From 020a1c4490b8fcacef7052103c04366b873c6da3 Mon Sep 17 00:00:00 2001 From: Marek Gradzki Date: Tue, 24 Jan 2017 09:21:06 +0100 Subject: Fix mac-ip acl assignment read Now unassigned acls are filtered out. As a bonus acl plugin coverage was raised above 80%. Change-Id: Ia71be2086d0baadfbffc1f1263bab67f555c0687 Signed-off-by: Marek Gradzki --- .../fd/hc2vpp/acl/read/VppMacIpAclCustomizer.java | 36 +++-- .../hc2vpp/acl/util/protocol/IpProtocolReader.java | 3 +- .../io/fd/hc2vpp/acl/read/AclCustomizerTest.java | 101 +++++++++++++ .../hc2vpp/acl/read/VppMacIpAclCustomizerTest.java | 25 +++- .../protocol/ProtoPreBindRuleProducerTest.java | 138 ----------------- .../acl/util/protocol/ProtocolParsingTest.java | 164 +++++++++++++++++++++ .../acl/write/InterfaceAclCustomizerTest.java | 60 +++++++- .../acl/write/InterfaceAclMacipCustomizerTest.java | 98 ++++++++++++ 8 files changed, 461 insertions(+), 164 deletions(-) delete mode 100644 acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/util/protocol/ProtoPreBindRuleProducerTest.java create mode 100644 acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/util/protocol/ProtocolParsingTest.java create mode 100644 acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/write/InterfaceAclMacipCustomizerTest.java diff --git a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/read/VppMacIpAclCustomizer.java b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/read/VppMacIpAclCustomizer.java index b95acf82d..7ebe99b10 100644 --- a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/read/VppMacIpAclCustomizer.java +++ b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/read/VppMacIpAclCustomizer.java @@ -19,6 +19,7 @@ package io.fd.hc2vpp.acl.read; import static io.fd.hc2vpp.acl.read.AbstractVppAclCustomizer.getAclCfgId; import static io.fd.honeycomb.translate.util.read.cache.EntityDumpExecutor.NO_PARAMS; +import com.google.common.annotations.VisibleForTesting; import com.google.common.base.Optional; import io.fd.hc2vpp.acl.util.AclContextManager; import io.fd.hc2vpp.acl.util.FutureJVppAclCustomizer; @@ -56,6 +57,8 @@ public class VppMacIpAclCustomizer extends FutureJVppAclCustomizer implements InitializingReaderCustomizer, JvppReplyConsumer, ByteDataTranslator { private static final Logger LOG = LoggerFactory.getLogger(VppMacIpAclCustomizer.class); + @VisibleForTesting + protected static final int ACL_NOT_ASSIGNED = -1; private final DumpCacheManager macIpAclDumpManager; private final DumpCacheManager interfaceMacIpAclDumpManager; @@ -121,24 +124,25 @@ public class VppMacIpAclCustomizer extends FutureJVppAclCustomizer if (interfacesMacIpDumpReply.isPresent() && interfaceIndex < interfacesMacIpDumpReply.get().count) { final int aclIndex = interfacesMacIpDumpReply.get().acls[interfaceIndex]; - - final Optional macIpDumpReply = - macIpAclDumpManager.getDump(id, modificationCache, aclIndex); - - if (macIpDumpReply.isPresent() && !macIpDumpReply.get().macipAclDetails.isEmpty()) { - builder.setName(macIpAclContext.getAclName(aclIndex, mappingContext)); - builder.setType( - org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.VppMacipAcl.class); - } else { - // this is invalid state(Interface in VPP will act as "deny-all" for security reasons), but generally - // it should not happen - throw new ReadFailedException(id, - new IllegalStateException(String.format("ACE with index %s not found in VPP", aclIndex))); + if (aclIndex != ACL_NOT_ASSIGNED) { + final Optional macIpDumpReply = + macIpAclDumpManager.getDump(id, modificationCache, aclIndex); + + if (macIpDumpReply.isPresent() && !macIpDumpReply.get().macipAclDetails.isEmpty()) { + builder.setName(macIpAclContext.getAclName(aclIndex, mappingContext)); + builder.setType( + org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.VppMacipAcl.class); + return; + } else { + // this is invalid state(Interface in VPP will act as "deny-all" for security reasons), but generally + // it should not happen + throw new ReadFailedException(id, + new IllegalStateException(String.format("ACE with index %s not found in VPP", aclIndex))); + } } - } else { - // this is valid state, so just logging - LOG.debug("No Mac-ip ACL specified for Interface name={},index={}", interfaceName, interfaceIndex); } + // this is valid state, so just logging + LOG.debug("No Mac-ip ACL specified for Interface name={},index={}", interfaceName, interfaceIndex); } @Override diff --git a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/util/protocol/IpProtocolReader.java