2 * Copyright (c) 2014 Cisco Systems, Inc. and others. All rights reserved.
\r
4 * This program and the accompanying materials are made available under the
\r
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
\r
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
\r
9 package org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow;
\r
11 import java.util.Collections;
\r
12 import java.util.HashMap;
\r
13 import java.util.List;
\r
14 import java.util.Objects;
\r
16 import org.junit.Before;
\r
17 import org.junit.Test;
\r
18 import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.PolicyManager.FlowMap;
\r
19 import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.RegMatch;
\r
20 import org.opendaylight.groupbasedpolicy.resolver.ConditionGroup;
\r
21 import org.opendaylight.groupbasedpolicy.resolver.EgKey;
\r
22 import org.opendaylight.groupbasedpolicy.resolver.PolicyInfo;
\r
23 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev100924.IpAddress;
\r
24 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev100924.Ipv4Address;
\r
25 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev100924.MacAddress;
\r
26 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.inventory.rev130819.tables.table.Flow;
\r
27 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.types.rev131026.flow.MatchBuilder;
\r
28 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ActionName;
\r
29 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ClauseName;
\r
30 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ConditionMatcherName;
\r
31 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ConditionName;
\r
32 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.SubjectName;
\r
33 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.endpoint.rev140421.endpoints.Endpoint;
\r
34 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.ofoverlay.rev140528.OfOverlayNodeConfigBuilder;
\r
35 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.ofoverlay.rev140528.nodes.node.TunnelBuilder;
\r
36 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.HasDirection.Direction;
\r
37 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.Matcher.MatchType;
\r
38 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.action.refs.ActionRefBuilder;
\r
39 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.condition.matchers.ConditionMatcherBuilder;
\r
40 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.conditions.Condition;
\r
41 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.conditions.ConditionBuilder;
\r
42 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.TenantBuilder;
\r
43 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.Contract;
\r
44 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.ContractBuilder;
\r
45 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.ClauseBuilder;
\r
46 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.Subject;
\r
47 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.clause.ConsumerMatchersBuilder;
\r
48 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.clause.ProviderMatchersBuilder;
\r
49 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.subject.Rule;
\r
50 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.subject.RuleBuilder;
\r
51 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.NodeConnectorId;
\r
52 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._4.match.TcpMatch;
\r
53 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev100924.PortNumber;
\r
