Simon Hunt | 2ff1759 | 2017-11-08 15:34:07 -0800 | [diff] [blame] | 1 | /* |
| 2 | * Copyright 2017-present Open Networking Foundation |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
| 17 | package org.onosproject.segmentrouting; |
| 18 | |
| 19 | import com.fasterxml.jackson.databind.JsonNode; |
| 20 | import com.fasterxml.jackson.databind.ObjectMapper; |
| 21 | import org.junit.Before; |
| 22 | import org.junit.Test; |
| 23 | import org.onosproject.core.ApplicationId; |
| 24 | import org.onosproject.core.DefaultApplicationId; |
| 25 | import org.onosproject.net.ConnectPoint; |
| 26 | import org.onosproject.net.DeviceId; |
| 27 | import org.onosproject.net.PortNumber; |
| 28 | import org.onosproject.segmentrouting.PortAuthTracker.BlockState; |
| 29 | import org.onosproject.segmentrouting.config.BlockedPortsConfig; |
| 30 | import org.onosproject.segmentrouting.config.BlockedPortsConfigTest; |
| 31 | |
| 32 | import java.io.IOException; |
| 33 | import java.io.InputStream; |
| 34 | |
| 35 | import static org.junit.Assert.assertEquals; |
| 36 | import static org.junit.Assert.assertFalse; |
| 37 | import static org.junit.Assert.assertTrue; |
| 38 | import static org.onosproject.net.ConnectPoint.deviceConnectPoint; |
| 39 | import static org.onosproject.net.DeviceId.deviceId; |
| 40 | import static org.onosproject.net.PortNumber.portNumber; |
| 41 | import static org.onosproject.segmentrouting.PortAuthTracker.BlockState.AUTHENTICATED; |
| 42 | import static org.onosproject.segmentrouting.PortAuthTracker.BlockState.BLOCKED; |
| 43 | import static org.onosproject.segmentrouting.PortAuthTracker.BlockState.UNCHECKED; |
| 44 | |
| 45 | /** |
| 46 | * Unit Tests for {@link PortAuthTracker}. |
| 47 | */ |
| 48 | public class PortAuthTrackerTest { |
| 49 | private static final ApplicationId APP_ID = new DefaultApplicationId(1, "foo"); |
| 50 | private static final String KEY = "blocked"; |
| 51 | private static final ObjectMapper MAPPER = new ObjectMapper(); |
| 52 | private static final String PATH_CFG = "/blocked-ports.json"; |
| 53 | private static final String PATH_CFG_ALT = "/blocked-ports-alt.json"; |
| 54 | |
| 55 | private static final String DEV1 = "of:0000000000000001"; |
| 56 | private static final String DEV3 = "of:0000000000000003"; |
| 57 | private static final String DEV4 = "of:0000000000000004"; |
| 58 | |
| 59 | private BlockedPortsConfig cfg; |
| 60 | private AugmentedPortAuthTracker tracker; |
| 61 | |
| 62 | private void print(String s) { |
| 63 | System.out.println(s); |
| 64 | } |
| 65 | |
| 66 | private void print(Object o) { |
| 67 | print(o.toString()); |
| 68 | } |
| 69 | |
| 70 | private void print(String fmt, Object... params) { |
| 71 | print(String.format(fmt, params)); |
| 72 | } |
| 73 | |
| 74 | private void title(String s) { |
| 75 | print("=== %s ===", s); |
| 76 | } |
| 77 | |
| 78 | private BlockedPortsConfig makeConfig(String path) throws IOException { |
| 79 | InputStream blockedPortsJson = BlockedPortsConfigTest.class |
| 80 | .getResourceAsStream(path); |