b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/util/protocol/IpProtocolReader.java index 767baef3d..b1a43793f 100644 --- a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/util/protocol/IpProtocolReader.java +++ b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/util/protocol/IpProtocolReader.java @@ -36,6 +36,7 @@ import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl. import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.acl.ip.protocol.header.fields.ip.protocol.IcmpBuilder; import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.acl.ip.protocol.header.fields.ip.protocol.IcmpV6; import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.acl.ip.protocol.header.fields.ip.protocol.IcmpV6Builder; +import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.acl.ip.protocol.header.fields.ip.protocol.Other; import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.acl.ip.protocol.header.fields.ip.protocol.OtherBuilder; import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.acl.ip.protocol.header.fields.ip.protocol.Tcp; import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.acl.ip.protocol.header.fields.ip.protocol.TcpBuilder; @@ -131,7 +132,7 @@ public interface IpProtocolReader { return new IcmpV6Builder().setIcmpV6Nodes(nodes.build()).build(); } - private static IpProtocol parse(final AclRule rule) { + private static Other parse(final AclRule rule) { final OtherNodesBuilder nodes = new OtherNodesBuilder(); nodes.setProtocol((short) Short.toUnsignedInt(rule.proto)); return new OtherBuilder().setOtherNodes(nodes.build()).build(); diff --git a/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/read/AclCustomizerTest.java b/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/read/AclCustomizerTest.java index 7c86025fb..375c8e22e 100644 --- a/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/read/AclCustomizerTest.java +++ b/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/read/AclCustomizerTest.java @@ -16,23 +16,60 @@ package io.fd.hc2vpp.acl.read; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertTrue; +import static org.mockito.ArgumentMatchers.any; +import static org.mockito.Mockito.when; + import io.fd.hc2vpp.acl.util.AclContextManager; import io.fd.hc2vpp.common.test.read.InitializingListReaderCustomizerTest; +import io.fd.honeycomb.translate.read.ReadFailedException; +import io.fd.vpp.jvpp.acl.dto.AclDetails; +import io.fd.vpp.jvpp.acl.dto.AclDetailsReplyDump; +import io.fd.vpp.jvpp.acl.dto.MacipAclDetails; +import io.fd.vpp.jvpp.acl.dto.MacipAclDetailsReplyDump; import io.fd.vpp.jvpp.acl.future.FutureJVppAclFacade; +import io.fd.vpp.jvpp.acl.types.AclRule; +import io.fd.vpp.jvpp.acl.types.MacipAclRule; +import java.util.ArrayList; +import java.util.List; +import org.junit.Test; import org.mockito.Mock; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.AccessLists; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.AccessListsBuilder; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.Acl; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.AclBuilder; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.AclKey; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.Ace; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.actions.packet.handling.Deny; +import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.VppAcl; +import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.VppMacipAcl; +import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.access.lists.acl.access.list.entries.ace.matches.ace.type.VppAce; +import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.access.lists.acl.access.list.entries.ace.matches.ace.type.vpp.ace.VppAceNodes; +import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.acl.ip.protocol.header.fields.ip.protocol.Other; +import org.opendaylight.yangtools.yang.binding.InstanceIdentifier; +import org.opendaylight.yangtools.yang.binding.KeyedInstanceIdentifier; public class AclCustomizerTest extends InitializingListReaderCustomizerTest { + private static final String ACL_NAME = "vpp-acl"; + private static final String ACE_NAME = "vpp-ace"; + private static final int ACL_INDEX = 123; + private static final String MACIP_ACL_NAME = "vpp-macip-acl"; + private static final String MACIP_ACE_NAME = "vpp-macip-ace"; + private static final int MACIP_ACL_INDEX = 456; + private static final short PROTOCOL = 2; @Mock private FutureJVppAclFacade aclApi; @Mock private AclContextManager standardAclContext; @Mock