+ /**
+ * Test IPv4 add test case.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleAddIpv4() throws Exception {
+ when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
+ when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
+ when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
+ when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
+
+ egressAclServiceSpy.programPortSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,PORT_UUID,true);
+
+ verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
+ verify(writeTransaction, times(1)).submit();
+ verify(commitFuture, times(1)).get();
+ }
+
+ /**
+ * Test IPv4 remove test case.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleRemoveIpv4() throws Exception {
+ when(portSecurityRule.getSecurityRuleProtocol()).thenReturn(null);
+ when(portSecurityRule.getSecurityRulePortMax()).thenReturn(null);
+ when(portSecurityRule.getSecurityRulePortMin()).thenReturn(null);
+ when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn(null);
+
+ egressAclServiceSpy.programPortSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,PORT_UUID,false);
+ verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
+ verify(writeTransaction, times(1)).submit();
+ verify(commitFuture, times(1)).get();
+ }
+
+ /**
+ * Test TCP add with port no and CIDR selected.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleAddTcp1() throws Exception {
+ when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
+ when(portSecurityRule.getSecurityRulePortMax()).thenReturn(20);
+ when(portSecurityRule.getSecurityRulePortMin()).thenReturn(20);
+ when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
+ PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+ egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
+ PORT_UUID, true);
+
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
+
+ Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
+ TcpMatch layer4Match=(TcpMatch) match.getLayer4Match();
+ Assert.assertEquals(20, layer4Match.getTcpDestinationPort().getValue().intValue());
+ int port=portSecurityRule.getSecurityRulePortMin();
+ Assert.assertEquals("Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
+ "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
+ }
+
+ /**
+ * Test TCP remove with port no and CIDR selected.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleRemoveTcp1() throws Exception {
+ when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
+ when(portSecurityRule.getSecurityRulePortMax()).thenReturn(30);
+ when(portSecurityRule.getSecurityRulePortMin()).thenReturn(30);
+ when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
+ PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+
+ egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
+ PORT_UUID, false);
+
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
+
+ Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
+ TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
+ Assert.assertEquals(30, layer4Match.getTcpDestinationPort().getValue().intValue());
+ int port=portSecurityRule.getSecurityRulePortMin();
+ Assert.assertEquals("Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
+ "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
+ }
+
+ /**
+ * Test TCP add with port no and remote SG selected.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleAddTcp2() throws Exception {
+ when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
+ when(portSecurityRule.getSecurityRulePortMax()).thenReturn(40);
+ when(portSecurityRule.getSecurityRulePortMin()).thenReturn(40);
+ when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
+ PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+ egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
+ PORT_UUID, true);
+
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
+
+ Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
+ TcpMatch layer4Match=(TcpMatch) match.getLayer4Match();
+ int port=portSecurityRule.getSecurityRulePortMin();
+ String expectedFlowId1 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + DEST_IP_1 +
+ "_Permit";
+ String expectedFlowId2 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + DEST_IP_2 +
+ "_Permit";
+ String actualFlowId = flowBuilder.getFlowName();
+ if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
+ Assert.assertTrue(true);
+ } else {
+ Assert.assertTrue(false);
+ }
+ }
+
+ /**
+ * Test TCP remove with port no and remote SG selected.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleRemoveTcp2() throws Exception {
+ when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
+ when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
+ when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
+ when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
+ PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+
+ egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
+ PORT_UUID, false);
+
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
+
+ Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
+ TcpMatch layer4Match=(TcpMatch) match.getLayer4Match();
+ int port=portSecurityRule.getSecurityRulePortMin();
+ String expectedFlowId1 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_1 +
+ "_Permit";
+ String expectedFlowId2 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_2 +
+ "_Permit";
+ String actualFlowId = flowBuilder.getFlowName();
+ if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
+ Assert.assertTrue(true);
+ } else {
+ Assert.assertTrue(false);
+ }
+ }
+
+ /**
+ * Test TCP add with port range (All TCP) and CIDR selected.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleAddTcpAll1() throws Exception {
+ when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
+ when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
+ when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
+ when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
+ PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+ egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
+ PORT_UUID, true);
+
+ Match match = flowBuilder.getMatch();
+ Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
+ TcpMatch layer4Match=(TcpMatch) match.getLayer4Match();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
+ }
+
+ /**
+ * Test TCP remove with port range (All TCP) and CIDR selected.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleRemoveTcpAll1() throws Exception {
+ when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
+ when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
+ when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
+ when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
+ PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+
+ egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
+ PORT_UUID, false);
+
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
+
+ Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
+ Assert.assertEquals("Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
+ PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
+ }
+
+ /**
+ * Test TCP add with port range (All TCP) and remote SG selected.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleAddTcpAll2() throws Exception {
+ when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
+ when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
+ when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
+ when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
+ PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+ egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
+ PORT_UUID, true);
+
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
+
+ Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
+ String expectedFlowId1 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
+ PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
+ String expectedFlowId2 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
+ PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
+ String actualFlowId = flowBuilder.getFlowName();
+ if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
+ Assert.assertTrue(true);
+ } else {
+ Assert.assertTrue(false);
+ }
+ }
+
+ /**
+ * Test TCP remove with port range (All TCP) and remote SG selected.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleRemoveTcpAll2() throws Exception {
+ when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
+ when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
+ when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
+ when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
+ PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+
+ egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
+ PORT_UUID, false);
+
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
+
+ Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
+ String expectedFlowId1 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
+ PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
+ String expectedFlowId2 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
+ PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
+ String actualFlowId = flowBuilder.getFlowName();
+ if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
+ Assert.assertTrue(true);
+ } else {
+ Assert.assertTrue(false);
+ }
+ }
+
+ /**
+ * Test UDP add with port no and CIDR selected.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleAddUdp1() throws Exception {
+ when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
+ when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
+ when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
+ when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
+ PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+ egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
+ PORT_UUID, true);
+
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
+
+ Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
+ UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
+ Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
+ int port = portSecurityRule.getSecurityRulePortMin();
+ Assert.assertEquals("Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
+ "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
+ }
+
+ /**
+ * Test UDP remove with port no and CIDR selected.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleRemoveUdp1() throws Exception {
+ when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
+ when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
+ when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
+ when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
+ PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+ egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
+ PORT_UUID, false);
+
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
+
+ Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
+ UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
+ Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
+ int port = portSecurityRule.getSecurityRulePortMin();
+ Assert.assertEquals("Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
+ "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
+ }
+
+ /**
+ * Test UDP add with port no and remote SG selected.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleAddUdp2() throws Exception {
+ when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
+ when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
+ when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
+ when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
+ when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
+ PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+ egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
+ PORT_UUID, true);
+
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
+
+ Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
+ UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
+ Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
+ int port = portSecurityRule.getSecurityRulePortMin();
+ String expectedFlowId1 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + DEST_IP_1 +
+ "_Permit";
+ String expectedFlowId2 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + DEST_IP_2 +
+ "_Permit";
+ String actualFlowId = flowBuilder.getFlowName();
+ if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
+ Assert.assertTrue(true);
+ } else {
+ Assert.assertTrue(false);
+ }
+ }
+
+ /**
+ * Test UDP remove with port no and remote SG selected.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleRemoveUdp2() throws Exception {
+ when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
+ when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
+ when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
+ when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
+ when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
+ PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+ egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
+ PORT_UUID, false);
+
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
+
+ Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
+ UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
+ Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
+ int port = portSecurityRule.getSecurityRulePortMin();
+ String expectedFlowId1 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + DEST_IP_1 +