54 import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowjava.nx.match.rev140421.NxmNxReg0;
\r
55 import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowjava.nx.match.rev140421.NxmNxReg1;
\r
56 import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowjava.nx.match.rev140421.NxmNxReg2;
\r
57 import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowjava.nx.match.rev140421.NxmNxReg3;
\r
58 import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowjava.nx.match.rev140421.NxmNxReg7;
\r
59 import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowplugin.extension.general.rev140714.GeneralAugMatchNodesNodeTableFlow;
\r
60 import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.overlay.rev150105.TunnelTypeVxlan;
\r
61 import org.slf4j.Logger;
\r
62 import org.slf4j.LoggerFactory;
\r
64 import com.google.common.collect.ImmutableList;
\r
65 import com.google.common.collect.ImmutableMap;
\r
67 import static org.junit.Assert.*;
\r
68 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.*;
\r
70 public class PolicyEnforcerTest extends FlowTableTest {
\r
71 protected static final Logger LOG =
\r
72 LoggerFactory.getLogger(PolicyEnforcerTest.class);
\r
76 public void setup() throws Exception {
\r
78 table = new PolicyEnforcer(ctx);
\r
81 switchManager.addSwitch(
\r
84 Collections.<NodeConnectorId>emptySet(),
\r
85 new OfOverlayNodeConfigBuilder().setTunnel(
\r
86 ImmutableList.of(new TunnelBuilder().setIp(new IpAddress(new Ipv4Address("1.2.3.4")))
\r
87 .setTunnelType(TunnelTypeVxlan.class)
\r
88 .setNodeConnectorId(tunnelId)
\r
89 .build())).build());
\r
93 public void testNoEps() throws Exception {
\r
94 FlowMap fm = dosync(null);
\r
95 assertEquals(2, fm.getTableForNode(nodeId, (short) 3).getFlow().size());
\r
99 public void testSameEg() throws Exception {
\r
100 Endpoint ep1 = localEP().build();
\r
101 endpointManager.addEndpoint(ep1);
\r
102 Endpoint ep2 = localEP()
\r
103 .setMacAddress(new MacAddress("00:00:00:00:00:02"))
\r
105 endpointManager.addEndpoint(ep2);
\r
106 policyResolver.addTenant(baseTenant().setContract(
\r
107 ImmutableList.<Contract>of(baseContract(null).build())).build());
\r
109 FlowMap fm = dosync(null);
\r
110 assertNotEquals(0, fm.getTableForNode(nodeId, (short) 3).getFlow().size());
\r
112 HashMap<String, Flow> flowMap = new HashMap<>();
\r
113 for (Flow f : fm.getTableForNode(nodeId, (short) 3).getFlow()) {
\r
114 flowMap.put(f.getId().getValue(), f);
\r
115 if (f.getId().getValue().indexOf("intraallow") == 0)
\r
118 assertEquals(1, count);
\r
119 assertEquals(3, fm.getTableForNode(nodeId, (short) 3).getFlow().size());
\r
120 fm = dosync(flowMap);
\r
121 assertEquals(3, fm.getTableForNode(nodeId, (short) 3).getFlow().size());
\r
125 public void testDifferentEg() throws Exception {
\r
126 assertEquals(7, doTestDifferentEg(ImmutableList.<Subject>of(baseSubject(null).build())));
\r
127 assertEquals(7, doTestDifferentEg(ImmutableList.<Subject>of(baseSubject(Direction.Bidirectional).build())));
\r
128 assertEquals(5, doTestDifferentEg(ImmutableList.<Subject>of(baseSubject(Direction.In).build())));
\r
129 assertEquals(5, doTestDifferentEg(ImmutableList.<Subject>of(baseSubject(Direction.Out).build())));
\r
133 public void doTestRule() throws Exception {
\r
134 Rule rule1 = new RuleBuilder().setActionRef(
\r
135 ImmutableList.of(new ActionRefBuilder().setName(new ActionName("allow")).build()))
\r
137 createClassifierRefs(ImmutableMap.<String, Direction>of("tcp_dst_80", Direction.In, "tcp_src_80",
\r
