Acl service needs to handle cases when port security info is not available.
Patch set 2: add unit test
Change-Id: I788d31e4f0001fcf70caa59086d432b01178de1b
Signed-off-by: Flavio Fernandes <ffernand@redhat.com>
* http://docs.openstack.org/api/openstack-network/2.0/content/security_groups.html
*
*/
+
+ if (portSecurityRule == null ||
+ portSecurityRule.getSecurityRuleEthertype() == null ||
+ portSecurityRule.getSecurityRuleDirection() == null) {
+ continue;
+ }
+
if ("IPv4".equals(portSecurityRule.getSecurityRuleEthertype())
&& portSecurityRule.getSecurityRuleDirection().equals("egress")) {
LOG.debug("programPortSecurityGroup: Acl Rule matching IPv4 and ingress is: {} ", portSecurityRule);
*
*/
+ if (portSecurityRule == null ||
+ portSecurityRule.getSecurityRuleEthertype() == null ||
+ portSecurityRule.getSecurityRuleDirection() == null) {
+ continue;
+ }
+
if ("IPv4".equals(portSecurityRule.getSecurityRuleEthertype())
&& "ingress".equals(portSecurityRule.getSecurityRuleDirection())) {
LOG.debug("programPortSecurityGroup: Rule matching IPv4 and ingress is: {} ", portSecurityRule);
verify(commitFuture, times(1)).get();
}
*/
+ /**
+ * Test method {@link EgressAclService#programPortSecurityGroup(java.lang.Long, java.lang.String,
+ * java.lang.String, long, org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronSecurityGroup,
+ * java.lang.String, boolean)} when portSecurityRule is incomplete
+ */
+ @Test
+ public void testProgramPortSecurityGroupWithIncompleteRule() throws Exception {
+ NeutronSecurityRule portSecurityRule1 = mock(NeutronSecurityRule.class);
+ when(portSecurityRule1.getSecurityRuleEthertype()).thenReturn("IPv4");
+ when(portSecurityRule1.getSecurityRuleDirection()).thenReturn("not_egress"); // other direction
+
+ NeutronSecurityRule portSecurityRule2 = mock(NeutronSecurityRule.class);
+ when(portSecurityRule2.getSecurityRuleEthertype()).thenReturn(null);
+ when(portSecurityRule2.getSecurityRuleDirection()).thenReturn("egress");
+
+ NeutronSecurityRule portSecurityRule3 = mock(NeutronSecurityRule.class);
+ when(portSecurityRule3.getSecurityRuleEthertype()).thenReturn("IPv4");
+ when(portSecurityRule3.getSecurityRuleDirection()).thenReturn(null);
+
+ NeutronSecurityRule portSecurityRule4 = mock(NeutronSecurityRule.class);
+ when(portSecurityRule4.getSecurityRuleEthertype()).thenReturn(null);
+ when(portSecurityRule4.getSecurityRuleDirection()).thenReturn(null);
+
+ List<NeutronSecurityRule> portSecurityList = new ArrayList<>();
+ portSecurityList.add(null);
+ portSecurityList.add(portSecurityRule1);
+ portSecurityList.add(portSecurityRule2);
+ portSecurityList.add(portSecurityRule3);
+ portSecurityList.add(portSecurityRule4);
+
+ NeutronSecurityGroup localSecurityGroup = mock(NeutronSecurityGroup.class);
+ when(localSecurityGroup.getSecurityRules()).thenReturn(portSecurityList);
+
+ egressAclServiceSpy.programPortSecurityGroup(DP_ID_LONG, SEGMENT_ID, MAC_ADDRESS, LOCAL_PORT,
+ localSecurityGroup, PORT_UUID, true);
+ }
+
/**
* Test method {@link EgressAclService#egressACLDefaultTcpDrop(Long, String, String, int, boolean)}
*/
verify(commitFuture, times(1)).get();
}
*/
+ /**
+ * Test method {@link EgressAclService#programPortSecurityGroup(java.lang.Long, java.lang.String,
+ * java.lang.String, long, org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronSecurityGroup,
+ * java.lang.String, boolean)} when portSecurityRule is incomplete
+ */
+ @Test
+ public void testProgramPortSecurityGroupWithIncompleteRule() throws Exception {
+ NeutronSecurityRule portSecurityRule1 = mock(NeutronSecurityRule.class);
+ when(portSecurityRule1.getSecurityRuleEthertype()).thenReturn("IPv4");
+ when(portSecurityRule1.getSecurityRuleDirection()).thenReturn("not_ingress"); // other direction
+
+ NeutronSecurityRule portSecurityRule2 = mock(NeutronSecurityRule.class);
+ when(portSecurityRule2.getSecurityRuleEthertype()).thenReturn(null);
+ when(portSecurityRule2.getSecurityRuleDirection()).thenReturn("ingress");
+
+ NeutronSecurityRule portSecurityRule3 = mock(NeutronSecurityRule.class);
+ when(portSecurityRule3.getSecurityRuleEthertype()).thenReturn("IPv4");
+ when(portSecurityRule3.getSecurityRuleDirection()).thenReturn(null);
+
+ NeutronSecurityRule portSecurityRule4 = mock(NeutronSecurityRule.class);
+ when(portSecurityRule4.getSecurityRuleEthertype()).thenReturn(null);
+ when(portSecurityRule4.getSecurityRuleDirection()).thenReturn(null);
+
+ List<NeutronSecurityRule> portSecurityList = new ArrayList<>();
+ portSecurityList.add(null);
+ portSecurityList.add(portSecurityRule1);
+ portSecurityList.add(portSecurityRule2);
+ portSecurityList.add(portSecurityRule3);
+ portSecurityList.add(portSecurityRule4);
+
+ NeutronSecurityGroup localSecurityGroup = mock(NeutronSecurityGroup.class);
+ when(localSecurityGroup.getSecurityRules()).thenReturn(portSecurityList);
+
+ ingressAclServiceSpy.programPortSecurityGroup(
+ Long.valueOf(1554), "2", MAC_ADDRESS, 124, localSecurityGroup, PORT_UUID, false);
+ }
+
/**
* Test IPv4 add test case.
*/
Code Review / netvirt.git / commitdiff