import static org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType.CONFIGURATION;
import static org.opendaylight.netvirt.aclservice.tests.StateInterfaceBuilderHelper.putNewStateInterface;
+import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
// Given
// putNewInterface(dataBroker, "port1", true, Collections.emptyList(), Collections.emptyList());
dataBrokerUtil.put(
- ImmutableIdentifiedInterfaceWithAclBuilder.builder().interfaceName("port1").portSecurity(true).build());
+ new IdentifiedInterfaceWithAclBuilder().interfaceName("port1").portSecurity(true).build());
// When
putNewStateInterface(dataBroker, "port1", PORT_MAC_1);
AclConstants.SOURCE_UPPER_PORT_UNSPECIFIED, AclConstants.DEST_LOWER_PORT_UNSPECIFIED,
AclConstants.DEST_UPPER_PORT_UNSPECIFIED, AclConstants.SOURCE_REMOTE_IP_PREFIX_UNSPECIFIED,
AclConstants.DEST_REMOTE_IP_PREFIX_SPECIFIED, (short) -1);
- dataBrokerUtil.put(ImmutableIdentifiedAceBuilder.builder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_1)
+ dataBrokerUtil.put(new IdentifiedAceBuilder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_1)
.newMatches(matches).newDirection(DirectionEgress.class).build());
matches = newMatch(AclConstants.SOURCE_LOWER_PORT_UNSPECIFIED, AclConstants.SOURCE_UPPER_PORT_UNSPECIFIED,
AclConstants.DEST_LOWER_PORT_UNSPECIFIED, AclConstants.DEST_UPPER_PORT_UNSPECIFIED,
AclConstants.SOURCE_REMOTE_IP_PREFIX_SPECIFIED, AclConstants.DEST_REMOTE_IP_PREFIX_UNSPECIFIED,
(short) -1);
dataBrokerUtil.put(
- ImmutableIdentifiedAceBuilder.builder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_2).newMatches(matches)
+ new IdentifiedAceBuilder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_2).newMatches(matches)
.newDirection(DirectionIngress.class).newRemoteGroupId(new Uuid(SG_UUID_1)).build());
// When
putNewStateInterface(dataBroker, PORT_1, PORT_MAC_1);
abstract void newInterfaceWithEtherTypeAclCheck();
+ @Test
+ public void newInterfaceWithMultipleAcl() throws Exception {
+ LOG.info("newInterfaceWithEtherTypeAcl - start");
+
+ newAllowedAddressPair(PORT_1, Collections.singletonList(SG_UUID_1), Collections.singletonList(AAP_PORT_1));
+ newAllowedAddressPair(PORT_2, Collections.singletonList(SG_UUID_1), Collections.singletonList(AAP_PORT_2));
+
+ Matches matches = newMatch(AclConstants.SOURCE_LOWER_PORT_UNSPECIFIED,
+ AclConstants.SOURCE_UPPER_PORT_UNSPECIFIED, AclConstants.DEST_LOWER_PORT_UNSPECIFIED,
+ AclConstants.DEST_UPPER_PORT_UNSPECIFIED, AclConstants.SOURCE_REMOTE_IP_PREFIX_UNSPECIFIED,
+ AclConstants.DEST_REMOTE_IP_PREFIX_SPECIFIED, (short) -1);
+ dataBrokerUtil.put(new IdentifiedAceBuilder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_1)
+ .newMatches(matches).newDirection(DirectionEgress.class).build());
+ matches = newMatch(AclConstants.SOURCE_LOWER_PORT_UNSPECIFIED, AclConstants.SOURCE_UPPER_PORT_UNSPECIFIED,
+ AclConstants.DEST_LOWER_PORT_UNSPECIFIED, AclConstants.DEST_UPPER_PORT_UNSPECIFIED,
+ AclConstants.SOURCE_REMOTE_IP_PREFIX_SPECIFIED, AclConstants.DEST_REMOTE_IP_PREFIX_UNSPECIFIED,
+ (short) -1);
+ dataBrokerUtil.put(
+ new IdentifiedAceBuilder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_2).newMatches(matches)
+ .newDirection(DirectionIngress.class).newRemoteGroupId(new Uuid(SG_UUID_1)).build());
+ // When
+ putNewStateInterface(dataBroker, PORT_1, PORT_MAC_1);
+ putNewStateInterface(dataBroker, PORT_2, PORT_MAC_2);
+
