private static final int DHCP_SOURCE_PORT = 67;
private static final int DHCP_DESTINATION_PORT = 68;
private static final String HOST_MASK = "/32";
+ private static final int PORT_RANGE_MIN = 1;
+ private static final int PORT_RANGE_MAX = 65535;
public EgressAclService() {
super(Service.EGRESS_ACL);
NeutronSecurityRule portSecurityRule, String dstAddress,
boolean write, Integer protoPortMatchPriority) {
MatchBuilder matchBuilder = new MatchBuilder();
- String flowId = "Egress_Custom_Tcp" + segmentationId + "_" + srcMac + "_";
+ String flowId = "Egress_TCP_" + segmentationId + "_" + srcMac + "_";
matchBuilder = MatchUtils.createEtherMatchWithType(matchBuilder,srcMac,null);
+
+ /* Custom TCP Match */
if (portSecurityRule.getSecurityRulePortMin().equals(portSecurityRule.getSecurityRulePortMax())) {
- flowId = flowId + portSecurityRule.getSecurityRulePortMin();
+ flowId = flowId + portSecurityRule.getSecurityRulePortMin() + "_";
matchBuilder = MatchUtils.addLayer4Match(matchBuilder, MatchUtils.TCP_SHORT, 0,
portSecurityRule.getSecurityRulePortMin());
} else {
+ /* All TCP Match */
+ if(portSecurityRule.getSecurityRulePortMin().equals(PORT_RANGE_MIN)
+ && portSecurityRule.getSecurityRulePortMax().equals(PORT_RANGE_MAX)) {
+ flowId = flowId + portSecurityRule.getSecurityRulePortMin() + "_" +
+ portSecurityRule.getSecurityRulePortMax()+ "_";
+ matchBuilder = MatchUtils.addLayer4Match(matchBuilder, MatchUtils.TCP_SHORT, 0, 0);
+ }
/*TODO TCP PortRange Match*/
}
new Ipv4Prefix(portSecurityRule
.getSecurityRuleRemoteIpPrefix()));
}
- flowId = flowId + "_Permit_";
+ flowId = flowId + "_Permit";
String nodeName = Constants.OPENFLOW_NODE_PREFIX + dpidLong;
NodeBuilder nodeBuilder = createNodeBuilder(nodeName);
syncFlow(flowId, nodeBuilder, matchBuilder, protoPortMatchPriority, write, false);
boolean write, Integer protoPortMatchPriority) {
MatchBuilder matchBuilder = new MatchBuilder();
- String flowId = "Eress_UDP" + segmentationId + "_" + srcMac + "_";
+ String flowId = "Egress_UDP_" + segmentationId + "_" + srcMac + "_";
matchBuilder = MatchUtils.createEtherMatchWithType(matchBuilder,srcMac,null);
+
+ /* Custom UDP Match */
if (portSecurityRule.getSecurityRulePortMin().equals(portSecurityRule.getSecurityRulePortMax())) {
- flowId = flowId + portSecurityRule.getSecurityRulePortMin();
+ flowId = flowId + portSecurityRule.getSecurityRulePortMin() + "_";
matchBuilder = MatchUtils.addLayer4Match(matchBuilder, MatchUtils.UDP_SHORT, 0,
portSecurityRule.getSecurityRulePortMin());
} else {
+ /* All UDP Match */
+ if(portSecurityRule.getSecurityRulePortMin().equals(PORT_RANGE_MIN)
+ && portSecurityRule.getSecurityRulePortMax().equals(PORT_RANGE_MAX)) {
+ flowId = flowId + portSecurityRule.getSecurityRulePortMin() + "_" +
+ portSecurityRule.getSecurityRulePortMax()+ "_";
+ matchBuilder = MatchUtils.addLayer4Match(matchBuilder, MatchUtils.UDP_SHORT, 0, 0);
+ }
/*TODO UDP PortRange Match*/
}
new Ipv4Prefix(portSecurityRule
.getSecurityRuleRemoteIpPrefix()));
}
- flowId = flowId + "_Permit_";
+ flowId = flowId + "_Permit";
String nodeName = Constants.OPENFLOW_NODE_PREFIX + dpidLong;
NodeBuilder nodeBuilder = createNodeBuilder(nodeName);
syncFlow(flowId, nodeBuilder, matchBuilder, protoPortMatchPriority, write, false);
private static final Logger LOG = LoggerFactory.getLogger(IngressAclService.class);
private volatile SecurityServicesManager securityServicesManager;
+ private static final int PORT_RANGE_MIN = 1;
+ private static final int PORT_RANGE_MAX = 65535;
public IngressAclService() {
super(Service.INGRESS_ACL);
MatchBuilder matchBuilder = new MatchBuilder();
FlowBuilder flowBuilder = new FlowBuilder();
- String flowId = "Ingress_Custom_Tcp" + segmentationId + "_" + dstMac + "_";
+ String flowId = "Ingress_TCP_" + segmentationId + "_" + dstMac + "_";
matchBuilder = MatchUtils.createEtherMatchWithType(matchBuilder,null,dstMac);
+
+ /* Custom TCP Match*/
if (portSecurityRule.getSecurityRulePortMin().equals(portSecurityRule.getSecurityRulePortMax())) {
- flowId = flowId + portSecurityRule.getSecurityRulePortMin();
+ flowId = flowId + portSecurityRule.getSecurityRulePortMin() + "_";
matchBuilder = MatchUtils.addLayer4Match(matchBuilder, MatchUtils.TCP_SHORT, 0,
portSecurityRule.getSecurityRulePortMin());
} else {
+ /* All TCP Match */
+ if(portSecurityRule.getSecurityRulePortMin().equals(PORT_RANGE_MIN)
+ && portSecurityRule.getSecurityRulePortMax().equals(PORT_RANGE_MAX)) {
+ flowId = flowId + portSecurityRule.getSecurityRulePortMin() + "_" +
+ portSecurityRule.getSecurityRulePortMax()+ "_";
+ matchBuilder = MatchUtils.addLayer4Match(matchBuilder, MatchUtils.TCP_SHORT, 0, 0);
+ }
/*TODO TCP PortRange Match*/
}
}
String nodeName = Constants.OPENFLOW_NODE_PREFIX + dpidLong;
