2 * Copyright (c) 2015 Inocybe and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
9 package org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.services;
11 import static org.mockito.Matchers.any;
12 import static org.mockito.Matchers.anyBoolean;
13 import static org.mockito.Matchers.anyInt;
14 import static org.mockito.Matchers.anyLong;
15 import static org.mockito.Matchers.anyString;
16 import static org.mockito.Matchers.eq;
17 import static org.mockito.Mockito.mock;
18 import static org.mockito.Mockito.times;
19 import static org.mockito.Mockito.verify;
20 import static org.mockito.Mockito.when;
22 import java.util.ArrayList;
23 import java.util.List;
25 import org.junit.Before;
26 import org.junit.Test;
27 import org.junit.runner.RunWith;
28 import org.mockito.InjectMocks;
29 import org.mockito.Mock;
30 import org.mockito.Mockito;
31 import org.mockito.Spy;
32 import org.mockito.runners.MockitoJUnitRunner;
33 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
34 import org.opendaylight.controller.md.sal.binding.api.WriteTransaction;
35 import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
36 import org.opendaylight.controller.md.sal.common.api.data.TransactionCommitFailedException;
37 import org.opendaylight.neutron.spi.NeutronSecurityGroup;
38 import org.opendaylight.neutron.spi.NeutronSecurityRule;
39 import org.opendaylight.neutron.spi.Neutron_IPs;
40 import org.opendaylight.ovsdb.openstack.netvirt.api.Constants;
41 import org.opendaylight.ovsdb.openstack.netvirt.api.SecurityServicesManager;
42 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.PipelineOrchestrator;
43 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.Service;
44 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.nodes.Node;
45 import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
47 import com.google.common.util.concurrent.CheckedFuture;
50 * Unit test fort {@link IngressAclService}
52 @RunWith(MockitoJUnitRunner.class)
53 @SuppressWarnings("unchecked")
54 public class IngressAclServiceTest {
56 @InjectMocks private IngressAclService ingressAclService = new IngressAclService();
57 @Spy private IngressAclService ingressAclServiceSpy;
59 @Mock private DataBroker dataBroker;
60 @Mock private PipelineOrchestrator orchestrator;
62 @Mock private WriteTransaction writeTransaction;
63 @Mock private CheckedFuture<Void, TransactionCommitFailedException> commitFuture;
65 @Mock private NeutronSecurityGroup securityGroup;
66 @Mock private NeutronSecurityRule portSecurityRule;
67 @Mock private SecurityServicesManager securityServices;
69 private List<Neutron_IPs> neutronSrcIpList = new ArrayList<Neutron_IPs>();
70 private List<Neutron_IPs> neutronDestIpList = new ArrayList<Neutron_IPs>();
71 private Neutron_IPs neutron_ip_src;
72 private Neutron_IPs neutron_ip_dest_1;
73 private Neutron_IPs neutron_ip_dest_2;
75 private static final String SEGMENTATION_ID = "2";
76 private static final int PRIORITY = 1;
77 private static final String HOST_ADDRESS = "127.0.0.1/32";
78 private static final String MAC_ADDRESS = "87:1D:5E:02:40:B8";
79 private static final String SRC_IP = "192.168.0.1";
80 private static final String DEST_IP_1 = "192.169.0.1";
81 private static final String DEST_IP_2 = "192.169.0.2";
82 private static final String SECURITY_GROUP_UUID = "85cc3048-abc3-43cc-89b3-377341426ac5";
86 ingressAclServiceSpy = Mockito.spy(ingressAclService);
88 when(writeTransaction.submit()).thenReturn(commitFuture);
90 when(dataBroker.newWriteOnlyTransaction()).thenReturn(writeTransaction);
92 when(orchestrator.getNextServiceInPipeline(any(Service.class))).thenReturn(Service.ARP_RESPONDER);
94 portSecurityRule = mock(NeutronSecurityRule.class);
95 when(portSecurityRule.getSecurityRuleEthertype()).thenReturn("IPv4");
96 when(portSecurityRule.getSecurityRuleDirection()).thenReturn("ingress");
98 List<NeutronSecurityRule> portSecurityList = new ArrayList<NeutronSecurityRule>();
99 portSecurityList.add(portSecurityRule);
101 neutron_ip_src = new Neutron_IPs();
102 neutron_ip_src.setIpAddress(SRC_IP);
103 neutronSrcIpList.add(neutron_ip_src);
105 neutron_ip_dest_1 = new Neutron_IPs();
106 neutron_ip_dest_1.setIpAddress(DEST_IP_1);
107 neutronDestIpList.add(neutron_ip_dest_1);
109 neutron_ip_dest_2 = new Neutron_IPs();
110 neutron_ip_dest_2.setIpAddress(DEST_IP_2);
111 neutronDestIpList.add(neutron_ip_dest_2);
114 when(securityGroup.getSecurityRules()).thenReturn(portSecurityList);
115 when(securityServices.getVmListForSecurityGroup
116 (neutronSrcIpList, SECURITY_GROUP_UUID)).thenReturn(neutronDestIpList);
120 * Rule 1: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (True), IP Prefix (True)
123 public void testProgramPortSecurityACLRule1() throws Exception {
124 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
125 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(1);
126 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
127 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
129 ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
130 verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
131 verify(ingressAclServiceSpy, times(1)).ingressACLTcpPortWithPrefix(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyString(), anyInt());
132 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
133 verify(writeTransaction, times(2)).submit();
134 verify(commitFuture, times(2)).get();
