Code Review / netvirt.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
Merge "Add yang for hwvtep"
[netvirt.git] / openstack / net-virt-providers / src / test / java / org / opendaylight / ovsdb / openstack / netvirt / providers / openflow13 / services / IngressAclServiceTest.java
1 /*
2  * Copyright (c) 2015 Inocybe and others.  All rights reserved.
3  *
4  * This program and the accompanying materials are made available under the
5  * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6  * and is available at http://www.eclipse.org/legal/epl-v10.html
7  */
8
9 package org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.services;
10
11 import static org.mockito.Matchers.any;
12 import static org.mockito.Matchers.anyBoolean;
13 import static org.mockito.Matchers.anyInt;
14 import static org.mockito.Matchers.anyLong;
15 import static org.mockito.Matchers.anyString;
16 import static org.mockito.Matchers.eq;
17 import static org.mockito.Mockito.mock;
18 import static org.mockito.Mockito.times;
19 import static org.mockito.Mockito.verify;
20 import static org.mockito.Mockito.when;
21
22 import java.util.ArrayList;
23 import java.util.List;
24
25 import org.junit.Before;
26 import org.junit.Test;
27 import org.junit.runner.RunWith;
28 import org.mockito.InjectMocks;
29 import org.mockito.Mock;
30 import org.mockito.Mockito;
31 import org.mockito.Spy;
32 import org.mockito.runners.MockitoJUnitRunner;
33 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
34 import org.opendaylight.controller.md.sal.binding.api.WriteTransaction;
35 import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
36 import org.opendaylight.controller.md.sal.common.api.data.TransactionCommitFailedException;
37 import org.opendaylight.neutron.spi.NeutronSecurityGroup;
38 import org.opendaylight.neutron.spi.NeutronSecurityRule;
39 import org.opendaylight.neutron.spi.Neutron_IPs;
40 import org.opendaylight.ovsdb.openstack.netvirt.api.Constants;
41 import org.opendaylight.ovsdb.openstack.netvirt.api.SecurityServicesManager;
42 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.PipelineOrchestrator;
43 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.Service;
44 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.nodes.Node;
45 import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
46
47 import com.google.common.util.concurrent.CheckedFuture;
48
49 /**
50  * Unit test fort {@link IngressAclService}
51  */
52 @RunWith(MockitoJUnitRunner.class)
53 @SuppressWarnings("unchecked")
54 public class IngressAclServiceTest {
55
56     @InjectMocks private IngressAclService ingressAclService = new IngressAclService();
57     @Spy private IngressAclService ingressAclServiceSpy;
58
59     @Mock private DataBroker dataBroker;
60     @Mock private PipelineOrchestrator orchestrator;
61
62     @Mock private WriteTransaction writeTransaction;
63     @Mock private CheckedFuture<Void, TransactionCommitFailedException> commitFuture;
64
65     @Mock private NeutronSecurityGroup securityGroup;
66     @Mock private NeutronSecurityRule portSecurityRule;
67     @Mock private SecurityServicesManager securityServices;
68
69     private List<Neutron_IPs> neutronSrcIpList = new ArrayList<Neutron_IPs>();
70     private List<Neutron_IPs> neutronDestIpList = new ArrayList<Neutron_IPs>();
71     private Neutron_IPs neutron_ip_src;
72     private Neutron_IPs neutron_ip_dest_1;
73     private Neutron_IPs neutron_ip_dest_2;
74
75     private static final String SEGMENTATION_ID = "2";
76     private static final int PRIORITY = 1;
77     private static final String HOST_ADDRESS = "127.0.0.1/32";
78     private static final String MAC_ADDRESS = "87:1D:5E:02:40:B8";
79     private static final String SRC_IP = "192.168.0.1";
80     private static final String DEST_IP_1 = "192.169.0.1";
81     private static final String DEST_IP_2 = "192.169.0.2";
82     private static final String SECURITY_GROUP_UUID = "85cc3048-abc3-43cc-89b3-377341426ac5";
83
84     @Before
85     public void setUp() {
86         ingressAclServiceSpy = Mockito.spy(ingressAclService);
87
88         when(writeTransaction.submit()).thenReturn(commitFuture);
89
90         when(dataBroker.newWriteOnlyTransaction()).thenReturn(writeTransaction);
91
92         when(orchestrator.getNextServiceInPipeline(any(Service.class))).thenReturn(Service.ARP_RESPONDER);
93
94         portSecurityRule = mock(NeutronSecurityRule.class);
95         when(portSecurityRule.getSecurityRuleEthertype()).thenReturn("IPv4");
96         when(portSecurityRule.getSecurityRuleDirection()).thenReturn("ingress");
97
98         List<NeutronSecurityRule> portSecurityList = new ArrayList<NeutronSecurityRule>();
99         portSecurityList.add(portSecurityRule);
100
101         neutron_ip_src = new Neutron_IPs();
102         neutron_ip_src.setIpAddress(SRC_IP);
103         neutronSrcIpList.add(neutron_ip_src);
104
105         neutron_ip_dest_1 = new Neutron_IPs();
106         neutron_ip_dest_1.setIpAddress(DEST_IP_1);
107         neutronDestIpList.add(neutron_ip_dest_1);
108
109         neutron_ip_dest_2 = new Neutron_IPs();
110         neutron_ip_dest_2.setIpAddress(DEST_IP_2);
111         neutronDestIpList.add(neutron_ip_dest_2);
112
113
114         when(securityGroup.getSecurityRules()).thenReturn(portSecurityList);
115         when(securityServices.getVmListForSecurityGroup
116              (neutronSrcIpList, SECURITY_GROUP_UUID)).thenReturn(neutronDestIpList);
117     }
118
119    /* *//**
120      * Rule 1: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (True), IP Prefix (True)
121      *//*
122     @Test
123     public void testProgramPortSecurityACLRule1() throws Exception {
124         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
