2 * Copyright (c) 2014 Cisco Systems, Inc. and others. All rights reserved.
\r
4 * This program and the accompanying materials are made available under the
\r
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
\r
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
\r
9 package org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow;
\r
11 import java.util.Collections;
\r
12 import java.util.HashMap;
\r
13 import java.util.List;
\r
14 import java.util.Objects;
\r
16 import org.junit.Before;
\r
17 import org.junit.Test;
\r
18 import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.PolicyManager.FlowMap;
\r
19 import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.RegMatch;
\r
20 import org.opendaylight.groupbasedpolicy.resolver.ConditionGroup;
\r
21 import org.opendaylight.groupbasedpolicy.resolver.EgKey;
\r
22 import org.opendaylight.groupbasedpolicy.resolver.PolicyInfo;
\r
23 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev100924.IpAddress;
\r
24 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev100924.Ipv4Address;
\r
25 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev100924.MacAddress;
\r
26 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.inventory.rev130819.tables.table.Flow;
\r
27 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.types.rev131026.flow.MatchBuilder;
\r
28 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ActionName;
\r
29 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ClauseName;
\r
30 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ConditionMatcherName;
\r
31 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ConditionName;
\r
32 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.SubjectName;
\r
33 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.endpoint.rev140421.endpoints.Endpoint;
\r
34 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.ofoverlay.rev140528.OfOverlayNodeConfigBuilder;
\r
35 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.ofoverlay.rev140528.nodes.node.TunnelBuilder;
\r
36 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.HasDirection.Direction;
\r
37 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.Matcher.MatchType;
\r
38 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.action.refs.ActionRefBuilder;
\r
39 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.classifier.refs.ClassifierRef;
\r
40 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.condition.matchers.ConditionMatcherBuilder;
\r
41 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.conditions.Condition;
\r
42 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.conditions.ConditionBuilder;
\r
43 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.TenantBuilder;
\r
44 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.Contract;
\r
45 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.ContractBuilder;
\r
46 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.ClauseBuilder;
\r
47 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.Subject;
\r
48 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.clause.ConsumerMatchersBuilder;
\r
49 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.clause.ProviderMatchersBuilder;
\r
50 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.subject.Rule;
\r
51 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.subject.RuleBuilder;
\r
52 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.NodeConnectorId;
\r
53 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._4.match.TcpMatch;
\r
54 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev100924.PortNumber;
\r
55 import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowjava.nx.match.rev140421.NxmNxReg0;
\r
56 import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowjava.nx.match.rev140421.NxmNxReg1;