private AclContextManager macipAclContext; + private KeyedInstanceIdentifier ACL_IID = + InstanceIdentifier.create(AccessLists.class).child(Acl.class, new AclKey( + ACL_NAME, VppAcl.class)); + private KeyedInstanceIdentifier MACIP_ACL_IID = + InstanceIdentifier.create(AccessLists.class).child(Acl.class, new AclKey(MACIP_ACL_NAME, VppMacipAcl.class)); public AclCustomizerTest() { super(Acl.class, AccessListsBuilder.class); @@ -42,4 +79,68 @@ public class AclCustomizerTest extends InitializingListReaderCustomizerTest(); + final AclDetails acl1 = new AclDetails(); + acl1.r = new AclRule[1]; + acl1.r[0] = new AclRule(); + acl1.r[0].proto = PROTOCOL; + acl1.aclIndex = ACL_INDEX; + aclDump.aclDetails.add(acl1); + when(aclApi.aclDump(any())).thenReturn(future(aclDump)); + + final MacipAclDetailsReplyDump macipAclDump = new MacipAclDetailsReplyDump(); + macipAclDump.macipAclDetails = new ArrayList<>(); + final MacipAclDetails macipAcl1 = new MacipAclDetails(); + macipAcl1.r = new MacipAclRule[]{new MacipAclRule()}; + macipAcl1.aclIndex = MACIP_ACL_INDEX; + macipAclDump.macipAclDetails.add(macipAcl1); + when(aclApi.macipAclDump(any())).thenReturn(future(macipAclDump)); + + when(standardAclContext.getAclName(ACL_INDEX, mappingContext)).thenReturn(ACL_NAME); + when(standardAclContext.getAclIndex(ACL_NAME, mappingContext)).thenReturn(ACL_INDEX); + when(standardAclContext.getAceName(ACL_NAME, 0, mappingContext)).thenReturn(ACE_NAME); + + when(macipAclContext.getAclName(MACIP_ACL_INDEX, mappingContext)).thenReturn(MACIP_ACL_NAME); + when(macipAclContext.getAclIndex(MACIP_ACL_NAME, mappingContext)).thenReturn(MACIP_ACL_INDEX); + when(macipAclContext.getAceName(MACIP_ACL_NAME, 0, mappingContext)).thenReturn(MACIP_ACE_NAME); + } + + @Test + public void testGetAllIds() throws ReadFailedException { + final List allIds = getCustomizer().getAllIds(InstanceIdentifier.create(AccessLists.class).child(Acl.class), ctx); + assertEquals(2, allIds.size()); + assertEquals(ACL_IID.getKey(), allIds.get(0)); + assertEquals(MACIP_ACL_IID.getKey(), allIds.get(1)); + } + + @Test + public void testReadStandardAcl() throws ReadFailedException { + final AclBuilder builder = new AclBuilder(); + getCustomizer().readCurrentAttributes(ACL_IID, builder, ctx); + assertEquals(ACL_IID.getKey(), builder.getKey()); + final List aces = builder.getAccessListEntries().getAce(); + assertEquals(1, aces.size()); + final Ace ace = aces.get(0); + assertEquals(ACE_NAME, ace.getKey().getRuleName()); + assertTrue(ace.getActions().getPacketHandling() instanceof Deny); + final VppAceNodes nodes = ((VppAce) (ace.getMatches().getAceType())).getVppAceNodes(); + assertEquals(PROTOCOL, ((Other) nodes.getIpProtocol()).getOtherNodes().getProtocol().shortValue()); + + } + + @Test + public void testReadMacipAcl() throws ReadFailedException { + final AclBuilder builder = new AclBuilder(); + getCustomizer().readCurrentAttributes(MACIP_ACL_IID, builder, ctx); + assertEquals(MACIP_ACL_IID.getKey(), builder.getKey()); + final List aces = builder.getAccessListEntries().getAce(); + assertEquals(1, aces.size()); + final Ace ace = aces.get(0); + assertEquals(MACIP_ACE_NAME, ace.getKey().getRuleName()); + assertTrue(ace.getActions().getPacketHandling() instanceof Deny); + } } \ No newline at end of file diff --git a/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/read/VppMacIpAclCustomizerTest.java b/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/read/VppMacIpAclCustomizerTest.java index e298800ce..c770f14f1 100644 --- a/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/read/VppMacIpAclCustomizerTest.java +++ b/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/read/VppMacIpAclCustomizerTest.java @@ -16,6 +16,7 @@ package io.fd.hc2vpp.acl.read; +import static io.fd.hc2vpp.acl.read.VppMacIpAclCustomizer.ACL_NOT_ASSIGNED; import static io.fd.hc2vpp.acl.read.AbstractVppAclCustomizerTest.getAclId; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotNull; @@ -86,7 +87,7 @@ public class VppMacIpAclCustomizerTest extends InitializingReaderCustomizerTest< final MacipAclInterfaceGetReply assignedAcls = new MacipAclInterfaceGetReply(); assignedAcls.count = 2; - assignedAcls.acls = new int[] {-1, ACL_ID}; + assignedAcls.acls = new int[] {ACL_NOT_ASSIGNED, ACL_ID}; when(aclApi.macipAclInterfaceGet(any())).thenReturn(future(assignedAcls)); final MacipAclDump request = new MacipAclDump(); @@ -102,6 +103,28 @@ public class VppMacIpAclCustomizerTest extends