From bcbe3b71e1e9d12fab817ed001998eae397853cd Mon Sep 17 00:00:00 2001 From: Marek Gradzki Date: Thu, 23 Aug 2018 10:33:47 +0200 Subject: HC2VPP-379: move NAT validation code out of customizers Use Validator interface introduced by HONEYCOMB-431: https://gerrit.fd.io/r/#/c/14022/ Change-Id: I9e4c8d59f299ed7da4a93bbdc70c81f2bea93606 Signed-off-by: Marek Gradzki --- .../hc2vpp/nat/write/ExternalIpPoolCustomizer.java | 2 - .../hc2vpp/nat/write/ExternalIpPoolValidator.java | 38 +++++++ .../hc2vpp/nat/write/MappingEntryCustomizer.java | 64 +++--------- .../fd/hc2vpp/nat/write/MappingEntryValidator.java | 111 ++++++++++++++++++++ .../hc2vpp/nat/write/Nat64PrefixesCustomizer.java | 9 -- .../hc2vpp/nat/write/Nat64PrefixesValidator.java | 41 ++++++++ .../fd/hc2vpp/nat/write/NatInstaceCustomizer.java | 7 -- .../fd/hc2vpp/nat/write/NatInstanceValidator.java | 38 +++++++ .../io/fd/hc2vpp/nat/write/NatWriterFactory.java | 21 ++-- .../io/fd/hc2vpp/nat/write/PolicyCustomizer.java | 11 -- .../io/fd/hc2vpp/nat/write/PolicyValidator.java | 52 ++++++++++ .../nat/write/MappingEntryCustomizerTest.java | 13 +-- .../nat/write/MappingEntryValidatorTest.java | 115 +++++++++++++++++++++ .../fd/hc2vpp/nat/write/PolicyCustomizerTest.java | 79 -------------- .../fd/hc2vpp/nat/write/PolicyValidatorTest.java | 85 +++++++++++++++ 15 files changed, 509 insertions(+), 177 deletions(-) create mode 100644 nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/ExternalIpPoolValidator.java create mode 100644 nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/MappingEntryValidator.java create mode 100644 nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/Nat64PrefixesValidator.java create mode 100644 nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/NatInstanceValidator.java create mode 100644 nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/PolicyValidator.java create mode 100644 nat/nat2vpp/src/test/java/io/fd/hc2vpp/nat/write/MappingEntryValidatorTest.java delete mode 100644 nat/nat2vpp/src/test/java/io/fd/hc2vpp/nat/write/PolicyCustomizerTest.java create mode 100644 nat/nat2vpp/src/test/java/io/fd/hc2vpp/nat/write/PolicyValidatorTest.java diff --git a/nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/ExternalIpPoolCustomizer.java b/nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/ExternalIpPoolCustomizer.java index d7403c004..0e60481d2 100644 --- a/nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/ExternalIpPoolCustomizer.java +++ b/nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/ExternalIpPoolCustomizer.java @@ -54,8 +54,6 @@ final class ExternalIpPoolCustomizer implements ListWriterCustomizer id, @Nonnull final ExternalIpAddressPool dataAfter, @Nonnull final WriteContext writeContext) throws WriteFailedException { - checkArgument(id.firstKeyOf(Instance.class).getId() == 0, - "External IP pools are only assignable for nat instance(vrf-id) with ID 0"); LOG.trace("Adding address range:{}, as: {}", id, dataAfter); // TODO check overlaps ? VPP-478 maybe no necessary, depending on how VPP handles them configureAddressPool(id, dataAfter, true); diff --git a/nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/ExternalIpPoolValidator.java b/nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/ExternalIpPoolValidator.java new file mode 100644 index 000000000..567c8e3b8 --- /dev/null +++ b/nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/ExternalIpPoolValidator.java @@ -0,0 +1,38 @@ +/* + * Copyright (c) 2018 Cisco and/or its affiliates. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.fd.hc2vpp.nat.write; + +import io.fd.honeycomb.translate.write.DataValidationFailedException; +import io.fd.honeycomb.translate.write.Validator; +import io.fd.honeycomb.translate.write.WriteContext; +import javax.annotation.Nonnull; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.nat.rev180628.nat.instances.Instance; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.nat.rev180628.nat.instances.instance.policy.ExternalIpAddressPool; +import org.opendaylight.yangtools.yang.binding.InstanceIdentifier; + +final class ExternalIpPoolValidator implements Validator { + @Override + public void validateWrite(@Nonnull final InstanceIdentifier id, + @Nonnull final ExternalIpAddressPool dataAfter, @Nonnull final WriteContext writeContext) + throws DataValidationFailedException.CreateValidationFailedException { + if (id.firstKeyOf(Instance.class).getId() != 