HONEYCOMB-246: allow mixing deny/permit rules

- adds classify table on the end of each of the 3 chains to enforce ordering - updates v3po.yang with default-action leaf - updates postman collection Change-Id: If54abec1a6516eaf87aae0e5da9382a6e5dee1f3 Signed-off-by: Marek Gradzki <mgradzki@cisco.com>
author: Marek Gradzki <mgradzki@cisco.com> 2016-10-07 15:26:06 +0200
committer: Marek Gradzki <mgradzki@cisco.com> 2016-10-10 13:02:31 +0000
commit: 736fddd689494df2d9cd35f7b7eeb88975620537 (patch)
tree: 07b6837cac44beefa19d68e4e6c0997f2e587663 /v3po/v3po2vpp/src/test/java/io/fd/honeycomb/translate/v3po
parent: e5693ace363047a353e76a46854bb69d4f47f1f9 (diff)
4 files changed, 98 insertions, 28 deletions
diff --git a/v3po/v3po2vpp/src/test/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/AceEthWriterTest.java b/v3po/v3po2vpp/src/test/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/AceEthWriterTest.java
index e1f813eed..759c77477 100644
--- a/v3po/v3po2vpp/src/test/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/AceEthWriterTest.java
+++ b/v3po/v3po2vpp/src/test/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/AceEthWriterTest.java
@@ -58,12 +58,11 @@ public class AceEthWriterTest {
     @Test
     public void testCreateClassifyTable() {
         final int nextTableIndex = 42;
-        final ClassifyAddDelTable request = writer.createClassifyTable(action, aceEth, InterfaceMode.L2, nextTableIndex, 0);
+        final ClassifyAddDelTable request = writer.createClassifyTable(aceEth, InterfaceMode.L2, nextTableIndex, 0);
 
         assertEquals(1, request.isAdd);
         assertEquals(-1, request.tableIndex);
         assertEquals(1, request.nbuckets);
-        assertEquals(-1, request.missNextIndex);
         assertEquals(nextTableIndex, request.nextTableIndex);
         assertEquals(0, request.skipNVectors);
         assertEquals(AceEthWriter.MATCH_N_VECTORS, request.matchNVectors);
@@ -81,7 +80,7 @@ public class AceEthWriterTest {
 
     @Test(expected = IllegalArgumentException.class)
     public void testCreateClassifyTableForL3Interface() {
-        writer.createClassifyTable(action, aceEth, InterfaceMode.L3, 42, 0);
+        writer.createClassifyTable(aceEth, InterfaceMode.L3, 42, 0);
     }
 
     @Test
diff --git a/v3po/v3po2vpp/src/test/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/AceIp4WriterTest.java b/v3po/v3po2vpp/src/test/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/AceIp4WriterTest.java
index 9597c1688..b454acc0b 100644
--- a/v3po/v3po2vpp/src/test/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/AceIp4WriterTest.java
+++ b/v3po/v3po2vpp/src/test/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/AceIp4WriterTest.java
@@ -64,7 +64,6 @@ public class AceIp4WriterTest {
         assertEquals(1, request.isAdd);
         assertEquals(-1, request.tableIndex);
         assertEquals(1, request.nbuckets);
-        assertEquals(-1, request.missNextIndex);
         assertEquals(nextTableIndex, request.nextTableIndex);
         assertEquals(0, request.skipNVectors);
         assertEquals(AceIp4Writer.MATCH_N_VECTORS, request.matchNVectors);
@@ -107,14 +106,14 @@ public class AceIp4WriterTest {
     @Test
     public void testCreateClassifyTable() throws Exception {
         final int nextTableIndex = 42;
-        final ClassifyAddDelTable request = writer.createClassifyTable(action, aceIp, InterfaceMode.L3, nextTableIndex, 0);
+        final ClassifyAddDelTable request = writer.createClassifyTable(aceIp, InterfaceMode.L3, nextTableIndex, 0);
         verifyTableRequest(request, nextTableIndex, 0, false);
     }
 
