import static org.mockito.Mockito.*;
public class PortSecurityTest extends FlowTableTest {
- protected static final Logger LOG =
+ protected static final Logger LOG =
LoggerFactory.getLogger(PortSecurityTest.class);
-
+
+ @Override
@Before
public void setup() throws Exception {
initCtx();
public void testDefaultDeny() throws Exception {
ReadWriteTransaction t = dosync(null);
ArgumentCaptor<Flow> ac = ArgumentCaptor.forClass(Flow.class);
- verify(t, times(4)).put(eq(LogicalDatastoreType.CONFIGURATION),
- Matchers.<InstanceIdentifier<Flow>>any(),
- ac.capture());
+ verify(t, times(4)).put(eq(LogicalDatastoreType.CONFIGURATION),
+ Matchers.<InstanceIdentifier<Flow>>any(),
+ ac.capture(), anyBoolean());
int count = 0;
-
+
HashMap<String, FlowCtx> flowMap = new HashMap<>();
for (Flow f : ac.getAllValues()) {
flowMap.put(f.getId().getValue(), new FlowCtx(f));
}
assertEquals(4, count);
t = dosync(flowMap);
- verify(t, never()).put(any(LogicalDatastoreType.class),
- Matchers.<InstanceIdentifier<Flow>>any(),
- any(Flow.class));
+ verify(t, never()).put(any(LogicalDatastoreType.class),
+ Matchers.<InstanceIdentifier<Flow>>any(),
+ any(Flow.class), anyBoolean());
}
@Test
public void testNonLocalAllow() throws Exception {
switchManager
- .addSwitch(new NodeId("openflow:1"),
- new NodeConnectorId("openflow:1:1"),
+ .addSwitch(new NodeId("openflow:1"),
+ new NodeConnectorId("openflow:1:1"),
ImmutableSet.of(new NodeConnectorId("openflow:1:2")),
null);
ReadWriteTransaction t = dosync(null);
ArgumentCaptor<Flow> ac = ArgumentCaptor.forClass(Flow.class);
- verify(t, atLeastOnce()).put(eq(LogicalDatastoreType.CONFIGURATION),
+ verify(t, atLeastOnce()).put(eq(LogicalDatastoreType.CONFIGURATION),
Matchers.<InstanceIdentifier<Flow>>any(),
- ac.capture());
-
+ ac.capture(), anyBoolean());
+
int count = 0;
HashMap<String, FlowCtx> flowMap = new HashMap<>();
Set<String> ncs = ImmutableSet.of("openflow:1:1", "openflow:1:2");
flowMap.put(f.getId().getValue(), new FlowCtx(f));
if (f.getMatch() != null && f.getMatch().getInPort() != null &&
ncs.contains(f.getMatch().getInPort().getValue())) {
- assertEquals(f.getInstructions(),
+ assertEquals(f.getInstructions(),
FlowUtils.gotoTableInstructions((short)(table.getTableId()+1)));
count += 1;
}
assertEquals(2, count);
t = dosync(flowMap);
- verify(t, never()).put(any(LogicalDatastoreType.class),
- Matchers.<InstanceIdentifier<Flow>>any(),
- any(Flow.class));
+ verify(t, never()).put(any(LogicalDatastoreType.class),
+ Matchers.<InstanceIdentifier<Flow>>any(),
+ any(Flow.class), anyBoolean());
}
-
+
@Test
public void testL2() throws Exception {
List<L3Address> l3 = Collections.emptyList();
Endpoint ep = localEP()
.setL3Address(l3)
.build();
-
+
endpointManager.addEndpoint(ep);
-
+
ReadWriteTransaction t = dosync(null);
ArgumentCaptor<Flow> ac = ArgumentCaptor.forClass(Flow.class);
- verify(t, atLeastOnce()).put(eq(LogicalDatastoreType.CONFIGURATION),
+ verify(t, atLeastOnce()).put(eq(LogicalDatastoreType.CONFIGURATION),
Matchers.<InstanceIdentifier<Flow>>any(),
- ac.capture());
+ ac.capture(), anyBoolean());
int count = 0;
HashMap<String, FlowCtx> flowMap = new HashMap<>();
if (f.getMatch() != null &&
f.getMatch().getEthernetMatch() != null &&
f.getMatch().getEthernetMatch().getEthernetSource() != null &&
- Objects.equals(ep.getMacAddress(),
+ Objects.equals(ep.getMacAddress(),
f.getMatch().getEthernetMatch()
.getEthernetSource().getAddress()) &&
- Objects.equals(ep.getAugmentation(OfOverlayContext.class).getNodeConnectorId(),