125         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(1);
126         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
127         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
128
129         ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
130         verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
131         verify(ingressAclServiceSpy, times(1)).ingressACLTcpPortWithPrefix(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyString(), anyInt());
132         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
133         verify(writeTransaction, times(2)).submit();
134         verify(commitFuture, times(2)).get();
135     }
136
137
138     *//**
139      * Rule 2: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (False), IP Prefix (True)
140      *//*
141     @Test
142     public void testProgramPortSecurityACLRule2() throws Exception {
143         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
144         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
145         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
146         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
147
148         ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
149         verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
150         verify(ingressAclServiceSpy, times(1)).ingressACLTcpPortWithPrefix(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyString(), anyInt());
151         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
152         verify(writeTransaction, times(2)).submit();
153         verify(commitFuture, times(2)).get();
154     }
155
156     *//**
157      * Rule 3: TCP Proto (True), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (True)
158      *//*
159     @Test
160     public void testProgramPortSecurityACLRule3() throws Exception {
161         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
162         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
163         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
164         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
165
166         ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
167         verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
168         verify(ingressAclServiceSpy, times(1)).ingressACLPermitAllProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
169         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
170         verify(writeTransaction, times(2)).submit();
171         verify(commitFuture, times(2)).get();
172     }
173
174     *//**
175      * Rule 4: TCP Proto (False), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (True)
176      *//*
177     @Test
178     public void testProgramPortSecurityACLRule4() throws Exception {
179         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
180         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
181         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
182         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
183
184         ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
185         verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
186         verify(ingressAclServiceSpy, times(1)).ingressACLPermitAllProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
187         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
188         verify(writeTransaction, times(2)).submit();
189         verify(commitFuture, times(2)).get();
190     }
191
192     *//**
193      * Rule 5: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (True), IP Prefix (False)
194      *//*
195     @Test
196     public void testProgramPortSecurityACLRule5() throws Exception {
197         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
198         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(1);
199         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
200         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
201
202         ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
203         verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
204         verify(ingressAclServiceSpy, times(1)).ingressACLTcpSyn(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyInt());
205         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
206         verify(writeTransaction, times(2)).submit();
207         verify(commitFuture, times(2)).get();
208     }
209
210     *//**
211      * Rule 6: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (False), IP Prefix (False)
212      *//*
213     @Test
214     public void testProgramPortSecurityACLRule6() throws Exception {
215         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
216         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
217         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
218         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
219
220         ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
221         verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
222         verify(ingressAclServiceSpy, times(1)).ingressACLTcpSyn(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyInt());
223         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
224         verify(writeTransaction, times(2)).submit();
225         verify(commitFuture, times(2)).get();
226     }
227
228     *//**
229      * Rule 7: TCP Proto (True), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (False or 0.0.0.0/0)
230      *//*
231     @Test
232     public void testProgramPortSecurityACLRule7() throws Exception {
233         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
234         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
