neutron-mapper/src/test/java/org/opendaylight/groupbasedpolicy/neutron/mapper/mapping/rule/NeutronSecurityRuleAwareDataStoreTest.java

   1 /*
   2  * Copyright (c) 2015 Cisco Systems, Inc. and others.  All rights reserved.
   3  *
   4  * This program and the accompanying materials are made available under the
   5  * terms of the Eclipse Public License v1.0 which accompanies this distribution,
   6  * and is available at http://www.eclipse.org/legal/epl-v10.html
   7  */
   8 package org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.rule;
   9
  10 import static org.junit.Assert.assertTrue;
  11 import static org.junit.Assert.fail;
  12
  13 import com.google.common.base.Optional;
  14 import com.google.common.collect.ImmutableList;
  15 import com.google.common.collect.ImmutableSet;
  16
  17 import java.util.ArrayList;
  18 import java.util.List;
  19
  20 import org.junit.Before;
  21 import org.junit.Test;
  22 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
  23 import org.opendaylight.controller.md.sal.binding.api.ReadWriteTransaction;
  24 import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
  25 import org.opendaylight.groupbasedpolicy.neutron.mapper.EndpointRegistrator;
  26 import org.opendaylight.groupbasedpolicy.neutron.mapper.test.ConfigDataStoreReader;
  27 import org.opendaylight.groupbasedpolicy.neutron.mapper.test.NeutronEntityFactory;
  28 import org.opendaylight.groupbasedpolicy.neutron.mapper.test.NeutronMapperDataBrokerTest;
  29 import org.opendaylight.groupbasedpolicy.neutron.mapper.test.PolicyAssert;
  30 import org.opendaylight.groupbasedpolicy.neutron.mapper.util.MappingUtils;
  31 import org.opendaylight.groupbasedpolicy.util.IidFactory;
  32 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IpPrefix;
  33 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Ipv4Prefix;
  34 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.Uuid;
  35 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ContractId;
  36 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.EndpointGroupId;
  37 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.TenantId;
  38 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.Tenant;
  39 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.Contract;
  40 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.EndpointGroup;
  41 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.constants.rev150712.DirectionEgress;
  42 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.constants.rev150712.DirectionIngress;
  43 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.constants.rev150712.EthertypeV4;
  44 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.constants.rev150712.ProtocolTcp;
  45 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.rev150712.Neutron;
  46 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.rev150712.NeutronBuilder;
  47 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.secgroups.rev150712.SecurityRuleAttributes;
  48 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.secgroups.rev150712.security.groups.attributes.SecurityGroupsBuilder;
  49 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.secgroups.rev150712.security.groups.attributes.security.groups.SecurityGroup;
  50 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.secgroups.rev150712.security.rules.attributes.SecurityRulesBuilder;
  51 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.secgroups.rev150712.security.rules.attributes.security.rules.SecurityRule;
  52 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.secgroups.rev150712.security.rules.attributes.security.rules.SecurityRuleBuilder;
  53
  54 /**
  55  * END 2 END TESTING - inputs are Neutron entities and expected outputs are GBP entities in datastore.
  56  */
  57
  58 public class NeutronSecurityRuleAwareDataStoreTest extends NeutronMapperDataBrokerTest {
  59
  60     private EndpointRegistrator epRegistrator;
  61
  62     @Before
  63     public void init() {
  64         epRegistrator = getEpRegistrator();
  65     }
  66
  67     @Test
  68     public final void testAddNeutronSecurityRule_rulesWithRemoteIpPrefix() throws Exception {
  69         final String tenant = "ad4c6c25-2424-4ad3-97ee-f9691ce03645";
  70         final String goldSecGrp = "fe40e28f-ad6a-4a2d-b12a-47510876344a";
  71         final SecurityRule goldInIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
  72             "166aedab-fdf5-4788-9e36-2b00b5f8722f", tenant, EthertypeV4.class, DirectionIngress.class, goldSecGrp,
  73             null);
  74         final SecurityRule goldOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