NodeBuilder nodeBuilder = createNodeBuilder(nodeName);
- flowId = flowId + "_Permit_";
+ flowId = flowId + "_Permit";
syncFlow(flowId, nodeBuilder, matchBuilder, protoPortMatchPriority, write, false);
}
NeutronSecurityRule portSecurityRule, String srcAddress,
boolean write, Integer protoPortMatchPriority ) {
MatchBuilder matchBuilder = new MatchBuilder();
- String flowId = "ingressAclUDP" + segmentationId + "_" + dstMac + "_";
+ String flowId = "Ingress_UDP_" + segmentationId + "_" + dstMac + "_";
matchBuilder = MatchUtils.createEtherMatchWithType(matchBuilder,null,dstMac);
+
+ /* Custom UDP Match */
if (portSecurityRule.getSecurityRulePortMin().equals(portSecurityRule.getSecurityRulePortMax())) {
- flowId = flowId + portSecurityRule.getSecurityRulePortMin();
+ flowId = flowId + portSecurityRule.getSecurityRulePortMin() + "_";
matchBuilder = MatchUtils.addLayer4Match(matchBuilder, MatchUtils.UDP_SHORT, 0,
portSecurityRule.getSecurityRulePortMin());
} else {
+ /* All UDP Match */
+ if(portSecurityRule.getSecurityRulePortMin().equals(PORT_RANGE_MIN)
+ && portSecurityRule.getSecurityRulePortMax().equals(PORT_RANGE_MAX)) {
+ flowId = flowId + portSecurityRule.getSecurityRulePortMin() + "_" +
+ portSecurityRule.getSecurityRulePortMax()+ "_";
+ matchBuilder = MatchUtils.addLayer4Match(matchBuilder, MatchUtils.UDP_SHORT, 0, 0);
+ }
/*TODO TCP PortRange Match*/
}
}
String nodeName = Constants.OPENFLOW_NODE_PREFIX + dpidLong;
NodeBuilder nodeBuilder = createNodeBuilder(nodeName);
- flowId = flowId + "_Permit_";
+ flowId = flowId + "_Permit";
syncFlow(flowId, nodeBuilder, matchBuilder, protoPortMatchPriority, write, false);
}
import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.Match;
import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.EthernetMatch;
import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.Icmpv4Match;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._4.match.TcpMatch;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._4.match.UdpMatch;
import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
import org.powermock.api.mockito.PowerMockito;
import org.powermock.modules.junit4.PowerMockRunner;
private static final String SEGMENT_ID = "2";
private static final Long DP_ID_LONG = (long) 1554;
private static final Long LOCAL_PORT = (long) 124;
+ private static final int PORT_RANGE_MIN = 1;
+ private static final int PORT_RANGE_MAX = 65535;
private static FlowBuilder flowBuilder;
private static NodeBuilder nodeBuilder;
@Test
public void testProgramPortSecurityACLRuleAddTcp1() throws Exception {
when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
- when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
- when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
+ when(portSecurityRule.getSecurityRulePortMax()).thenReturn(20);
+ when(portSecurityRule.getSecurityRulePortMin()).thenReturn(20);
when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
+ PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+ egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
+ neutronSrcIpList, true);
- egressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,true);
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
- verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
- verify(writeTransaction, times(1)).submit();
- verify(commitFuture, times(1)).get();
+ Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
+ TcpMatch layer4Match=(TcpMatch) match.getLayer4Match();
+ Assert.assertEquals(20, layer4Match.getTcpDestinationPort().getValue().intValue());
+ int port=portSecurityRule.getSecurityRulePortMin();
+ Assert.assertEquals("Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
+ "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
}
/**
@Test
public void testProgramPortSecurityACLRuleRemoveTcp1() throws Exception {
when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
- when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
- when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
+ when(portSecurityRule.getSecurityRulePortMax()).thenReturn(30);
+ when(portSecurityRule.getSecurityRulePortMin()).thenReturn(30);
when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
+ PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
- egressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false);
+ egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
+ neutronSrcIpList, false);
- verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
- verify(writeTransaction, times(1)).submit();
- verify(commitFuture, times(1)).get();
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
+
+ Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
+ TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
+ Assert.assertEquals(30, layer4Match.getTcpDestinationPort().getValue().intValue());