     @Test
     public void testCreateClassifyTableForL2Interface() throws Exception {
         final int nextTableIndex = 42;
-        final ClassifyAddDelTable request = writer.createClassifyTable(action, aceIp, InterfaceMode.L2, nextTableIndex, 0);
+        final ClassifyAddDelTable request = writer.createClassifyTable(aceIp, InterfaceMode.L2, nextTableIndex, 0);
         verifyTableRequest(request, nextTableIndex, 0, true);
     }
 
@@ -122,7 +121,7 @@ public class AceIp4WriterTest {
     public void testCreateClassifyTable1VlanTag() throws Exception {
         final int nextTableIndex = 42;
         final int vlanTags = 1;
-        final ClassifyAddDelTable request = writer.createClassifyTable(action, aceIp, InterfaceMode.L3, nextTableIndex, vlanTags);
+        final ClassifyAddDelTable request = writer.createClassifyTable(aceIp, InterfaceMode.L3, nextTableIndex, vlanTags);
         verifyTableRequest(request, nextTableIndex, vlanTags, false);
     }
 
@@ -130,7 +129,7 @@ public class AceIp4WriterTest {
     public void testCreateClassifyTable2VlanTags() throws Exception {
         final int nextTableIndex = 42;
         final int vlanTags = 2;
-        final ClassifyAddDelTable request = writer.createClassifyTable(action, aceIp, InterfaceMode.L3, nextTableIndex, vlanTags);
+        final ClassifyAddDelTable request = writer.createClassifyTable(aceIp, InterfaceMode.L3, nextTableIndex, vlanTags);
         verifyTableRequest(request, nextTableIndex, vlanTags, false);
     }
 
diff --git a/v3po/v3po2vpp/src/test/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/AceIp6WriterTest.java b/v3po/v3po2vpp/src/test/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/AceIp6WriterTest.java
index 504d502a3..6ac469f93 100644
--- a/v3po/v3po2vpp/src/test/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/AceIp6WriterTest.java
+++ b/v3po/v3po2vpp/src/test/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/AceIp6WriterTest.java
@@ -67,7 +67,6 @@ public class AceIp6WriterTest {
         assertEquals(1, request.isAdd);
         assertEquals(-1, request.tableIndex);
         assertEquals(1, request.nbuckets);
-        assertEquals(-1, request.missNextIndex);
         assertEquals(nextTableIndex, request.nextTableIndex);
         assertEquals(0, request.skipNVectors);
         assertEquals(AceIp6Writer.MATCH_N_VECTORS, request.matchNVectors);
@@ -130,7 +129,7 @@ public class AceIp6WriterTest {
     public void testCreateClassifyTable() {
         final int nextTableIndex = 42;
         final ClassifyAddDelTable request =
-            writer.createClassifyTable(action, aceIp, InterfaceMode.L3, nextTableIndex, 0);
+            writer.createClassifyTable(aceIp, InterfaceMode.L3, nextTableIndex, 0);
         verifyTableRequest(request, nextTableIndex, 0, false);
     }
 
@@ -138,7 +137,7 @@ public class AceIp6WriterTest {
     public void testCreateClassifyTableForL2Interface() {
         final int nextTableIndex = 42;
         final ClassifyAddDelTable request =
-            writer.createClassifyTable(action, aceIp, InterfaceMode.L2, nextTableIndex, 0);
+            writer.createClassifyTable(aceIp, InterfaceMode.L2, nextTableIndex, 0);
         verifyTableRequest(request, nextTableIndex, 0, true);
     }
 
@@ -147,7 +146,7 @@ public class AceIp6WriterTest {
         final int nextTableIndex = 42;
         final int vlanTags = 1;
         final ClassifyAddDelTable request =
-            writer.createClassifyTable(action, aceIp, InterfaceMode.L3, nextTableIndex, vlanTags);
+            writer.createClassifyTable(aceIp, InterfaceMode.L3, nextTableIndex, vlanTags);
         verifyTableRequest(request, nextTableIndex, vlanTags, false);
     }
 
