From 736fddd689494df2d9cd35f7b7eeb88975620537 Mon Sep 17 00:00:00 2001
From: Marek Gradzki <mgradzki@cisco.com>
Date: Fri, 7 Oct 2016 15:26:06 +0200
Subject: HONEYCOMB-246: allow mixing deny/permit rules

- adds classify table on the end of each of the 3 chains to enforce ordering
- updates v3po.yang with default-action leaf
- updates postman collection

Change-Id: If54abec1a6516eaf87aae0e5da9382a6e5dee1f3
Signed-off-by: Marek Gradzki <mgradzki@cisco.com>
---
 .../acl/ingress/IetfAclCustomizerTest.java         | 103 ++++++++++++++++++---
 1 file changed, 88 insertions(+), 15 deletions(-)

(limited to 'v3po/v3po2vpp/src/test/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/IetfAclCustomizerTest.java')

diff --git a/v3po/v3po2vpp/src/test/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/IetfAclCustomizerTest.java b/v3po/v3po2vpp/src/test/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/IetfAclCustomizerTest.java
index e2c5f1c38..d25d6c329 100644
--- a/v3po/v3po2vpp/src/test/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/IetfAclCustomizerTest.java
+++ b/v3po/v3po2vpp/src/test/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/IetfAclCustomizerTest.java
@@ -17,6 +17,7 @@
 package io.fd.honeycomb.translate.v3po.interfaces.acl.ingress;
 
 import static org.mockito.Matchers.any;
+import static org.mockito.Matchers.argThat;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
 
@@ -24,6 +25,7 @@ import com.google.common.base.Optional;
 import io.fd.honeycomb.translate.vpp.util.NamingContext;
 import io.fd.honeycomb.translate.write.WriteFailedException;
 import io.fd.honeycomb.vpp.test.write.WriterCustomizerTest;
+import io.fd.vpp.jvpp.core.dto.ClassifyAddDelSession;
 import io.fd.vpp.jvpp.core.dto.ClassifyAddDelSessionReply;
 import io.fd.vpp.jvpp.core.dto.ClassifyAddDelTable;
 import io.fd.vpp.jvpp.core.dto.ClassifyAddDelTableReply;
@@ -31,15 +33,26 @@ import io.fd.vpp.jvpp.core.dto.ClassifyTableByInterface;
 import io.fd.vpp.jvpp.core.dto.ClassifyTableByInterfaceReply;
 import io.fd.vpp.jvpp.core.dto.InputAclSetInterface;
 import io.fd.vpp.jvpp.core.dto.InputAclSetInterfaceReply;
+import java.util.Arrays;
 import java.util.Collections;
+import org.hamcrest.BaseMatcher;
+import org.hamcrest.Description;
+import org.hamcrest.Matcher;
 import org.junit.Test;
+import org.mockito.InOrder;
+import org.mockito.Mockito;
 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.AclBase;
 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.EthAcl;
 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.AccessListEntriesBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.Ace;
 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.AceBuilder;
 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.ActionsBuilder;
 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.MatchesBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.actions.PacketHandling;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.actions.packet.handling.Deny;
 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.actions.packet.handling.DenyBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.actions.packet.handling.Permit;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.actions.packet.handling.PermitBuilder;
 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.matches.ace.type.AceIpBuilder;
 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.matches.ace.type.ace.ip.ace.ip.version.AceIpv6Builder;
 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.Interfaces;
@@ -58,13 +71,16 @@ public class IetfAclCustomizerTest extends WriterCustomizerTest {
     private static final String IFC_TEST_INSTANCE = "ifc-test-instance";
     private static final String IF_NAME = "local0";
     private static final int IF_INDEX = 1;
-    private static final InstanceIdentifier<Ingress> IID = InstanceIdentifier.create(Interfaces.class).child(Interface.class, new InterfaceKey(IF_NAME)).augmentation(
-        VppInterfaceAugmentation.class).child(IetfAcl.class).child(Ingress.class);
+    private static final InstanceIdentifier<Ingress> IID =
+        InstanceIdentifier.create(Interfaces.class).child(Interface.class, new InterfaceKey(IF_NAME)).augmentation(
+            VppInterfaceAugmentation.class).child(IetfAcl.class).child(Ingress.class);
     private static final String ACL_NAME = "acl1";
     private static final Class<? extends AclBase> ACL_TYPE = EthAcl.class;
 
     private IetfAclCustomizer customizer;
     private Ingress acl;
+    private int DENY = 0;
+    private int PERMIT = -1;
 