| 81 | JsonNode node = MAPPER.readTree(blockedPortsJson); |
| 82 | BlockedPortsConfig cfg = new BlockedPortsConfig(); |
| 83 | cfg.init(APP_ID, KEY, node, MAPPER, null); |
| 84 | return cfg; |
| 85 | } |
| 86 | |
| 87 | ConnectPoint cp(String devId, int port) { |
| 88 | return ConnectPoint.deviceConnectPoint(devId + "/" + port); |
| 89 | } |
| 90 | |
| 91 | @Before |
| 92 | public void setUp() throws IOException { |
| 93 | cfg = makeConfig(PATH_CFG); |
| 94 | tracker = new AugmentedPortAuthTracker(); |
| 95 | } |
| 96 | |
| 97 | private void verifyPortState(String devId, int first, BlockState... states) { |
| 98 | DeviceId dev = deviceId(devId); |
| 99 | int last = first + states.length; |
| 100 | int pn = first; |
| 101 | int i = 0; |
| 102 | while (pn < last) { |
| 103 | PortNumber pnum = portNumber(pn); |
| 104 | BlockState actual = tracker.currentState(dev, pnum); |
| 105 | print("%s/%s [%s] --> %s", devId, pn, states[i], actual); |
| 106 | assertEquals("oops: " + devId + "/" + pn + "~" + actual, |
| 107 | states[i], actual); |
| 108 | pn++; |
| 109 | i++; |
| 110 | } |
| 111 | } |
| 112 | |
| 113 | @Test |
| 114 | public void basic() { |
| 115 | title("basic"); |
| 116 | print(tracker); |
| 117 | print(cfg); |
| 118 | |
| 119 | assertEquals("wrong entry count", 0, tracker.entryCount()); |
| 120 | |
| 121 | // let's assume that the net config just got loaded.. |
| 122 | tracker.configurePortBlocking(cfg); |
| 123 | assertEquals("wrong entry count", 13, tracker.entryCount()); |
| 124 | |
| 125 | verifyPortState(DEV1, 1, BLOCKED, BLOCKED, BLOCKED, BLOCKED, UNCHECKED); |
| 126 | verifyPortState(DEV1, 6, UNCHECKED, BLOCKED, BLOCKED, BLOCKED, UNCHECKED); |
| 127 | |
| 128 | verifyPortState(DEV3, 1, UNCHECKED, UNCHECKED, UNCHECKED); |
| 129 | verifyPortState(DEV3, 6, UNCHECKED, BLOCKED, BLOCKED, BLOCKED, UNCHECKED); |
| 130 | |
| 131 | verifyPortState(DEV4, 1, BLOCKED, UNCHECKED, UNCHECKED, UNCHECKED, BLOCKED); |
| 132 | } |
| 133 | |
| 134 | @Test |
| 135 | public void logonLogoff() { |
| 136 | title("logonLogoff"); |
| 137 | |
| 138 | tracker.configurePortBlocking(cfg); |
| 139 | assertEquals("wrong entry count", 13, tracker.entryCount()); |
| 140 | verifyPortState(DEV1, 1, BLOCKED, BLOCKED, BLOCKED); |
| 141 | |
| 142 | ConnectPoint cp = deviceConnectPoint(DEV1 + "/2"); |
| 143 | tracker.radiusAuthorize(cp); |
| 144 | print(""); |
| 145 | verifyPortState(DEV1, 1, BLOCKED, AUTHENTICATED, BLOCKED); |
| 146 | |
| 147 | tracker.radiusLogoff(cp); |
| 148 | print(""); |
| 149 | verifyPortState(DEV1, 1, BLOCKED, BLOCKED, BLOCKED); |
| 150 | } |
| 151 | |
| 152 | @Test |
| 153 | public void installedFlows() { |
| 154 | title("installed flows"); |
| 155 | |
| 156 | assertEquals(0, tracker.installed.size()); |
| 157 | tracker.configurePortBlocking(cfg); |
| 158 | assertEquals(13, tracker.installed.size()); |
| 159 | |
| 160 | assertTrue(tracker.installed.contains(cp(DEV1, 1))); |
| 161 | assertTrue(tracker.installed.contains(cp(DEV3, 7))); |
| 162 | assertTrue(tracker.installed.contains(cp(DEV4, 5))); |
| 163 | } |
| 164 | |
| 165 | @Test |