139 * Rule 2: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (False), IP Prefix (True)
142 public void testProgramPortSecurityACLRule2() throws Exception {
143 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
144 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
145 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
146 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
148 ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
149 verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
150 verify(ingressAclServiceSpy, times(1)).ingressACLTcpPortWithPrefix(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyString(), anyInt());
151 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
152 verify(writeTransaction, times(2)).submit();
153 verify(commitFuture, times(2)).get();
157 * Rule 3: TCP Proto (True), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (True)
160 public void testProgramPortSecurityACLRule3() throws Exception {
161 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
162 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
163 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
164 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
166 ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
167 verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
168 verify(ingressAclServiceSpy, times(1)).ingressACLPermitAllProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
169 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
170 verify(writeTransaction, times(2)).submit();
171 verify(commitFuture, times(2)).get();
175 * Rule 4: TCP Proto (False), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (True)
178 public void testProgramPortSecurityACLRule4() throws Exception {
179 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
180 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
181 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
182 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(HOST_ADDRESS);
184 ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
185 verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
186 verify(ingressAclServiceSpy, times(1)).ingressACLPermitAllProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
187 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
188 verify(writeTransaction, times(2)).submit();
189 verify(commitFuture, times(2)).get();
193 * Rule 5: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (True), IP Prefix (False)
196 public void testProgramPortSecurityACLRule5() throws Exception {
197 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
198 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(1);
199 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
200 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
202 ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
203 verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
204 verify(ingressAclServiceSpy, times(1)).ingressACLTcpSyn(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyInt());
205 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
206 verify(writeTransaction, times(2)).submit();
207 verify(commitFuture, times(2)).get();
211 * Rule 6: TCP Proto (True), TCP Port Minimum (True), TCP Port Max (False), IP Prefix (False)
214 public void testProgramPortSecurityACLRule6() throws Exception {
215 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
216 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
217 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(1);
218 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
220 ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
221 verify(ingressAclServiceSpy, times(1)).ingressACLDefaultTcpDrop(anyLong(), anyString(), anyString(), anyInt(), anyBoolean());
222 verify(ingressAclServiceSpy, times(1)).ingressACLTcpSyn(anyLong(), anyString(), anyString(), anyBoolean(), anyInt(), anyInt());
223 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
224 verify(writeTransaction, times(2)).submit();
225 verify(commitFuture, times(2)).get();
229 * Rule 7: TCP Proto (True), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (False or 0.0.0.0/0)
232 public void testProgramPortSecurityACLRule7() throws Exception {
233 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
234 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
235 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
236 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
238 ingressAclServiceSpy.programPortSecurityACL(Long.valueOf(1554), SEGMENTATION_ID, MAC_ADDRESS, 124, securityGroup);
239 verify(ingressAclServiceSpy, times(1)).handleIngressAllowProto(anyLong(), anyString(), anyString(), anyBoolean(), anyString(), anyInt());
240 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
241 verify(writeTransaction, times(1)).submit();
242 verify(commitFuture, times(1)).get();
246 * Test IPv4 add test case.
249 public void testProgramPortSecurityACLRuleAddIpv4() throws Exception {
250 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
251 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
252 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
253 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
255 ingressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,true);
257 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
258 verify(writeTransaction, times(1)).submit();
259 verify(commitFuture, times(1)).get();
263 * Test IPv4 remove test case.