\r
57 import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowjava.nx.match.rev140421.NxmNxReg2;
\r
58 import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowjava.nx.match.rev140421.NxmNxReg3;
\r
59 import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowjava.nx.match.rev140421.NxmNxReg7;
\r
60 import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowplugin.extension.general.rev140714.GeneralAugMatchNodesNodeTableFlow;
\r
61 import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.overlay.rev150105.TunnelTypeVxlan;
\r
62 import org.slf4j.Logger;
\r
63 import org.slf4j.LoggerFactory;
\r
65 import com.google.common.collect.ImmutableList;
\r
66 import com.google.common.collect.ImmutableMap;
\r
68 import static org.junit.Assert.*;
\r
69 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.*;
\r
71 public class PolicyEnforcerTest extends FlowTableTest {
\r
72 protected static final Logger LOG =
\r
73 LoggerFactory.getLogger(PolicyEnforcerTest.class);
\r
77 public void setup() throws Exception {
\r
79 table = new PolicyEnforcer(ctx,ctx.getPolicyManager().getTABLEID_POLICY_ENFORCER());
\r
82 switchManager.addSwitch(
\r
85 Collections.<NodeConnectorId>emptySet(),
\r
86 new OfOverlayNodeConfigBuilder().setTunnel(
\r
87 ImmutableList.of(new TunnelBuilder().setIp(new IpAddress(new Ipv4Address("1.2.3.4")))
\r
88 .setTunnelType(TunnelTypeVxlan.class)
\r
89 .setNodeConnectorId(tunnelId)
\r
90 .build())).build());
\r
94 public void testNoEps() throws Exception {
\r
95 FlowMap fm = dosync(null);
\r
96 assertEquals(2, fm.getTableForNode(nodeId, ctx.getPolicyManager().getTABLEID_POLICY_ENFORCER()).getFlow().size());
\r
100 public void testSameEg() throws Exception {
\r
101 Endpoint ep1 = localEP().build();
\r
102 endpointManager.addEndpoint(ep1);
\r
103 Endpoint ep2 = localEP()
\r
104 .setMacAddress(new MacAddress("00:00:00:00:00:02"))
\r
106 endpointManager.addEndpoint(ep2);
\r
107 policyResolver.addTenant(baseTenant().setContract(
\r
108 ImmutableList.<Contract>of(baseContract(null).build())).build());
\r
110 FlowMap fm = dosync(null);
\r
111 assertNotEquals(0, fm.getTableForNode(nodeId, ctx.getPolicyManager().getTABLEID_POLICY_ENFORCER()).getFlow().size());
\r
113 HashMap<String, Flow> flowMap = new HashMap<>();
\r
114 for (Flow f : fm.getTableForNode(nodeId, ctx.getPolicyManager().getTABLEID_POLICY_ENFORCER()).getFlow()) {
\r
115 flowMap.put(f.getId().getValue(), f);
\r
116 if (f.getId().getValue().indexOf("intraallow") == 0)
\r
119 assertEquals(1, count);
\r
120 assertEquals(3, fm.getTableForNode(nodeId, ctx.getPolicyManager().getTABLEID_POLICY_ENFORCER()).getFlow().size());
\r
121 fm = dosync(flowMap);
\r
122 assertEquals(3, fm.getTableForNode(nodeId, ctx.getPolicyManager().getTABLEID_POLICY_ENFORCER()).getFlow().size());
\r
126 public void testDifferentEg() throws Exception {
\r
127 assertEquals(7, doTestDifferentEg(ImmutableList.<Subject>of(baseSubject(null).build())));
\r
128 assertEquals(7, doTestDifferentEg(ImmutableList.<Subject>of(baseSubject(Direction.Bidirectional).build())));
\r
129 assertEquals(5, doTestDifferentEg(ImmutableList.<Subject>of(baseSubject(Direction.In).build())));
\r
130 assertEquals(5, doTestDifferentEg(ImmutableList.<Subject>of(baseSubject(Direction.Out).build())));
\r
134 public void doTestRule() throws Exception {
\r
135 Rule rule1 = new RuleBuilder().setActionRef(
\r
136 ImmutableList.of(new ActionRefBuilder().setName(new ActionName("allow")).build()))
\r
138 createClassifierRefs(ImmutableMap.<String, Direction>of("tcp_dst_80", Direction.In,
\r
139 "tcp_src_80", Direction.In)))
\r
141 Rule rule2 = new RuleBuilder().setActionRef(
\r
142 ImmutableList.of(new ActionRefBuilder().setName(new ActionName("allow")).build()))
\r