| 166 | public void flowsLogonLogoff() { |
| 167 | title("flows logon logoff"); |
| 168 | |
| 169 | tracker.configurePortBlocking(cfg); |
| 170 | |
| 171 | // let's pick a connect point from the configuration |
| 172 | ConnectPoint cp = cp(DEV4, 5); |
| 173 | |
| 174 | assertTrue(tracker.installed.contains(cp)); |
| 175 | assertEquals(0, tracker.cleared.size()); |
| 176 | |
| 177 | tracker.resetMetrics(); |
| 178 | tracker.radiusAuthorize(cp); |
| 179 | // verify we requested the blocking flow to be cleared |
| 180 | assertTrue(tracker.cleared.contains(cp)); |
| 181 | |
| 182 | tracker.resetMetrics(); |
| 183 | assertEquals(0, tracker.installed.size()); |
| 184 | tracker.radiusLogoff(cp); |
| 185 | // verify we requested the blocking flow to be reinstated |
| 186 | assertTrue(tracker.installed.contains(cp)); |
| 187 | } |
| 188 | |
| 189 | @Test |
| 190 | public void uncheckedPortIgnored() { |
| 191 | title("unchecked port ignored"); |
| 192 | |
| 193 | tracker.configurePortBlocking(cfg); |
| 194 | tracker.resetMetrics(); |
| 195 | |
| 196 | // let's pick a connect point NOT in the configuration |
| 197 | ConnectPoint cp = cp(DEV4, 2); |
| 198 | assertEquals(BlockState.UNCHECKED, tracker.currentState(cp)); |
| 199 | |
| 200 | assertEquals(0, tracker.installed.size()); |
| 201 | assertEquals(0, tracker.cleared.size()); |
| 202 | tracker.radiusAuthorize(cp); |
| 203 | assertEquals(0, tracker.installed.size()); |
| 204 | assertEquals(0, tracker.cleared.size()); |
| 205 | tracker.radiusLogoff(cp); |
| 206 | assertEquals(0, tracker.installed.size()); |
| 207 | assertEquals(0, tracker.cleared.size()); |
| 208 | } |
| 209 | |
| 210 | @Test |
| 211 | public void reconfiguration() throws IOException { |
| 212 | title("reconfiguration"); |
| 213 | |
| 214 | /* see 'blocked-ports.json' and 'blocked-ports-alt.json' |
| 215 | |
| 216 | cfg: "1": ["1-4", "7-9"], |
| 217 | "3": ["7-9"], |
| 218 | "4": ["1", "5", "9"] |
| 219 | |
| 220 | alt: "1": ["1-9"], |
| 221 | "3": ["7"], |
| 222 | "4": ["1"] |
| 223 | */ |
| 224 | tracker.configurePortBlocking(cfg); |
| 225 | // dev1: ports 5 and 6 are NOT configured in the original CFG |
| 226 | assertFalse(tracker.installed.contains(cp(DEV1, 5))); |
| 227 | assertFalse(tracker.installed.contains(cp(DEV1, 6))); |
| 228 | |
| 229 | tracker.resetMetrics(); |
| 230 | assertEquals(0, tracker.installed.size()); |
| 231 | assertEquals(0, tracker.cleared.size()); |
| 232 | |
| 233 | BlockedPortsConfig alt = makeConfig(PATH_CFG_ALT); |
| 234 | tracker.configurePortBlocking(alt); |
| 235 | |
| 236 | // dev1: ports 5 and 6 ARE configured in the alternate CFG |
| 237 | assertTrue(tracker.installed.contains(cp(DEV1, 5))); |
| 238 | assertTrue(tracker.installed.contains(cp(DEV1, 6))); |
| 239 | |
| 240 | // also, check for the ports that were decommissioned |
| 241 | assertTrue(tracker.cleared.contains(cp(DEV3, 8))); |
| 242 | assertTrue(tracker.cleared.contains(cp(DEV3, 9))); |
| 243 | assertTrue(tracker.cleared.contains(cp(DEV4, 5))); |
| 244 | assertTrue(tracker.cleared.contains(cp(DEV4, 9))); |
| 245 | } |
| 246 | } |