From 46ec307ffe7eed24cec07ca39272580a2ebe9dfd Mon Sep 17 00:00:00 2001 From: Pearl Dsilva Date: Wed, 13 Dec 2023 10:37:16 -0500 Subject: [PATCH] NSX: Add unit tests --- .../java/com/cloud/network/vpc/VpcVO.java | 12 + .../cloudstack/resource/NsxResourceTest.java | 59 ++++ .../cloudstack/service/NsxElementTest.java | 301 +++++++++++++++++- 3 files changed, 368 insertions(+), 4 deletions(-) diff --git a/engine/schema/src/main/java/com/cloud/network/vpc/VpcVO.java b/engine/schema/src/main/java/com/cloud/network/vpc/VpcVO.java index c2024e06c51..c553efe42c8 100644 --- a/engine/schema/src/main/java/com/cloud/network/vpc/VpcVO.java +++ b/engine/schema/src/main/java/com/cloud/network/vpc/VpcVO.java @@ -139,6 +139,10 @@ public class VpcVO implements Vpc { return id; } + public void setId(long id) { + this.id = id; + } + @Override public String getUuid() { return uuid; @@ -164,11 +168,19 @@ public class VpcVO implements Vpc { return domainId; } + public void setDomainId(long domainId) { + this.domainId = domainId; + } + @Override public long getAccountId() { return accountId; } + public void setAccountId(long accountId) { + this.accountId = accountId; + } + @Override public State getState() { return state; diff --git a/plugins/network-elements/nsx/src/test/java/org/apache/cloudstack/resource/NsxResourceTest.java b/plugins/network-elements/nsx/src/test/java/org/apache/cloudstack/resource/NsxResourceTest.java index 9bc2dfb48e2..e47da0ce9e6 100644 --- a/plugins/network-elements/nsx/src/test/java/org/apache/cloudstack/resource/NsxResourceTest.java +++ b/plugins/network-elements/nsx/src/test/java/org/apache/cloudstack/resource/NsxResourceTest.java @@ -25,8 +25,14 @@ import com.vmware.nsx_policy.model.Site; import com.vmware.nsx_policy.model.SiteListResult; import junit.framework.Assert; import org.apache.cloudstack.NsxAnswer; +import org.apache.cloudstack.agent.api.CreateNsxDistributedFirewallRulesCommand; +import org.apache.cloudstack.agent.api.CreateNsxLoadBalancerRuleCommand; +import org.apache.cloudstack.agent.api.CreateNsxPortForwardRuleCommand; import org.apache.cloudstack.agent.api.CreateNsxSegmentCommand; +import org.apache.cloudstack.agent.api.CreateNsxStaticNatCommand; import org.apache.cloudstack.agent.api.CreateNsxTier1GatewayCommand; +import org.apache.cloudstack.agent.api.DeleteNsxDistributedFirewallRulesCommand; +import org.apache.cloudstack.agent.api.DeleteNsxNatRuleCommand; import org.apache.cloudstack.agent.api.DeleteNsxSegmentCommand; import org.apache.cloudstack.agent.api.DeleteNsxTier1GatewayCommand; import org.apache.cloudstack.agent.api.NsxCommand; @@ -160,4 +166,57 @@ public class NsxResourceTest { NsxAnswer answer = (NsxAnswer) nsxResource.executeRequest(command); assertTrue(answer.getResult()); } + + @Test + public void testCreateStaticNat() { + CreateNsxStaticNatCommand cmd = new CreateNsxStaticNatCommand(1L, 1L, 1L, 3L, "VPC01", true, 2L, "10.1.12.10", "172.30.20.12"); + NsxAnswer answer = (NsxAnswer) nsxResource.executeRequest(cmd); + assertTrue(answer.getResult()); + } + + @Test + public void testCreatePortForwardRule() { + CreateNsxPortForwardRuleCommand cmd = new CreateNsxPortForwardRuleCommand(1L, 1L, 1L, 3L, "VPC01", true, 2L, 5L, "10.1.12.10", "172.30.20.12", "2222", "22", "tcp"); + NsxAnswer answer = (NsxAnswer) nsxResource.executeRequest(cmd); + assertTrue(answer.getResult()); + } + + @Test + public void testDeleteNsxNatRule() { + DeleteNsxNatRuleCommand cmd = new DeleteNsxNatRuleCommand(1L, 1L, 1L, 3L, "VPC01", true, 2L, 5L, "22", "tcp"); + NsxAnswer answer = (NsxAnswer) nsxResource.executeRequest(cmd); + assertTrue(answer.getResult()); + } + + @Test + public void testCreateNsxLoadBalancerRule() { + List loadBalancerMembers = List.of(new NsxLoadBalancerMember( + 1L, "172.30.20.12", 6443 + )); + CreateNsxLoadBalancerRuleCommand cmd = new CreateNsxLoadBalancerRuleCommand(1L, 1L, 1L, + 3L, "VPC01", true, loadBalancerMembers, 1L, "6443", "6443", "RoundRobin", "TCP"); + NsxAnswer answer = (NsxAnswer) nsxResource.executeRequest(cmd); + assertTrue(answer.getResult()); + } + + + @Test + public void testCreateNsxDistributedFirewallRule() { + List networkRules = List.of(new NsxNetworkRule()); + CreateNsxDistributedFirewallRulesCommand cmd = new CreateNsxDistributedFirewallRulesCommand(1L, 1L, 1L, + 3L, 1L, networkRules); + NsxAnswer answer = (NsxAnswer) nsxResource.executeRequest(cmd); + assertTrue(answer.getResult()); + } + + @Test + public void testDeleteNsxDistributedFirewallRule() { + List networkRules = List.of(new NsxNetworkRule()); + DeleteNsxDistributedFirewallRulesCommand cmd = new DeleteNsxDistributedFirewallRulesCommand(1L, 1L, 1L, + 3L, 1L, networkRules); + NsxAnswer answer = (NsxAnswer) nsxResource.executeRequest(cmd); + assertTrue(answer.getResult()); + } + + } diff --git a/plugins/network-elements/nsx/src/test/java/org/apache/cloudstack/service/NsxElementTest.java b/plugins/network-elements/nsx/src/test/java/org/apache/cloudstack/service/NsxElementTest.java index e614421954d..13f31de415e 100644 --- a/plugins/network-elements/nsx/src/test/java/org/apache/cloudstack/service/NsxElementTest.java +++ b/plugins/network-elements/nsx/src/test/java/org/apache/cloudstack/service/NsxElementTest.java @@ -16,6 +16,7 @@ // under the License. package org.apache.cloudstack.service; +import com.cloud.api.ApiDBUtils; import com.cloud.dc.DataCenterVO; import com.cloud.dc.dao.DataCenterDao; import com.cloud.deploy.DeployDestination; @@ -23,31 +24,61 @@ import com.cloud.domain.DomainVO; import com.cloud.domain.dao.DomainDao; import com.cloud.exception.InsufficientCapacityException; import com.cloud.exception.ResourceUnavailableException; +import com.cloud.hypervisor.Hypervisor; +import com.cloud.network.Network; import com.cloud.network.NetworkModel; import com.cloud.network.Networks; +import com.cloud.network.dao.IPAddressDao; +import com.cloud.network.dao.IPAddressVO; +import com.cloud.network.dao.LoadBalancerVMMapDao; +import com.cloud.network.dao.LoadBalancerVMMapVO; +import com.cloud.network.dao.LoadBalancerVO; import com.cloud.network.dao.NetworkDao; +import com.cloud.network.dao.NetworkVO; import com.cloud.network.dao.PhysicalNetworkDao; import com.cloud.network.dao.PhysicalNetworkVO; +import com.cloud.network.lb.LoadBalancingRule; +import com.cloud.network.rules.FirewallRule; +import com.cloud.network.rules.FirewallRuleVO; +import com.cloud.network.rules.LoadBalancer; +import com.cloud.network.rules.PortForwardingRule; +import com.cloud.network.rules.PortForwardingRuleVO; +import com.cloud.network.rules.StaticNatImpl; import com.cloud.network.vpc.NetworkACLItem; +import com.cloud.network.vpc.NetworkACLItemVO; import com.cloud.network.vpc.Vpc; +import com.cloud.network.vpc.VpcVO; +import com.cloud.network.vpc.dao.VpcDao; import com.cloud.network.vpc.dao.VpcOfferingServiceMapDao; import com.cloud.resource.ResourceManager; import com.cloud.user.Account; import com.cloud.user.AccountManager; +import com.cloud.utils.Pair; +import com.cloud.utils.Utils; +import com.cloud.utils.net.Ip; +import com.cloud.vm.NicVO; import com.cloud.vm.ReservationContext; +import com.cloud.vm.VMInstanceVO; +import com.cloud.vm.VirtualMachine; +import com.cloud.vm.dao.UserVmDao; +import com.cloud.vm.dao.VMInstanceDao; +import