+ int port=portSecurityRule.getSecurityRulePortMin();
+ Assert.assertEquals("Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
+ "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
}
/**
@Test
public void testProgramPortSecurityACLRuleAddTcp2() throws Exception {
when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
- when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
- when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
- when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
+ when(portSecurityRule.getSecurityRulePortMax()).thenReturn(40);
+ when(portSecurityRule.getSecurityRulePortMin()).thenReturn(40);
when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
+ PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+ egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
+ neutronSrcIpList, true);
- egressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,true);
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
- verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
- verify(writeTransaction, times(2)).submit();
- verify(commitFuture, times(2)).get();
+ Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
+ TcpMatch layer4Match=(TcpMatch) match.getLayer4Match();
+ int port=portSecurityRule.getSecurityRulePortMin();
+ String expectedFlowId1 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + DEST_IP_1 +
+ "_Permit";
+ String expectedFlowId2 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + DEST_IP_2 +
+ "_Permit";
+ String actualFlowId = flowBuilder.getFlowName();
+ if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
+ Assert.assertTrue(true);
+ } else {
+ Assert.assertTrue(false);
+ }
}
/**
when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
+ when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
+ PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+
+ egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
+ neutronSrcIpList, false);
+
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
+
+ Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
+ TcpMatch layer4Match=(TcpMatch) match.getLayer4Match();
+ int port=portSecurityRule.getSecurityRulePortMin();
+ String expectedFlowId1 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_1 +
+ "_Permit";
+ String expectedFlowId2 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_2 +
+ "_Permit";
+ String actualFlowId = flowBuilder.getFlowName();
+ if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
+ Assert.assertTrue(true);
+ } else {
+ Assert.assertTrue(false);
+ }
+ }
+
+ /**
+ * Test TCP add with port range (All TCP) and CIDR selected.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleAddTcpAll1() throws Exception {
+ when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
+ when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
+ when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
+ PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+ egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
+ neutronSrcIpList, true);
+
+ Match match = flowBuilder.getMatch();
+ Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
+ TcpMatch layer4Match=(TcpMatch) match.getLayer4Match();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
+ }
+
+ /**
+ * Test TCP remove with port range (All TCP) and CIDR selected.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleRemoveTcpAll1() throws Exception {
+ when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
+ when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
+ when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
+ when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
+ PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+
+ egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
+ neutronSrcIpList, false);
+
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
+
+ Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
+ Assert.assertEquals("Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
+ PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
+ }
+
+ /**
+ * Test TCP add with port range (All TCP) and remote SG selected.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleAddTcpAll2() throws Exception {
+ when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
+ when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
+ when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
+ PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+ egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
+ neutronSrcIpList, true);
- egressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false);
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
- verify(writeTransaction, times(2)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