InitializingReaderCustomizerTest< verify(builder).setType(ACL_TYPE); } + @Test + public void testReadNotAssigned() throws ReadFailedException { + final VppMacipAclBuilder builder = mock(VppMacipAclBuilder.class); + + final MacipAclInterfaceGetReply assignedAcls = new MacipAclInterfaceGetReply(); + // pretending we have 3 interfaces, IF_NAME does not have MacipAcl assigned + assignedAcls.count = 3; + assignedAcls.acls = new int[] {ACL_NOT_ASSIGNED, ACL_NOT_ASSIGNED, ACL_ID}; + when(aclApi.macipAclInterfaceGet(any())).thenReturn(future(assignedAcls)); + + final MacipAclDump request = new MacipAclDump(); + request.aclIndex = ACL_ID; + final MacipAclDetailsReplyDump reply = new MacipAclDetailsReplyDump(); + final MacipAclDetails details = new MacipAclDetails(); + details.aclIndex = ACL_ID; + reply.macipAclDetails.add(details); + when(aclApi.macipAclDump(request)).thenReturn(future(reply)); + + getCustomizer().readCurrentAttributes(getIid(IF_NAME), builder, ctx); + verifyZeroInteractions(builder); + } + @Test public void testReadNoAcls() throws ReadFailedException { final VppMacipAclBuilder builder = mock(VppMacipAclBuilder.class); diff --git a/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/util/protocol/ProtoPreBindRuleProducerTest.java b/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/util/protocol/ProtoPreBindRuleProducerTest.java deleted file mode 100644 index eb177f10b..000000000 --- a/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/util/protocol/ProtoPreBindRuleProducerTest.java +++ /dev/null @@ -1,138 +0,0 @@ -/* - * Copyright (c) 2016 Cisco and/or its affiliates. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at: - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package io.fd.hc2vpp.acl.util.protocol; - -import static org.junit.Assert.assertEquals; - -import io.fd.hc2vpp.acl.AclTestSchemaContext; -import io.fd.honeycomb.test.tools.HoneycombTestRunner; -import io.fd.honeycomb.test.tools.annotations.InjectTestData; -import io.fd.vpp.jvpp.acl.types.AclRule; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.AccessLists; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.access.lists.acl.access.list.entries.ace.matches.ace.type.VppAce; - -@RunWith(HoneycombTestRunner.class) -public class ProtoPreBindRuleProducerTest implements ProtoPreBindRuleProducer, AclTestSchemaContext { - private static final byte IGNORE_PROTOCOL = 0; - - //TODO - remove after resolving how to address identity from different model in textual yang instance identifier - private VppAce extractAce(AccessLists accessLists) { - return VppAce.class - .cast(accessLists.getAcl().get(0).getAccessListEntries().getAce().get(0).getMatches().getAceType()); - } - - @Test - public void testIcmpRule(@InjectTestData(resourcePath = "/rules/icmp-rule.json") AccessLists acls) { - final AclRule icmpRule = createPreBindRule(extractAce(acls)); - - assertEquals(1, icmpRule.proto); - assertEquals(5, icmpRule.srcportOrIcmptypeFirst); - assertEquals(8, icmpRule.srcportOrIcmptypeLast); - assertEquals(1, icmpRule.dstportOrIcmpcodeFirst); - assertEquals(3, icmpRule.dstportOrIcmpcodeLast); - assertEquals(0, icmpRule.tcpFlagsMask); - assertEquals(0, icmpRule.tcpFlagsValue); - } - - - @Test - public void testIcmpv6Rule(@InjectTestData(resourcePath = "/rules/icmp-v6-rule.json") AccessLists acls) { - final AclRule icmpv6Rule = createPreBindRule(extractAce(acls)); - - assertEquals(58, icmpv6Rule.proto); - assertEquals(5, icmpv6Rule.srcportOrIcmptypeFirst); - assertEquals(8, icmpv6Rule.srcportOrIcmptypeLast); - assertEquals(1, icmpv6Rule.dstportOrIcmpcodeFirst); - assertEquals(3, icmpv6Rule.dstportOrIcmpcodeLast); - assertEquals(0, icmpv6Rule.tcpFlagsMask); - assertEquals(0, icmpv6Rule.tcpFlagsValue); - } - - @Test - public void testTcpRule(@InjectTestData(resourcePath = "/rules/tcp-rule.json") AccessLists acls) { - final AclRule tcpRule = createPreBindRule(extractAce(acls)); - assertEquals(6, tcpRule.proto); - assertEquals(1, tcpRule.srcportOrIcmptypeFirst); - assertEquals(5487, tcpRule.srcportOrIcmptypeLast); - assertEquals(87, tcpRule.dstportOrIcmpcodeFirst); - assertEquals(6745, tcpRule.dstportOrIcmpcodeLast); - assertEquals(1, tcpRule.tcpFlagsMask); - assertEquals(7, tcpRule.tcpFlagsValue); - } - - @Test - public void testTcpRuleNoFlags(@InjectTestData(resourcePath = "/rules/tcp-rule-no-flags.json") AccessLists acls) { - final AclRule tcpRule = createPreBindRule(extractAce(acls)); - assertEquals(6, tcpRule.proto); - assertEquals(123, tcpRule.srcportOrIcmptypeFirst); - assertEquals(123, tcpRule.srcportOrIcmptypeLast); - assertEquals((short)65000, tcpRule.dstportOrIcmpcodeFirst); - assertEquals((short)65000, tcpRule.dstportOrIcmpcodeLast); - assertEquals(0, tcpRule.tcpFlagsMask); - assertEquals(0, tcpRule.tcpFlagsValue); - } - - @Test - public void testSourcePortRangeNotGiven() { - AclRule rule = new AclRule(); - ProtoPreBindRuleProducer.bindSourcePortRange(rule, null); - assertEquals(0, rule.srcportOrIcmptypeFirst); - assertEquals(MAX_PORT_NUMBER, rule.srcportOrIcmptypeLast); - } - - @Test - public void testDestinationPortRangeNotGiven() { - AclRule rule = new AclRule(); - ProtoPreBindRuleProducer.bindDestinationPortRange(rule, null); - assertEquals(0, rule.dstportOrIcmpcodeFirst); - assertEquals(MAX_PORT_NUMBER, rule.dstportOrIcmpcodeLast); - } - - @Test - public void testUdpRule(@InjectTestData(resourcePath = "/rules/udp-rule.json") AccessLists acls) { - final AclRule udpRule = createPreBindRule(extractAce(acls)); - assertEquals(17, udpRule.proto); - assertEquals(1, udpRule.srcportOrIcmptypeFirst); - assertEquals(5487, udpRule.srcportOrIcmptypeLast); - assertEquals(87, udpRule.dstportOrIcmpcodeFirst); - assertEquals(6745, udpRule.dstportOrIcmpcodeLast); - assertEquals(0, udpRule.tcpFlagsMask); - assertEquals(0, udpRule.tcpFlagsValue); - } - - @Test - public void testOtherRule(@InjectTestData(resourcePath = "/rules/other-rule.json") AccessLists acls) { - final AclRule icmpRule = createPreBindRule(extractAce(acls)); - assertEquals(64, icmpRule.proto); - assertEquals(0, icmpRule.srcportOrIcmptypeFirst); - assertEquals((short) 65535, icmpRule.srcportOrIcmptypeLast); - assertEquals(0, icmpRule.dstportOrIcmpcodeFirst); - assertEquals((short) 65535, icmpRule.dstportOrIcmpcodeLast); - assertEquals(0, icmpRule.tcpFlagsMask); - assertEquals(0, icmpRule.tcpFlagsValue); - } - - @Test - public void tesProtocolNotSpecified(@InjectTestData(resourcePath = "/rules/no-protocol-rule.json") AccessLists acls) { - final AclRule noProtocolRule = createPreBindRule(extractAce(acls)); - - assertEquals(IGNORE_PROTOCOL, noProtocolRule.proto); - } - -} \ No newline at end of file diff --git a/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/util/protocol/ProtocolParsingTest.java b/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/util/protocol/ProtocolParsingTest.java new file mode 100644 index 000000000..048602580 --- /dev/null +++ b/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/util/protocol/ProtocolParsingTest.java @@ -0,0 +1,164 @@ +/* + * Copyright (c) 2016 Cisco and/or its affiliates. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.fd.hc2vpp.acl.util.protocol; + +import static org.junit.Assert.assertEquals; + +import io.fd.hc2vpp.acl.AclTestSchemaContext; +import io.fd.honeycomb.test.tools.HoneycombTestRunner; +import io.fd.honeycomb.test.tools.annotations.InjectTestData; +import io.fd.vpp.jvpp.acl.types.AclRule; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.AccessLists; +import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.access.lists.acl.access.list.entries.ace.matches.ace.type.VppAce; +import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.acl.ip.protocol.header.fields.ip.protocol.Icmp; +import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.acl.ip.protocol.header.fields.ip.protocol.IcmpV6; +import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.acl.ip.protocol.header.fields.ip.protocol.Other; +import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.acl.ip.protocol.header.fields.ip.protocol.Tcp; +import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.acl.ip.protocol.header.fields.ip.protocol.Udp; + +@RunWith(HoneycombTestRunner.class) +public class ProtocolParsingTest implements ProtoPreBindRuleProducer, IpProtocolReader, AclTestSchemaContext { + private static final byte IGNORE_PROTOCOL = 0; + + //TODO - remove after resolving how to address identity from different model in textual yang instance identifier + private VppAce extractAce(AccessLists accessLists) { + return VppAce.class + .cast(accessLists.getAcl().get(0).getAccessListEntries().getAce().get(0).getMatches().getAceType()); + } + + @Test + public void testIcmpRule(@InjectTestData(resourcePath = "/rules/icmp-rule.json") AccessLists acls) { + final AclRule icmpRule = createPreBindRule(extractAce(acls)); + + assertEquals(1, icmpRule.proto); + assertEquals(0, icmpRule.tcpFlagsMask); + assertEquals(0, icmpRule.tcpFlagsValue); + + final Icmp protocol = (Icmp)parseProtocol(icmpRule); + assertEquals(5, protocol.getIcmpNodes().getIcmpTypeRange().getFirst().shortValue()); + assertEquals(8, protocol.getIcmpNodes().getIcmpTypeRange().getLast().shortValue()); + assertEquals(1, protocol.getIcmpNodes().getIcmpCodeRange().getFirst().shortValue()); + assertEquals(3, protocol.getIcmpNodes().getIcmpCodeRange().getLast().shortValue()); + } + + @Test + public void testIcmpv6Rule(@InjectTestData(resourcePath = "/rules/icmp-v6-rule.json") AccessLists acls) { + final AclRule icmpv6Rule = createPreBindRule(extractAce(acls)); + + assertEquals(58, icmpv6Rule.proto); + assertEquals(5, icmpv6Rule.srcportOrIcmptypeFirst); + assertEquals(8, icmpv6Rule.srcportOrIcmptypeLast); + assertEquals(1, icmpv6Rule.dstportOrIcmpcodeFirst); + assertEquals(3, icmpv6Rule.dstportOrIcmpcodeLast); + assertEquals(0, icmpv6Rule.tcpFlagsMask); + assertEquals(0, icmpv6Rule.tcpFlagsValue); + + final IcmpV6 protocol = (IcmpV6)parseProtocol(icmpv6Rule); + assertEquals(5, protocol.getIcmpV6Nodes().getIcmpTypeRange().getFirst().shortValue()); + assertEquals(8, protocol.getIcmpV6Nodes().getIcmpTypeRange().getLast().shortValue()); + assertEquals(1, protocol.getIcmpV6Nodes().getIcmpCodeRange().getFirst().shortValue()); + assertEquals(3, protocol.getIcmpV6Nodes().getIcmpCodeRange().getLast().shortValue()); + } + + @Test + public void testTcpRule(@InjectTestData(resourcePath = "/rules/tcp-rule.json") AccessLists acls) { + final AclRule tcpRule = createPreBindRule(extractAce(acls)); + assertEquals(6, tcpRule.proto); + assertEquals(1, tcpRule.tcpFlagsMask); + assertEquals(7, tcpRule.tcpFlagsValue); + + final Tcp protocol = (Tcp)parseProtocol(tcpRule); + assertEquals(1, protocol.getTcpNodes().getSourcePortRange().getLowerPort().getValue().intValue()); + assertEquals(5487, protocol.getTcpNodes().getSourcePortRange().getUpperPort().getValue().intValue()); + assertEquals(87, protocol.getTcpNodes().getDestinationPortRange().getLowerPort().getValue().intValue()); + assertEquals(6745, protocol.getTcpNodes().getDestinationPortRange().getUpperPort().getValue().intValue()); + } + + @Test + public void testTcpRuleNoFlags(@InjectTestData(resourcePath = "/rules/tcp-rule-no-flags.json") AccessLists acls) { + final AclRule tcpRule = createPreBindRule(extractAce(acls)); + assertEquals(6, tcpRule.proto); + assertEquals(123, tcpRule.srcportOrIcmptypeFirst); + assertEquals(123, tcpRule.srcportOrIcmptypeLast); + assertEquals((short)65000, tcpRule.dstportOrIcmpcodeFirst); + assertEquals((short)65000, tcpRule.dstportOrIcmpcodeLast); + assertEquals(0, tcpRule.tcpFlagsMask); + assertEquals(0, tcpRule.tcpFlagsValue); + + final Tcp protocol = (Tcp)parseProtocol(tcpRule); + assertEquals(123, protocol.getTcpNodes().getSourcePortRange().getLowerPort().getValue().intValue()); + assertEquals(123, protocol.getTcpNodes().getSourcePortRange().getUpperPort().getValue().intValue()); + assertEquals(65000, protocol.getTcpNodes().getDestinationPortRange().getLowerPort().getValue().intValue()); + assertEquals(65000, protocol.getTcpNodes().getDestinationPortRange().getUpperPort().getValue().intValue()); + } + + @Test + public void testSourcePortRangeNotGiven() { + AclRule rule = new AclRule(); + ProtoPreBindRuleProducer.bindSourcePortRange(rule, null); + assertEquals(0, rule.srcportOrIcmptypeFirst); + assertEquals(MAX_PORT_NUMBER, rule.srcportOrIcmptypeLast); + } + + @Test + public void testDestinationPortRangeNotGiven() { + AclRule rule = new AclRule(); + ProtoPreBindRuleProducer.bindDestinationPortRange(rule, null); + assertEquals(0, rule.dstportOrIcmpcodeFirst); + assertEquals(MAX_PORT_NUMBER, rule.dstportOrIcmpcodeLast); + } + + @Test + public void testUdpRule(@InjectTestData(resourcePath = "/rules/udp-rule.json") AccessLists acls) { + final AclRule udpRule = createPreBindRule(extractAce(acls)); + assertEquals(17, udpRule.proto); + assertEquals(0, udpRule.tcpFlagsMask); + assertEquals(0, udpRule.tcpFlagsValue); + + final Udp protocol = (Udp)parseProtocol(udpRule); + assertEquals(1, protocol.getUdpNodes().getSourcePortRange().getLowerPort().getValue().intValue()); + assertEquals(5487, protocol.getUdpNodes().getSourcePortRange().getUpperPort().getValue().intValue()); + assertEquals(87, protocol.getUdpNodes().getDestinationPortRange().getLowerPort().getValue().intValue()); + assertEquals(6745, protocol.getUdpNodes().getDestinationPortRange().getUpperPort().getValue().intValue()); + } + + @Test + public void testOtherRule(@InjectTestData(resourcePath = "/rules/other-rule.json") AccessLists acls) { + final AclRule