From 8f6c292af0821fd8a8e8d80aea0e9cf97447a747 Mon Sep 17 00:00:00 2001 From: Marek Gradzki Date: Fri, 7 Oct 2016 15:26:06 +0200 Subject: HONEYCOMB-246: allow mixing deny/permit rules - adds classify table on the end of each of the 3 chains to enforce ordering - updates v3po.yang with default-action leaf - updates postman collection Change-Id: If54abec1a6516eaf87aae0e5da9382a6e5dee1f3 Signed-off-by: Marek Gradzki --- .../interfaces/acl/ingress/AceEthWriterTest.java | 5 +- .../interfaces/acl/ingress/AceIp4WriterTest.java | 9 +- .../interfaces/acl/ingress/AceIp6WriterTest.java | 9 +- .../acl/ingress/IetfAclCustomizerTest.java | 103 ++++++++++++++++++--- 4 files changed, 98 insertions(+), 28 deletions(-) (limited to 'v3po/v3po2vpp/src/test/java/io/fd') diff --git a/v3po/v3po2vpp/src/test/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/AceEthWriterTest.java b/v3po/v3po2vpp/src/test/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/AceEthWriterTest.java index e1f813eed..759c77477 100644 --- a/v3po/v3po2vpp/src/test/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/AceEthWriterTest.java +++ b/v3po/v3po2vpp/src/test/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/AceEthWriterTest.java @@ -58,12 +58,11 @@ public class AceEthWriterTest { @Test public void testCreateClassifyTable() { final int nextTableIndex = 42; - final ClassifyAddDelTable request = writer.createClassifyTable(action, aceEth, InterfaceMode.L2, nextTableIndex, 0); + final ClassifyAddDelTable request = writer.createClassifyTable(aceEth, InterfaceMode.L2, nextTableIndex, 0); assertEquals(1, request.isAdd); assertEquals(-1, request.tableIndex); assertEquals(1, request.nbuckets); - assertEquals(-1, request.missNextIndex); assertEquals(nextTableIndex, request.nextTableIndex); assertEquals(0, request.skipNVectors); assertEquals(AceEthWriter.MATCH_N_VECTORS, request.matchNVectors); @@ -81,7 +80,7 @@ public class AceEthWriterTest { @Test(expected = IllegalArgumentException.class) public void testCreateClassifyTableForL3Interface() { - writer.createClassifyTable(action, aceEth, InterfaceMode.L3, 42, 0); + writer.createClassifyTable(aceEth, InterfaceMode.L3, 42, 0); } @Test diff --git a/v3po/v3po2vpp/src/test/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/AceIp4WriterTest.java b/v3po/v3po2vpp/src/test/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/AceIp4WriterTest.java index 9597c1688..b454acc0b 100644 --- a/v3po/v3po2vpp/src/test/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/AceIp4WriterTest.java +++ b/v3po/v3po2vpp/src/test/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/AceIp4WriterTest.java @@ -64,7 +64,6 @@ public class AceIp4WriterTest { assertEquals(1, request.isAdd); assertEquals(-1, request.tableIndex); assertEquals(1, request.nbuckets); - assertEquals(-1, request.missNextIndex); assertEquals(nextTableIndex, request.nextTableIndex); assertEquals(0, request.skipNVectors); assertEquals(AceIp4Writer.MATCH_N_VECTORS, request.matchNVectors); @@ -107,14 +106,14 @@ public class AceIp4WriterTest { @Test public void testCreateClassifyTable() throws Exception { final int nextTableIndex = 42; - final ClassifyAddDelTable request = writer.createClassifyTable(action, aceIp, InterfaceMode.L3, nextTableIndex, 0); + final ClassifyAddDelTable request = writer.createClassifyTable(aceIp, InterfaceMode.L3, nextTableIndex, 0); verifyTableRequest(request, nextTableIndex, 0, false); } @Test public void testCreateClassifyTableForL2Interface() throws Exception { final int nextTableIndex = 42; - final ClassifyAddDelTable request = writer.createClassifyTable(action, aceIp, InterfaceMode.L2, nextTableIndex, 0); + final ClassifyAddDelTable request = writer.createClassifyTable(aceIp, InterfaceMode.L2, nextTableIndex, 0); verifyTableRequest(request, nextTableIndex, 0, true); } @@ -122,7 +121,7 @@ public class AceIp4WriterTest { public void testCreateClassifyTable1VlanTag() throws Exception { final int nextTableIndex = 42; final int vlanTags = 1; - final ClassifyAddDelTable request = writer.createClassifyTable(action, aceIp, InterfaceMode.L3, nextTableIndex, vlanTags); + final ClassifyAddDelTable request = writer.createClassifyTable(aceIp, InterfaceMode.L3, nextTableIndex, vlanTags); verifyTableRequest(request, nextTableIndex, vlanTags, false); } @@ -130,7 +129,7 @@ public class AceIp4WriterTest { public void testCreateClassifyTable2VlanTags() throws Exception { final int nextTableIndex = 42; final int vlanTags = 2; - final ClassifyAddDelTable request = writer.createClassifyTable(action, aceIp, InterfaceMode.L3, nextTableIndex, vlanTags); + final ClassifyAddDelTable request = writer.createClassifyTable(aceIp, InterfaceMode.L3, nextTableIndex, vlanTags); verifyTableRequest(request, nextTableIndex, vlanTags, false); } diff --git a/v3po/v3po2vpp/src/test/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/AceIp6WriterTest.java b/v3po/v3po2vpp/src/test/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/AceIp6WriterTest.java index 504d502a3..6ac469f93 100644 --- a/v3po/v3po2vpp/src/test/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/AceIp6WriterTest.java +++ b/v3po/v3po2vpp/src/test/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/AceIp6WriterTest.java @@ -67,7 +67,6 @@ public class AceIp6WriterTest { assertEquals(1, request.isAdd); assertEquals(-1, request.tableIndex); assertEquals(1, request.nbuckets); - assertEquals(-1, request.missNextIndex); assertEquals(nextTableIndex, request.nextTableIndex); assertEquals(0, request.skipNVectors); assertEquals(AceIp6Writer.MATCH_N_VECTORS, request.matchNVectors); @@ -130,7 +129,7 @@ public class AceIp6WriterTest { public void testCreateClassifyTable() { final int nextTableIndex = 42; final ClassifyAddDelTable request = - writer.createClassifyTable(action, aceIp, InterfaceMode.L3, nextTableIndex, 0); + writer.createClassifyTable(aceIp, InterfaceMode.L3, nextTableIndex, 0); verifyTableRequest(request, nextTableIndex, 0, false); } @@ -138,7 +137,7 @@ public class AceIp6WriterTest { public void testCreateClassifyTableForL2Interface() { final int nextTableIndex = 42; final ClassifyAddDelTable request = - writer.createClassifyTable(action, aceIp, InterfaceMode.L2, nextTableIndex, 0); + writer.createClassifyTable(aceIp, InterfaceMode.L2, nextTableIndex, 0); verifyTableRequest(request, nextTableIndex, 0, true); } @@ -147,7 +146,7 @@ public class AceIp6WriterTest { final int nextTableIndex = 42; final int vlanTags = 1; final ClassifyAddDelTable request = - writer.createClassifyTable(action, aceIp, InterfaceMode.L3, nextTableIndex, vlanTags); + writer.createClassifyTable(aceIp, InterfaceMode.L3, nextTableIndex, vlanTags); verifyTableRequest(request, nextTableIndex, vlanTags, false); } @@ -156,7 +155,7 @@ public class AceIp6WriterTest { final int nextTableIndex = 42; final int vlanTags = 2; final ClassifyAddDelTable request = - writer.createClassifyTable(action, aceIp, InterfaceMode.L3, nextTableIndex, vlanTags); + writer.createClassifyTable(aceIp, InterfaceMode.L3, nextTableIndex, vlanTags); verifyTableRequest(request, nextTableIndex, vlanTags, false); } diff --git a/v3po/v3po2vpp/src/test/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/IetfAclCustomizerTest.java b/v3po/v3po2vpp/src/test/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/IetfAclCustomizerTest.java index e2c5f1c38..d25d6c329 100644 --- a/v3po/v3po2vpp/src/test/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/IetfAclCustomizerTest.java +++ b/v3po/v3po2vpp/src/test/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/IetfAclCustomizerTest.java @@ -17,6 +17,7 @@ package io.fd.honeycomb.translate.v3po.interfaces.acl.ingress; import static org.mockito.Matchers.any; +import static org.mockito.Matchers.argThat; import static org.mockito.Mockito.verify; import static org.mockito.Mockito.when; @@ -24,6 +25,7 @@ import com.google.common.base.Optional; import io.fd.honeycomb.translate.vpp.util.NamingContext; import io.fd.honeycomb.translate.write.WriteFailedException; import io.fd.honeycomb.vpp.test.write.WriterCustomizerTest; +import io.fd.vpp.jvpp.core.dto.ClassifyAddDelSession; import io.fd.vpp.jvpp.core.dto.ClassifyAddDelSessionReply; import io.fd.vpp.jvpp.core.dto.ClassifyAddDelTable; import io.fd.vpp.jvpp.core.dto.ClassifyAddDelTableReply; @@ -31,15 +33,26 @@ import io.fd.vpp.jvpp.core.dto.ClassifyTableByInterface; import io.fd.vpp.jvpp.core.dto.ClassifyTableByInterfaceReply; import io.fd.vpp.jvpp.core.dto.InputAclSetInterface; import io.fd.vpp.jvpp.core.dto.InputAclSetInterfaceReply; +import java.util.Arrays; import java.util.Collections; +import org.hamcrest.BaseMatcher; +import org.hamcrest.Description; +import org.hamcrest.Matcher; import org.junit.Test; +import org.mockito.InOrder; +import org.mockito.Mockito; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.AclBase; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.EthAcl; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.AccessListEntriesBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.Ace; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.AceBuilder; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.ActionsBuilder; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.MatchesBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.actions.PacketHandling; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.actions.packet.handling.Deny; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.actions.packet.handling.DenyBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.actions.packet.handling.Permit; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.actions.packet.handling.PermitBuilder; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.matches.ace.type.AceIpBuilder; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.matches.ace.type.ace.ip.ace.ip.version.AceIpv6Builder; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.Interfaces; @@ -58,13 +71,16 @@ public class IetfAclCustomizerTest extends WriterCustomizerTest { private static final String IFC_TEST_INSTANCE = "ifc-test-instance"; private static final String IF_NAME = "local0"; private static final int IF_INDEX = 1; - private static final InstanceIdentifier IID = InstanceIdentifier.create(Interfaces.class).child(Interface.class, new InterfaceKey(IF_NAME)).augmentation( - VppInterfaceAugmentation.class).child(IetfAcl.class).child(Ingress.class); + private static final InstanceIdentifier IID = + InstanceIdentifier.create(Interfaces.class).child(Interface.class, new InterfaceKey(IF_NAME)).augmentation( + VppInterfaceAugmentation.class).child(IetfAcl.class).child(Ingress.class); private static final String ACL_NAME = "acl1"; private static final Class ACL_TYPE = EthAcl.class; private IetfAclCustomizer customizer; private Ingress acl; + private int DENY = 0; + private int PERMIT = -1; @Override protected void setUp() { @@ -88,16 +104,7 @@ public class IetfAclCustomizerTest extends WriterCustomizerTest { when(writeContext.readAfter(any())).thenReturn(Optional.of( new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.AclBuilder() .setAccessListEntries( - new AccessListEntriesBuilder().setAce(Collections.singletonList( - new AceBuilder() - .setMatches(new MatchesBuilder().setAceType( - new AceIpBuilder() - .setAceIpVersion(new AceIpv6Builder().build()) - .setProtocol((short)1) - .build() - ).build()) - .setActions(new ActionsBuilder().setPacketHandling(new DenyBuilder().build()).build()) - .build() + new AccessListEntriesBuilder().setAce(Arrays.asList(ace(permit()), ace(permit()), ace(deny()) )).build() ).build() @@ -106,9 +113,75 @@ public class IetfAclCustomizerTest extends WriterCustomizerTest { customizer.writeCurrentAttributes(IID, acl, writeContext); - verify(api).classifyAddDelTable(any()); - verify(api).classifyAddDelSession(any()); - verify(api).inputAclSetInterface(inputAclSetInterfaceWriteRequest()); + final InOrder inOrder = Mockito.inOrder(api); + inOrder.verify(api).classifyAddDelTable(argThat(actionOnMissEquals(DENY))); // default action + inOrder.verify(api).classifyAddDelTable(any()); + inOrder.verify(api).classifyAddDelSession(argThat(actionOnHitEquals(DENY))); // last deny ACE + inOrder.verify(api).classifyAddDelTable(any()); + inOrder.verify(api).classifyAddDelSession(argThat(actionOnHitEquals(PERMIT))); + inOrder.verify(api).classifyAddDelTable(any()); + inOrder.verify(api).classifyAddDelSession(argThat(actionOnHitEquals(PERMIT))); + inOrder.verify(api).inputAclSetInterface(inputAclSetInterfaceWriteRequest()); // assignment + } + + private Matcher actionOnMissEquals(final int action) { + return new BaseMatcher() { + public Object item; + + @Override + public void describeTo(final Description description) { + description.appendText("Expected ClassifyAddDelTable[missNextIndex=" + action + "] but was " + item); + } + + @Override + public boolean matches(final Object item) { + this.item = item; + if (item instanceof ClassifyAddDelTable) { + return ((ClassifyAddDelTable) item).missNextIndex == action; + } + return false; + } + }; + } + + private Matcher actionOnHitEquals(final int action) { + return new BaseMatcher() { + public Object item; + + @Override + public void describeTo(final Description description) { + description.appendText("Expected ClassifyAddDelSession[hitNextIndex=" + action + "] but was " + item); + } + + @Override + public boolean matches(final Object item) { + this.item = item; + if (item instanceof ClassifyAddDelSession) { + return ((ClassifyAddDelSession) item).hitNextIndex == action; + } + return false; + } + }; + } + + private Deny deny() { + return new DenyBuilder().build(); + } + + private Permit permit() { + return new PermitBuilder().build(); + } + + private static Ace ace(final PacketHandling action) { + return new AceBuilder() + .setMatches(new MatchesBuilder().setAceType( + new AceIpBuilder() + .setAceIpVersion(new AceIpv6Builder().build()) + .setProtocol((short) 1) + .build() + ).build()) + .setActions(new ActionsBuilder().setPacketHandling(action).build()) + .build(); } @Test -- cgit 1.2.3-korg