoveUdpAll1() throws Exception {
 697         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
 698         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
 699         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
 700         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 701         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 702                                              any(NodeBuilder.class));
 703
 704         ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 705                                                       PORT_UUID, false);
 706
 707         Match match = flowBuilder.getMatch();
 708         EthernetMatch ethMatch = match.getEthernetMatch();
 709         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 710
 711         Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
 712         Assert.assertEquals("Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN  + "_" +
 713                 PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
 714     }
 715
 716     /**
 717      *  Test UDP add with ports (All UDP) and remote SG selected.
 718      */
 719     @Test
 720     public void testProgramPortSecurityACLRuleAddUdpAll2() throws Exception {
 721         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
 722         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
 723         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
 724         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 725         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 726         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 727                                              any(NodeBuilder.class));
 728         ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 729                                                       PORT_UUID, true);
 730
 731         Match match = flowBuilder.getMatch();
 732         EthernetMatch ethMatch = match.getEthernetMatch();
 733         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 734
 735         Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
 736         String expectedFlowId1 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + PORT_RANGE_MIN + "_" +
 737                         PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
 738         String expectedFlowId2 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + PORT_RANGE_MIN + "_" +
 739                 PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
 740         String actualFlowId = flowBuilder.getFlowName();
 741         if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 742             Assert.assertTrue(true);
 743         } else {
 744             Assert.assertTrue(false);
 745         }
 746     }
 747
 748     /**
 749      *  Test UDP remove with ports (All UDP) and remote SG selected.
 750      */
 751     @Test
 752     public void testProgramPortSecurityACLRuleRemoveUdpAll2() throws Exception {
 753         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
 754         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
 755         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
 756         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 757         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 758         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 759                                              any(NodeBuilder.class));
 760         ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
 761                                                       PORT_UUID, false);
 762
 763         Match match = flowBuilder.getMatch();
 764         EthernetMatch ethMatch = match.getEthernetMatch();
 765         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 766
 767         Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
 768         String expectedFlowId1 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + PORT_RANGE_MIN + "_" +
 769                         PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
 770         String expectedFlowId2 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + PORT_RANGE_MIN + "_" +
 771                 PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
 772         String actualFlowId = flowBuilder.getFlowName();
 773         if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 774             Assert.assertTrue(true);
 775         } else {
 776             Assert.assertTrue(false);
 777         }
 778     }
 779
 780     /**
 781      *  Test ICMP add with code, type and CIDR selected.
 782      */
 783     @Test
 784     public void testProgramPortSecurityACLRuleAddIcmp1() throws Exception {
 785         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
 786         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(10);
 787         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(10);
 788         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 789
 790         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 791                                              any(NodeBuilder.class));
 792         ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID,
 793                                                     MAC_ADDRESS, LOCAL_PORT, securityGroup, PORT_UUID, true);
 794         Match match = flowBuilder.getMatch();
 795         Icmpv4Match icmpv4Match = match.getIcmpv4Match();
 796         Assert.assertEquals(10, icmpv4Match.getIcmpv4Type().shortValue());
 797         Assert.assertEquals(10, icmpv4Match.getIcmpv4Code().shortValue());
 798         EthernetMatch ethMatch = match.getEthernetMatch();
 799         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 800         Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
 801         Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
 802         Assert.assertEquals("Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code
 803                             + "_0.0.0.0/24_Permit",
 804                             flowBuilder.getFlowName());
 805     }
 806
 807     /**
 808      *  Test ICMP remove with code, type and CIDR selected.
 809      */
 810     @Test
 811     public void testProgramPortSecurityACLRuleRemoveIcmp1() throws Exception {
 812         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
 813         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(20);
 814         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(20);
 815         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
 816         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
 817                                              any(NodeBuilder.class));
 818
 819         ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID,
 820                                                     MAC_ADDRESS, LOCAL_PORT, securityGroup, PORT_UUID, false);
 821         Match match = flowBuilder.getMatch();
 822         Icmpv4Match icmpv4Match = match.getIcmpv4Match();
 823         Assert.assertEquals(20, icmpv4Match.getIcmpv4Type().shortValue());
 824         Assert.assertEquals(20, icmpv4Match.getIcmpv4Code().shortValue());
 825         EthernetMatch ethMatch = match.getEthernetMatch();
 826         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 827         Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
 828         Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
 829         Assert.assertEquals("Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code
 830                             + "_0.0.0.0/24_Permit",
 831                             flowBuilder.getFlowName());
 832     }
 833
 834     /**
 835      *  Test ICMP add with code, type and remote SG selected.