235         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
236         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
237
238         ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
239         verify(ingressAclServiceSpy, times(1)).handleIngressAllowProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
240         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
241         verify(writeTransaction, times(1)).submit();
242         verify(commitFuture, times(1)).get();
243     }
244 */
245     /**
246      *  Test IPv4 add test case.
247      */
248     @Test
249     public void testProgramPortSecurityACLRuleAddIpv4() throws Exception {
250         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
251         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
252         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
253         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
254
255         ingressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,true);
256
257         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
258         verify(writeTransaction, times(1)).submit();
259         verify(commitFuture, times(1)).get();
260     }
261
262     /**
263      *  Test IPv4 remove test case.
264      */
265     @Test
266     public void testProgramPortSecurityACLRuleRemoveIpv4() throws Exception {
267         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
268         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
269         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
270         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
271
272         ingressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false);
273
274         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
275         verify(writeTransaction, times(1)).submit();
276         verify(commitFuture, times(1)).get();
277     }
278
279     /**
280      *  Test TCP add with port no and CIDR selected.
281      */
282     @Test
283     public void testProgramPortSecurityACLRuleAddTcp1() throws Exception {
284         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
285         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
286         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
287         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
288
289         ingressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,true);
290
291         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
292         verify(writeTransaction, times(1)).submit();
293         verify(commitFuture, times(1)).get();
294     }
295
296     /**
297      *  Test TCP remove with port no and CIDR selected.
298      */
299     @Test
300     public void testProgramPortSecurityACLRuleRemoveTcp1() throws Exception {
301         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
302         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
303         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
304         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
305
306         ingressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false);
307
308         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
309         verify(writeTransaction, times(1)).submit();
310         verify(commitFuture, times(1)).get();
311     }
312
313     /**
314      *  Test TCP add with port no and remote SG selected.
315      */
316     @Test
317     public void testProgramPortSecurityACLRuleAddTcp2() throws Exception {
318         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
319         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
320         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
321         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
322         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
323
324         ingressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,true);
325
326         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
327         verify(writeTransaction, times(2)).submit();
328         verify(commitFuture, times(2)).get();
329     }
330
331     /**
332      *  Test TCP remove with port no and remote SG selected.
333      */
334     @Test
335     public void testProgramPortSecurityACLRuleRemoveTcp2() throws Exception {
336         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
337         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
338         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
339         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
340         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
341
342         ingressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false);
343
344         verify(writeTransaction, times(2)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
345         verify(writeTransaction, times(2)).submit();
346         verify(commitFuture, times(2)).get();
347     }
348
349     /**
350      *  Test UDP add with port no and CIDR selected.
351      */
352     @Test
353     public void testProgramPortSecurityACLRuleAddUdp1() throws Exception {
354         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
355         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
356         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
357         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
358
359         ingressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,true);
360
361         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
362         verify(writeTransaction, times(1)).submit();
363         verify(commitFuture, times(1)).get();
364     }
365
366     /**
367      *  Test UDP add with port no and CIDR selected.