rule = createPreBindRule(extractAce(acls)); + final int protocolNumber = 64; + assertEquals(protocolNumber, rule.proto); + assertEquals(0, rule.srcportOrIcmptypeFirst); + assertEquals((short) 65535, rule.srcportOrIcmptypeLast); + assertEquals(0, rule.dstportOrIcmpcodeFirst); + assertEquals((short) 65535, rule.dstportOrIcmpcodeLast); + assertEquals(0, rule.tcpFlagsMask); + assertEquals(0, rule.tcpFlagsValue); + + final Other protocol = (Other)parseProtocol(rule); + assertEquals(protocolNumber, protocol.getOtherNodes().getProtocol().shortValue()); + } + + @Test + public void tesProtocolNotSpecified(@InjectTestData(resourcePath = "/rules/no-protocol-rule.json") AccessLists acls) { + final AclRule noProtocolRule = createPreBindRule(extractAce(acls)); + + assertEquals(IGNORE_PROTOCOL, noProtocolRule.proto); + } + +} \ No newline at end of file diff --git a/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/write/InterfaceAclCustomizerTest.java b/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/write/InterfaceAclCustomizerTest.java index cd261970e..465351c40 100644 --- a/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/write/InterfaceAclCustomizerTest.java +++ b/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/write/InterfaceAclCustomizerTest.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2016 Cisco and/or its affiliates. + * Copyright (c) 2017 Cisco and/or its affiliates. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,35 +16,79 @@ package io.fd.hc2vpp.acl.write; +import static org.mockito.ArgumentMatchers.any; +import static org.mockito.Mockito.verify; +import static org.mockito.Mockito.when; + import io.fd.hc2vpp.acl.AclTestSchemaContext; +import io.fd.hc2vpp.acl.util.AclContextManager; import io.fd.hc2vpp.common.test.write.WriterCustomizerTest; +import io.fd.hc2vpp.common.translate.util.NamingContext; +import io.fd.vpp.jvpp.acl.dto.AclInterfaceSetAclList; +import io.fd.vpp.jvpp.acl.dto.AclInterfaceSetAclListReply; import io.fd.vpp.jvpp.acl.future.FutureJVppAclFacade; import org.junit.Test; import org.mockito.Mock; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.Interfaces; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.Interface; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.InterfaceKey; +import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.VppAclInterfaceAugmentation; +import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.Acl; +import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.AclBuilder; +import org.opendaylight.yangtools.yang.binding.InstanceIdentifier; public class InterfaceAclCustomizerTest extends WriterCustomizerTest implements AclTestSchemaContext { + private static final String IFC_CTX_NAME = "ifc-test-instance"; + private static final String IFACE_NAME = "eth0"; + private static final int IFACE_ID = 123; + @Mock private FutureJVppAclFacade aclApi; + @Mock + private AclContextManager standardAclContext; + + private InterfaceAclCustomizer customizer; + private NamingContext interfaceContext; + private InstanceIdentifier ACL_ID = InstanceIdentifier.create(Interfaces.class) + .child(Interface.class, new InterfaceKey(IFACE_NAME)).augmentation(VppAclInterfaceAugmentation.class).child(Acl.class); @Override protected void setUpTest() throws Exception { - + defineMapping(mappingContext, IFACE_NAME, IFACE_ID, IFC_CTX_NAME); + interfaceContext = new NamingContext("generatedIfaceName", IFC_CTX_NAME); + customizer = new InterfaceAclCustomizer(aclApi, interfaceContext, standardAclContext); + when(aclApi.aclInterfaceSetAclList(any())).thenReturn(future(new AclInterfaceSetAclListReply())); } @Test - public void writeCurrentAttributes() throws Exception { - + public void testWrite() throws Exception { + final Acl acl = new AclBuilder().build(); + customizer.writeCurrentAttributes(ACL_ID, acl, writeContext); + final AclInterfaceSetAclList list = new AclInterfaceSetAclList(); + list.swIfIndex = IFACE_ID; + list.acls = new int[]{}; + verify(aclApi).aclInterfaceSetAclList(list); } @Test - public void updateCurrentAttributes() throws Exception { - + public void testUpdate() throws Exception { + final Acl acl = new AclBuilder().build(); + customizer.updateCurrentAttributes(ACL_ID, acl, acl, writeContext); + final AclInterfaceSetAclList list = new AclInterfaceSetAclList(); + list.swIfIndex = IFACE_ID; + list.acls = new int[]{}; + verify(aclApi).aclInterfaceSetAclList(list); } @Test - public void deleteCurrentAttributes() throws Exception { - + public void