+ "_Permit";
+ String expectedFlowId2 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + DEST_IP_2 +
+ "_Permit";
+ String actualFlowId = flowBuilder.getFlowName();
+ if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
+ Assert.assertTrue(true);
+ } else {
+ Assert.assertTrue(false);
+ }
+ }
+
+
+ /**
+ * Test UDP add with port (All UDP) and CIDR selected.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleAddUdpAll1() throws Exception {
+ when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
+ when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
+ when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
+ when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
+ PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+ egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
+ PORT_UUID, true);
+
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
+
+ Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
+ Assert.assertEquals("Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
+ PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
+ }
+
+ /**
+ * Test UDP remove with port (All UDP) and CIDR selected.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleRemoveUdpAll1() throws Exception {
+ when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
+ when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
+ when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
+ when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
+ PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+ egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
+ PORT_UUID, false);
+
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
+
+ Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
+ Assert.assertEquals("Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
+ PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
+ }
+
+ /**
+ * Test UDP add with port (All UDP) and remote SG selected.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleAddUdpAll2() throws Exception {
+ when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
+ when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
+ when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
+ when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
+ PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+ egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
+ PORT_UUID, true);
+
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
+
+ Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
+ String expectedFlowId1 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
+ PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
+ String expectedFlowId2 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
+ PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
+ String actualFlowId = flowBuilder.getFlowName();
+ if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
+ Assert.assertTrue(true);
+ } else {
+ Assert.assertTrue(false);
+ }
+ }
+
+ /**
+ * Test UDP remove with port (All UDP) and remote SG selected.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleRemoveUdpAll2() throws Exception {
+ when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
+ when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
+ when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
+ when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
+ PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+ egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
+ PORT_UUID, false);
+
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
+
+ Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
+ String expectedFlowId1 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
+ PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
+ String expectedFlowId2 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
+ PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
+ String actualFlowId = flowBuilder.getFlowName();
+ if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
+ Assert.assertTrue(true);
+ } else {
+ Assert.assertTrue(false);
+ }
+ }
+
+ /**
+ * Test ICMP add with code, type and CIDR selected.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleAddIcmp1() throws Exception {
+ when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
+ when(portSecurityRule.getSecurityRulePortMax()).thenReturn(10);
+ when(portSecurityRule.getSecurityRulePortMin()).thenReturn(10);
+ when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
+ PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+
+ egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
+ PORT_UUID, true);
+
+ Match match = flowBuilder.getMatch();
+ Icmpv4Match icmpv4Match = match.getIcmpv4Match();
+ Assert.assertEquals(10, icmpv4Match.getIcmpv4Type().shortValue());
+ Assert.assertEquals(10, icmpv4Match.getIcmpv4Code().shortValue());
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
+ Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
+ Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
+ Assert.assertEquals("Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
+ "_" + type + "_" + code + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
+ }
+
+ /**
+ * Test ICMP remove with code, type and CIDR selected.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleRemoveIcmp1() throws Exception {
+ when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
+ when(portSecurityRule.getSecurityRulePortMax()).thenReturn(20);
+ when(portSecurityRule.getSecurityRulePortMin()).thenReturn(20);
+ when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
+ PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+
+ egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
+ PORT_UUID, false);
+
+ Match match = flowBuilder.getMatch();
+ Icmpv4Match icmpv4Match = match.getIcmpv4Match();
+ Assert.assertEquals(20, icmpv4Match.getIcmpv4Type().shortValue());
+ Assert.assertEquals(20, icmpv4Match.getIcmpv4Code().shortValue());
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
+ Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
+ Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
+ Assert.assertEquals("Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
+ "_" + type + "_" + code + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
+ }
+
+ /**
+ * Test ICMP add with code, type and remote SG selected.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleAddIcmp2() throws Exception {
+ when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
+ when(portSecurityRule.getSecurityRulePortMax()).thenReturn(30);
+ when(portSecurityRule.getSecurityRulePortMin()).thenReturn(30);
+ when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