368      */
369     @Test
370     public void testProgramPortSecurityACLRuleRemoveUdp1() throws Exception {
371         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
372         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
373         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
374         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
375
376         ingressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false);
377
378         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
379         verify(writeTransaction, times(1)).submit();
380         verify(commitFuture, times(1)).get();
381     }
382
383     /**
384      *  Test UDP add with port no and remote SG selected.
385      */
386     @Test
387     public void testProgramPortSecurityACLRuleAddUdp2() throws Exception {
388         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
389         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
390         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
391         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
392         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
393
394         ingressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,true);
395
396         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
397         verify(writeTransaction, times(2)).submit();
398         verify(commitFuture, times(2)).get();
399     }
400
401     /**
402      *  Test UDP add with port no and remote SG selected.
403      */
404     @Test
405     public void testProgramPortSecurityACLRuleRemoveUdp2() throws Exception {
406         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
407         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
408         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
409         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
410         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
411
412         ingressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false);
413
414         verify(writeTransaction, times(2)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
415         verify(writeTransaction, times(2)).submit();
416         verify(commitFuture, times(2)).get();
417     }
418
419     /**
420      *  Test ICMP add with code, type and CIDR selected.
421      */
422     @Test
423     public void testProgramPortSecurityACLRuleAddIcmp1() throws Exception {
424         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
425         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
426         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
427         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
428
429         ingressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,true);
430
431         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
432         verify(writeTransaction, times(1)).submit();
433         verify(commitFuture, times(1)).get();
434     }
435
436     /**
437      *  Test ICMP remove with code, type and CIDR selected.
438      */
439     @Test
440     public void testProgramPortSecurityACLRuleRemoveIcmp1() throws Exception {
441         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
442         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
443         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
444         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
445
446         ingressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false);
447
448         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
449         verify(writeTransaction, times(1)).submit();
450         verify(commitFuture, times(1)).get();
451     }
452
453     /**
454      *  Test ICMP add with code, type and remote SG selected.
455      */
456     @Test
457     public void testProgramPortSecurityACLRuleAddIcmp2() throws Exception {
458         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
459         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
460         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
461         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
462         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
463
464         ingressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,true);
465
466         verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
467         verify(writeTransaction, times(2)).submit();
468         verify(commitFuture, times(2)).get();
469     }
470
471     /**
472      *  Test ICMP remove with code, type and remote SG selected.
473      */
474     @Test
475     public void testProgramPortSecurityACLRuleRemoveIcmp2() throws Exception {
476         when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
477         when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
478         when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
479         when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
480         when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
481
482         ingressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false);
483
484         verify(writeTransaction, times(2)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
485         verify(writeTransaction, times(2)).submit();
486         verify(commitFuture, times(2)).get();
487     }
488
489     /**
490      *  Test IPv4 invalid ether type test case.
491      */
492     @Test
493     public void testProgramPortSecurityACLRuleInvalidEther() throws Exception {
494         when(portSecurityRule.getSecurityRuleEthertype()).thenReturn("IPV6");
495
496         ingressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false);
497
498         verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
499         verify(writeTransaction, times(0)).submit();
500         verify(commitFuture, times(0)).get();
501     }
502
503     /**
504      *  Test IPv4 invalid direction type test case.