144 createClassifierRefs(ImmutableMap.<String, Direction>of("tcp_dst_80", Direction.In,
\r
145 "tcp_src_80", Direction.Out)))
\r
147 Rule rule3 = new RuleBuilder().setActionRef(
\r
148 ImmutableList.of(new ActionRefBuilder().setName(new ActionName("allow")).build()))
\r
150 createClassifierRefs(ImmutableMap.<String, Direction>of("tcp_dst_80", Direction.In,
\r
151 "tcp_src_80", Direction.Out,
\r
152 "ether_type", Direction.In)))
\r
154 Rule rule4 = new RuleBuilder().setActionRef(
\r
155 ImmutableList.of(new ActionRefBuilder().setName(new ActionName("allow")).build()))
\r
157 createClassifierRefs(ImmutableMap.<String, Direction>of("tcp_dst_80", Direction.In,
\r
158 "tcp_dst_90", Direction.In)))
\r
162 doTestDifferentEg(ImmutableList.<Subject>of(createSubject("s1", ImmutableList.<Rule>of(rule1)))));
\r
164 doTestDifferentEg(ImmutableList.<Subject>of(createSubject("s2", ImmutableList.<Rule>of(rule2)))));
\r
166 doTestDifferentEg(ImmutableList.<Subject>of(createSubject("s3", ImmutableList.<Rule>of(rule3)))));
\r
168 doTestDifferentEg(ImmutableList.<Subject>of(createSubject("s4", ImmutableList.<Rule>of(rule4)))));
\r
171 private int doTestDifferentEg(List<Subject> subjects) throws Exception {
\r
172 Endpoint ep1 = localEP().build();
\r
173 endpointManager.addEndpoint(ep1);
\r
174 Endpoint ep2 = localEP()
\r
175 .setMacAddress(new MacAddress("00:00:00:00:00:02"))
\r
176 .setEndpointGroup(eg2)
\r
178 endpointManager.addEndpoint(ep2);
\r
179 policyResolver.addTenant(baseTenant().setContract(
\r
180 ImmutableList.<Contract>of(baseContract(subjects).build())).build());
\r
182 FlowMap fm = dosync(null);
\r
183 assertNotEquals(0, fm.getTableForNode(nodeId, ctx.getPolicyManager().getTABLEID_POLICY_ENFORCER()).getFlow().size());
\r
185 HashMap<String, Flow> flowMap = new HashMap<>();
\r
186 for (Flow f : fm.getTableForNode(nodeId, ctx.getPolicyManager().getTABLEID_POLICY_ENFORCER()).getFlow()) {
\r
187 flowMap.put(f.getId().getValue(), f);
\r
188 if (f.getId().getValue().indexOf("intraallow") == 0) {
\r
190 } else if (f.getMatch() != null &&
\r
191 Objects.equals(tunnelId, f.getMatch().getInPort())) {
\r
192 assertEquals(instructions(applyActionIns(nxOutputRegAction(NxmNxReg7.class))),
\r
193 f.getInstructions());
\r
195 } else if (f.getMatch() != null &&
\r
196 f.getMatch().getEthernetMatch() != null &&
\r
197 Objects.equals(FlowUtils.IPv4,
\r
198 f.getMatch().getEthernetMatch()
\r
199 .getEthernetType().getType().getValue()) &&
\r
200 f.getMatch().getIpMatch() != null &&
\r
201 Objects.equals(Short.valueOf((short)6),
\r
202 f.getMatch().getIpMatch().getIpProtocol()) &&
\r
203 f.getMatch().getLayer4Match() != null &&
\r
205 Objects.equals(new PortNumber(Integer.valueOf(80)),
\r
206 ((TcpMatch)f.getMatch().getLayer4Match())
\r
207 .getTcpSourcePort())
\r
209 Objects.equals(new PortNumber(Integer.valueOf(80)),
\r
210 ((TcpMatch)f.getMatch().getLayer4Match())
\r
211 .getTcpDestinationPort())
\r
214 } else if (f.getMatch() != null &&
\r
215 f.getMatch().getEthernetMatch() != null &&
\r
216 Objects.equals(FlowUtils.IPv6,
\r
217 f.getMatch().getEthernetMatch()
\r
218 .getEthernetType().getType().getValue()) &&
\r
219 f.getMatch().getIpMatch() != null &&
\r
220 Objects.equals(Short.valueOf((short)6),
\r
221 f.getMatch().getIpMatch().getIpProtocol()) &&
\r
222 f.getMatch().getLayer4Match() != null &&
\r
224 Objects.equals(new PortNumber(Integer.valueOf(80)),
\r
225 ((TcpMatch)f.getMatch().getLayer4Match())
\r
226 .getTcpSourcePort())
\r
228 Objects.equals(new PortNumber(Integer.valueOf(80)),
\r
229 ((TcpMatch)f.getMatch().getLayer4Match())
\r
230 .getTcpDestinationPort())
\r
239 public void testConditions() throws Exception {
\r
240 Condition cond1 = new ConditionBuilder()
\r
241 .setName(new ConditionName("cond1"))
\r