+ Objects.equals(ep.getAugmentation(OfOverlayContext.class).getNodeConnectorId(),
f.getMatch().getInPort())) {
count += 1;
assertEquals(FlowUtils.gotoTableInstructions((short)(table.getTableId()+1)),
f.getInstructions());
}
}
- assertEquals(1, count);
+ assertEquals(2, count);
t = dosync(flowMap);
- verify(t, never()).put(any(LogicalDatastoreType.class),
- Matchers.<InstanceIdentifier<Flow>>any(),
- any(Flow.class));
+ verify(t, never()).put(any(LogicalDatastoreType.class),
+ Matchers.<InstanceIdentifier<Flow>>any(),
+ any(Flow.class), anyBoolean());
}
-
+
@Test
public void testL3() throws Exception {
Endpoint ep = localEP()
.setIpAddress(new IpAddress(new Ipv6Address("2001:db8:85a3::8a2e:370:7334")))
.build()))
.build();
-
+
endpointManager.addEndpoint(ep);
-
+
ReadWriteTransaction t = dosync(null);
ArgumentCaptor<Flow> ac = ArgumentCaptor.forClass(Flow.class);
- verify(t, atLeastOnce()).put(eq(LogicalDatastoreType.CONFIGURATION),
+ verify(t, atLeastOnce()).put(eq(LogicalDatastoreType.CONFIGURATION),
Matchers.<InstanceIdentifier<Flow>>any(),
- ac.capture());
-
+ ac.capture(), anyBoolean());
+
int count = 0;
HashMap<String, FlowCtx> flowMap = new HashMap<>();
for (Flow f : ac.getAllValues()) {
flowMap.put(f.getId().getValue(), new FlowCtx(f));
if (f.getMatch() != null &&
- Objects.equals(ep.getAugmentation(OfOverlayContext.class).getNodeConnectorId(),
+ Objects.equals(ep.getAugmentation(OfOverlayContext.class).getNodeConnectorId(),
f.getMatch().getInPort()) &&
((f.getMatch().getLayer3Match() != null &&
f.getMatch().getLayer3Match() instanceof Ipv4Match &&
+ ((Ipv4Match)f.getMatch().getLayer3Match()).getIpv4Source() != null &&
Objects.equals(ep.getL3Address().get(0).getIpAddress().getIpv4Address().getValue(),
- ((Ipv4Match)f.getMatch().getLayer3Match()).getIpv4Source().getValue())) ||
+ ((Ipv4Match)f.getMatch().getLayer3Match()).getIpv4Source().getValue().split("/")[0])) ||
+ (f.getMatch().getLayer3Match() != null &&
+ f.getMatch().getLayer3Match() instanceof Ipv4Match &&
+ ((Ipv4Match)f.getMatch().getLayer3Match()).getIpv4Destination() != null &&
+ Objects.equals("255.255.255.255",
+ ((Ipv4Match)f.getMatch().getLayer3Match()).getIpv4Destination().getValue().split("/")[0])) ||
(f.getMatch().getLayer3Match() != null &&
f.getMatch().getLayer3Match() instanceof ArpMatch &&
Objects.equals(ep.getL3Address().get(0).getIpAddress().getIpv4Address().getValue(),
- ((ArpMatch)f.getMatch().getLayer3Match()).getArpSourceTransportAddress().getValue())) ||
+ ((ArpMatch)f.getMatch().getLayer3Match()).getArpSourceTransportAddress().getValue().split("/")[0])) ||
(f.getMatch().getLayer3Match() != null &&
f.getMatch().getLayer3Match() instanceof Ipv6Match &&
Objects.equals(ep.getL3Address().get(1).getIpAddress().getIpv6Address().getValue(),
- ((Ipv6Match)f.getMatch().getLayer3Match()).getIpv6Source().getValue())))) {
+ ((Ipv6Match)f.getMatch().getLayer3Match()).getIpv6Source().getValue().split("/")[0])))) {
count += 1;
assertEquals(FlowUtils.gotoTableInstructions((short)(table.getTableId()+1)),
f.getInstructions());
}
}
- assertEquals(3, count);
+ assertEquals(4, count);
t = dosync(flowMap);
- verify(t, never()).put(any(LogicalDatastoreType.class),
- Matchers.<InstanceIdentifier<Flow>>any(),
- any(Flow.class));
+ verify(t, never()).put(any(LogicalDatastoreType.class),
+ Matchers.<InstanceIdentifier<Flow>>any(),
+ any(Flow.class), anyBoolean());
}
}
Code Review / groupbasedpolicy.git / blobdiff