0) { + throw new DataValidationFailedException.CreateValidationFailedException(id, dataAfter, + new IllegalArgumentException( + "External IP pools are only assignable for nat instance(vrf-id) with ID 0")); + } + } +} diff --git a/nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/MappingEntryCustomizer.java b/nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/MappingEntryCustomizer.java index 8d553b872..e51d610e1 100644 --- a/nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/MappingEntryCustomizer.java +++ b/nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/MappingEntryCustomizer.java @@ -16,9 +16,6 @@ package io.fd.hc2vpp.nat.write; -import static com.google.common.base.Preconditions.checkArgument; -import static com.google.common.base.Preconditions.checkState; - import com.google.common.base.Optional; import io.fd.hc2vpp.common.translate.util.ByteDataTranslator; import io.fd.hc2vpp.common.translate.util.Ipv4Translator; @@ -61,10 +58,6 @@ final class MappingEntryCustomizer implements ListWriterCustomizer id, final PortNumber portNumber) { + private Integer getPortNumber(final PortNumber portNumber) { if (portNumber != null) { - if (portNumber.getStartPortNumber() != null && portNumber.getEndPortNumber() == null) { - return portNumber.getStartPortNumber().getValue().shortValue(); - } else { - throw new IllegalArgumentException( - String.format("Only single port number supported. Submitted: %s for entry: %s", portNumber, id)); - } + return portNumber.getStartPortNumber().getValue(); } return null; } diff --git a/nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/MappingEntryValidator.java b/nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/MappingEntryValidator.java new file mode 100644 index 000000000..d0594039d --- /dev/null +++ b/nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/MappingEntryValidator.java @@ -0,0 +1,111 @@ +/* + * Copyright (c) 2018 Cisco and/or its affiliates. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.fd.hc2vpp.nat.write; + +import static com.google.common.base.Preconditions.checkArgument; +import static com.google.common.base.Preconditions.checkState; + +import com.google.common.annotations.VisibleForTesting; +import io.fd.hc2vpp.common.translate.util.Ipv4Translator; +import io.fd.hc2vpp.common.translate.util.Ipv6Translator; +import io.fd.honeycomb.translate.write.DataValidationFailedException.CreateValidationFailedException; +import io.fd.honeycomb.translate.write.Validator; +import io.fd.honeycomb.translate.write.WriteContext; +import javax.annotation.Nonnull; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IpPrefix; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Ipv4Prefix; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Ipv6Prefix; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.nat.rev180628.PortNumber; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.nat.rev180628.nat.instances.instance.mapping.table.MappingEntry; +import org.opendaylight.yangtools.yang.binding.InstanceIdentifier; + +final class MappingEntryValidator implements Validator, Ipv4Translator, Ipv6Translator { + @Override + public void validateWrite(@Nonnull final InstanceIdentifier id, + @Nonnull final MappingEntry mappingEntry, + @Nonnull final WriteContext writeContext) + throws CreateValidationFailedException { + try { + validateMappingEntry(id, mappingEntry); + } catch (RuntimeException e) { + throw new CreateValidationFailedException(id, mappingEntry, e); + } + } + + private void validateMappingEntry(final InstanceIdentifier id, final MappingEntry mappingEntry) { + validateMappingEntryType(mappingEntry); + validateInternalSrcAddress(mappingEntry); + validateExternalSrcAddress(mappingEntry); + validateTransportProtocol(mappingEntry); + validatePortNumber(id, mappingEntry.getInternalSrcPort()); + validatePortNumber(id, mappingEntry.getExternalSrcPort()); + } + + @VisibleForTesting + void validateMappingEntryType(final MappingEntry mappingEntry) { + // Only static mapping are currently supported + checkArgument(mappingEntry.getType() + == org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.nat.rev180628.MappingEntry.Type.Static, + "Only static NAT entries are supported currently. Trying to write: %s entry", mappingEntry.getType()); + } + + @VisibleForTesting + void validateInternalSrcAddress(final MappingEntry mappingEntry) { + final IpPrefix internalSrcPrefix = mappingEntry.getInternalSrcAddress(); + final Ipv4Prefix internalV4SrcPrefix = internalSrcPrefix.getIpv4Prefix(); + final Ipv6Prefix internalV6SrcPrefix = internalSrcPrefix.getIpv6Prefix(); + if (internalV4SrcPrefix != null) { + checkArgument(extractPrefix(internalV4SrcPrefix) == 32, + "Only /32 prefix in internal-src-address is supported, but was %s", internalV4SrcPrefix); + } else { + checkState(internalV6SrcPrefix != null, + "internalSrcPrefix.getIpv6Prefix() should not return null if Ipv4 prefix is not given"); + checkArgument(extractPrefix(internalV6SrcPrefix) == (byte) 128, + "Only /128 prefix in internal-src-address is supported, but was %s", internalV6SrcPrefix); + } + } + + @VisibleForTesting + void validateExternalSrcAddress(final MappingEntry mappingEntry) { + final IpPrefix externalSrcAddress = mappingEntry.getExternalSrcAddress(); + checkArgument(externalSrcAddress != null, "The external-src-address leaf is missing"); + final Ipv4Prefix ipv4Prefix = externalSrcAddress.getIpv4Prefix(); + checkArgument(ipv4Prefix != null, "No Ipv4 present in external-src-address %s", externalSrcAddress); + checkArgument(extractPrefix(ipv4Prefix) == 32, + "Only /32 prefix in external-src-address is supported, but was %s", ipv4Prefix); + } + + @VisibleForTesting + static void validateTransportProtocol(final MappingEntry mappingEntry) { + final Short protocol = mappingEntry.getTransportProtocol(); + if (protocol == null) { + return; + } + checkArgument(protocol == 1 || protocol == 6 || protocol == 17 || protocol == 58, + "Unsupported protocol %s only ICMP(1), IPv6-ICMP(58), TCP(6) and UDP(17) are currently supported", + protocol); + } + + @VisibleForTesting + static void validatePortNumber(final InstanceIdentifier id, final PortNumber portNumber) { + if (portNumber == null) { + return; + } + checkArgument(portNumber.getStartPortNumber() != null && portNumber.getEndPortNumber() == null, + "Only single port number supported. Submitted: %s for entry: %s", portNumber, id); + } +} diff --git a/nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/Nat64PrefixesCustomizer.java b/nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/Nat64PrefixesCustomizer.java index 8f1869f15..13a5845e3 100644 --- a/nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/Nat64PrefixesCustomizer.java +++ b/nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/Nat64PrefixesCustomizer.java @@ -56,12 +56,6 @@ final class Nat64PrefixesCustomizer @Nonnull final WriteContext writeContext) throws WriteFailedException { final int natInstanceId = id.firstKeyOf(Instance.class).getId().intValue(); LOG.debug("Configuring nat64 prefix: {} for nat-instance(vrf): {}", dataAfter, natInstanceId); - - // VPP does not support configuring different nat64-prefixes depending on ipv4 destination prefix: - final List destinationIpv4PrefixList = dataAfter.getDestinationIpv4Prefix(); - checkArgument(destinationIpv4PrefixList == null || destinationIpv4PrefixList.isEmpty(), - "destination-ipv4-prefix is not supported by VPP"); - addDelPrefix(id, dataAfter, natInstanceId, true); LOG.debug("Nat64 prefix written successfully: {} for nat-instance(vrf): {}", dataAfter, natInstanceId); } @@ -83,10 +77,7 @@ final class Nat64PrefixesCustomizer final int vrfId, final boolean isAdd) throws WriteFailedException { - // The nat64-prefix is optional in ietf-nat, but we require it final Ipv6Prefix nat64Prefix = data.getNat64Prefix(); - checkArgument(nat64Prefix != null, "Missing nat64-prefix leaf value."); - final Nat64AddDelPrefix request = new Nat64AddDelPrefix(); request.prefix = ipv6AddressPrefixToArray(nat64Prefix); request.prefixLen = extractPrefix(nat64Prefix); diff --git a/nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/Nat64PrefixesValidator.java b/nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/Nat64PrefixesValidator.java new file mode 100644 index 000000000..3b6dc9553 --- /dev/null +++ b/nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/Nat64PrefixesValidator.java @@ -0,0 +1,41 @@ +/* + * Copyright (c) 2018 Cisco and/or its affiliates. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.fd.hc2vpp.nat.write; + +import static com.google.common.base.Preconditions.checkArgument; + +import io.fd.honeycomb.translate.write.DataValidationFailedException; +import io.fd.honeycomb.translate.write.Validator; +import io.fd.honeycomb.translate.write.WriteContext; +import java.util.List; +import javax.annotation.Nonnull; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.nat.rev180628.nat.instances.instance.policy.Nat64Prefixes; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.nat.rev180628.nat.instances.instance.policy.nat64.prefixes.DestinationIpv4Prefix; +import org.opendaylight.yangtools.yang.binding.InstanceIdentifier; + +final class Nat64PrefixesValidator implements Validator { + @Override + public void validateWrite(@Nonnull final InstanceIdentifier id, + @Nonnull final Nat64Prefixes dataAfter, + @Nonnull final WriteContext writeContext) + throws DataValidationFailedException.CreateValidationFailedException { + // VPP does not support configuring different nat64-prefixes depending on ipv4 destination prefix: + final List destinationIpv4PrefixList = dataAfter.getDestinationIpv4Prefix(); + checkArgument(destinationIpv4PrefixList == null || destinationIpv4PrefixList.isEmpty(), + "destination-ipv4-prefix is not supported by VPP"); + } +} diff --git a/nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/NatInstaceCustomizer.java b/nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/NatInstaceCustomizer.java index 90caa7c76..945a5fa58 100644 --- a/nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/NatInstaceCustomizer.java +++ b/nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/NatInstaceCustomizer.java @@ -42,12 +42,5 @@ final class NatInstaceCustomizer implements ListWriterCustomizer { + @Override + public void validateDelete(@Nonnull final InstanceIdentifier id, @Nonnull final Instance dataBefore, + @Nonnull final WriteContext writeContext) + throws DataValidationFailedException.DeleteValidationFailedException { + // For consistency with reader, forbid removing default NAT instance: + final Long vrfId = id.firstKeyOf(Instance.class).getId(); + if (vrfId == 0) { + throw new DataValidationFailedException.DeleteValidationFailedException(id, + new UnsupportedOperationException("Removing default NAT instance (vrf=0) is not supported.")); + } + } +} diff --git a/nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/NatWriterFactory.java b/nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/NatWriterFactory.java index 267148907..5b0478ff9 100644 --- a/nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/NatWriterFactory.java +++ b/nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/NatWriterFactory.java @@ -58,14 +58,16 @@ public final class NatWriterFactory implements WriterFactory { public void init(@Nonnull final ModifiableWriterRegistryBuilder registry) { // +-- nat // +-- instances/instance - registry.add(new GenericListWriter<>(NAT_INSTANCE_ID, new NatInstaceCustomizer())); + registry.add(new GenericListWriter<>(NAT_INSTANCE_ID, new NatInstaceCustomizer(), new NatInstanceValidator())); // +-- mapping-table/mapping-entry registry.subtreeAdd(Sets.newHashSet(InstanceIdentifier.create(MappingEntry.class).child(ExternalSrcPort.class), - InstanceIdentifier.create(MappingEntry.class).child(InternalSrcPort.class)), - new GenericListWriter<>(MAPPING_ENTRY_ID, new MappingEntryCustomizer(jvppNat, mappingEntryContext))); + InstanceIdentifier.create(MappingEntry.class).child(InternalSrcPort.class)), + new GenericListWriter<>(MAPPING_ENTRY_ID, + new MappingEntryCustomizer(jvppNat, mappingEntryContext), + new MappingEntryValidator())); // +-- policy - registry.add(new GenericListWriter<>(POLICY_ID, new PolicyCustomizer())); + registry.add(new GenericListWriter<>(POLICY_ID, new PolicyCustomizer(), new PolicyValidator())); // +-- external-ip-address-pool registry.subtreeAddBefore( @@ -73,11 +75,16 @@ public final class NatWriterFactory implements WriterFactory { // requires to already have an IP range predefined ... in some cases Sets.newHashSet(InstanceIdentifier.create(ExternalIpAddressPool.class) .augmentation(ExternalIpAddressPoolAugmentation.class)), - new GenericListWriter<>(ADDRESS_POOL_ID, new ExternalIpPoolCustomizer(jvppNat)), MAPPING_ENTRY_ID); + new GenericListWriter<>(ADDRESS_POOL_ID, + new ExternalIpPoolCustomizer(jvppNat), + new ExternalIpPoolValidator()), + MAPPING_ENTRY_ID); // +-- nat64-prefixes registry.subtreeAdd( - Sets.newHashSet(InstanceIdentifier.create(Nat64Prefixes.class).child(DestinationIpv4Prefix.class)), - new GenericListWriter<>(NAT64_PREFIXES_ID, new Nat64PrefixesCustomizer(jvppNat))); + Sets.newHashSet(InstanceIdentifier.create(Nat64Prefixes.class).child(DestinationIpv4Prefix.class)), + new