- verify(writeTransaction, times(2)).submit();
- verify(commitFuture, times(2)).get();
+ Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
+ String expectedFlowId1 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
+ PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
+ String expectedFlowId2 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
+ PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
+ String actualFlowId = flowBuilder.getFlowName();
+ if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
+ Assert.assertTrue(true);
+ } else {
+ Assert.assertTrue(false);
+ }
+ }
+
+ /**
+ * Test TCP remove with port range (All TCP) and remote SG selected.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleRemoveTcpAll2() throws Exception {
+ when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
+ when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
+ when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
+ when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
+ PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+
+ egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
+ neutronSrcIpList, false);
+
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
+
+ Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
+ String expectedFlowId1 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
+ PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
+ String expectedFlowId2 = "Egress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
+ PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
+ String actualFlowId = flowBuilder.getFlowName();
+ if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
+ Assert.assertTrue(true);
+ } else {
+ Assert.assertTrue(false);
+ }
}
/**
when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
+ PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+ egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
+ neutronSrcIpList, true);
- egressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,true);
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
- verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
- verify(writeTransaction, times(1)).submit();
- verify(commitFuture, times(1)).get();
+ Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
+ UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
+ Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
+ int port = portSecurityRule.getSecurityRulePortMin();
+ Assert.assertEquals("Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
+ "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
}
/**
- * Test UDP add with port no and CIDR selected.
+ * Test UDP remove with port no and CIDR selected.
*/
@Test
public void testProgramPortSecurityACLRuleRemoveUdp1() throws Exception {
when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
+ PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+ egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
+ neutronSrcIpList, false);
- egressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false);
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
- verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
- verify(writeTransaction, times(1)).submit();
- verify(commitFuture, times(1)).get();
+ Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
+ UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
+ Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
+ int port = portSecurityRule.getSecurityRulePortMin();
+ Assert.assertEquals("Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
+ "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
}
/**
when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
+ PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+ egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
+ neutronSrcIpList, true);
- egressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,true);
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
- verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
- verify(writeTransaction, times(2)).submit();
- verify(commitFuture, times(2)).get();
+ Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
+ UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
+ Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
+ int port = portSecurityRule.getSecurityRulePortMin();
+ String expectedFlowId1 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + DEST_IP_1 +
+ "_Permit";
+ String expectedFlowId2 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + DEST_IP_2 +
+ "_Permit";
+ String actualFlowId = flowBuilder.getFlowName();
+ if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
+ Assert.assertTrue(true);
+ } else {
+ Assert.assertTrue(false);
+ }
}
/**
- * Test UDP add with port no and remote SG selected.
+ * Test UDP remove with port no and remote SG selected.