org.apache.cloudstack.acl.ControlledEntity; import org.apache.cloudstack.resource.NsxNetworkRule; import org.junit.Assert; import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; import org.mockito.Mock; +import org.mockito.Mockito; import org.mockito.junit.MockitoJUnitRunner; +import java.lang.reflect.Field; +import java.lang.reflect.InvocationTargetException; +import java.lang.reflect.Method; import java.util.List; -import static org.junit.Assert.assertTrue; -import static org.mockito.ArgumentMatchers.anyString; -import static org.mockito.ArgumentMatchers.anyLong; +import static org.junit.Assert.*; +import static org.mockito.ArgumentMatchers.*; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.when; @@ -79,7 +110,17 @@ public class NsxElementTest { @Mock DomainVO domain; @Mock + IPAddressDao ipAddressDao; + @Mock + VMInstanceDao vmInstanceDao; + @Mock + VpcDao vpcDao; + @Mock + UserVmDao userVmDao; + @Mock private VpcOfferingServiceMapDao vpcOfferingServiceMapDao; + @Mock + LoadBalancerVMMapDao lbVmMapDao; NsxElement nsxElement; ReservationContext reservationContext; @@ -88,7 +129,7 @@ public class NsxElementTest { DomainDao domainDao; @Before - public void setup() { + public void setup() throws NoSuchFieldException, IllegalAccessException { nsxElement = new NsxElement(); nsxElement.dataCenterDao = dataCenterDao; @@ -100,6 +141,18 @@ public class NsxElementTest { nsxElement.domainDao = domainDao; nsxElement.networkModel = networkModel; nsxElement.vpcOfferingServiceMapDao = vpcOfferingServiceMapDao; + nsxElement.ipAddressDao = ipAddressDao; + nsxElement.vmInstanceDao = vmInstanceDao; + nsxElement.vpcDao = vpcDao; + nsxElement.lbVmMapDao = lbVmMapDao; + + Field field = ApiDBUtils.class.getDeclaredField("s_ipAddressDao"); + field.setAccessible(true); + field.set(null, ipAddressDao); + + field = ApiDBUtils.class.getDeclaredField("s_userVmDao"); + field.setAccessible(true); + field.set(null, userVmDao); reservationContext = mock(ReservationContext.class); deployDestination = mock(DeployDestination.class); @@ -152,4 +205,244 @@ public class NsxElementTest { Assert.assertEquals("ANY", values.get(0)); } + @Test + public void testCanHandleService() { + when(networkModel.isProviderForNetwork(any(Network.Provider.class), anyLong())).thenReturn(true); + + Network.Service service = new Network.Service("service1", new Network.Capability("capability")); + NetworkVO network = new NetworkVO(); + network.setName("network1"); + assertTrue(nsxElement.canHandle(network, service)); + } + + @Test + public void testApplyStaticNatRules() throws ResourceUnavailableException { + StaticNatImpl rule = new StaticNatImpl(1L , 1L, 3L, 7L, "172.30.10.15", false); + NetworkVO networkVO = new NetworkVO(1L, Networks.TrafficType.Public, Networks.Mode.Static, + Networks.BroadcastDomainType.NSX, 12L, 2L, 5L, 1L, "network1", + "network1", null, Network.GuestType.Isolated, 2L, 2L, + ControlledEntity.ACLType.Domain, false, 1L, false ); + + Ip ip = new Ip("10.1.13.15"); + IPAddressVO ipAddress = new IPAddressVO(ip, 2L, 0xaabbccddeeffL, 3L, false); + ipAddress.setAssociatedWithVmId(10L); + + VMInstanceVO vm = new VMInstanceVO(10L, 9L, "vm1", "i-5-10-VM" , VirtualMachine.Type.User, + 18L, Hypervisor.HypervisorType.VMware, 26L, + 2L, 5L, 6L, false, false); + + NicVO nic = Mockito.mock(NicVO.class); + VpcVO vpc = new VpcVO(); + vpc.setId(1L); + vpc.setName("vpc1"); + + when(ipAddressDao.findByIdIncludingRemoved(anyLong())).thenReturn(ipAddress); + when(vmInstanceDao.findByIdIncludingRemoved(anyLong())).thenReturn(vm); + when(networkModel.getNicInNetworkIncludingRemoved(anyLong(), anyLong())).thenReturn(nic); + when(vpcDao.findById(anyLong())).thenReturn(vpc); + when(nsxService.createStaticNatRule(anyLong(), anyLong(), anyLong(), anyLong(), anyString(), anyBoolean(), anyLong(), anyString(), anyString())).thenReturn(true); + + assertTrue(nsxElement.applyStaticNats(networkVO, List.of(rule))); + } + + @Test + public void testApplyPFRules() throws ResourceUnavailableException { + NetworkVO networkVO = new NetworkVO(1L, Networks.TrafficType.Public, Networks.Mode.Static, + Networks.BroadcastDomainType.NSX, 12L, 2L, 5L, 1L, "network1", + "network1", null, Network.GuestType.Isolated, 2L, 2L, + ControlledEntity.ACLType.Domain, false, 1L, false ); + PortForwardingRule rule = new PortForwardingRuleVO("1", 11L, 80, 90, new Ip("172.30.10.11"), 8080, 8090, "tcp", 12L, + 5L, 2L, 15L); + Network.Service service = new Network.Service("service1", new Network.Capability("capability")); + + when(nsxElement.canHandle(networkVO, service)).thenReturn(true); + assertTrue(nsxElement.applyPFRules(networkVO, List.of(rule))); + } + + @Test + public void testGetVpcOrNetworkReturnsVpcIfVpcIdPresent() { + VpcVO vpc = new VpcVO(); + when(vpcDao.findById(anyLong())).thenReturn(vpc); + + Pair vpcNetworkPair = nsxElement.getVpcOrNetwork(1L, 1L); + assertNotNull(vpcNetworkPair.first()); + assertNull(vpcNetworkPair.second()); + } + + @Test + public void testGetVpcOrNetworkReturnsNetworkIfVpcIdNotPresent() { + NetworkVO network = new NetworkVO(); + when(networkDao.findById(anyLong())).thenReturn(network); + + Pair vpcNetworkPair = nsxElement.getVpcOrNetwork(null, 1L); + assertNull(vpcNetworkPair.first()); + assertNotNull(vpcNetworkPair.second()); + } + + private Method getPublicPortRangeMethod() throws NoSuchMethodException { + Method method = NsxElement.class.getDeclaredMethod("getPublicPortRange", PortForwardingRule.class); + method.setAccessible(true); + return method; + } + + private Method getPrivatePFPortRangeMethod() throws NoSuchMethodException { + Method method = NsxElement.class.getDeclaredMethod("getPrivatePFPortRange", PortForwardingRule.class); + method.setAccessible(true); + return method; + } + + private Method getPrivatePortRangeMethod() throws NoSuchMethodException { + Method method = NsxElement.class.getDeclaredMethod("getPrivatePortRange", FirewallRule.class); + method.setAccessible(true); + return method; + } + + private Method getPrivatePortRangeForACLRuleMethod() throws NoSuchMethodException { + Method method = NsxElement.class.getDeclaredMethod("getPrivatePortRangeForACLRule", NetworkACLItem.class); + method.setAccessible(true); + return method; + } + + @Test + public void testGetPublicPortRangeWhenStartAndEndPortNumbersAreDifferent() throws NoSuchMethodException, InvocationTargetException, IllegalAccessException { + PortForwardingRule rule = new PortForwardingRuleVO("1", 11L, 80, 90, new Ip("172.30.10.11"), 8080, 8090, "tcp", 12L, + 5L, 2L, 15L); + assertEquals("80-90", getPublicPortRangeMethod().invoke(null, rule)); + } + + @Test + public void testGetPublicPortRangeWhenStartAndEndPortNumbersAreSame() throws NoSuchMethodException, InvocationTargetException, IllegalAccessException { + PortForwardingRule rule = new PortForwardingRuleVO("1", 11L, 80, 80, new Ip("172.30.10.11"), 8080, 8080, "tcp", 12L, + 5L, 2L, 15L); + assertEquals("80", getPublicPortRangeMethod().invoke(null, rule)); + } + + @Test + public void testGetPrivatePFPortRangeWhenStartAndEndPortNumbersAreDifferent() throws NoSuchMethodException, InvocationTargetException, IllegalAccessException { + PortForwardingRule rule = new PortForwardingRuleVO("1", 11L, 80, 90, new Ip("172.30.10.11"), 8080, 8090, "tcp", 12L, + 5L, 2L, 