+ AclServiceTestUtils.waitABit(asyncEventsWaiter);
+
+ // Then
+ newInterfaceWithEtherTypeAclCheck();
+
+ LOG.info("newInterfaceWithEtherTypeAcl - end");
+
+ // Given
+ matches = newMatch(AclConstants.SOURCE_LOWER_PORT_UNSPECIFIED,
+ AclConstants.SOURCE_UPPER_PORT_UNSPECIFIED, AclConstants.DEST_LOWER_PORT_HTTP,
+ AclConstants.DEST_UPPER_PORT_HTTP, AclConstants.SOURCE_REMOTE_IP_PREFIX_UNSPECIFIED,
+ AclConstants.DEST_REMOTE_IP_PREFIX_SPECIFIED, (short) NwConstants.IP_PROT_TCP);
+ dataBrokerUtil.put(new IdentifiedAceBuilder().sgUuid(SG_UUID_2).newRuleName(SR_UUID_2_1)
+ .newMatches(matches).newDirection(DirectionEgress.class).newRemoteGroupId(new Uuid(SG_UUID_2)).build());
+ matches = newMatch(AclConstants.SOURCE_LOWER_PORT_UNSPECIFIED, AclConstants.SOURCE_UPPER_PORT_UNSPECIFIED,
+ AclConstants.DEST_LOWER_PORT_HTTP, AclConstants.DEST_UPPER_PORT_HTTP,
+ AclConstants.SOURCE_REMOTE_IP_PREFIX_SPECIFIED, AclConstants.DEST_REMOTE_IP_PREFIX_UNSPECIFIED,
+ (short) NwConstants.IP_PROT_TCP);
+
+ dataBrokerUtil.put(new IdentifiedAceBuilder().sgUuid(SG_UUID_2).newRuleName(SR_UUID_2_2)
+ .newMatches(matches).newDirection(DirectionIngress.class).build());
+ List<String> sgList = new ArrayList<>();
+ sgList.add(SG_UUID_1);
+ sgList.add(SG_UUID_2);
+ newAllowedAddressPair(PORT_1, sgList, Collections.singletonList(AAP_PORT_1));
+ newAllowedAddressPair(PORT_2, sgList, Collections.singletonList(AAP_PORT_2));
+
+ AclServiceTestUtils.waitABit(asyncEventsWaiter);
+ newInterfaceWithMultipleAclCheck();
+ Thread.sleep(10000);
+
+ }
+
+ abstract void newInterfaceWithMultipleAclCheck();
+
@Test
public void newInterfaceWithTcpDstAcl() throws Exception {
LOG.info("newInterfaceWithTcpDstAcl - start");
AclConstants.SOURCE_UPPER_PORT_UNSPECIFIED, AclConstants.DEST_LOWER_PORT_HTTP,
AclConstants.DEST_UPPER_PORT_HTTP, AclConstants.SOURCE_REMOTE_IP_PREFIX_UNSPECIFIED,
AclConstants.DEST_REMOTE_IP_PREFIX_SPECIFIED, (short) NwConstants.IP_PROT_TCP);
- dataBrokerUtil.put(ImmutableIdentifiedAceBuilder.builder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_1)
+ dataBrokerUtil.put(new IdentifiedAceBuilder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_1)
.newMatches(matches).newDirection(DirectionEgress.class).newRemoteGroupId(new Uuid(SG_UUID_1)).build());
matches = newMatch(AclConstants.SOURCE_LOWER_PORT_UNSPECIFIED, AclConstants.SOURCE_UPPER_PORT_UNSPECIFIED,
AclConstants.DEST_LOWER_PORT_HTTP, AclConstants.DEST_UPPER_PORT_HTTP,
AclConstants.SOURCE_REMOTE_IP_PREFIX_SPECIFIED, AclConstants.DEST_REMOTE_IP_PREFIX_UNSPECIFIED,
(short) NwConstants.IP_PROT_TCP);
- dataBrokerUtil.put(ImmutableIdentifiedAceBuilder.builder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_2)
+ dataBrokerUtil.put(new IdentifiedAceBuilder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_2)
.newMatches(matches).newDirection(DirectionIngress.class).build());
// When
AclConstants.SOURCE_UPPER_PORT_UNSPECIFIED, AclConstants.DEST_LOWER_PORT_HTTP,
AclConstants.DEST_UPPER_PORT_HTTP, AclConstants.SOURCE_REMOTE_IP_PREFIX_UNSPECIFIED,
AclConstants.DEST_REMOTE_IP_PREFIX_SPECIFIED, (short) NwConstants.IP_PROT_UDP);
- dataBrokerUtil.put(ImmutableIdentifiedAceBuilder.builder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_1)
+ dataBrokerUtil.put(new IdentifiedAceBuilder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_1)
.newMatches(matches).newDirection(DirectionEgress.class).build());