@@ -156,7 +155,7 @@ public class AceIp6WriterTest {
         final int nextTableIndex = 42;
         final int vlanTags = 2;
         final ClassifyAddDelTable request =
-            writer.createClassifyTable(action, aceIp, InterfaceMode.L3, nextTableIndex, vlanTags);
+            writer.createClassifyTable(aceIp, InterfaceMode.L3, nextTableIndex, vlanTags);
         verifyTableRequest(request, nextTableIndex, vlanTags, false);
     }
 
diff --git a/v3po/v3po2vpp/src/test/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/IetfAclCustomizerTest.java b/v3po/v3po2vpp/src/test/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/IetfAclCustomizerTest.java
index e2c5f1c38..d25d6c329 100644
--- a/v3po/v3po2vpp/src/test/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/IetfAclCustomizerTest.java
+++ b/v3po/v3po2vpp/src/test/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/IetfAclCustomizerTest.java
@@ -17,6 +17,7 @@
 package io.fd.honeycomb.translate.v3po.interfaces.acl.ingress;
 
 import static org.mockito.Matchers.any;
+import static org.mockito.Matchers.argThat;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
 
@@ -24,6 +25,7 @@ import com.google.common.base.Optional;
 import io.fd.honeycomb.translate.vpp.util.NamingContext;
 import io.fd.honeycomb.translate.write.WriteFailedException;
 import io.fd.honeycomb.vpp.test.write.WriterCustomizerTest;
+import io.fd.vpp.jvpp.core.dto.ClassifyAddDelSession;
 import io.fd.vpp.jvpp.core.dto.ClassifyAddDelSessionReply;
 import io.fd.vpp.jvpp.core.dto.ClassifyAddDelTable;
 import io.fd.vpp.jvpp.core.dto.ClassifyAddDelTableReply;
@@ -31,15 +33,26 @@ import io.fd.vpp.jvpp.core.dto.ClassifyTableByInterface;
 import io.fd.vpp.jvpp.core.dto.ClassifyTableByInterfaceReply;
 import io.fd.vpp.jvpp.core.dto.InputAclSetInterface;
 import io.fd.vpp.jvpp.core.dto.InputAclSetInterfaceReply;
+import java.util.Arrays;
 import java.util.Collections;
+import org.hamcrest.BaseMatcher;
+import org.hamcrest.Description;
+import org.hamcrest.Matcher;
 import org.junit.Test;
+import org.mockito.InOrder;
+import org.mockito.Mockito;
 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.AclBase;
 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.EthAcl;
 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.AccessListEntriesBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.Ace;
 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.AceBuilder;
 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.ActionsBuilder;
 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.MatchesBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.actions.PacketHandling;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.actions.packet.handling.Deny;
 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.actions.packet.handling.DenyBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.actions.packet.handling.Permit;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.actions.packet.handling.PermitBuilder;
 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.matches.ace.type.AceIpBuilder;
 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.matches.ace.type.ace.ip.ace.ip.version.AceIpv6Builder;
 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.Interfaces;
@@ -58,13 +71,16 @@ public class IetfAclCustomizerTest extends WriterCustomizerTest {
     private static final String IFC_TEST_INSTANCE = "ifc-test-instance";
     private static final String IF_NAME = "local0";
     private static final int IF_INDEX = 1;
-    private static final InstanceIdentifier<Ingress> IID = InstanceIdentifier.create(Interfaces.class).child(Interface.class, new InterfaceKey(IF_NAME)).augmentation(
-        VppInterfaceAugmentation.class).child(IetfAcl.class).child(Ingress.class);
+    private static final InstanceIdentifier<Ingress> IID =
+        InstanceIdentifier.create(Interfaces.class).child(Interface.class, new InterfaceKey(IF_NAME)).augmentation(
+            VppInterfaceAugmentation.class).child(IetfAcl.class).child(Ingress.class);
     private static final String ACL_NAME = "acl1";
     private static final Class<? extends AclBase> ACL_TYPE = EthAcl.class;
 
     private IetfAclCustomizer customizer;
     private Ingress acl;
+    private int DENY = 0;
+    private int PERMIT = -1;
 