266 public void testProgramPortSecurityACLRuleRemoveIpv4() throws Exception {
267 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
268 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
269 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
270 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
272 ingressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false);
274 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
275 verify(writeTransaction, times(1)).submit();
276 verify(commitFuture, times(1)).get();
280 * Test TCP add with port no and CIDR selected.
283 public void testProgramPortSecurityACLRuleAddTcp1() throws Exception {
284 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
285 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
286 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
287 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
289 ingressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,true);
291 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
292 verify(writeTransaction, times(1)).submit();
293 verify(commitFuture, times(1)).get();
297 * Test TCP remove with port no and CIDR selected.
300 public void testProgramPortSecurityACLRuleRemoveTcp1() throws Exception {
301 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
302 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
303 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
304 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
306 ingressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false);
308 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
309 verify(writeTransaction, times(1)).submit();
310 verify(commitFuture, times(1)).get();
314 * Test TCP add with port no and remote SG selected.
317 public void testProgramPortSecurityACLRuleAddTcp2() throws Exception {
318 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
319 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
320 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
321 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
322 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
324 ingressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,true);
326 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
327 verify(writeTransaction, times(2)).submit();
328 verify(commitFuture, times(2)).get();
332 * Test TCP remove with port no and remote SG selected.
335 public void testProgramPortSecurityACLRuleRemoveTcp2() throws Exception {
336 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
337 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
338 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
339 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
340 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
342 ingressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false);
344 verify(writeTransaction, times(2)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
345 verify(writeTransaction, times(2)).submit();
346 verify(commitFuture, times(2)).get();
350 * Test UDP add with port no and CIDR selected.
353 public void testProgramPortSecurityACLRuleAddUdp1() throws Exception {
354 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
355 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
356 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
357 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
359 ingressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,true);
361 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
362 verify(writeTransaction, times(1)).submit();
363 verify(commitFuture, times(1)).get();
367 * Test UDP add with port no and CIDR selected.
370 public void testProgramPortSecurityACLRuleRemoveUdp1() throws Exception {
371 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
372 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
373 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
374 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
376 ingressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false);
378 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
379 verify(writeTransaction, times(1)).submit();
380 verify(commitFuture, times(1)).get();
384 * Test UDP add with port no and remote SG selected.
387 public void testProgramPortSecurityACLRuleAddUdp2() throws Exception {
388 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
389 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
390 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
391 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
392 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
394 ingressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,true);
396 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
397 verify(writeTransaction, times(2)).submit();
398 verify(commitFuture, times(2)).get();
402 * Test UDP add with port no and remote SG selected.
405 public void testProgramPortSecurityACLRuleRemoveUdp2() throws Exception {
406 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
407 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
408 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
409 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
410 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
412 ingressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false);
414 verify(writeTransaction, times(2)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
415 verify(writeTransaction, times(2)).submit();
416 verify(commitFuture, times(2)).get();
420 * Test ICMP add with code, type and CIDR selected.
423 public void testProgramPortSecurityACLRuleAddIcmp1() throws Exception {
424 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
425 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
426 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
427 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
429 ingressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,true);
431 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
432 verify(writeTransaction, times(1)).submit();
433 verify(commitFuture, times(1)).get();
437 * Test ICMP remove with code, type and CIDR selected.
440 public void testProgramPortSecurityACLRuleRemoveIcmp1() throws Exception {
441 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
442 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
443 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
444 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
446 ingressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false);
448 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
449 verify(writeTransaction, times(1)).submit();
450 verify(commitFuture, times(1)).get();
454 * Test ICMP add with code, type and remote SG selected.
457 public void testProgramPortSecurityACLRuleAddIcmp2() throws Exception {
458 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
459 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
460 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
461 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
462 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
464 ingressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,true);
466 verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
467 verify(writeTransaction, times(2)).submit();
468 verify(commitFuture, times(2)).get();
472 * Test ICMP remove with code, type and remote SG selected.
475 public void testProgramPortSecurityACLRuleRemoveIcmp2() throws Exception {
476 when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
477 when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
478 when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
479 when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
480 when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
482 ingressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false);
484 verify(writeTransaction, times(2)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
485 verify(writeTransaction, times(2)).submit();
486 verify(commitFuture, times(2)).get();
490 * Test IPv4 invalid ether type test case.
493 public void testProgramPortSecurityACLRuleInvalidEther() throws Exception {
494 when(portSecurityRule.getSecurityRuleEthertype()).thenReturn("IPV6");
496 ingressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false);
498 verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
499 verify(writeTransaction, times(0)).submit();
500 verify(commitFuture, times(0)).get();
504 * Test IPv4 invalid direction type test case.