matches = newMatch(AclConstants.SOURCE_LOWER_PORT_UNSPECIFIED, AclConstants.SOURCE_UPPER_PORT_UNSPECIFIED,
AclConstants.SOURCE_REMOTE_IP_PREFIX_SPECIFIED, AclConstants.DEST_REMOTE_IP_PREFIX_UNSPECIFIED,
(short) NwConstants.IP_PROT_UDP);
dataBrokerUtil.put(
- ImmutableIdentifiedAceBuilder.builder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_2).newMatches(matches)
+ new IdentifiedAceBuilder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_2).newMatches(matches)
.newDirection(DirectionIngress.class).newRemoteGroupId(new Uuid(SG_UUID_1)).build());
// When
Matches matches = newMatch(AclConstants.SOURCE_LOWER_PORT_UNSPECIFIED,
AclConstants.SOURCE_UPPER_PORT_UNSPECIFIED, 333, 777, AclConstants.SOURCE_REMOTE_IP_PREFIX_UNSPECIFIED,
AclConstants.DEST_REMOTE_IP_PREFIX_SPECIFIED, (short) NwConstants.IP_PROT_TCP);
- dataBrokerUtil.put(ImmutableIdentifiedAceBuilder.builder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_1)
+ dataBrokerUtil.put(new IdentifiedAceBuilder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_1)
.newMatches(matches).newDirection(DirectionEgress.class).build());
matches = newMatch(AclConstants.SOURCE_LOWER_PORT_UNSPECIFIED, AclConstants.SOURCE_UPPER_PORT_UNSPECIFIED, 2000,
2003, AclConstants.SOURCE_REMOTE_IP_PREFIX_SPECIFIED, AclConstants.DEST_REMOTE_IP_PREFIX_UNSPECIFIED,
(short) NwConstants.IP_PROT_UDP);
- dataBrokerUtil.put(ImmutableIdentifiedAceBuilder.builder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_2)
+ dataBrokerUtil.put(new IdentifiedAceBuilder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_2)
.newMatches(matches).newDirection(DirectionIngress.class).build());
// When
Matches matches = newMatch(AclConstants.SOURCE_LOWER_PORT_UNSPECIFIED,
AclConstants.SOURCE_UPPER_PORT_UNSPECIFIED, 1, 65535, AclConstants.SOURCE_REMOTE_IP_PREFIX_UNSPECIFIED,
AclConstants.DEST_REMOTE_IP_PREFIX_SPECIFIED, (short) NwConstants.IP_PROT_TCP);
- dataBrokerUtil.put(ImmutableIdentifiedAceBuilder.builder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_1)
+ dataBrokerUtil.put(new IdentifiedAceBuilder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_1)
.newMatches(matches).newDirection(DirectionEgress.class).build());
matches = newMatch(AclConstants.SOURCE_LOWER_PORT_UNSPECIFIED, AclConstants.SOURCE_UPPER_PORT_UNSPECIFIED, 1,
65535, AclConstants.SOURCE_REMOTE_IP_PREFIX_SPECIFIED, AclConstants.DEST_REMOTE_IP_PREFIX_UNSPECIFIED,
(short) NwConstants.IP_PROT_UDP);
- dataBrokerUtil.put(ImmutableIdentifiedAceBuilder.builder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_2)
+ dataBrokerUtil.put(new IdentifiedAceBuilder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_2)
.newMatches(matches).newDirection(DirectionIngress.class).build());
// When
AclConstants.DEST_UPPER_PORT_3, AclConstants.SOURCE_REMOTE_IP_PREFIX_SPECIFIED,
AclConstants.DEST_REMOTE_IP_PREFIX_UNSPECIFIED, (short) NwConstants.IP_PROT_ICMP);
- dataBrokerUtil.put(ImmutableIdentifiedAceBuilder.builder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_1)
+ dataBrokerUtil.put(new IdentifiedAceBuilder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_1)
.newMatches(icmpEgressMatches).newDirection(DirectionEgress.class).build());
- dataBrokerUtil.put(ImmutableIdentifiedAceBuilder.builder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_2)
+ dataBrokerUtil.put(new IdentifiedAceBuilder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_2)