*/
@Test
public void testProgramPortSecurityACLRuleRemoveUdp2() throws Exception {
when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
+ PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+ egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
+ neutronSrcIpList, false);
- egressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false);
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
- verify(writeTransaction, times(2)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
- verify(writeTransaction, times(2)).submit();
- verify(commitFuture, times(2)).get();
+ Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
+ UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
+ Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
+ int port = portSecurityRule.getSecurityRulePortMin();
+ String expectedFlowId1 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + DEST_IP_1 +
+ "_Permit";
+ String expectedFlowId2 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + port + "_" + DEST_IP_2 +
+ "_Permit";
+ String actualFlowId = flowBuilder.getFlowName();
+ if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
+ Assert.assertTrue(true);
+ } else {
+ Assert.assertTrue(false);
+ }
+ }
+
+
+ /**
+ * Test UDP add with port (All UDP) and CIDR selected.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleAddUdpAll1() throws Exception {
+ when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
+ when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
+ when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
+ when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
+ PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+ egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
+ neutronSrcIpList, true);
+
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
+
+ Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
+ Assert.assertEquals("Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
+ PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
+ }
+
+ /**
+ * Test UDP remove with port (All UDP) and CIDR selected.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleRemoveUdpAll1() throws Exception {
+ when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
+ when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
+ when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
+ when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
+ PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+ egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
+ neutronSrcIpList, false);
+
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
+
+ Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
+ Assert.assertEquals("Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
+ PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
+ }
+
+ /**
+ * Test UDP add with port (All UDP) and remote SG selected.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleAddUdpAll2() throws Exception {
+ when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
+ when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
+ when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
+ when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
+ PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+ egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
+ neutronSrcIpList, true);
+
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
+
+ Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
+ String expectedFlowId1 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
+ PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
+ String expectedFlowId2 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
+ PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
+ String actualFlowId = flowBuilder.getFlowName();
+ if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
+ Assert.assertTrue(true);
+ } else {
+ Assert.assertTrue(false);
+ }
+ }
+
+ /**
+ * Test UDP remove with port (All UDP) and remote SG selected.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleRemoveUdpAll2() throws Exception {
+ when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
+ when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
+ when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
+ when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
+ PowerMockito.doAnswer(answer()).when(egressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+ egressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
+ neutronSrcIpList, false);
+
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
+
+ Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
+ String expectedFlowId1 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
+ PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
+ String expectedFlowId2 = "Egress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
+ PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
+ String actualFlowId = flowBuilder.getFlowName();
+ if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
+ Assert.assertTrue(true);
+ } else {
+ Assert.assertTrue(false);
+ }
}
/**
Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
- String expectedFlowId1 = "Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + type + "_" + code + "_"
+ String expectedFlowId1 = "Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code + "_"
+ DEST_IP_1 + "_Permit";
- String expectedFlowId2 = "Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + type + "_" + code + "_"
+ String expectedFlowId2 = "Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code + "_"
+ DEST_IP_2 + "_Permit";
String actualFlowId = flowBuilder.getFlowName();
if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetSource().getAddress().getValue());
Short type = portSecurityRule.getSecurityRulePortMin().shortValue();
Short code = portSecurityRule.getSecurityRulePortMax().shortValue();
- String expectedFlowId1 = "Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + type + "_" + code + "_"
+ String expectedFlowId1 = "Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code + "_"
+ DEST_IP_1 + "_Permit";
- String expectedFlowId2 = "Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + type + "_" + code + "_"
+ String expectedFlowId2 = "Egress_ICMP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + type + "_" + code + "_"
+ DEST_IP_2 + "_Permit";
String actualFlowId = flowBuilder.getFlowName();
if(actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.Match;