  75             "dabfd4da-af89-45dd-85f8-181768c1b4c9", tenant, EthertypeV4.class, DirectionEgress.class, goldSecGrp,
  76             null);
  77         final String serverSecGrp = "71cf4fe5-b146-409e-8151-cd921298ce32";
  78         final SecurityRuleAttributes.Protocol protocolTcp = new SecurityRuleAttributes.Protocol(ProtocolTcp.class);
  79         final SecurityRule serverIn80Tcp10_1_1_0 = new SecurityRuleBuilder()
  80             .setUuid(new Uuid("9dbb533d-d9b2-4dc9-bae7-ee60c8df184d"))
  81             .setTenantId(new Uuid(tenant))
  82             .setEthertype(EthertypeV4.class)
  83             .setProtocol(protocolTcp)
  84             .setPortRangeMin(80)
  85             .setPortRangeMax(80)
  86             .setDirection(DirectionIngress.class)
  87             .setSecurityGroupId(new Uuid(serverSecGrp))
  88             .setRemoteIpPrefix(new IpPrefix(new Ipv4Prefix("10.1.1.0/24")))
  89             .build();
  90         final SecurityRule serverInIp20_1_1_0 = new SecurityRuleBuilder()
  91             .setUuid(new Uuid("adf7e558-de47-4f9e-a9b8-96e19db5d1ac"))
  92             .setTenantId(new Uuid(tenant))
  93             .setEthertype(EthertypeV4.class)
  94             .setDirection(DirectionIngress.class)
  95             .setSecurityGroupId(new Uuid(serverSecGrp))
  96             .setRemoteIpPrefix(new IpPrefix(new Ipv4Prefix("20.1.1.0/24")))
  97             .build();
  98         final SecurityRule serverOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
  99             "8b9c48d3-44a8-46be-be35-6f3237d98071", tenant, EthertypeV4.class, DirectionEgress.class, serverSecGrp,
 100             null);
 101         DataBroker dataBroker = getDataBroker();
 102         List<SecurityGroup> secGroups = new ArrayList<>();
 103         secGroups.add(NeutronEntityFactory.securityGroup(goldSecGrp, tenant));
 104         secGroups.add(NeutronEntityFactory.securityGroup(serverSecGrp, tenant));
 105         Neutron neutron = new NeutronBuilder()
 106             .setSecurityGroups(new SecurityGroupsBuilder().setSecurityGroup(secGroups).build())
 107             .setSecurityRules(new SecurityRulesBuilder().setSecurityRule(
 108                     ImmutableList.of(goldInIpv4, goldOutIpv4, serverIn80Tcp10_1_1_0, serverInIp20_1_1_0, serverOutIpv4))
 109                 .build())
 110             .build();
 111         NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker, epRegistrator);
 112         ReadWriteTransaction rwTx = dataBroker.newReadWriteTransaction();
 113         ruleAware.addNeutronSecurityRule(goldInIpv4, neutron, rwTx);
 114         ruleAware.addNeutronSecurityRule(goldOutIpv4, neutron, rwTx);
 115         ruleAware.addNeutronSecurityRule(serverIn80Tcp10_1_1_0, neutron, rwTx);
 116         ruleAware.addNeutronSecurityRule(serverInIp20_1_1_0, neutron, rwTx);
 117         ruleAware.addNeutronSecurityRule(serverOutIpv4, neutron, rwTx);
 118         TenantId tenantId = new TenantId(tenant);
 119         Optional<Tenant> potentialTenant = rwTx.read(LogicalDatastoreType.CONFIGURATION, IidFactory.tenantIid(tenantId))
 120             .get();
 121         assertTrue(potentialTenant.isPresent());
 122         Optional<Contract> potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 123                 IidFactory.contractIid(tenantId, new ContractId(goldInIpv4.getUuid().getValue()))).get();
 124         assertTrue(potentialContract.isPresent());
 125         Contract contract = potentialContract.get();
 126         PolicyAssert.assertContract(contract, goldInIpv4);
 127         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 128                 IidFactory.contractIid(tenantId, new ContractId(goldOutIpv4.getUuid().getValue()))).get();
 129         assertTrue(potentialContract.isPresent());
 130         contract = potentialContract.get();
 131         PolicyAssert.assertContract(contract, goldOutIpv4);
 132         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 133                 IidFactory.contractIid(tenantId, new ContractId(serverOutIpv4.getUuid().getValue()))).get();
 134         assertTrue(potentialContract.isPresent());
 135         contract = potentialContract.get();
 136         PolicyAssert.assertContract(contract, serverOutIpv4);
 137         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 138                 IidFactory.contractIid(tenantId, new ContractId(serverIn80Tcp10_1_1_0.getUuid().getValue()))).get();
 139         assertTrue(potentialContract.isPresent());
 140         contract = potentialContract.get();
 141         PolicyAssert.assertContractWithEic(contract, serverIn80Tcp10_1_1_0);