507 public void testProgramPortSecurityACLRuleInvalidDirection() throws Exception {
508 when(portSecurityRule.getSecurityRuleDirection()).thenReturn("edgress");
510 ingressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false);
512 verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
513 verify(writeTransaction, times(0)).submit();
514 verify(commitFuture, times(0)).get();
518 * Test With isLastPortInBridge false isComputeNode false
521 public void testProgramFixedSecurityACLAdd1() throws Exception {
522 ingressAclServiceSpy.programFixedSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 1, false, false, true);
524 verify(writeTransaction, times(0)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
525 verify(writeTransaction, times(0)).submit();
526 verify(commitFuture, times(0)).get();
529 * Test With isLastPortInBridge false isComputeNode false
532 public void testProgramFixedSecurityACLRemove1() throws Exception {
534 ingressAclServiceSpy.programFixedSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 1, false, false, false);
536 verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
537 verify(writeTransaction, times(0)).submit();
538 verify(commitFuture, times(0)).get();
542 * Test method {@link IgressAclService#egressACLDefaultTcpDrop(Long, String, String, int, boolean)}
545 public void testIgressACLDefaultTcpDrop() throws Exception {
546 ingressAclService.ingressACLDefaultTcpDrop(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, PRIORITY, true);
547 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
548 verify(writeTransaction, times(1)).submit();
549 verify(commitFuture, times(1)).get();
551 ingressAclService.ingressACLDefaultTcpDrop(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, PRIORITY, false);
552 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
553 verify(writeTransaction, times(2)).submit();
554 verify(commitFuture, times(2)).get(); // 1 + 1 above
558 * Test method {@link IgressAclService#ingressACLTcpPortWithPrefix(Long, String, String, boolean, Integer, String, Integer)}
561 public void testIngressACLTcpPortWithPrefix() throws Exception {
562 ingressAclService.ingressACLTcpPortWithPrefix(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, true, 1, HOST_ADDRESS, PRIORITY);
563 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
564 verify(writeTransaction, times(1)).submit();
565 verify(commitFuture, times(1)).get();
567 ingressAclService.ingressACLTcpPortWithPrefix(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, false, 1, HOST_ADDRESS, PRIORITY);
568 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
569 verify(writeTransaction, times(2)).submit();
570 verify(commitFuture, times(2)).get(); // 1 + 1 above
574 * Test method {@link IgressAclService#handleIngressAllowProto(Long, String, String, boolean, String, Integer)}
577 public void testIngressAllowProto() throws Exception {
578 ingressAclService.handleIngressAllowProto(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, true, HOST_ADDRESS, PRIORITY);
579 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
580 verify(writeTransaction, times(1)).submit();
581 verify(commitFuture, times(1)).get();
583 ingressAclService.handleIngressAllowProto(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, false, HOST_ADDRESS, PRIORITY);
584 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
585 verify(writeTransaction, times(2)).submit();
586 verify(commitFuture, times(2)).get(); // 1 + 1 above
590 * Test method {@link IgressAclService#ingressACLPermitAllProto(Long, String, String, boolean, String, Integer)}
593 public void testIngressACLPermitAllProto() throws Exception {
594 ingressAclService.ingressACLPermitAllProto(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, true, HOST_ADDRESS, PRIORITY);
595 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
596 verify(writeTransaction, times(1)).submit();
597 verify(commitFuture, times(1)).get();
599 ingressAclService.ingressACLPermitAllProto(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, false, HOST_ADDRESS, PRIORITY);
600 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
601 verify(writeTransaction, times(2)).submit();
602 verify(commitFuture, times(2)).get(); // 1 + 1 above
606 * Test method {@link IgressAclService#ingressACLTcpSyn(Long, String, String, boolean, Integer, Integer)}
609 public void testIngressACLTcpSyn() throws Exception {
610 ingressAclService.ingressACLTcpSyn(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, true, 1, PRIORITY);
611 verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), anyBoolean());
612 verify(writeTransaction, times(1)).submit();
613 verify(commitFuture, times(1)).get();
615 ingressAclService.ingressACLTcpSyn(Long.valueOf(123), SEGMENTATION_ID, MAC_ADDRESS, false, 1, PRIORITY);
616 verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
617 verify(writeTransaction, times(2)).submit();
618 verify(commitFuture, times(2)).get(); // 1 + 1 above