import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.EthernetMatch;
import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.Icmpv4Match;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._4.match.TcpMatch;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._4.match.UdpMatch;
import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
import org.powermock.api.mockito.PowerMockito;
import org.powermock.modules.junit4.PowerMockRunner;
private static final String SEGMENT_ID = "2";
private static final Long DP_ID_LONG = (long) 1554;
private static final Long LOCAL_PORT = (long) 124;
+ private static final int PORT_RANGE_MIN = 1;
+ private static final int PORT_RANGE_MAX = 65535;
private static FlowBuilder flowBuilder;
private static NodeBuilder nodeBuilder;
@Test
public void testProgramPortSecurityACLRuleAddTcp1() throws Exception {
when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
- when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
- when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
+ when(portSecurityRule.getSecurityRulePortMax()).thenReturn(20);
+ when(portSecurityRule.getSecurityRulePortMin()).thenReturn(20);
when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
+ PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
- ingressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,true);
+ ingressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
+ neutronSrcIpList, true);
- verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
- verify(writeTransaction, times(1)).submit();
- verify(commitFuture, times(1)).get();
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
+
+ Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
+ TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
+ Assert.assertEquals(20, layer4Match.getTcpDestinationPort().getValue().intValue());
+ int port = portSecurityRule.getSecurityRulePortMin();
+ Assert.assertEquals("Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
+ "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
}
/**
@Test
public void testProgramPortSecurityACLRuleRemoveTcp1() throws Exception {
when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
- when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
- when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
+ when(portSecurityRule.getSecurityRulePortMax()).thenReturn(15);
+ when(portSecurityRule.getSecurityRulePortMin()).thenReturn(15);
when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
+ PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
- ingressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false);
+ ingressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
+ neutronSrcIpList, false);
- verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
- verify(writeTransaction, times(1)).submit();
- verify(commitFuture, times(1)).get();
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
+
+ Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
+ TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
+ Assert.assertEquals(15, layer4Match.getTcpDestinationPort().getValue().intValue());
+ int port = portSecurityRule.getSecurityRulePortMin();
+ Assert.assertEquals("Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
+ "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
}
/**
when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
+ PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+ ingressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
+ neutronSrcIpList, true);
- ingressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,true);
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
- verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
- verify(writeTransaction, times(2)).submit();
- verify(commitFuture, times(2)).get();
+ Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
+ TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
+ Assert.assertEquals(50, layer4Match.getTcpDestinationPort().getValue().intValue());
+ int port = portSecurityRule.getSecurityRulePortMin();
+ String expectedFlowId1 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_1 +
+ "_Permit";
+ String expectedFlowId2 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_2 +
+ "_Permit";
+ String actualFlowId = flowBuilder.getFlowName();
+ if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
+ Assert.assertTrue(true);
+ } else {
+ Assert.assertTrue(false);
+ }
}
/**
when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
+ PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
- ingressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false);
+ ingressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
+ neutronSrcIpList, false);
- verify(writeTransaction, times(2)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
- verify(writeTransaction, times(2)).submit();
- verify(commitFuture, times(2)).get();
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
+
+ Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
+ TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
+ Assert.assertEquals(50, layer4Match.getTcpDestinationPort().getValue().intValue());
+ int port = portSecurityRule.getSecurityRulePortMin();
+ String expectedFlowId1 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_1 +
+ "_Permit";
+ String expectedFlowId2 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_2 +
+ "_Permit";
+ String actualFlowId = flowBuilder.getFlowName();
+ if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
+ Assert.assertTrue(true);
+ } else {
+ Assert.assertTrue(false);
+ }
+ }
+
+
+ /**
+ * Test TCP add with port (All TCP) and CIDR selected.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleAddTcpAll1() throws Exception {
+ when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
+ when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
+ when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
+ when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
+ PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+
+ ingressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
+ neutronSrcIpList, true);
+
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
+
+ Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
+ Assert.assertEquals("Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
+ PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
+ }
+
+ /**