 142         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 143                 IidFactory.contractIid(tenantId, new ContractId(serverInIp20_1_1_0.getUuid().getValue()))).get();
 144         assertTrue(potentialContract.isPresent());
 145         contract = potentialContract.get();
 146         PolicyAssert.assertContractWithEic(contract, serverInIp20_1_1_0);
 147         Optional<EndpointGroup> potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 148                 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(goldSecGrp))).get();
 149         assertTrue(potentialEpg.isPresent());
 150         EndpointGroup epg = potentialEpg.get();
 151         PolicyAssert.assertConsumerNamedSelectors(
 152                 epg,
 153                 ImmutableSet.of(new ContractId(goldInIpv4.getUuid().getValue()),
 154                         new ContractId(goldOutIpv4.getUuid().getValue()),
 155                         new ContractId(serverIn80Tcp10_1_1_0.getUuid().getValue()),
 156                         new ContractId(serverInIp20_1_1_0.getUuid().getValue()),
 157                         new ContractId(serverOutIpv4.getUuid().getValue())));
 158         potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 159                 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(serverSecGrp))).get();
 160         assertTrue(potentialEpg.isPresent());
 161         epg = potentialEpg.get();
 162         PolicyAssert.assertConsumerNamedSelectors(epg, ImmutableSet.of(
 163                 new ContractId(serverIn80Tcp10_1_1_0.getUuid().getValue()),
 164                 new ContractId(serverInIp20_1_1_0.getUuid().getValue()),
 165                 new ContractId(goldInIpv4.getUuid().getValue())));
 166     }
 167
 168     @Test
 169     public final void testAddAndDeleteNeutronSecurityRule() throws Exception {
 170         DataBroker dataBroker = getDataBroker();
 171         NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker, epRegistrator);
 172
 173         final String tenantId = "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa";
 174         final String secGroupId1 = "bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb";
 175         final String secGroupId2 = "cccccccc-cccc-cccc-cccc-cccccccccccc";
 176         final String secRuleId1 = "dddddddd-dddd-dddd-dddd-dddddddddddd";
 177         final String secRuleId2 = "eeeeeeee-eeee-eeee-eeee-eeeeeeeeeeee";
 178
 179         final List<SecurityGroup> secGroups = new ArrayList<>();
 180         secGroups.add(NeutronEntityFactory.securityGroup(secGroupId1, tenantId));
 181         secGroups.add(NeutronEntityFactory.securityGroup(secGroupId2, tenantId));
 182         final SecurityRule secRule1 = NeutronEntityFactory.securityRuleWithEtherType(secRuleId1, tenantId,
 183                 EthertypeV4.class, DirectionEgress.class, secGroupId1, secGroupId2);
 184         final SecurityRule secRule2 = NeutronEntityFactory.securityRuleWithEtherType(secRuleId2, tenantId,
 185                 EthertypeV4.class, DirectionIngress.class, secGroupId2, secGroupId1);
 186         NeutronBuilder neutronBuilder = new NeutronBuilder()
 187             .setSecurityGroups(new SecurityGroupsBuilder().setSecurityGroup(secGroups).build())
 188             .setSecurityRules(new SecurityRulesBuilder()
 189                     .setSecurityRule(ImmutableList.of(secRule1)).build());
 190
 191         ruleAware.onCreated(secRule1, neutronBuilder.build());
 192
 193         PolicyAssert.assertTenantExists(dataBroker, tenantId);
 194         PolicyAssert.assertContractExists(dataBroker, tenantId, secRuleId1);
 195         Optional<Contract> contract = ConfigDataStoreReader.readContract(dataBroker, tenantId, secRuleId1);
 196         PolicyAssert.assertContract(contract.get(), secRule1);
 197         PolicyAssert.assertContractCount(dataBroker, tenantId, 1);
 198         PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId1);
 199         Optional<EndpointGroup> epGroup1 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId1);
 200         PolicyAssert.assertProviderNamedSelectors(epGroup1.get(), ImmutableSet.of(new ContractId(secRuleId1)));
 201         PolicyAssert.assertNoConsumerNamedSelectors(dataBroker, tenantId, secGroupId1);
 202
 203         PolicyAssert.assertClassifierInstanceExists(dataBroker, secRule1);
 204         PolicyAssert.assertActionInstanceExists(dataBroker, tenantId, MappingUtils.ACTION_ALLOW.getName());
 205
 206         neutronBuilder.setSecurityRules(new SecurityRulesBuilder()
 207                 .setSecurityRule(ImmutableList.of(secRule1, secRule2)).build());
 208
 209         ruleAware.onCreated(secRule2, neutronBuilder.build());