 836      */
 837     @Test
 838     public void testProgramPortSecurityACLRuleAddIcmp2() throws Exception {
 839         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
 840         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(30);
 841         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(30);
 842         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 843         PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
 844                                              any(NodeBuilder.class));
 845
 846         ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID,
 847                                                     MAC_ADDRESS, LOCAL_PORT, securityGroup, PORT_UUID, true);
 848         Match match = flowBuilder.getMatch();
 849         Icmpv4Match icmpv4Match =match.getIcmpv4Match();
 850         Assert.assertEquals(30, icmpv4Match.getIcmpv4Type().shortValue());
 851         Assert.assertEquals(30, icmpv4Match.getIcmpv4Code().shortValue());
 852         EthernetMatch ethMatch = match.getEthernetMatch();
 853         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 854         Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
 855         Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
 856         String expectedFlowId1 = "Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + type + "_" + code + "_"
 857                                 + DEST_IP_1 + "_Permit";
 858         String expectedFlowId2 = "Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + type + "_" + code + "_"
 859                                 + DEST_IP_2 + "_Permit";
 860         String actualFlowId = flowBuilder.getFlowName();
 861         if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 862             Assert.assertTrue(true);
 863         } else {
 864             Assert.assertTrue(false);
 865         }
 866     }
 867
 868     /**
 869      *  Test ICMP remove with code, type and remote SG selected.
 870      */
 871     @Test
 872     public void testProgramPortSecurityACLRuleRemoveIcmp2() throws Exception {
 873         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
 874         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(40);
 875         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(40);
 876         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
 877         PowerMockito.doAnswer(answer())
 878         .when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class), any(NodeBuilder.class));
 879
 880         ingressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID,
 881                                                     MAC_ADDRESS, LOCAL_PORT, securityGroup, PORT_UUID, false);
 882         Match match = flowBuilder.getMatch();
 883         Icmpv4Match icmpv4Match = match.getIcmpv4Match();
 884         Assert.assertEquals(40, icmpv4Match.getIcmpv4Type().shortValue());
 885         Assert.assertEquals(40, icmpv4Match.getIcmpv4Code().shortValue());
 886         EthernetMatch ethMatch = match.getEthernetMatch();
 887         Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
 888         Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
 889         Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
 890         String expectedFlowId1 = "Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + type + "_" + code + "_"
 891                                 + DEST_IP_1 + "_Permit";
 892         String expectedFlowId2 = "Ingress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + type + "_" + code + "_"
 893                                 + DEST_IP_2 + "_Permit";
 894         String actualFlowId = flowBuilder.getFlowName();
 895         if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
 896             Assert.assertTrue(true);
 897         } else {
 898             Assert.assertTrue(false);
 899         }
 900     }
 901
 902     /**
 903      *  Test IPv4 invalid ether type test case.
 904      */
 905     @Test
 906     public void testProgramPortSecurityACLRuleInvalidEther() throws Exception {
 907         when(portSecurityRule.getSecurityRuleEthertype()).thenReturn("IPV6");
 908
 909         ingressAclServiceSpy.programPortSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,PORT_UUID,false);
 910
 911         verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 912         verify(writeTransaction, times(0)).submit();
 913         verify(commitFuture, times(0)).get();
 914     }
 915
 916     /**
 917      *  Test IPv4 invalid direction type test case.