+ when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
+ PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+
+ egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
+ PORT_UUID, true);
+
+ Match match = flowBuilder.getMatch();
+ Icmpv4Match icmpv4Match = match.getIcmpv4Match();
+ Assert.assertEquals(30, icmpv4Match.getIcmpv4Type().shortValue());
+ Assert.assertEquals(30, icmpv4Match.getIcmpv4Code().shortValue());
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
+ Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
+ Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
+ String expectedFlowId1 = "Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code + "_"
+ + DEST_IP_1 + "_Permit";
+ String expectedFlowId2 = "Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code + "_"
+ + DEST_IP_2 + "_Permit";
+ String actualFlowId = flowBuilder.getFlowName();
+ if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
+ Assert.assertTrue(true);
+ } else {
+ Assert.assertTrue(false);
+ }
+ }
+
+ /**
+ * Test ICMP remove with code, type and remote SG selected.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleRemoveIcmp2() throws Exception {
+ when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("icmp");
+ when(portSecurityRule.getSecurityRulePortMax()).thenReturn(40);
+ when(portSecurityRule.getSecurityRulePortMin()).thenReturn(40);
+ when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
+ PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+
+ egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
+ PORT_UUID, false);
+
+ Match match = flowBuilder.getMatch();
+ Icmpv4Match icmpv4Match = match.getIcmpv4Match();
+ Assert.assertEquals(40, icmpv4Match.getIcmpv4Type().shortValue());
+ Assert.assertEquals(40, icmpv4Match.getIcmpv4Code().shortValue());
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
+ Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
+ Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
+ String expectedFlowId1 = "Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code + "_"
+ + DEST_IP_1 + "_Permit";
+ String expectedFlowId2 = "Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code + "_"
+ + DEST_IP_2 + "_Permit";
+ String actualFlowId = flowBuilder.getFlowName();
+ if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
+ Assert.assertTrue(true);
+ } else {
+ Assert.assertTrue(false);
+ }
+ }
+
+ /**
+ * Test IPv4 invalid ether type test case.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleInvalidEther() throws Exception {
+ when(portSecurityRule.getSecurityRuleEthertype()).thenReturn("IPV6");
+
+ egressAclServiceSpy.programPortSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,PORT_UUID,false);
+
+ verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
+ verify(writeTransaction, times(0)).submit();
+ verify(commitFuture, times(0)).get();
+ }
+
+ /**
+ * Test IPv4 invalid direction type test case.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleInvalidDirection() throws Exception {
+ when(portSecurityRule.getSecurityRuleDirection()).thenReturn("ingress");
+
+ egressAclServiceSpy.programPortSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,PORT_UUID,false);
+
+ verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
+ verify(writeTransaction, times(0)).submit();
+ verify(commitFuture, times(0)).get();
+ }
+
+ /**
+ * Test With isLastPortInBridge false isComputeNode false
+ */
+ @Test
+ public void testProgramFixedSecurityACLAdd1() throws Exception {
+ egressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, false, false, true);
+
+ verify(writeTransaction, times(0)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
+ verify(writeTransaction, times(0)).submit();
+ verify(commitFuture, times(0)).get();
+ }
+ /**
+ * Test With isLastPortInBridge false isComputeNode false
+ */
+ @Test
+ public void testProgramFixedSecurityACLRemove1() throws Exception {
+
+ egressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, false, false, false);
+
+ verify(writeTransaction, times(0)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
+ verify(writeTransaction, times(0)).submit();
+ verify(commitFuture, times(0)).get();
+ }
+
+ /**
+ * Test With isLastPortInBridge false isComputeNode true
+ */
+ @Test
+ public void testProgramFixedSecurityACLAdd2() throws Exception {
+
+ egressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, false, true, true);
+
+ verify(writeTransaction, times(6)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
+ verify(writeTransaction, times(3)).submit();
+ verify(commitFuture, times(3)).get();
+ }
+
+ /**
+ * Test With isLastPortInBridge false isComputeNode true
+ */
+ @Test
+ public void testProgramFixedSecurityACLRemove2() throws Exception {
+
+ egressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, false, true, false);
+
+ verify(writeTransaction, times(3)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
+ verify(writeTransaction, times(3)).submit();
+ verify(commitFuture, times(3)).get();
+ }
+
+ /**
+ * Test With isLastPortInBridge true isComputeNode false
+ */
+ @Test
+ public void testProgramFixedSecurityACLAdd3() throws Exception {
+
+ egressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, true, false, true);
+
+ verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
+ verify(writeTransaction, times(1)).submit();
+ verify(commitFuture, times(1)).get();
+ }
+
+ /**
+ * Test With isLastPortInBridge true isComputeNode false
+ */
+ @Test
+ public void testProgramFixedSecurityACLRemove3() throws Exception {
+
+ egressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, true, false, false);
+
+ verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
+ verify(writeTransaction, times(1)).submit();
+ verify(commitFuture, times(1)).get();
+ }
+
+ /**
+ * Test With isLastPortInBridge true isComputeNode true
+ */
+ @Test
+ public void testProgramFixedSecurityACLAdd4() throws Exception {
+
+ egressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, true, true, true);
+
+ verify(writeTransaction, times(8)).put(any(LogicalDatastoreType.class),
+ any(InstanceIdentifier.class), any(Node.class), eq(true));
+ verify(writeTransaction, times(4)).submit();
+ verify(commitFuture, times(4)).get();
+ }
+
+ /**
+ * Test With isLastPortInBridge true isComputeNode true
+ */
+ @Test
+ public void testProgramFixedSecurityACLRemove4() throws Exception {
+
+ egressAclServiceSpy.programFixedSecurityGroup(Long.valueOf(1554), "2", MAC_ADDRESS, 1, neutronDestIpList, true, true, false);
+
+ verify(writeTransaction, times(4)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
+ verify(writeTransaction, times(4)).submit();
+ verify(commitFuture, times(4)).get();
+ }
+