140 Rule rule2 = new RuleBuilder().setActionRef(
\r
141 ImmutableList.of(new ActionRefBuilder().setName(new ActionName("allow")).build()))
\r
143 createClassifierRefs(ImmutableMap.<String, Direction>of("tcp_dst_80", Direction.In, "tcp_src_80",
\r
146 Rule rule3 = new RuleBuilder().setActionRef(
\r
147 ImmutableList.of(new ActionRefBuilder().setName(new ActionName("allow")).build()))
\r
149 createClassifierRefs(ImmutableMap.<String, Direction>of("tcp_dst_80", Direction.In, "tcp_src_80",
\r
150 Direction.Out, "ether_type", Direction.In)))
\r
153 doTestDifferentEg(ImmutableList.<Subject>of(createSubject("s1", ImmutableList.<Rule>of(rule1)))));
\r
155 doTestDifferentEg(ImmutableList.<Subject>of(createSubject("s2", ImmutableList.<Rule>of(rule2)))));
\r
157 doTestDifferentEg(ImmutableList.<Subject>of(createSubject("s3", ImmutableList.<Rule>of(rule3)))));
\r
160 private int doTestDifferentEg(List<Subject> subjects) throws Exception {
\r
161 Endpoint ep1 = localEP().build();
\r
162 endpointManager.addEndpoint(ep1);
\r
163 Endpoint ep2 = localEP()
\r
164 .setMacAddress(new MacAddress("00:00:00:00:00:02"))
\r
165 .setEndpointGroup(eg2)
\r
167 endpointManager.addEndpoint(ep2);
\r
168 policyResolver.addTenant(baseTenant().setContract(
\r
169 ImmutableList.<Contract>of(baseContract(subjects).build())).build());
\r
171 FlowMap fm = dosync(null);
\r
172 assertNotEquals(0, fm.getTableForNode(nodeId, (short) 3).getFlow().size());
\r
174 HashMap<String, Flow> flowMap = new HashMap<>();
\r
175 for (Flow f : fm.getTableForNode(nodeId, (short) 3).getFlow()) {
\r
176 flowMap.put(f.getId().getValue(), f);
\r
177 if (f.getId().getValue().indexOf("intraallow") == 0) {
\r
179 } else if (f.getMatch() != null &&
\r
180 Objects.equals(tunnelId, f.getMatch().getInPort())) {
\r
181 assertEquals(instructions(applyActionIns(nxOutputRegAction(NxmNxReg7.class))),
\r
182 f.getInstructions());
\r
184 } else if (f.getMatch() != null &&
\r
185 f.getMatch().getEthernetMatch() != null &&
\r
186 Objects.equals(FlowUtils.IPv4,
\r
187 f.getMatch().getEthernetMatch()
\r
188 .getEthernetType().getType().getValue()) &&
\r
189 f.getMatch().getIpMatch() != null &&
\r
190 Objects.equals(Short.valueOf((short)6),
\r
191 f.getMatch().getIpMatch().getIpProtocol()) &&
\r
192 f.getMatch().getLayer4Match() != null &&
\r
194 Objects.equals(new PortNumber(Integer.valueOf(80)),
\r
195 ((TcpMatch)f.getMatch().getLayer4Match())
\r
196 .getTcpSourcePort())
\r
198 Objects.equals(new PortNumber(Integer.valueOf(80)),
\r
199 ((TcpMatch)f.getMatch().getLayer4Match())
\r
200 .getTcpDestinationPort())
\r
203 } else if (f.getMatch() != null &&
\r
204 f.getMatch().getEthernetMatch() != null &&
\r
205 Objects.equals(FlowUtils.IPv6,
\r
206 f.getMatch().getEthernetMatch()
\r
207 .getEthernetType().getType().getValue()) &&
\r
208 f.getMatch().getIpMatch() != null &&
\r
209 Objects.equals(Short.valueOf((short)6),
\r
210 f.getMatch().getIpMatch().getIpProtocol()) &&
\r
211 f.getMatch().getLayer4Match() != null &&
\r
213 Objects.equals(new PortNumber(Integer.valueOf(80)),
\r
214 ((TcpMatch)f.getMatch().getLayer4Match())
\r
215 .getTcpSourcePort())
\r
217 Objects.equals(new PortNumber(Integer.valueOf(80)),
\r
218 ((TcpMatch)f.getMatch().getLayer4Match())
\r
219 .getTcpDestinationPort())
\r
228 public void testConditions() throws Exception {
\r
229 Condition cond1 = new ConditionBuilder()
\r
230 .setName(new ConditionName("cond1"))
\r
232 Condition cond2 = new ConditionBuilder()
\r
233 .setName(new ConditionName("cond2"))
\r