+ * Test TCP remove with port (All TCP) and CIDR selected.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleRemoveTcpAll1() throws Exception {
+ when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
+ when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
+ when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
+ when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
+ PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+
+ ingressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
+ neutronSrcIpList, false);
+
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
+
+ Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
+ Assert.assertEquals("Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
+ PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
+ }
+
+ /**
+ * Test TCP add with port (All TCP) and remote SG selected.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleAddTcpAll2() throws Exception {
+ when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
+ when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
+ when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
+ when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
+ PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+ ingressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
+ neutronSrcIpList, true);
+
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
+
+ Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
+ String expectedFlowId1 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
+ PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
+ String expectedFlowId2 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
+ PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
+ String actualFlowId = flowBuilder.getFlowName();
+ if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
+ Assert.assertTrue(true);
+ } else {
+ Assert.assertTrue(false);
+ }
+ }
+
+ /**
+ * Test TCP remove with port (All TCP) and remote SG selected.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleRemoveTcpAll2() throws Exception {
+ when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("tcp");
+ when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
+ when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
+ when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
+ PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+
+ ingressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
+ neutronSrcIpList, false);
+
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
+
+ Assert.assertTrue(match.getLayer4Match() instanceof TcpMatch);
+ TcpMatch layer4Match = (TcpMatch) match.getLayer4Match();
+ String expectedFlowId1 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + PORT_RANGE_MIN + "_" +
+ PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
+ String expectedFlowId2 = "Ingress_TCP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + PORT_RANGE_MIN + "_" +
+ PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
+ String actualFlowId = flowBuilder.getFlowName();
+ if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
+ Assert.assertTrue(true);
+ } else {
+ Assert.assertTrue(false);
+ }
}
/**
when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
+ PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
- ingressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,true);
+ ingressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
+ neutronSrcIpList, true);
- verify(writeTransaction, times(2)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
- verify(writeTransaction, times(1)).submit();
- verify(commitFuture, times(1)).get();
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
+
+ Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
+ UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
+ Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
+ int port = portSecurityRule.getSecurityRulePortMin();
+ Assert.assertEquals("Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
+ "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
}
/**
- * Test UDP add with port no and CIDR selected.
+ * Test UDP remove with port no and CIDR selected.
*/
@Test
public void testProgramPortSecurityACLRuleRemoveUdp1() throws Exception {
when(portSecurityRule.getSecurityRulePortMax()).thenReturn(50);
when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
+ PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
- ingressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false);
+ ingressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
+ neutronSrcIpList, false);
- verify(writeTransaction, times(1)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
- verify(writeTransaction, times(1)).submit();
- verify(commitFuture, times(1)).get();
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
+
+ Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
+ UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
+ Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
+ int port = portSecurityRule.getSecurityRulePortMin();
+ Assert.assertEquals("Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +
+ "_" + port + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
}
/**
when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
+ PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+ ingressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
+ neutronSrcIpList, true);
- ingressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,true);
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
- verify(writeTransaction, times(4)).put(any(LogicalDatastoreType.class), any(InstanceIdentifier.class), any(Node.class), eq(true));
- verify(writeTransaction, times(2)).submit();
- verify(commitFuture, times(2)).get();
+ Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
+ UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
+ Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
+ int port = portSecurityRule.getSecurityRulePortMin();
+ String expectedFlowId1 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_1 +
+ "_Permit";
+ String expectedFlowId2 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_2 +
+ "_Permit";
+ String actualFlowId = flowBuilder.getFlowName();
+ if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
+ Assert.assertTrue(true);
+ } else {
+ Assert.assertTrue(false);
+ }
}
/**
- * Test UDP add with port no and remote SG selected.
+ * Test UDP remove with port no and remote SG selected.