GenericListWriter<>(NAT64_PREFIXES_ID, + new Nat64PrefixesCustomizer(jvppNat), + new Nat64PrefixesValidator())); } } diff --git a/nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/PolicyCustomizer.java b/nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/PolicyCustomizer.java index 09e404a53..782fa3bf7 100644 --- a/nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/PolicyCustomizer.java +++ b/nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/PolicyCustomizer.java @@ -38,17 +38,6 @@ final class PolicyCustomizer implements ListWriterCustomizer @Nonnull final Policy dataAfter, @Nonnull final WriteContext writeContext) throws WriteFailedException { LOG.trace("Writing NAT policy: {}", id); - - // HC supports only single NAT policy per NAT instance (VRF) - // To ensure that (and for simplicity), we require policy id = 0. - final Long policyId = id.firstKeyOf(Policy.class).getId(); - checkArgument(policyId == 0, - "Only single policy per NAT instance (VRF) is supported (expected id=0, but %s given)", policyId); - - if (dataAfter.getNat64Prefixes() != null) { - final int prefixCount = dataAfter.getNat64Prefixes().size(); - checkArgument(prefixCount <= 1, "Only single nat64-prefix is supported, but %s given", prefixCount); - } } @Override diff --git a/nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/PolicyValidator.java b/nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/PolicyValidator.java new file mode 100644 index 000000000..8b13a0851 --- /dev/null +++ b/nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/PolicyValidator.java @@ -0,0 +1,52 @@ +/* + * Copyright (c) 2018 Cisco and/or its affiliates. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.fd.hc2vpp.nat.write; + +import static com.google.common.base.Preconditions.checkArgument; + +import io.fd.honeycomb.translate.write.DataValidationFailedException; +import io.fd.honeycomb.translate.write.Validator; +import io.fd.honeycomb.translate.write.WriteContext; +import javax.annotation.Nonnull; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.nat.rev180628.nat.instances.instance.Policy; +import org.opendaylight.yangtools.yang.binding.InstanceIdentifier; + +final class PolicyValidator implements Validator { + @Override + public void validateWrite(@Nonnull final InstanceIdentifier id, @Nonnull final Policy dataAfter, + @Nonnull final WriteContext writeContext) + throws DataValidationFailedException.CreateValidationFailedException { + try { + validatePolicy(id, dataAfter); + } catch (RuntimeException e) { + throw new DataValidationFailedException.CreateValidationFailedException(id, dataAfter, e); + } + } + + private void validatePolicy(final InstanceIdentifier id, final Policy policy) { + // HC supports only single NAT policy per NAT instance (VRF) + // To ensure that (and for simplicity), we require policy id = 0. + final Long policyId = id.firstKeyOf(Policy.class).getId(); + checkArgument(policyId == 0, + "Only single policy per NAT instance (VRF) is supported (expected id=0, but %s given)", policyId); + + if (policy.getNat64Prefixes() != null) { + final int prefixCount = policy.getNat64Prefixes().size(); + checkArgument(prefixCount <= 1, "Only single nat64-prefix is supported, but %s given", prefixCount); + } + } +} diff --git a/nat/nat2vpp/src/test/java/io/fd/hc2vpp/nat/write/MappingEntryCustomizerTest.java b/nat/nat2vpp/src/test/java/io/fd/hc2vpp/nat/write/MappingEntryCustomizerTest.java index 60cc643e9..ede39e4b3 100644 --- a/nat/nat2vpp/src/test/java/io/fd/hc2vpp/nat/write/MappingEntryCustomizerTest.java +++ b/nat/nat2vpp/src/test/java/io/fd/hc2vpp/nat/write/MappingEntryCustomizerTest.java @@ -47,11 +47,11 @@ public class MappingEntryCustomizerTest extends WriterCustomizerTest implements private static final long NAT_INSTANCE_ID = 1; private static final long MAPPING_ID = 22; - private static final InstanceIdentifier IID = NAT_INSTANCES_ID + static final InstanceIdentifier IID = NAT_INSTANCES_ID .child(Instance.class, new InstanceKey(NAT_INSTANCE_ID)) .child(MappingTable.class).child(MappingEntry.class, new MappingEntryKey(MAPPING_ID)); - private static final String MAPPING_TABLE_PATH = "/ietf-nat:nat/ietf-nat:instances/" + static final String MAPPING_TABLE_PATH = "/ietf-nat:nat/ietf-nat:instances/" + "ietf-nat:instance[ietf-nat:id='" + NAT_INSTANCE_ID + "']/ietf-nat:mapping-table"; @Mock @@ -87,13 +87,6 @@ public class MappingEntryCustomizerTest