236 Endpoint ep1 = localEP()
\r
237 .setCondition(ImmutableList.of(cond1.getName()))
\r
239 endpointManager.addEndpoint(ep1);
\r
240 Endpoint ep2 = localEP()
\r
241 .setMacAddress(new MacAddress("00:00:00:00:00:02"))
\r
242 .setCondition(ImmutableList.of(cond1.getName(), cond2.getName()))
\r
243 .setEndpointGroup(eg2)
\r
245 endpointManager.addEndpoint(ep2);
\r
247 TenantBuilder tb = baseTenant()
\r
248 .setContract(ImmutableList.of(new ContractBuilder()
\r
250 .setSubject(ImmutableList.of(baseSubject(Direction.Out).build()))
\r
251 .setClause(ImmutableList.of(new ClauseBuilder()
\r
252 .setName(new ClauseName("test"))
\r
253 .setSubjectRefs(ImmutableList.of(new SubjectName("s1")))
\r
254 .setConsumerMatchers(new ConsumerMatchersBuilder()
\r
255 .setConditionMatcher(ImmutableList.of(new ConditionMatcherBuilder()
\r
256 .setName(new ConditionMatcherName("m1"))
\r
257 .setCondition(ImmutableList.of(cond1, cond2))
\r
258 .setMatchType(MatchType.Any)
\r
261 .setProviderMatchers(new ProviderMatchersBuilder()
\r
262 .setConditionMatcher(ImmutableList.of(new ConditionMatcherBuilder()
\r
263 .setName(new ConditionMatcherName("m2"))
\r
264 .setCondition(ImmutableList.of(cond1, cond2))
\r
265 .setMatchType(MatchType.All)
\r
270 policyResolver.addTenant(tb.build());
\r
272 PolicyInfo policy = policyResolver.getCurrentPolicy();
\r
273 List<ConditionName> ep1c = endpointManager.getCondsForEndpoint(ep1);
\r
274 ConditionGroup cg1 =
\r
275 policy.getEgCondGroup(new EgKey(tb.getId(),
\r
276 ep1.getEndpointGroup()),
\r
278 List<ConditionName> ep2c = endpointManager.getCondsForEndpoint(ep2);
\r
279 ConditionGroup cg2 =
\r
280 policy.getEgCondGroup(new EgKey(tb.getId(),
\r
281 ep2.getEndpointGroup()),
\r
283 int cg1Id = OrdinalFactory.getCondGroupOrdinal(cg1);
\r
284 int cg2Id = OrdinalFactory.getCondGroupOrdinal(cg2);
\r
285 int eg1Id = OrdinalFactory.getContextOrdinal(ep1.getTenant(),
\r
286 ep1.getEndpointGroup());
\r
287 int eg2Id = OrdinalFactory.getContextOrdinal(ep1.getTenant(),
\r
288 ep2.getEndpointGroup());
\r
290 assertNotEquals(cg1Id, cg2Id);
\r
292 MatchBuilder mb = new MatchBuilder();
\r
293 FlowUtils.addNxRegMatch(mb,
\r
294 RegMatch.of(NxmNxReg0.class, Long.valueOf(eg1Id)),
\r
295 RegMatch.of(NxmNxReg1.class, Long.valueOf(cg1Id)),
\r
296 RegMatch.of(NxmNxReg2.class, Long.valueOf(eg2Id)),
\r
297 RegMatch.of(NxmNxReg3.class, Long.valueOf(cg2Id)));
\r
298 GeneralAugMatchNodesNodeTableFlow m1 =
\r
299 mb.getAugmentation(GeneralAugMatchNodesNodeTableFlow.class);
\r
300 FlowUtils.addNxRegMatch(mb,
\r
301 RegMatch.of(NxmNxReg0.class, Long.valueOf(eg2Id)),
\r
302 RegMatch.of(NxmNxReg1.class, Long.valueOf(cg2Id)),
\r
303 RegMatch.of(NxmNxReg2.class, Long.valueOf(eg1Id)),
\r
304 RegMatch.of(NxmNxReg3.class, Long.valueOf(cg1Id)));
\r
305 GeneralAugMatchNodesNodeTableFlow m2 =
\r
306 mb.getAugmentation(GeneralAugMatchNodesNodeTableFlow.class);
\r
308 FlowMap fm = dosync(null);
\r
309 assertEquals(7, fm.getTableForNode(nodeId, (short) 3).getFlow().size());
\r
310 HashMap<String, Flow> flowMap = new HashMap<>();
\r
311 for (Flow f : fm.getTableForNode(nodeId, (short) 3).getFlow()) {
\r
312 flowMap.put(f.getId().getValue(), f);
\r
313 if (f.getMatch() != null &&
\r
314 f.getMatch().getEthernetMatch() != null) {
\r
318 assertEquals(3, count);
\r
319 fm = dosync(flowMap);
\r
320 int numberOfFlows = fm.getTableForNode(nodeId, (short) 3).getFlow().size();
\r
321 fm = dosync(flowMap);
\r
322 assertEquals(numberOfFlows, fm.getTableForNode(nodeId, (short) 3).getFlow().size());
\r