.newMatches(icmpIngressMatches).newDirection(DirectionIngress.class).build());
- dataBrokerUtil.put(ImmutableIdentifiedAceBuilder.builder().sgUuid(SG_UUID_2).newRuleName(SR_UUID_2_1)
+ dataBrokerUtil.put(new IdentifiedAceBuilder().sgUuid(SG_UUID_2).newRuleName(SR_UUID_2_1)
.newMatches(icmpEgressMatches).newDirection(DirectionEgress.class).build());
- dataBrokerUtil.put(ImmutableIdentifiedAceBuilder.builder().sgUuid(SG_UUID_2).newRuleName(SR_UUID_2_2)
+ dataBrokerUtil.put(new IdentifiedAceBuilder().sgUuid(SG_UUID_2).newRuleName(SR_UUID_2_2)
.newMatches(icmpIngressMatches).newDirection(DirectionIngress.class).build());
// When
abstract void newInterfaceWithAapIpv4AllCheck();
+ @Test
+ public void newInterfaceWithAap() throws Exception {
+ LOG.info("newInterfaceWithAap test - start");
+
+ // AAP with same MAC and different IP
+ AllowedAddressPairs aapWithSameMac = buildAap("10.0.0.100/32", PORT_MAC_2);
+ // AAP with different MAC and different IP
+ AllowedAddressPairs aapWithDifferentMac = buildAap("10.0.0.101/32", "0D:AA:D8:42:30:A4");
+
+ newAllowedAddressPair(PORT_1, Collections.singletonList(SG_UUID_1), Collections.singletonList(AAP_PORT_1));
+ newAllowedAddressPair(PORT_2, Collections.singletonList(SG_UUID_1),
+ Arrays.asList(AAP_PORT_2, aapWithSameMac, aapWithDifferentMac));
+
+ prepareInterfaceWithIcmpAcl();
+ // When
+ putNewStateInterface(dataBroker, PORT_1, PORT_MAC_1);
+ putNewStateInterface(dataBroker, PORT_2, PORT_MAC_2);
+
+ asyncEventsWaiter.awaitEventsConsumption();
+
+ // Then
+ newInterfaceWithAapCheck();
+ LOG.info("newInterfaceWithAap test - end");
+ }
+
+ abstract void newInterfaceWithAapCheck();
+
protected void assertFlowsInAnyOrder(Iterable<FlowEntity> expectedFlows) {
asyncEventsWaiter.awaitEventsConsumption();
coordinatorEventsWaiter.awaitEventsConsumption();
AclConstants.SOURCE_UPPER_PORT_UNSPECIFIED, AclConstants.DEST_LOWER_PORT_2,
AclConstants.DEST_UPPER_PORT_3, AclConstants.SOURCE_REMOTE_IP_PREFIX_UNSPECIFIED,
AclConstants.DEST_REMOTE_IP_PREFIX_SPECIFIED, (short) NwConstants.IP_PROT_ICMP);
- dataBrokerUtil.put(ImmutableIdentifiedAceBuilder.builder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_1)
+ dataBrokerUtil.put(new IdentifiedAceBuilder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_1)
.newMatches(matches).newDirection(DirectionEgress.class).newRemoteGroupId(new Uuid(SG_UUID_1)).build());
matches = newMatch(AclConstants.SOURCE_LOWER_PORT_UNSPECIFIED, AclConstants.SOURCE_UPPER_PORT_UNSPECIFIED,
AclConstants.DEST_LOWER_PORT_2, AclConstants.DEST_UPPER_PORT_3,
AclConstants.SOURCE_REMOTE_IP_PREFIX_SPECIFIED, AclConstants.DEST_REMOTE_IP_PREFIX_UNSPECIFIED,
(short) NwConstants.IP_PROT_ICMP);
- dataBrokerUtil.put(ImmutableIdentifiedAceBuilder.builder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_2)
+ dataBrokerUtil.put(new IdentifiedAceBuilder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_2)
.newMatches(matches).newDirection(DirectionIngress.class).build());
}
throws TransactionCommitFailedException {
List<Uuid> sgList = sgUuidList.stream().map(Uuid::new).collect(Collectors.toList());
- dataBrokerUtil.put(ImmutableIdentifiedInterfaceWithAclBuilder.builder().interfaceName(portName)
+ dataBrokerUtil.put(new IdentifiedInterfaceWithAclBuilder().interfaceName(portName)
.portSecurity(true).addAllNewSecurityGroups(sgList).addAllIfAllowedAddressPairs(aapList).build());
}
Code Review / netvirt.git / blobdiff