15L); + assertEquals("8080-8090", getPrivatePFPortRangeMethod().invoke(null, rule)); + } + + @Test + public void testGetPrivatePFPortRangeWhenStartAndEndPortNumbersAreSame() throws NoSuchMethodException, InvocationTargetException, IllegalAccessException { + PortForwardingRule rule = new PortForwardingRuleVO("1", 11L, 80, 80, new Ip("172.30.10.11"), 8080, 8080, "tcp", 12L, + 5L, 2L, 15L); + assertEquals("8080", getPrivatePFPortRangeMethod().invoke(null, rule)); + } + + @Test + public void testGetPrivatePortRangeWhenStartAndEndPortNumbersAreSame() throws NoSuchMethodException, InvocationTargetException, IllegalAccessException { + FirewallRuleVO rule = new FirewallRuleVO("1", 11L, 80, 80, "tcp", 23L, 5L, 2L, + FirewallRule.Purpose.Firewall, List.of("172.30.10.0/24"), null, null, null, null, FirewallRule.TrafficType.Egress, FirewallRule.FirewallRuleType.User); + assertEquals("80", getPrivatePortRangeMethod().invoke(null, rule)); + } + + @Test + public void testGetPrivatePortRangeWhenStartAndEndPortNumbersAreDifferent() throws NoSuchMethodException, InvocationTargetException, IllegalAccessException { + FirewallRuleVO rule = new FirewallRuleVO("1", 11L, 80, 90, "tcp", 23L, 5L, 2L, + FirewallRule.Purpose.Firewall, List.of("172.30.10.0/24"), null, null, null, null, FirewallRule.TrafficType.Egress, FirewallRule.FirewallRuleType.User); + assertEquals("80-90", getPrivatePortRangeMethod().invoke(null, rule)); + } + + @Test + public void testGetPrivatePortRangeForACLWhenStartAndEndPortNumbersAreSame() throws NoSuchMethodException, InvocationTargetException, IllegalAccessException { + NetworkACLItem rule = new NetworkACLItemVO(80, 80, "udp", 10L, List.of("172.30.10.0/24"), null, null, NetworkACLItem.TrafficType.Ingress, NetworkACLItem.Action.Allow, + 2, null); + assertEquals("80", getPrivatePortRangeForACLRuleMethod().invoke(null, rule)); + } + + @Test + public void testGetPrivatePortRangeForACLWhenStartAndEndPortNumbersAreDifferent() throws NoSuchMethodException, InvocationTargetException, IllegalAccessException { + NetworkACLItem rule = new NetworkACLItemVO(80, 90, "udp", 10L, List.of("172.30.10.0/24"), null, null, NetworkACLItem.TrafficType.Ingress, NetworkACLItem.Action.Allow, + 2, null); + assertEquals("80-90", getPrivatePortRangeForACLRuleMethod().invoke(null, rule)); + } + + @Test + public void testApplyLBRules() throws ResourceUnavailableException { + NetworkVO networkVO = new NetworkVO(1L, Networks.TrafficType.Public, Networks.Mode.Static, + Networks.BroadcastDomainType.NSX, 12L, 2L, 5L, 1L, "network1", + "network1", null, Network.GuestType.Isolated, 2L, 2L, + ControlledEntity.ACLType.Domain, false, 1L, false ); + LoadBalancerVO lb = new LoadBalancerVO(null, null, null, 0L, 8080, 8081, null, 0L, 0L, 1L, null, null); + LoadBalancingRule.LbDestination destination = new LoadBalancingRule.LbDestination(6443, 6443, "172.30.110.11", false); + LoadBalancingRule rule = new LoadBalancingRule(lb, List.of(destination), null, null, new Ip("10.1.13.10")); + + LoadBalancerVMMapVO lbVmMap = new LoadBalancerVMMapVO(1L, 21L); + + VpcVO vpc = new VpcVO(); + vpc.setDomainId(2L); + vpc.setAccountId(5L); + + IPAddressVO ipAddress = new IPAddressVO(new Ip("10.1.13.10"), 1L, 1L, 1L,false); + when(vpcDao.findById(anyLong())).thenReturn(vpc); + when(ipAddressDao.findByIpAndDcId(anyLong(), anyString())).thenReturn(ipAddress); + + assertTrue(nsxElement.applyLBRules(networkVO, List.of(rule))); + } + + @Test + public void testApplyNetworkAclRules() throws ResourceUnavailableException { + NetworkVO networkVO = new NetworkVO(1L, Networks.TrafficType.Public, Networks.Mode.Static, + Networks.BroadcastDomainType.NSX, 12L, 2L, 