X-Git-Url: https://git.opendaylight.org/gerrit/gitweb?a=blobdiff_plain;f=openstack%2Fnet-virt-providers%2Fsrc%2Ftest%2Fjava%2Forg%2Fopendaylight%2Fovsdb%2Fopenstack%2Fnetvirt%2Fproviders%2Fopenflow13%2Fservices%2FEgressAclServiceTest.java;h=e72b4ce687635d3b1d01dc68f69f4da3b512a8b0;hb=611dda1c6c001dd7c9d92260a7d0fd47f67bb9cd;hp=531c238a159738804f45c1e93eb5832ba5425536;hpb=6f7334ac44799512faf8f4951b78c559aaf78ac4;p=netvirt.git diff --git a/openstack/net-virt-providers/src/test/java/org/opendaylight/ovsdb/openstack/netvirt/providers/openflow13/services/EgressAclServiceTest.java b/openstack/net-virt-providers/src/test/java/org/opendaylight/ovsdb/openstack/netvirt/providers/openflow13/services/EgressAclServiceTest.java index 531c238a15..e72b4ce687 100644 --- a/openstack/net-virt-providers/src/test/java/org/opendaylight/ovsdb/openstack/netvirt/providers/openflow13/services/EgressAclServiceTest.java +++ b/openstack/net-virt-providers/src/test/java/org/opendaylight/ovsdb/openstack/netvirt/providers/openflow13/services/EgressAclServiceTest.java @@ -31,9 +31,10 @@ import org.opendaylight.controller.md.sal.binding.api.DataBroker; import org.opendaylight.controller.md.sal.binding.api.WriteTransaction; import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType; import org.opendaylight.controller.md.sal.common.api.data.TransactionCommitFailedException; -import org.opendaylight.neutron.spi.NeutronSecurityGroup; -import org.opendaylight.neutron.spi.NeutronSecurityRule; -import org.opendaylight.neutron.spi.Neutron_IPs; +import org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronSecurityGroup; +import org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronSecurityRule; +import org.opendaylight.ovsdb.openstack.netvirt.translator.Neutron_IPs; +import org.opendaylight.ovsdb.openstack.netvirt.api.Constants; import org.opendaylight.ovsdb.openstack.netvirt.api.SecurityServicesManager; import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.PipelineOrchestrator; import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.Service; @@ -43,6 +44,8 @@ import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.nodes.N import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.Match; import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.EthernetMatch; import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.Icmpv4Match; +import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._4.match.TcpMatch; +import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._4.match.UdpMatch; import org.opendaylight.yangtools.yang.binding.InstanceIdentifier; import org.powermock.api.mockito.PowerMockito; import org.powermock.modules.junit4.PowerMockRunner; @@ -85,6 +88,8 @@ public class EgressAclServiceTest { private static final String SEGMENT_ID = "2"; private static final Long DP_ID_LONG = (long) 1554; private static final Long LOCAL_PORT = (long) 124; + private static final int PORT_RANGE_MIN = 1; + private static final int PORT_RANGE_MAX = 65535; private static FlowBuilder flowBuilder; private static NodeBuilder nodeBuilder; @@ -314,15 +319,24 @@ public class EgressAclServiceTest { @Test public void testProgramPortSecurityACLRuleAddTcp1() throws Exception { when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp"); - when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50); - when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50); + when(portSecurityRule.getSecurityRulePortMax()).thenReturn(20); + when(portSecurityRule.getSecurityRulePortMin()).thenReturn(20); when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24"); + PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class), + any(NodeBuilder.class)); + egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup, + neutronSrcIpList, true); - egressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,true); + Match match = flowBuilder.getMatch(); + EthernetMatch ethMatch = match.getEthernetMatch(); + Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue()); - verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true)); - verify(writeTransaction, times(1)).submit(); - verify(commitFuture, times(1)).get(); + Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch); + TcpMatch layer4Match=(TcpMatch) match.getLayer4Match(); + Assert.assertEquals(20, layer4Match.getTcpDestinationPort().getValue().intValue()); + int port=portSecurityRule.getSecurityRulePortMin(); + Assert.assertEquals("Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + + "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName()); } /** @@ -331,15 +345,25 @@ public class EgressAclServiceTest { @Test public void testProgramPortSecurityACLRuleRemoveTcp1() throws Exception { when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp"); - when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50); - when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50); + when(portSecurityRule.getSecurityRulePortMax()).thenReturn(30); + when(portSecurityRule.getSecurityRulePortMin()).thenReturn(30); when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24"); + PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class), + any(NodeBuilder.class)); - egressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false); + egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup, + neutronSrcIpList, false); - verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class)); - verify(writeTransaction, times(1)).submit(); - verify(commitFuture, times(1)).get(); + Match match = flowBuilder.getMatch(); + EthernetMatch ethMatch = match.getEthernetMatch(); + Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue()); + + Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch); + TcpMatch layer4Match = (TcpMatch) match.getLayer4Match(); + Assert.assertEquals(30, layer4Match.getTcpDestinationPort().getValue().intValue()); + int port=portSecurityRule.getSecurityRulePortMin(); + Assert.assertEquals("Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + + "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName()); } /** @@ -348,16 +372,31 @@ public class EgressAclServiceTest { @Test public void testProgramPortSecurityACLRuleAddTcp2() throws Exception { when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp"); - when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50); - when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50); - when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24"); + when(portSecurityRule.getSecurityRulePortMax()).thenReturn(40); + when(portSecurityRule.getSecurityRulePortMin()).thenReturn(40); when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5"); + PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class), + any(NodeBuilder.class)); + egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup, + neutronSrcIpList, true); - egressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,true); + Match match = flowBuilder.getMatch(); + EthernetMatch ethMatch = match.getEthernetMatch(); + Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue()); - verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true)); - verify(writeTransaction, times(2)).submit(); - verify(commitFuture, times(2)).get(); + Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch); + TcpMatch layer4Match=(TcpMatch) match.getLayer4Match(); + int port=portSecurityRule.getSecurityRulePortMin(); + String expectedFlowId1 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + DEST_IP_1 + + "_Permit"; + String expectedFlowId2 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + DEST_IP_2 + + "_Permit"; + String actualFlowId = flowBuilder.getFlowName(); + if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) { + Assert.assertTrue(true); + } else { + Assert.assertTrue(false); + } } /** @@ -368,14 +407,138 @@ public class EgressAclServiceTest { when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp"); when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50); when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50); + when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5"); + PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class), + any(NodeBuilder.class)); + + egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup, + neutronSrcIpList, false); + + Match match = flowBuilder.getMatch(); + EthernetMatch ethMatch = match.getEthernetMatch(); + Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue()); + + Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch); + TcpMatch layer4Match=(TcpMatch) match.getLayer4Match(); + int port=portSecurityRule.getSecurityRulePortMin(); + String expectedFlowId1 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_1 + + "_Permit"; + String expectedFlowId2 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_2 + + "_Permit"; + String actualFlowId = flowBuilder.getFlowName(); + if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) { + Assert.assertTrue(true); + } else { + Assert.assertTrue(false); + } + } + + /** + * Test TCP add with port range (All TCP) and CIDR selected. + */ + @Test + public void testProgramPortSecurityACLRuleAddTcpAll1() throws Exception { + when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp"); + when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX); + when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN); when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24"); + PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class), + any(NodeBuilder.class)); + egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup, + neutronSrcIpList, true); + + Match match = flowBuilder.getMatch(); + Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch); + TcpMatch layer4Match=(TcpMatch) match.getLayer4Match(); + EthernetMatch ethMatch = match.getEthernetMatch(); + Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue()); + } + + /** + * Test TCP remove with port range (All TCP) and CIDR selected. + */ + @Test + public void testProgramPortSecurityACLRuleRemoveTcpAll1() throws Exception { + when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp"); + when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX); + when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN); + when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24"); + PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class), + any(NodeBuilder.class)); + + egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup, + neutronSrcIpList, false); + + Match match = flowBuilder.getMatch(); + EthernetMatch ethMatch = match.getEthernetMatch(); + Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue()); + + Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch); + Assert.assertEquals("Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" + + PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName()); + } + + /** + * Test TCP add with port range (All TCP) and remote SG selected. + */ + @Test + public void testProgramPortSecurityACLRuleAddTcpAll2() throws Exception { + when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp"); + when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX); + when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN); when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5"); + PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class), + any(NodeBuilder.class)); + egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup, + neutronSrcIpList, true); - egressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false); + Match match = flowBuilder.getMatch(); + EthernetMatch ethMatch = match.getEthernetMatch(); + Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue()); - verify(writeTransaction, times(2)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class)); - verify(writeTransaction, times(2)).submit(); - verify(commitFuture, times(2)).get(); + Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch); + String expectedFlowId1 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" + + PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit"; + String expectedFlowId2 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" + + PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit"; + String actualFlowId = flowBuilder.getFlowName(); + if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) { + Assert.assertTrue(true); + } else { + Assert.assertTrue(false); + } + } + + /** + * Test TCP remove with port range (All TCP) and remote SG selected. + */ + @Test + public void testProgramPortSecurityACLRuleRemoveTcpAll2() throws Exception { + when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp"); + when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX); + when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN); + when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5"); + PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class), + any(NodeBuilder.class)); + + egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup, + neutronSrcIpList, false); + + Match match = flowBuilder.getMatch(); + EthernetMatch ethMatch = match.getEthernetMatch(); + Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue()); + + Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch); + String expectedFlowId1 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" + + PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit"; + String expectedFlowId2 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" + + PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit"; + String actualFlowId = flowBuilder.getFlowName(); + if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) { + Assert.assertTrue(true); + } else { + Assert.assertTrue(false); + } } /** @@ -387,16 +550,25 @@ public class EgressAclServiceTest { when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50); when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50); when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24"); + PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class), + any(NodeBuilder.class)); + egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup, + neutronSrcIpList, true); - egressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,true); + Match match = flowBuilder.getMatch(); + EthernetMatch ethMatch = match.getEthernetMatch(); + Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue()); - verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true)); - verify(writeTransaction, times(1)).submit(); - verify(commitFuture, times(1)).get(); + Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch); + UdpMatch layer4Match = (UdpMatch) match.getLayer4Match(); + Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue()); + int port = portSecurityRule.getSecurityRulePortMin(); + Assert.assertEquals("Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + + "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName()); } /** - * Test UDP add with port no and CIDR selected. + * Test UDP remove with port no and CIDR selected. */ @Test public void testProgramPortSecurityACLRuleRemoveUdp1() throws Exception { @@ -404,12 +576,21 @@ public class EgressAclServiceTest { when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50); when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50); when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24"); + PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class), + any(NodeBuilder.class)); + egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup, + neutronSrcIpList, false); - egressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false); + Match match = flowBuilder.getMatch(); + EthernetMatch ethMatch = match.getEthernetMatch(); + Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue()); - verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class)); - verify(writeTransaction, times(1)).submit(); - verify(commitFuture, times(1)).get(); + Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch); + UdpMatch layer4Match = (UdpMatch) match.getLayer4Match(); + Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue()); + int port = portSecurityRule.getSecurityRulePortMin(); + Assert.assertEquals("Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + + "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName()); } /** @@ -422,16 +603,33 @@ public class EgressAclServiceTest { when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50); when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24"); when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5"); + PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class), + any(NodeBuilder.class)); + egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup, + neutronSrcIpList, true); - egressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,true); + Match match = flowBuilder.getMatch(); + EthernetMatch ethMatch = match.getEthernetMatch(); + Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue()); - verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true)); - verify(writeTransaction, times(2)).submit(); - verify(commitFuture, times(2)).get(); + Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch); + UdpMatch layer4Match = (UdpMatch) match.getLayer4Match(); + Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue()); + int port = portSecurityRule.getSecurityRulePortMin(); + String expectedFlowId1 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + DEST_IP_1 + + "_Permit"; + String expectedFlowId2 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + DEST_IP_2 + + "_Permit"; + String actualFlowId = flowBuilder.getFlowName(); + if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) { + Assert.assertTrue(true); + } else { + Assert.assertTrue(false); + } } /** - * Test UDP add with port no and remote SG selected. + * Test UDP remove with port no and remote SG selected. */ @Test public void testProgramPortSecurityACLRuleRemoveUdp2() throws Exception { @@ -440,12 +638,138 @@ public class EgressAclServiceTest { when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50); when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24"); when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5"); + PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class), + any(NodeBuilder.class)); + egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup, + neutronSrcIpList, false); - egressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false); + Match match = flowBuilder.getMatch(); + EthernetMatch ethMatch = match.getEthernetMatch(); + Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue()); - verify(writeTransaction, times(2)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class)); - verify(writeTransaction, times(2)).submit(); - verify(commitFuture, times(2)).get(); + Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch); + UdpMatch layer4Match = (UdpMatch) match.getLayer4Match(); + Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue()); + int port = portSecurityRule.getSecurityRulePortMin(); + String expectedFlowId1 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + DEST_IP_1 + + "_Permit"; + String expectedFlowId2 