testDelete() throws Exception { + final Acl acl = new AclBuilder().build(); + customizer.deleteCurrentAttributes(ACL_ID, acl, writeContext); + final AclInterfaceSetAclList list = new AclInterfaceSetAclList(); + list.swIfIndex = IFACE_ID; + list.acls = new int[]{}; + verify(aclApi).aclInterfaceSetAclList(list); } } \ No newline at end of file diff --git a/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/write/InterfaceAclMacipCustomizerTest.java b/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/write/InterfaceAclMacipCustomizerTest.java new file mode 100644 index 000000000..5bf66d894 --- /dev/null +++ b/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/write/InterfaceAclMacipCustomizerTest.java @@ -0,0 +1,98 @@ +/* + * Copyright (c) 2017 Cisco and/or its affiliates. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.fd.hc2vpp.acl.write; + +import static org.mockito.ArgumentMatchers.any; +import static org.mockito.Mockito.verify; +import static org.mockito.Mockito.when; + +import io.fd.hc2vpp.acl.AclTestSchemaContext; +import io.fd.hc2vpp.acl.util.AclContextManager; +import io.fd.hc2vpp.common.test.write.WriterCustomizerTest; +import io.fd.hc2vpp.common.translate.util.NamingContext; +import io.fd.honeycomb.translate.write.WriteFailedException; +import io.fd.vpp.jvpp.acl.dto.MacipAclInterfaceAddDel; +import io.fd.vpp.jvpp.acl.dto.MacipAclInterfaceAddDelReply; +import io.fd.vpp.jvpp.acl.future.FutureJVppAclFacade; +import org.junit.Test; +import org.mockito.Mock; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.Interfaces; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.Interface; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.InterfaceKey; +import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.VppAclInterfaceAugmentation; +import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.Acl; +import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.acl.Ingress; +import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.vpp.macip.acls.base.attributes.VppMacipAcl; +import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.vpp.macip.acls.base.attributes.VppMacipAclBuilder; +import org.opendaylight.yangtools.yang.binding.InstanceIdentifier; + +public class InterfaceAclMacipCustomizerTest extends WriterCustomizerTest implements AclTestSchemaContext { + + private static final String IFC_CTX_NAME = "ifc-test-instance"; + private static final String IFACE_NAME = "eth0"; + private static final int IFACE_ID = 123; + private static final String ACL_NAME = "macip_acl"; + private static final int ACL_ID = 111; + + @Mock + private FutureJVppAclFacade aclApi; + @Mock + private AclContextManager macipAclContext; + + private InterfaceAclMacIpCustomizer customizer; + private NamingContext interfaceContext; + private InstanceIdentifier ACL_IID = InstanceIdentifier.create(Interfaces.class) + .child(Interface.class, new InterfaceKey(IFACE_NAME)).augmentation(VppAclInterfaceAugmentation.class) + .child(Acl.class).child(Ingress.class).child(VppMacipAcl.class); + private VppMacipAcl acl; + + @Override + protected void setUpTest() throws Exception { + defineMapping(mappingContext, IFACE_NAME, IFACE_ID, IFC_CTX_NAME); + interfaceContext = new NamingContext("generatedIfaceName", IFC_CTX_NAME); + customizer = new InterfaceAclMacIpCustomizer(aclApi, macipAclContext, interfaceContext); + acl = new VppMacipAclBuilder().setName(ACL_NAME).build(); + when(macipAclContext.getAclIndex(ACL_NAME, mappingContext)).thenReturn(ACL_ID); + when(aclApi.macipAclInterfaceAddDel(any())).thenReturn(future(new MacipAclInterfaceAddDelReply())); + } + + @Test + public void testWrite() throws Exception { + customizer.writeCurrentAttributes(ACL_IID, acl, writeContext); + final MacipAclInterfaceAddDel request = new MacipAclInterfaceAddDel(); + request.swIfIndex = IFACE_ID; + request.isAdd = 1; + request.aclIndex = ACL_ID; + verify(aclApi).macipAclInterfaceAddDel(request); + } + + @Test(expected = WriteFailedException.UpdateFailedException.class) + public void testUpdate() throws Exception { + customizer.updateCurrentAttributes(ACL_IID, acl, acl, writeContext); + } + + @Test + public void testDelete() throws Exception { + customizer.deleteCurrentAttributes(ACL_IID, acl, writeContext); + final MacipAclInterfaceAddDel request = new MacipAclInterfaceAddDel(); + request.swIfIndex = IFACE_ID; + request.isAdd = 0; + request.aclIndex = ACL_ID; + verify(aclApi).macipAclInterfaceAddDel(request); + } + +} \ No newline at end of file -- cgit 1.2.3-korg