     @Override
     protected void setUp() {
@@ -88,16 +104,7 @@ public class IetfAclCustomizerTest extends WriterCustomizerTest {
         when(writeContext.readAfter(any())).thenReturn(Optional.of(
             new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.AclBuilder()
                 .setAccessListEntries(
-                    new AccessListEntriesBuilder().setAce(Collections.singletonList(
-                        new AceBuilder()
-                            .setMatches(new MatchesBuilder().setAceType(
-                                new AceIpBuilder()
-                                    .setAceIpVersion(new AceIpv6Builder().build())
-                                    .setProtocol((short)1)
-                                    .build()
-                            ).build())
-                            .setActions(new ActionsBuilder().setPacketHandling(new DenyBuilder().build()).build())
-                            .build()
+                    new AccessListEntriesBuilder().setAce(Arrays.asList(ace(permit()), ace(permit()), ace(deny())
                     )).build()
                 ).build()
 
@@ -106,9 +113,75 @@ public class IetfAclCustomizerTest extends WriterCustomizerTest {
 
         customizer.writeCurrentAttributes(IID, acl, writeContext);
 
-        verify(api).classifyAddDelTable(any());
-        verify(api).classifyAddDelSession(any());
-        verify(api).inputAclSetInterface(inputAclSetInterfaceWriteRequest());
+        final InOrder inOrder = Mockito.inOrder(api);
+        inOrder.verify(api).classifyAddDelTable(argThat(actionOnMissEquals(DENY))); // default action
+        inOrder.verify(api).classifyAddDelTable(any());
+        inOrder.verify(api).classifyAddDelSession(argThat(actionOnHitEquals(DENY))); // last deny ACE
+        inOrder.verify(api).classifyAddDelTable(any());
+        inOrder.verify(api).classifyAddDelSession(argThat(actionOnHitEquals(PERMIT)));
+        inOrder.verify(api).classifyAddDelTable(any());
+        inOrder.verify(api).classifyAddDelSession(argThat(actionOnHitEquals(PERMIT)));
+        inOrder.verify(api).inputAclSetInterface(inputAclSetInterfaceWriteRequest()); // assignment
+    }
+
+    private Matcher<ClassifyAddDelTable> actionOnMissEquals(final int action) {
+        return new BaseMatcher<ClassifyAddDelTable>() {
+            public Object item;
+
+            @Override
+            public void describeTo(final Description description) {
+                description.appendText("Expected ClassifyAddDelTable[missNextIndex=" + action + "] but was " + item);
+            }
+
+            @Override
+            public boolean matches(final Object item) {
+                this.item = item;
+                if (item instanceof ClassifyAddDelTable) {
+                    return ((ClassifyAddDelTable) item).missNextIndex == action;
+                }
+                return false;
+            }
+        };
+    }
+
+    private Matcher<ClassifyAddDelSession> actionOnHitEquals(final int action) {
+        return new BaseMatcher<ClassifyAddDelSession>() {
+            public Object item;
+
+            @Override
+            public void describeTo(final Description description) {
+                description.appendText("Expected ClassifyAddDelSession[hitNextIndex=" + action + "] but was " + item);
+            }
+
+            @Override
+            public boolean matches(final Object item) {
+                this.item = item;
+                if (item instanceof ClassifyAddDelSession) {
+                    return ((ClassifyAddDelSession) item).hitNextIndex == action;
+                }
+                return false;
+            }
+        };
+    }
+
+    private Deny deny() {
+        return new DenyBuilder().build();
+    }
+
+    private Permit permit() {
+        return new PermitBuilder().build();
+    }
+
+    private static Ace ace(final PacketHandling action) {
+        return new AceBuilder()
+            .setMatches(new MatchesBuilder().setAceType(
+                new AceIpBuilder()
+                    .setAceIpVersion(new AceIpv6Builder().build())
+                    .setProtocol((short) 1)
+                    .build()
+            ).build())
+            .setActions(new ActionsBuilder().setPacketHandling(action).build())
+            .build();
     }
 
     @Test
-- 
cgit 1.2.3-korg