5L, 1L, "network1", + "network1", null, Network.GuestType.Isolated, 2L, 2L, + ControlledEntity.ACLType.Domain, false, 1L, false ); + NetworkACLItem rule = new NetworkACLItemVO(80, 80, "udp", 10L, List.of("172.30.10.0/24"), null, null, NetworkACLItem.TrafficType.Ingress, NetworkACLItem.Action.Allow, + 2, null); + Network.Service service = new Network.Service("service1", new Network.Capability("capability")); + + when(nsxElement.canHandle(networkVO, service)).thenReturn(true); + when(nsxService.addFirewallRules(any(Network.class), any(List.class))).thenReturn(true); + assertTrue(nsxElement.applyNetworkACLs(networkVO, List.of(rule))); + } + + @Test + public void testDeleteNetworkAclRules() throws ResourceUnavailableException { + NetworkVO networkVO = new NetworkVO(1L, Networks.TrafficType.Public, Networks.Mode.Static, + Networks.BroadcastDomainType.NSX, 12L, 2L, 5L, 1L, "network1", + "network1", null, Network.GuestType.Isolated, 2L, 2L, + ControlledEntity.ACLType.Domain, false, 1L, false ); + NetworkACLItemVO rule = new NetworkACLItemVO(80, 80, "udp", 10L, List.of("172.30.10.0/24"), null, null, NetworkACLItem.TrafficType.Ingress, NetworkACLItem.Action.Allow, + 2, null); + rule.setState(NetworkACLItem.State.Revoke); + Network.Service service = new Network.Service("service1", new Network.Capability("capability")); + + when(nsxElement.canHandle(networkVO, service)).thenReturn(true); + when(nsxService.deleteFirewallRules(any(Network.class), any(List.class))).thenReturn(true); + when(nsxService.addFirewallRules(any(Network.class), any(List.class))).thenReturn(true); + assertTrue(nsxElement.applyNetworkACLs(networkVO, List.of(rule))); + } + + @Test + public void testApplyFirewallRules() throws ResourceUnavailableException { + NetworkVO networkVO = new NetworkVO(1L, Networks.TrafficType.Public, Networks.Mode.Static, + Networks.BroadcastDomainType.NSX, 12L, 2L, 5L, 1L, "network1", + "network1", null, Network.GuestType.Isolated, 2L, 2L, + ControlledEntity.ACLType.Domain, false, 1L, false ); + FirewallRuleVO rule = new FirewallRuleVO("1", 11L, 80, 80, "tcp", 23L, 5L, 2L, + FirewallRule.Purpose.Firewall, List.of("172.30.10.0/24"), null, null, null, null, FirewallRule.TrafficType.Egress, FirewallRule.FirewallRuleType.User); + Network.Service service = new Network.Service("service1", new Network.Capability("capability")); + + when(nsxElement.canHandle(networkVO, service)).thenReturn(true); + when(nsxService.addFirewallRules(any(Network.class), any(List.class))).thenReturn(true); + assertTrue(nsxElement.applyFWRules(networkVO, List.of(rule))); + } + + @Test + public void testRevokeFirewallRules() throws ResourceUnavailableException { + NetworkVO networkVO = new NetworkVO(1L, Networks.TrafficType.Public, Networks.Mode.Static, + Networks.BroadcastDomainType.NSX, 12L, 2L, 5L, 1L, "network1", + "network1", null, Network.GuestType.Isolated, 2L, 2L, + ControlledEntity.ACLType.Domain, false, 1L, false ); + FirewallRuleVO rule = new FirewallRuleVO("1", 11L, 80, 80, "tcp", 23L, 5L, 2L, + FirewallRule.Purpose.Firewall, List.of("172.30.10.0/24"), null, null, null, null, FirewallRule.TrafficType.Egress, FirewallRule.FirewallRuleType.User); + rule.setState(FirewallRule.State.Revoke); + Network.Service service = new Network.Service("service1", new Network.Capability("capability")); + + when(nsxElement.canHandle(networkVO, service)).thenReturn(true); + when(nsxService.deleteFirewallRules(any(Network.class), any(List.class))).thenReturn(true); + when(nsxService.addFirewallRules(any(Network.class), any(List.class))).thenReturn(true); + assertTrue(nsxElement.applyFWRules(networkVO, List.of(rule))); + } }