*/
@Test
public void testProgramPortSecurityACLRuleRemoveUdp2() throws Exception {
when(portSecurityRule.getSecurityRulePortMin()).thenReturn(50);
when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
+ PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+ ingressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
+ neutronSrcIpList, false);
- ingressAclServiceSpy.programPortSecurityAcl(Long.valueOf(1554), "2", MAC_ADDRESS, 124, securityGroup,neutronSrcIpList,false);
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
- verify(writeTransaction, times(2)).delete(any(LogicalDatastoreType.class), any(InstanceIdentifier.class));
- verify(writeTransaction, times(2)).submit();
- verify(commitFuture, times(2)).get();
+ Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
+ UdpMatch layer4Match = (UdpMatch) match.getLayer4Match();
+ Assert.assertEquals(50, layer4Match.getUdpDestinationPort().getValue().intValue());
+ int port = portSecurityRule.getSecurityRulePortMin();
+ String expectedFlowId1 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_1 +
+ "_Permit";
+ String expectedFlowId2 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + port + "_" + DEST_IP_2 +
+ "_Permit";
+ String actualFlowId = flowBuilder.getFlowName();
+ if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
+ Assert.assertTrue(true);
+ } else {
+ Assert.assertTrue(false);
+ }
+ }
+
+ /**
+ * Test UDP add with ports (All UDP) and CIDR selected.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleAddUdpAll1() throws Exception {
+ when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
+ when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
+ when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
+ when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
+ PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+
+ ingressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
+ neutronSrcIpList, true);
+
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
+
+ Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
+ Assert.assertEquals("Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
+ PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
+ }
+
+ /**
+ * Test UDP remove with ports (All UDP) and CIDR selected.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleRemoveUdpAll1() throws Exception {
+ when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
+ when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
+ when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
+ when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
+ PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+
+ ingressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
+ neutronSrcIpList, false);
+
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
+
+ Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
+ Assert.assertEquals("Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS + "_" + PORT_RANGE_MIN + "_" +
+ PORT_RANGE_MAX + "_0.0.0.0/24_Permit", flowBuilder.getFlowName());
+ }
+
+ /**
+ * Test UDP add with ports (All UDP) and remote SG selected.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleAddUdpAll2() throws Exception {
+ when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
+ when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
+ when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
+ when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
+ when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
+ PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "writeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+ ingressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
+ neutronSrcIpList, true);
+
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
+
+ Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
+ String expectedFlowId1 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + PORT_RANGE_MIN + "_" +
+ PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
+ String expectedFlowId2 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + PORT_RANGE_MIN + "_" +
+ PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
+ String actualFlowId = flowBuilder.getFlowName();
+ if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
+ Assert.assertTrue(true);
+ } else {
+ Assert.assertTrue(false);
+ }
+ }
+
+ /**
+ * Test UDP remove with ports (All UDP) and remote SG selected.
+ */
+ @Test
+ public void testProgramPortSecurityACLRuleRemoveUdpAll2() throws Exception {
+ when(portSecurityRule.getSecurityRuleProtocol()).thenReturn("udp");
+ when(portSecurityRule.getSecurityRulePortMax()).thenReturn(PORT_RANGE_MAX);
+ when(portSecurityRule.getSecurityRulePortMin()).thenReturn(PORT_RANGE_MIN);
+ when(portSecurityRule.getSecurityRuleRemoteIpPrefix()).thenReturn("0.0.0.0/24");
+ when(portSecurityRule.getSecurityRemoteGroupID()).thenReturn("85cc3048-abc3-43cc-89b3-377341426ac5");
+ PowerMockito.doAnswer(answer()).when(ingressAclServiceSpy, "removeFlow", any(FlowBuilder.class),
+ any(NodeBuilder.class));
+ ingressAclServiceSpy.programPortSecurityAcl(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT, securityGroup,
+ neutronSrcIpList, false);
+
+ Match match = flowBuilder.getMatch();
+ EthernetMatch ethMatch = match.getEthernetMatch();
+ Assert.assertEquals(MAC_ADDRESS, ethMatch.getEthernetDestination().getAddress().getValue());
+
+ Assert.assertTrue(match.getLayer4Match() instanceof UdpMatch);
+ String expectedFlowId1 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + PORT_RANGE_MIN + "_" +
+ PORT_RANGE_MAX + "_" + DEST_IP_1 + "_Permit";
+ String expectedFlowId2 = "Ingress_UDP_" + SEGMENT_ID + "_" + MAC_ADDRESS +"_" + PORT_RANGE_MIN + "_" +
+ PORT_RANGE_MAX + "_" + DEST_IP_2 + "_Permit";
+ String actualFlowId = flowBuilder.getFlowName();
+ if (actualFlowId.equals(expectedFlowId1) || actualFlowId.equals(expectedFlowId2)) {
+ Assert.assertTrue(true);
+ } else {
+ Assert.assertTrue(false);
+ }
}
/**
Code Review / netvirt.git / commitdiff