     @Override
     protected void setUp() {
@@ -88,16 +104,7 @@ public class IetfAclCustomizerTest extends WriterCustomizerTest {
         when(writeContext.readAfter(any())).thenReturn(Optional.of(
             new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.AclBuilder()
                 .setAccessListEntries(
-                    new AccessListEntriesBuilder().setAce(Collections.singletonList(
-                        new AceBuilder()
-                            .setMatches(new MatchesBuilder().setAceType(
-                                new AceIpBuilder()
-                                    .setAceIpVersion(new AceIpv6Builder().build())
-                                    .setProtocol((short)1)
-                                    .build()
-                            ).build())
-                            .setActions(new ActionsBuilder().setPacketHandling(new DenyBuilder().build()).build())
-                            .build()
+                    new AccessListEntriesBuilder().setAce(Arrays.asList(ace(permit()), ace(permit()), ace(deny())
                     )).build()
                 ).build()
 
@@ -106,9 +113,75 @@ public class IetfAclCustomizerTest extends WriterCustomizerTest {
 
         customizer.writeCurrentAttributes(IID, acl, writeContext);
 
-        verify(api).classifyAddDelTable(any());
-        verify(api).classifyAddDelSession(any());
-        verify(api).inputAclSetInterface(inputAclSetInterfaceWriteRequest());
+        final InOrder inOrder = Mockito.inOrder(api);
+        inOrder.verify(api).classifyAddDelTable(argThat(actionOnMissEquals(DENY))); // default action
+        inOrder.verify(api).classifyAddDelTable(any());
+        inOrder.verify(api).classifyAddDelSession(argThat(actionOnHitEquals(DENY))); // last deny ACE
+        inOrder.verify(api).classifyAddDelTable(any());
+        inOrder.verify(api).classifyAddDelSession(argThat(actionOnHitEquals(PERMIT)));
+        inOrder.verify(api).classifyAddDelTable(any());
+        inOrder.verify(api).classifyAddDelSession(argThat(actionOnHitEquals(PERMIT)));
+        inOrder.verify(api).inputAclSetInterface(inputAclSetInterfaceWriteRequest()); // assignment
+    }
+
+    private Matcher<ClassifyAddDelTable> actionOnMissEquals(final int action) {
+        return new BaseMatcher<ClassifyAddDelTable>() {
+            public Object item;
+
+            @Override
+            public void describeTo(final Description description) {
+                description.appendText("Expected ClassifyAddDelTable[missNextIndex=" + action + "] but was " + item);
+            }
+
+            @Override
+            public boolean matches(final Object item) {
+                this.item = item;
+                if (item instanceof ClassifyAddDelTable) {
+                    return ((ClassifyAddDelTable) item).missNextIndex == action;
+                }
+                return false;
+            }
+        };
+    }
+
+    private Matcher<ClassifyAddDelSession> actionOnHitEquals(final int action) {
+        return new BaseMatcher<ClassifyAddDelSession>() {
+            public Object item;
+
+            @Override
+            public void describeTo(final Description description) {
+                description.appendText("Expected ClassifyAddDelSession[hitNextIndex=" + action + "] but was " + item);
+            }
+
+            @Override
+            public boolean matches(final Object item) {
+                this.item = item;
+                if (item instanceof ClassifyAddDelSession) {
+                    return ((ClassifyAddDelSession) item).hitNextIndex == action;
+                }
+                return false;
+            }
+        };
+    }
+
+    private Deny deny() {
+        return new DenyBuilder().build();
+    }
+
+    private Permit permit() {
+        return new PermitBuilder().build();
+    }
+
+    private static Ace ace(final PacketHandling action) {
+        return new AceBuilder()
+            .setMatches(new MatchesBuilder().setAceType(
+                new AceIpBuilder()
+                    .setAceIpVersion(new AceIpv6Builder().build())
+                    .setProtocol((short) 1)
+                    .build()
+            ).build())
+            .setActions(new ActionsBuilder().setPacketHandling(action).build())
+            .build();
     }
 
     @Test
author	Marek Gradzki <mgradzki@cisco.com>	2016-10-07 15:26:06 +0200
committer	Marek Gradzki <mgradzki@cisco.com>	2016-10-10 13:02:31 +0000
commit	736fddd689494df2d9cd35f7b7eeb88975620537 (patch)
tree	07b6837cac44beefa19d68e4e6c0997f2e587663 /v3po/v3po2vpp/src/test/java/io/fd/honeycomb/translate/v3po
parent	e5693ace363047a353e76a46854bb69d4f47f1f9 (diff)