extends WriterCustomizerTest implements verify(jvppNat).nat64AddDelStaticBib(expectedRequest); } - @Test(expected = IllegalArgumentException.class) - public void testWriteNat44UnsupportedProtocol( - @InjectTestData(resourcePath = "/nat44/static-mapping-unsupported-proto.json", id = MAPPING_TABLE_PATH) MappingTable data) - throws WriteFailedException { - customizer.writeCurrentAttributes(IID, extractMappingEntry(data), writeContext); - } - @Test(expected = UnsupportedOperationException.class) public void testUpdateNat64( @InjectTestData(resourcePath = "/nat64/static-mapping.json", id = MAPPING_TABLE_PATH) MappingTable before, @@ -123,7 +116,7 @@ public class MappingEntryCustomizerTest extends WriterCustomizerTest implements verify(jvppNat).nat64AddDelStaticBib(getExpectedNat64Request()); } - private static MappingEntry extractMappingEntry(MappingTable data) { + static MappingEntry extractMappingEntry(MappingTable data) { // assumes single nat instance and single mapping entry return data.getMappingEntry().get(0); } diff --git a/nat/nat2vpp/src/test/java/io/fd/hc2vpp/nat/write/MappingEntryValidatorTest.java b/nat/nat2vpp/src/test/java/io/fd/hc2vpp/nat/write/MappingEntryValidatorTest.java new file mode 100644 index 000000000..1cb98cc0e --- /dev/null +++ b/nat/nat2vpp/src/test/java/io/fd/hc2vpp/nat/write/MappingEntryValidatorTest.java @@ -0,0 +1,115 @@ +/* + * Copyright (c) 2018 Cisco and/or its affiliates. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.fd.hc2vpp.nat.write; + +import static io.fd.hc2vpp.nat.write.MappingEntryCustomizerTest.IID; +import static io.fd.hc2vpp.nat.write.MappingEntryCustomizerTest.MAPPING_TABLE_PATH; +import static io.fd.hc2vpp.nat.write.MappingEntryCustomizerTest.extractMappingEntry; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.verify; +import static org.mockito.Mockito.when; +import static org.mockito.MockitoAnnotations.initMocks; + +import io.fd.hc2vpp.nat.NatTestSchemaContext; +import io.fd.honeycomb.test.tools.HoneycombTestRunner; +import io.fd.honeycomb.test.tools.annotations.InjectTestData; +import io.fd.honeycomb.translate.write.DataValidationFailedException; +import io.fd.honeycomb.translate.write.WriteContext; +import io.fd.honeycomb.translate.write.WriteFailedException; +import io.fd.vpp.jvpp.nat.dto.Nat44AddDelStaticMapping; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.mockito.Mock; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IpPrefix; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Ipv4Prefix; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Ipv6Prefix; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.PortNumber; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.nat.rev180628.MappingEntry.Type; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.nat.rev180628.mapping.entry.InternalSrcPort; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.nat.rev180628.mapping.entry.InternalSrcPortBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.nat.rev180628.nat.instances.instance.MappingTable; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.nat.rev180628.nat.instances.instance.mapping.table.MappingEntry; +import org.opendaylight.yangtools.yang.binding.InstanceIdentifier; + +@RunWith(HoneycombTestRunner.class) +public class MappingEntryValidatorTest implements NatTestSchemaContext { + @Mock + private WriteContext writeContext; + private MappingEntryValidator validator; + + @Before + public void setUp() { + initMocks(this); + validator = new MappingEntryValidator(); + } + + @Test + public void testWriteNat44( + @InjectTestData(resourcePath = "/nat44/static-mapping.json", id = MAPPING_TABLE_PATH) MappingTable data) + throws WriteFailedException, DataValidationFailedException.CreateValidationFailedException { + validator.validateWrite(IID, extractMappingEntry(data), writeContext); + } + + @Test(expected = DataValidationFailedException.CreateValidationFailedException.class) + public void testWriteNat44UnsupportedProtocol( + @InjectTestData(resourcePath = "/nat44/static-mapping-unsupported-proto.json", id = MAPPING_TABLE_PATH) MappingTable data) + throws WriteFailedException, DataValidationFailedException.CreateValidationFailedException { + validator.validateWrite(IID, extractMappingEntry(data), writeContext); + } + + @Test(expected = IllegalArgumentException.class) + public void testUnsupportedMappingEntryType() { + final MappingEntry mappingEntry = mock(MappingEntry.class); + when(mappingEntry.getType()).thenReturn(Type.DynamicExplicit); + validator.validateMappingEntryType(mappingEntry); + } + + @Test(expected = IllegalArgumentException.class) + public void testInvalidInternalIpv6SrcAddressPrefix() { + final MappingEntry mappingEntry = mock(MappingEntry.class); + final IpPrefix address = new IpPrefix(new Ipv6Prefix("1::1/127")); + when(mappingEntry.getInternalSrcAddress()).thenReturn(address); + validator.validateInternalSrcAddress(mappingEntry); + } + + @Test(expected = IllegalArgumentException.class) + public void testInvalidInternalIpv4SrcAddressPrefix() { + final MappingEntry mappingEntry = mock(MappingEntry.class); + final IpPrefix address = new IpPrefix(new Ipv4Prefix("1.2.3.4/16")); + when(mappingEntry.getInternalSrcAddress()).thenReturn(address); + validator.validateInternalSrcAddress(mappingEntry); + } + + @Test(expected = IllegalArgumentException.class) + public void testInvalidExternalSrcAddress() { + final MappingEntry mappingEntry = mock(MappingEntry.class); + final IpPrefix address = new IpPrefix(new Ipv4Prefix("1.2.3.4/16")); + when(mappingEntry.getExternalSrcAddress()).thenReturn(address); + validator.validateExternalSrcAddress(mappingEntry); + } + + @Test(expected = IllegalArgumentException.class) + public void testInvalidPortNumber() { + InternalSrcPort port = new InternalSrcPortBuilder() + .setStartPortNumber(new PortNumber(10)) + .setEndPortNumber(new PortNumber(20)) + .build(); + final InstanceIdentifier id = InstanceIdentifier.create(MappingEntry.class); + MappingEntryValidator.validatePortNumber(id, port); + } +} \ No newline at end of file diff --git a/nat/nat2vpp/src/test/java/io/fd/hc2vpp/nat/write/PolicyCustomizerTest.java b/nat/nat2vpp/src/test/java/io/fd/hc2vpp/nat/write/PolicyCustomizerTest.java deleted file mode 100644 index faa4ced4d..000000000 --- a/nat/nat2vpp/src/test/java/io/fd/hc2vpp/nat/write/PolicyCustomizerTest.java +++ /dev/null @@ -1,79 +0,0 @@ -/* - * Copyright (c) 2018 Cisco and/or its affiliates. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at: - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package io.fd.hc2vpp.nat.write; - -import static io.fd.hc2vpp.nat.NatIds.NAT_INSTANCES_ID; -import static org.mockito.Mockito.mock; - -import io.fd.hc2vpp.common.test.write.WriterCustomizerTest; -import io.fd.honeycomb.translate.write.WriteFailedException; -import java.util.Arrays; -import java.util.Collections; -import org.junit.Test; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Ipv6Prefix; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.nat.rev180628.nat.instances.Instance; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.nat.rev180628.nat.instances.InstanceKey; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.nat.rev180628.nat.instances.instance.Policy; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.nat.rev180628.nat.instances.instance.PolicyBuilder; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.nat.rev180628.nat.instances.instance.PolicyKey; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.nat.rev180628.nat.instances.instance.policy.Nat64Prefixes; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.nat.rev180628.nat.instances.instance.policy.Nat64PrefixesBuilder; -import org.opendaylight.yangtools.yang.binding.InstanceIdentifier; - -public class PolicyCustomizerTest extends WriterCustomizerTest { - - private static final long VRF_ID = 123; - private static final InstanceIdentifier NAT_INSTANCE_ID = - NAT_INSTANCES_ID.child(Instance.class, new InstanceKey(VRF_ID)); - private static final InstanceIdentifier INVALID_POLICY_ID = - NAT_INSTANCE_ID.child(Policy.class, new PolicyKey(1L)); - private static final InstanceIdentifier DEFAULT_POLICY_ID = - NAT_INSTANCE_ID.child(Policy.class, new PolicyKey(0L)); - private static final Nat64Prefixes P1 = - new Nat64PrefixesBuilder().setNat64Prefix(new Ipv6Prefix("2001:db8::1/32")).build(); - private static final Nat64Prefixes P2 = - new Nat64PrefixesBuilder().setNat64Prefix(new Ipv6Prefix("2001:db8::2/32")).build(); - - private PolicyCustomizer customizer; - - @Override - protected void setUpTest() throws Exception { - customizer = new PolicyCustomizer(); - } - - @Test(expected = IllegalArgumentException.class) - public void testInvalidPolicyId() throws WriteFailedException { - customizer.writeCurrentAttributes(INVALID_POLICY_ID, mock(Policy.class), writeContext); - } - - @Test - public void testNoNat64Prefixes() throws WriteFailedException { - customizer.writeCurrentAttributes(DEFAULT_POLICY_ID, mock(Policy.class), writeContext); - } - - @Test - public void testSingleNat64Prefix() throws WriteFailedException { - final Policy policy = new PolicyBuilder().setNat64Prefixes(Collections.singletonList(P1)).build(); - customizer.writeCurrentAttributes(DEFAULT_POLICY_ID, policy, writeContext); - } - - @Test(expected = IllegalArgumentException.class) - public void testTwoNat64Prefixes() throws WriteFailedException { - final Policy policy = new PolicyBuilder().setNat64Prefixes(Arrays.asList(P1, P2)).build(); - customizer.writeCurrentAttributes(DEFAULT_POLICY_ID, policy, writeContext); - } -} \ No newline at end of file diff --git a/nat/nat2vpp/src/test/java/io/fd/hc2vpp/nat/write/PolicyValidatorTest.java b/nat/nat2vpp/src/test/java/io/fd/hc2vpp/nat/write/PolicyValidatorTest.java new file mode 100644 index 000000000..7cee98d4a --- /dev/null +++ b/nat/nat2vpp/src/test/java/io/fd/hc2vpp/nat/write/PolicyValidatorTest.java @@ -0,0 +1,85 @@ +/* + * Copyright (c) 2018 Cisco and/or its affiliates. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.fd.hc2vpp.nat.write; + +import static io.fd.hc2vpp.nat.NatIds.NAT_INSTANCES_ID; +import static org.mockito.Mockito.mock; +import static org.mockito.MockitoAnnotations.initMocks; + +import io.fd.honeycomb.translate.write.DataValidationFailedException.CreateValidationFailedException; +import io.fd.honeycomb.translate.write.WriteContext; +import java.util.Arrays; +import java.util.Collections; +import org.junit.Before; +import org.junit.Test; +import org.mockito.Mock; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Ipv6Prefix; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.nat.rev180628.nat.instances.Instance; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.nat.rev180628.nat.instances.InstanceKey; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.nat.rev180628.nat.instances.instance.Policy; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.nat.rev180628.nat.instances.instance.PolicyBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.nat.rev180628.nat.instances.instance.PolicyKey; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.nat.rev180628.nat.instances.instance.policy.Nat64Prefixes; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.nat.rev180628.nat.instances.instance.policy.Nat64PrefixesBuilder; +import org.opendaylight.yangtools.yang.binding.InstanceIdentifier; + +public class PolicyValidatorTest { + + private static final long VRF_ID = 123; + private static final InstanceIdentifier NAT_INSTANCE_ID = + NAT_INSTANCES_ID.child(Instance.class, new InstanceKey(VRF_ID)); + private static final InstanceIdentifier INVALID_POLICY_ID = + NAT_INSTANCE_ID.child(Policy.class, new PolicyKey(1L)); + private static final InstanceIdentifier DEFAULT_POLICY_ID = + NAT_INSTANCE_ID.child(Policy.class, new PolicyKey(0L)); + private static final Nat64Prefixes P1 = + new Nat64PrefixesBuilder().setNat64Prefix(new Ipv6Prefix("2001:db8::1/32")).build(); + private static final Nat64Prefixes P2 = + new Nat64PrefixesBuilder().setNat64Prefix(new Ipv6Prefix("2001:db8::2/32")).build(); + + @Mock + private WriteContext writeContext; + private PolicyValidator validator; + + @Before + public void setUp() throws Exception { + initMocks(this); + validator = new PolicyValidator(); + } + + @Test(expected = CreateValidationFailedException.class) + public void testInvalidPolicyId() throws CreateValidationFailedException { + validator.validateWrite(INVALID_POLICY_ID, mock(Policy.class), writeContext); + } + + @Test + public void testNoNat64Prefixes() throws CreateValidationFailedException { + validator.validateWrite(DEFAULT_POLICY_ID, mock(Policy.class), writeContext); + } + + @Test + public void testSingleNat64Prefix() throws CreateValidationFailedException { + final Policy policy = new PolicyBuilder().setNat64Prefixes(Collections.singletonList(P1)).build(); + validator.validateWrite(DEFAULT_POLICY_ID, policy, writeContext); + } + + @Test(expected = CreateValidationFailedException.class) + public void testTwoNat64Prefixes() throws CreateValidationFailedException { + final Policy policy = new PolicyBuilder().setNat64Prefixes(Arrays.asList(P1, P2)).build(); + validator.validateWrite(DEFAULT_POLICY_ID, policy, writeContext); + } +} \ No newline at end of file -- cgit 1.2.3-korg