 918      */
 919     @Test
 920     public void testProgramPortSecurityACLRuleInvalidDirection() throws Exception {
 921         when(portSecurityRule.getSecurityRuleDirection()).thenReturn("edgress");
 922
 923         ingressAclServiceSpy.programPortSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,PORT_UUID,false);
 924
 925         verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 926         verify(writeTransaction, times(0)).submit();
 927         verify(commitFuture, times(0)).get();
 928     }
 929
 930     /**
 931      *  Test With isLastPortInBridge false isComputeNode false
 932      */
 933     @Test
 934     public void testProgramFixedSecurityACLAdd1() throws Exception {
 935         ingressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, false, false, true);
 936
 937         verify(writeTransaction, times(0)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
 938         verify(writeTransaction, times(0)).submit();
 939         verify(commitFuture, times(0)).get();
 940     }
 941     /**
 942      *  Test With isLastPortInBridge false isComputeNode false
 943      */
 944     @Test
 945     public void testProgramFixedSecurityACLRemove1() throws Exception {
 946
 947         ingressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, false, false, false);
 948
 949         verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 950         verify(writeTransaction, times(0)).submit();
 951         verify(commitFuture, times(0)).get();
 952     }
 953
 954     /**
 955      * Test method {@link IgressAclService#egressACLDefaultTcpDrop(Long, String, String, int, boolean)}
 956      */
 957     @Test
 958     public void testIgressACLDefaultTcpDrop() throws Exception {
 959         ingressAclService.ingressACLDefaultTcpDrop(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, PRIORITY, true);
 960         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 961         verify(writeTransaction, times(1)).submit();
 962         verify(commitFuture, times(1)).get();
 963
 964         ingressAclService.ingressACLDefaultTcpDrop(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, PRIORITY, false);
 965         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 966         verify(writeTransaction, times(2)).submit();
 967         verify(commitFuture, times(2)).get(); // 1 + 1 above
 968     }
 969
 970     /**
 971      * Test method {@link IgressAclService#ingressACLTcpPortWithPrefix(Long, String, String, boolean, Integer, String, Integer)}
 972      */
 973     @Test
 974     public void testIngressACLTcpPortWithPrefix() throws Exception {
 975         ingressAclService.ingressACLTcpPortWithPrefix(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, true, 1, HOST_ADDRESS, PRIORITY);
 976         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 977         verify(writeTransaction, times(1)).submit();
 978         verify(commitFuture, times(1)).get();
 979
 980         ingressAclService.ingressACLTcpPortWithPrefix(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, false, 1, HOST_ADDRESS, PRIORITY);
 981         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 982         verify(writeTransaction, times(2)).submit();
 983         verify(commitFuture, times(2)).get(); // 1 + 1 above
 984     }
 985
 986     /**
 987      * Test method {@link IgressAclService#handleIngressAllowProto(Long, String, String, boolean, String, Integer)}
 988      */
 989     @Test
 990     public void testIngressAllowProto() throws Exception {
 991         ingressAclService.handleIngressAllowProto(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, true, HOST_ADDRESS, PRIORITY);
 992         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
 993         verify(writeTransaction, times(1)).submit();
 994         verify(commitFuture, times(1)).get();
 995
 996         ingressAclService.handleIngressAllowProto(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, false, HOST_ADDRESS, PRIORITY);
 997         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
 998         verify(writeTransaction, times(2)).submit();
 999         verify(commitFuture, times(2)).get(); // 1 + 1 above
1000     }
1001
1002     /**
1003      * Test method {@link IgressAclService#ingressACLPermitAllProto(Long, String, String, boolean, String, Integer)}
1004      */
1005     @Test
1006     public void testIngressACLPermitAllProto() throws Exception {
1007         ingressAclService.ingressACLPermitAllProto(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, true, HOST_ADDRESS, PRIORITY);
1008         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
1009         verify(writeTransaction, times(1)).submit();
1010         verify(commitFuture, times(1)).get();
1011
1012         ingressAclService.ingressACLPermitAllProto(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, false, HOST_ADDRESS, PRIORITY);
1013         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1014         verify(writeTransaction, times(2)).submit();
1015         verify(commitFuture, times(2)).get(); // 1 + 1 above
1016     }
1017
1018     /**
1019      * Test method {@link IgressAclService#ingressACLTcpSyn(Long, String, String, boolean, Integer, Integer)}
1020      */
1021     @Test
1022     public void testIngressACLTcpSyn() throws Exception {
1023         ingressAclService.ingressACLTcpSyn(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, true, 1, PRIORITY);
1024         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
1025         verify(writeTransaction, times(1)).submit();
1026         verify(commitFuture, times(1)).get();
1027
1028         ingressAclService.ingressACLTcpSyn(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, false, 1, PRIORITY);
1029         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
1030         verify(writeTransaction, times(2)).submit();
1031         verify(commitFuture, times(2)).get(); // 1 + 1 above
1032     }
1033 }