243 Condition cond2 = new ConditionBuilder()
\r
244 .setName(new ConditionName("cond2"))
\r
247 Endpoint ep1 = localEP()
\r
248 .setCondition(ImmutableList.of(cond1.getName()))
\r
250 endpointManager.addEndpoint(ep1);
\r
251 Endpoint ep2 = localEP()
\r
252 .setMacAddress(new MacAddress("00:00:00:00:00:02"))
\r
253 .setCondition(ImmutableList.of(cond1.getName(), cond2.getName()))
\r
254 .setEndpointGroup(eg2)
\r
256 endpointManager.addEndpoint(ep2);
\r
258 TenantBuilder tb = baseTenant()
\r
259 .setContract(ImmutableList.of(new ContractBuilder()
\r
261 .setSubject(ImmutableList.of(baseSubject(Direction.Out).build()))
\r
262 .setClause(ImmutableList.of(new ClauseBuilder()
\r
263 .setName(new ClauseName("test"))
\r
264 .setSubjectRefs(ImmutableList.of(new SubjectName("s1")))
\r
265 .setConsumerMatchers(new ConsumerMatchersBuilder()
\r
266 .setConditionMatcher(ImmutableList.of(new ConditionMatcherBuilder()
\r
267 .setName(new ConditionMatcherName("m1"))
\r
268 .setCondition(ImmutableList.of(cond1, cond2))
\r
269 .setMatchType(MatchType.Any)
\r
272 .setProviderMatchers(new ProviderMatchersBuilder()
\r
273 .setConditionMatcher(ImmutableList.of(new ConditionMatcherBuilder()
\r
274 .setName(new ConditionMatcherName("m2"))
\r
275 .setCondition(ImmutableList.of(cond1, cond2))
\r
276 .setMatchType(MatchType.All)
\r
281 policyResolver.addTenant(tb.build());
\r
283 PolicyInfo policy = policyResolver.getCurrentPolicy();
\r
284 List<ConditionName> ep1c = endpointManager.getCondsForEndpoint(ep1);
\r
285 ConditionGroup cg1 =
\r
286 policy.getEgCondGroup(new EgKey(tb.getId(),
\r
287 ep1.getEndpointGroup()),
\r
289 List<ConditionName> ep2c = endpointManager.getCondsForEndpoint(ep2);
\r
290 ConditionGroup cg2 =
\r
291 policy.getEgCondGroup(new EgKey(tb.getId(),
\r
292 ep2.getEndpointGroup()),
\r
294 int cg1Id = OrdinalFactory.getCondGroupOrdinal(cg1);
\r
295 int cg2Id = OrdinalFactory.getCondGroupOrdinal(cg2);
\r
296 int eg1Id = OrdinalFactory.getContextOrdinal(ep1.getTenant(),
\r
297 ep1.getEndpointGroup());
\r
298 int eg2Id = OrdinalFactory.getContextOrdinal(ep1.getTenant(),
\r
299 ep2.getEndpointGroup());
\r
301 assertNotEquals(cg1Id, cg2Id);
\r
303 MatchBuilder mb = new MatchBuilder();
\r
304 FlowUtils.addNxRegMatch(mb,
\r
305 RegMatch.of(NxmNxReg0.class, Long.valueOf(eg1Id)),
\r
306 RegMatch.of(NxmNxReg1.class, Long.valueOf(cg1Id)),
\r
307 RegMatch.of(NxmNxReg2.class, Long.valueOf(eg2Id)),
\r
308 RegMatch.of(NxmNxReg3.class, Long.valueOf(cg2Id)));
\r
309 GeneralAugMatchNodesNodeTableFlow m1 =
\r
310 mb.getAugmentation(GeneralAugMatchNodesNodeTableFlow.class);
\r
311 FlowUtils.addNxRegMatch(mb,
\r
312 RegMatch.of(NxmNxReg0.class, Long.valueOf(eg2Id)),
\r
313 RegMatch.of(NxmNxReg1.class, Long.valueOf(cg2Id)),
\r
314 RegMatch.of(NxmNxReg2.class, Long.valueOf(eg1Id)),
\r
315 RegMatch.of(NxmNxReg3.class, Long.valueOf(cg1Id)));
\r
316 GeneralAugMatchNodesNodeTableFlow m2 =
\r
317 mb.getAugmentation(GeneralAugMatchNodesNodeTableFlow.class);
\r
319 FlowMap fm = dosync(null);
\r
320 assertEquals(7, fm.getTableForNode(nodeId, ctx.getPolicyManager().getTABLEID_POLICY_ENFORCER()).getFlow().size());
\r
321 HashMap<String, Flow> flowMap = new HashMap<>();
\r
322 for (Flow f : fm.getTableForNode(nodeId, ctx.getPolicyManager().getTABLEID_POLICY_ENFORCER()).getFlow()) {
\r
323 flowMap.put(f.getId().getValue(), f);
\r
324 if (f.getMatch() != null &&
\r
325 f.getMatch().getEthernetMatch() != null) {
\r
329 assertEquals(3, count);
\r
330 fm = dosync(flowMap);
\r
331 int numberOfFlows = fm.getTableForNode(nodeId, ctx.getPolicyManager().getTABLEID_POLICY_ENFORCER()).getFlow().size();
\r
332 fm = dosync(flowMap);
\r
333 assertEquals(numberOfFlows, fm.getTableForNode(nodeId, ctx.getPolicyManager().getTABLEID_POLICY_ENFORCER()).getFlow().size());
\r