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + DEST_IP_2 + + "_Permit"; + String actualFlowId = flowBuilder.getFlowName(); + if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) { + Assert.assertTrue(true); + } else { + Assert.assertTrue(false); + } + } + + + /** + * Test UDP add with port (All UDP) and CIDR selected. + */ + @Test + public void testProgramPortSecurityACLRuleAddUdpAll1() throws Exception { + when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp"); + when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX); + when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN); + when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24"); + PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class), + any(NodeBuilder.class)); + egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup, + neutronSrcIpList, true); + + Match match = flowBuilder.getMatch(); + EthernetMatch ethMatch = match.getEthernetMatch(); + Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue()); + + Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch); + Assert.assertEquals("Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" + + PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName()); + } + + /** + * Test UDP remove with port (All UDP) and CIDR selected. + */ + @Test + public void testProgramPortSecurityACLRuleRemoveUdpAll1() throws Exception { + when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp"); + when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX); + when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN); + when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24"); + PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class), + any(NodeBuilder.class)); + egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup, + neutronSrcIpList, false); + + Match match = flowBuilder.getMatch(); + EthernetMatch ethMatch = match.getEthernetMatch(); + Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue()); + + Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch); + Assert.assertEquals("Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" + + PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName()); + } + + /** + * Test UDP add with port (All UDP) and remote SG selected. + */ + @Test + public void testProgramPortSecurityACLRuleAddUdpAll2() throws Exception { + when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp"); + when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX); + when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN); + when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5"); + PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class), + any(NodeBuilder.class)); + egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup, + neutronSrcIpList, true); + + Match match = flowBuilder.getMatch(); + EthernetMatch ethMatch = match.getEthernetMatch(); + Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue()); + + Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch); + String expectedFlowId1 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" + + PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit"; + String expectedFlowId2 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" + + PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit"; + String actualFlowId = flowBuilder.getFlowName(); + if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) { + Assert.assertTrue(true); + } else { + Assert.assertTrue(false); + } + } + + /** + * Test UDP remove with port (All UDP) and remote SG selected. + */ + @Test + public void testProgramPortSecurityACLRuleRemoveUdpAll2() throws Exception { + when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp"); + when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX); + when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN); + when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5"); + PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class), + any(NodeBuilder.class)); + egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup, + neutronSrcIpList, false); + + Match match = flowBuilder.getMatch(); + EthernetMatch ethMatch = match.getEthernetMatch(); + Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue()); + + Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch); + String expectedFlowId1 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" + + PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit"; + String expectedFlowId2 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" + + PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit"; + String actualFlowId = flowBuilder.getFlowName(); + if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) { + Assert.assertTrue(true); + } else { + Assert.assertTrue(false); + } } /** @@ -526,9 +850,9 @@ public class EgressAclServiceTest { Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue()); Short type = portSecurityRule.getSecurityRulePortMin().shortValue(); Short code = portSecurityRule.getSecurityRulePortMax().shortValue(); - String expectedFlowId1 = "Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + type + "_" + code + "_" + String expectedFlowId1 = "Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code + "_" + DEST_IP_1 + "_Permit"; - String expectedFlowId2 = "Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + type + "_" + code + "_" + String expectedFlowId2 = "Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code + "_" + DEST_IP_2 + "_Permit"; String actualFlowId = flowBuilder.getFlowName(); if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) { @@ -561,9 +885,9 @@ public class EgressAclServiceTest { Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue()); Short type = portSecurityRule.getSecurityRulePortMin().shortValue(); Short code = portSecurityRule.getSecurityRulePortMax().shortValue(); - String expectedFlowId1 = "Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + type + "_" + code + "_" + String expectedFlowId1 = "Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code + "_" + DEST_IP_1 + "_Permit"; - String expectedFlowId2 = "Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + type + "_" + code + "_" + String expectedFlowId2 = "Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code + "_" + DEST_IP_2 + "_Permit"; String actualFlowId = flowBuilder.getFlowName(); if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {