commit e0c02e2d023807407986faef9baa4993e75d861c
author Pengfei Lu <1990.lpf@gmail.com> Tue Jul 07 15:41:31 2015 +0800
committer Gerrit Code Review <gerrit@onlab.us> Wed Jul 08 01:05:14 2015 +0000
tree bea356aa9421538d884d68c9a956de3a440558f8
parent 7583b956187ae45c8a7c978fd6d76a760bda8e99

Add an ACL application

- change both of the constructors in AclRule.class to be private
- change AclRule.class to be final
- remove useless reference

|URL|Notes|
|-|-|
|GET onos/v1/acl | Lists all existing ACL rules.|
|GET onos/v1/acl/remove/{id} | Removes an existing ACL rule by id|
|GET onos/v1/acl/clear | Clears ACL and reset all|
|POST onos/v1/acl/add | Adds a new ACL rule|

|Key|Value|Notes|
|-|-|-|
|ipProto | string | "TCP" or "UDP" or "ICMP" (ignoring case)|
|srcIp | IPv4 address[/mask] | Either src-ip or dst-ip must be specified.|
|dstIp | IPv4 address[/mask] | Either src-ip or dst-ip must be specified.|
|dstTpPort | number | Valid when nw-proto == "TCP" or "UDP".|
|action | string | "DENY" or "ALLOW" (ignoring case), set to "DENY" if not specified.|

Change-Id: I55170d5f50814eabef43b1bf2ee33af41b5987e4

apps/acl/src/test/java/org/onos/acl/web/AclWebResourceTest.java

diff --git a/apps/acl/src/test/java/org/onos/acl/web/AclWebResourceTest.java b/apps/acl/src/test/java/org/onos/acl/web/AclWebResourceTest.java
new file mode 100644
index 0000000..bb7d805
--- /dev/null
+++ b/apps/acl/src/test/java/org/onos/acl/web/AclWebResourceTest.java
@@ -0,0 +1,133 @@
+/*
+ * Copyright 2015 Open Networking Laboratory
+ * Originally created by Pengfei Lu, Network and Cloud Computing Laboratory, Dalian University of Technology, China
+ * Advisers: Keqiu Li and Heng Qi
+ * This work is supported by the State Key Program of National Natural Science of China(Grant No. 61432002)
+ * and Prospective Research Project on Future Networks in Jiangsu Future Networks Innovation Institute.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.onos.acl.web;
+
+import com.sun.jersey.api.client.WebResource;
+import org.onos.acl.AclService;
+import org.onos.acl.AclStore;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+import org.onlab.osgi.ServiceDirectory;
+import org.onlab.rest.BaseResource;
+import org.onos.acl.AclRule;
+import org.onosproject.core.IdGenerator;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.concurrent.atomic.AtomicLong;
+
+import static org.easymock.EasyMock.*;
+import static org.hamcrest.Matchers.containsString;
+import static org.junit.Assert.assertThat;
+
+/**
+ * Test class for ACL application REST resource.
+ */
+public class AclWebResourceTest extends ResourceTest {
+
+    final AclService mockAclService = createMock(AclService.class);
+    final AclStore mockAclStore = createMock(AclStore.class);
+    final List<AclRule> rules = new ArrayList<>();
+
+    @Before
+    public void setUp() {
+        expect(mockAclService.getAclRules()).andReturn(rules).anyTimes();
+        ServiceDirectory testDirectory = new TestServiceDirectory().add(AclService.class, mockAclService)
+                .add(AclStore.class, mockAclStore);
+        BaseResource.setServiceDirectory(testDirectory);
+    }
+
+    @After
+    public void tearDown() {
+        verify(mockAclService);
+    }
+
+    /**
+     * Mock id generator for testing.
+     */
+    private class MockIdGenerator implements IdGenerator {
+        private AtomicLong nextId = new AtomicLong(0);
+
+        @Override
+        public long getNewId() {
+            return nextId.getAndIncrement();
+        }
+    }
+
+    @Test
+    public void testaddRule() throws IOException {
+        WebResource rs = resource();
+        String response;
+        String json;
+        IdGenerator idGenerator = new MockIdGenerator();
+        AclRule.bindIdGenerator(idGenerator);
+
+        replay(mockAclService);
+
+        // input a invalid JSON string that contains neither nw_src and nw_dst
+        json = "{\"ipProto\":\"TCP\",\"dstTpPort\":\"80\"}";
+        response = rs.path("add").post(String.class, json);
+        assertThat(response, containsString("Failed! Either srcIp or dstIp must be assigned."));
+
+        // input a invalid JSON string that doesn't contain CIDR mask bits
+        json = "{\"ipProto\":\"TCP\",\"srcIp\":\"10.0.0.1\",\"dstTpPort\":\"80\",\"action\":\"DENY\"}";
+        response = rs.path("add").post(String.class, json);
+        assertThat(response, containsString("Malformed IPv4 prefix string: 10.0.0.1. " +
+                                                    "Address must take form \"x.x.x.x/y\""));
+
+        // input a invalid JSON string that contains a invalid IP address
+        json = "{\"ipProto\":\"TCP\",\"srcIp\":\"10.0.0.256/32\",\"dstTpPort\":\"80\",\"action\":\"DENY\"}";
+        response = rs.path("add").post(String.class, json);
+        assertThat(response, containsString("Invalid IP address string: 10.0.0.256"));
+
+        // input a invalid JSON string that contains a invalid IP address
+        json = "{\"ipProto\":\"TCP\",\"srcIp\":\"10.0.01/32\",\"dstTpPort\":\"80\",\"action\":\"DENY\"}";
+        response = rs.path("add").post(String.class, json);
+        assertThat(response, containsString("Invalid IP address string: 10.0.01"));
+
+        // input a invalid JSON string that contains a invalid CIDR mask bits
+        json = "{\"ipProto\":\"TCP\",\"srcIp\":\"10.0.0.1/a\",\"dstTpPort\":\"80\",\"action\":\"DENY\"}";
+        response = rs.path("add").post(String.class, json);
+        assertThat(response, containsString("Failed! For input string: \"a\""));
+
+        // input a invalid JSON string that contains a invalid CIDR mask bits
+        json = "{\"ipProto\":\"TCP\",\"srcIp\":\"10.0.0.1/33\",\"dstTpPort\":\"80\",\"action\":\"DENY\"}";
+        response = rs.path("add").post(String.class, json);
+        assertThat(response, containsString("Invalid prefix length 33. The value must be in the interval [0, 32]"));
+
+        // input a invalid JSON string that contains a invalid ipProto value
+        json = "{\"ipProto\":\"ARP\",\"srcIp\":\"10.0.0.1/32\",\"dstTpPort\":\"80\",\"action\":\"DENY\"}";
+        response = rs.path("add").post(String.class, json);
+        assertThat(response, containsString("ipProto must be assigned to TCP, UDP, or ICMP."));
+
+        // input a invalid JSON string that contains a invalid dstTpPort value
+        json = "{\"ipProto\":\"TCP\",\"srcIp\":\"10.0.0.1/32\",\"dstTpPort\":\"a\",\"action\":\"DENY\"}";
+        response = rs.path("add").post(String.class, json);
+        assertThat(response, containsString("dstTpPort must be assigned to a numerical value."));
+
+        // input a invalid JSON string that contains a invalid action value
+        json = "{\"ipProto\":\"TCP\",\"srcIp\":\"10.0.0.1/32\",\"dstTpPort\":\"80\",\"action\":\"PERMIT\"}";
+        response = rs.path("add").post(String.class, json);
+        assertThat(response, containsString("action must be assigned to ALLOW or DENY."));
+    }
+}