import org.opendaylight.vbd.impl.transaction.VbdNetconfTransaction;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.AccessLists;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.Acl;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ContextId;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.endpoints.AddressEndpointWithLocation;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.renderer.endpoints.RendererEndpoint;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.renderer.endpoints.RendererEndpointKey;
@Test
public void oneEndpointChanged() {
List<Acl> acls = processChangedEndpoints(Sets.newHashSet(rendererEndpointKey(l3AddrEp1.getKey())), true);
- Assert.assertEquals(acls.size(), 6);
+ Assert.assertEquals(6, acls.size());
acls.forEach(acl -> {
if (acl.getAclName().contains(VppPathMapper.interfacePathToInterfaceName(NODE1_CONNECTOR_1).get())) {
Assert.assertEquals(2 + 4, acl.getAccessListEntries().getAce().size());
}
});
acls = processChangedEndpoints(Sets.newHashSet(rendererEndpointKey(l3AddrEp1.getKey())), false);
- Assert.assertEquals(acls.size(), 6);
+ Assert.assertEquals(6, acls.size());
acls.forEach(acl -> {
+ System.out.println("DEBUGX " + acl);
if (acl.getAclName().contains(VppPathMapper.interfacePathToInterfaceName(NODE1_CONNECTOR_1).get())) {
- Assert.assertEquals(2, acl.getAccessListEntries().getAce().size());
+ acl.getAccessListEntries().getAce().forEach(ace -> {
+ System.out.println("DEBUG1 " + ace);
+ });
+ /*
+ * TODO rules were not removed, entire ACL is removed elsewhere when interface at
+ * NODE1_CONNECTOR_1 detaches from bridge domain.
+ */
+ Assert.assertEquals(6, acl.getAccessListEntries().getAce().size());
} else {
Assert.assertEquals(2, acl.getAccessListEntries().getAce().size());
}
Assert.assertEquals(acls.size(), 4);
acls.forEach(acl -> {
if (acl.getAclName().contains(VppPathMapper.interfacePathToInterfaceName(NODE1_CONNECTOR_1).get())) {
- // TODO fix so that the following assert is uncomemnted
- // Assert.assertEquals(2 + 2, acl.getAccessListEntries().getAce().size());
+ Assert.assertEquals(2 + 4, acl.getAccessListEntries().getAce().size());
} else {
Assert.assertEquals(2 + 2, acl.getAccessListEntries().getAce().size());
}
Assert.assertEquals(acls.size(), 4);
acls.forEach(acl -> {
if (acl.getAclName().contains(VppPathMapper.interfacePathToInterfaceName(NODE1_CONNECTOR_1).get())) {
+ // Peer is updated 4 rules went to 2.
Assert.assertEquals(2, acl.getAccessListEntries().getAce().size());
} else {
+ // Entire ACL is removed elsewhere -> no update of rules needed.
+ Assert.assertEquals(4, acl.getAccessListEntries().getAce().size());
+ }
+ });
+ }
+
+ /**
+ * Tests DHCP rules configuration. There should be no entries for DHCP servers serving different
+ * subnets, i.e.
+ * hosts should only have rules for accessing DHCP server in their subnet.
+ */
+ @Test
+ public void dhcpDifferentSubnets() {
+ final String ep4Mac = "20:00:00:00:00:02";
+ final String ep4Ip = "20.0.0.2/32";
+ final ContextId l2BdId2 = new ContextId("l2BridgeDomainId2");
+ final String node1Connector4 =
+ "/ietf-interfaces:interfaces/ietf-interfaces:interface[ietf-interfaces:name='nodeConnector4']";
+ final AddressEndpointWithLocation l2DhcpEp = l2AddressEndpointWithLocation(ep4Mac, l2BdId2, ep4Ip, L3_CTX_ID);
+ final AddressEndpointWithLocation l3DhcpEp = appendLocationToEndpoint(
+ l3AddressEndpointWithLocation(ep4Mac, l2BdId2, ep4Ip, L3_CTX_ID), NODE1, node1Connector4);
+ List<AddressEndpointWithLocation> addrEps = createAddressEndpoints();
+ addrEps.add(l2DhcpEp);
+ addrEps.add(l3DhcpEp);
+ List<RendererEndpoint> rEps = new ArrayList<>();
+ // DHCP from different subnet
+ rEps.add(createRendEndpoint(rendererEndpointKey(l3DhcpEp.getKey()), SECURITY_GROUP.SERVER,
+ peerEndpointKey(l3AddrEp2.getKey()), peerEndpointKey(l3AddrEp3.getKey())));
+ // DHCP from local subnet
+ rEps.add(createRendEndpoint(rendererEndpointKey(l3AddrEp1.getKey()), SECURITY_GROUP.SERVER,
+ peerEndpointKey(l3AddrEp2.getKey()), peerEndpointKey(l3AddrEp3.getKey())));
+ rEps.add(createRendEndpoint(rendererEndpointKey(l3AddrEp2.getKey()), SECURITY_GROUP.CLIENT,
+ peerEndpointKey(l3AddrEp1.getKey()), peerEndpointKey(l3DhcpEp.getKey())));
+ rEps.add(createRendEndpoint(rendererEndpointKey(l3AddrEp3.getKey()), SECURITY_GROUP.CLIENT,
+ peerEndpointKey(l3AddrEp1.getKey()), peerEndpointKey(l3DhcpEp.getKey())));
+ ctx = super.createPolicyContext(addrEps, rEps, createRuleGroupsDhcpTest(), createForwarding());
+ List<Acl> acls = processChangedEndpoints(Sets.newHashSet(rendererEndpointKey(l3AddrEp2.getKey())), true);
+ Assert.assertEquals(acls.size(), 6);
+ acls.forEach(acl -> {
+ if (acl.getAclName().contains(VppPathMapper.interfacePathToInterfaceName(node1Connector4).get())) {
Assert.assertEquals(2, acl.getAccessListEntries().getAce().size());
+ } else if (acl.getAclName().contains(VppPathMapper.interfacePathToInterfaceName(NODE1_CONNECTOR_1).get())) {
+ Assert.assertEquals(6, acl.getAccessListEntries().getAce().size());
+ } else {
+ Assert.assertEquals(4, acl.getAccessListEntries().getAce().size());
}
});
+
}
/**
if (acl.getAclName().contains(VppPathMapper.interfacePathToInterfaceName(NODE1_CONNECTOR_1).get())) {
Assert.assertEquals(2, acl.getAccessListEntries().getAce().size());
} else {
- Assert.assertEquals(2, acl.getAccessListEntries().getAce().size());
+ // Entire ACL is removed elsewhere -> no update of rules needed.
+ Assert.assertEquals(6, acl.getAccessListEntries().getAce().size());
}
});
}
Code Review / groupbasedpolicy.git / blobdiff