505      */
506     @Test
507     public void testProgramPortSecurityACLRuleInvalidDirection() throws Exception {
508         when(portSecurityRule.getSecurityRuleDirection()).thenReturn("edgress");
509
510         ingressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false);
511
512         verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
513         verify(writeTransaction, times(0)).submit();
514         verify(commitFuture, times(0)).get();
515     }
516
517     /**
518      *  Test With isLastPortInBridge false isComputeNode false
519      */
520     @Test
521     public void testProgramFixedSecurityACLAdd1() throws Exception {
522         ingressAclServiceSpy.programFixedSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 1, false, false, true);
523
524         verify(writeTransaction, times(0)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
525         verify(writeTransaction, times(0)).submit();
526         verify(commitFuture, times(0)).get();
527     }
528     /**
529      *  Test With isLastPortInBridge false isComputeNode false
530      */
531     @Test
532     public void testProgramFixedSecurityACLRemove1() throws Exception {
533
534         ingressAclServiceSpy.programFixedSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 1, false, false, false);
535
536         verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
537         verify(writeTransaction, times(0)).submit();
538         verify(commitFuture, times(0)).get();
539     }
540
541     /**
542      * Test method {@link IgressAclService#egressACLDefaultTcpDrop(Long, String, String, int, boolean)}
543      */
544     @Test
545     public void testIgressACLDefaultTcpDrop() throws Exception {
546         ingressAclService.ingressACLDefaultTcpDrop(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, PRIORITY, true);
547         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
548         verify(writeTransaction, times(1)).submit();
549         verify(commitFuture, times(1)).get();
550
551         ingressAclService.ingressACLDefaultTcpDrop(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, PRIORITY, false);
552         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
553         verify(writeTransaction, times(2)).submit();
554         verify(commitFuture, times(2)).get(); // 1 + 1 above
555     }
556
557     /**
558      * Test method {@link IgressAclService#ingressACLTcpPortWithPrefix(Long, String, String, boolean, Integer, String, Integer)}
559      */
560     @Test
561     public void testIngressACLTcpPortWithPrefix() throws Exception {
562         ingressAclService.ingressACLTcpPortWithPrefix(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, true, 1, HOST_ADDRESS, PRIORITY);
563         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
564         verify(writeTransaction, times(1)).submit();
565         verify(commitFuture, times(1)).get();
566
567         ingressAclService.ingressACLTcpPortWithPrefix(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, false, 1, HOST_ADDRESS, PRIORITY);
568         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
569         verify(writeTransaction, times(2)).submit();
570         verify(commitFuture, times(2)).get(); // 1 + 1 above
571     }
572
573     /**
574      * Test method {@link IgressAclService#handleIngressAllowProto(Long, String, String, boolean, String, Integer)}
575      */
576     @Test
577     public void testIngressAllowProto() throws Exception {
578         ingressAclService.handleIngressAllowProto(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, true, HOST_ADDRESS, PRIORITY);
579         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
580         verify(writeTransaction, times(1)).submit();
581         verify(commitFuture, times(1)).get();
582
583         ingressAclService.handleIngressAllowProto(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, false, HOST_ADDRESS, PRIORITY);
584         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
585         verify(writeTransaction, times(2)).submit();
586         verify(commitFuture, times(2)).get(); // 1 + 1 above
587     }
588
589     /**
590      * Test method {@link IgressAclService#ingressACLPermitAllProto(Long, String, String, boolean, String, Integer)}
591      */
592     @Test
593     public void testIngressACLPermitAllProto() throws Exception {
594         ingressAclService.ingressACLPermitAllProto(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, true, HOST_ADDRESS, PRIORITY);
595         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
596         verify(writeTransaction, times(1)).submit();
597         verify(commitFuture, times(1)).get();
598
599         ingressAclService.ingressACLPermitAllProto(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, false, HOST_ADDRESS, PRIORITY);
600         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
601         verify(writeTransaction, times(2)).submit();
602         verify(commitFuture, times(2)).get(); // 1 + 1 above
603     }
604
605     /**
606      * Test method {@link IgressAclService#ingressACLTcpSyn(Long, String, String, boolean, Integer, Integer)}
607      */
608     @Test
609     public void testIngressACLTcpSyn() throws Exception {
610         ingressAclService.ingressACLTcpSyn(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, true, 1, PRIORITY);
611         verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
612         verify(writeTransaction, times(1)).submit();
613         verify(commitFuture, times(1)).get();
614
615         ingressAclService.ingressACLTcpSyn(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, false, 1, PRIORITY);
616         verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
617         verify(writeTransaction, times(2)).submit();
618         verify(commitFuture, times(2)).get(); // 1 + 1 above
619     }
620 }
NetVirt - Archived