 210
 211         PolicyAssert.assertTenantExists(dataBroker, tenantId);
 212         PolicyAssert.assertContractExists(dataBroker, tenantId, secRuleId1);
 213         contract = ConfigDataStoreReader.readContract(dataBroker, tenantId, secRuleId1);
 214         PolicyAssert.assertContract(contract.get(), secRule1);
 215         PolicyAssert.assertContractCount(dataBroker, tenantId, 2);
 216         PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId1);
 217         epGroup1 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId1);
 218         PolicyAssert.assertProviderNamedSelectors(epGroup1.get(), ImmutableSet.of(new ContractId(secRuleId1)));
 219         PolicyAssert.assertConsumerNamedSelectors(epGroup1.get(), ImmutableSet.of(new ContractId(secRuleId2)));
 220
 221         PolicyAssert.assertContractExists(dataBroker, tenantId, secRuleId2);
 222         contract = ConfigDataStoreReader.readContract(dataBroker, tenantId, secRuleId2);
 223         PolicyAssert.assertContract(contract.get(), secRule2);
 224         PolicyAssert.assertContractCount(dataBroker, tenantId, 2);
 225         PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId2);
 226         Optional<EndpointGroup> epGroup2 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId2);
 227         PolicyAssert.assertProviderNamedSelectors(epGroup2.get(), ImmutableSet.of(new ContractId(secRuleId2)));
 228         PolicyAssert.assertConsumerNamedSelectors(epGroup2.get(), ImmutableSet.of(new ContractId(secRuleId1)));
 229
 230         ruleAware.onDeleted(secRule2, neutronBuilder.build(), null);
 231
 232         PolicyAssert.assertTenantExists(dataBroker, tenantId);
 233         PolicyAssert.assertContractExists(dataBroker, tenantId, secRuleId1);
 234         contract = ConfigDataStoreReader.readContract(dataBroker, tenantId, secRuleId1);
 235         PolicyAssert.assertContract(contract.get(), secRule1);
 236         PolicyAssert.assertContractCount(dataBroker, tenantId, 1);
 237         PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId1);
 238         epGroup1 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId1);
 239         PolicyAssert.assertProviderNamedSelectors(epGroup1.get(), ImmutableSet.of(new ContractId(secRuleId1)));
 240         PolicyAssert.assertNoConsumerNamedSelectors(dataBroker, tenantId, secGroupId1);
 241
 242         PolicyAssert.assertContractNotExists(dataBroker, tenantId, secRuleId2);
 243         PolicyAssert.assertContractCount(dataBroker, tenantId, 1);
 244         PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId2);
 245         epGroup2 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId2);
 246         PolicyAssert.assertNoProviderNamedSelectors(dataBroker, tenantId, secGroupId2);
 247         PolicyAssert.assertNoConsumerNamedSelectors(dataBroker, tenantId, secGroupId2);
 248
 249         PolicyAssert.assertClassifierInstanceExists(dataBroker, secRule1);
 250         PolicyAssert.assertActionInstanceExists(dataBroker, tenantId, MappingUtils.ACTION_ALLOW.getName());
 251
 252         neutronBuilder.setSecurityRules(new SecurityRulesBuilder()
 253                 .setSecurityRule(ImmutableList.of(secRule1)).build());
 254
 255         ruleAware.onDeleted(secRule1, neutronBuilder.build(), null);
 256
 257         PolicyAssert.assertContractCount(dataBroker, tenantId, 0);
 258         PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId1);
 259         PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId2);
 260         PolicyAssert.assertNoProviderNamedSelectors(dataBroker, tenantId, secGroupId1);
 261         PolicyAssert.assertNoConsumerNamedSelectors(dataBroker, tenantId, secGroupId2);
 262
 263         PolicyAssert.assertClassifierInstanceNotExists(dataBroker, secRule1);
 264         // TODO: Uncomment this when the life cycle of the Allow ActionInstance will be clarified.
 265         // PolicyAssert.assertActionInstanceNotExists(dataBroker, tenantId,
 266         // MappingUtils.ACTION_ALLOW.getName());
 267     }
 268
 269     @Test
 270     public final void testAddNeutronSecurityRule_rulesWithoutRemote() throws Exception {
 271         String tenant = "ad4c6c25-2424-4ad3-97ee-f9691ce03645";
 272         String goldSecGrp = "fe40e28f-ad6a-4a2d-b12a-47510876344a";
 273         SecurityRule goldInIpv4 =
 274             NeutronEntityFactory.securityRuleWithEtherType("166aedab-fdf5-4788-9e36-2b00b5f8722f", tenant,
 275                 EthertypeV4.class, DirectionIngress.class, goldSecGrp, null);
 276         SecurityRule goldOutIpv4 =
 277             NeutronEntityFactory.securityRuleWithEtherType("dabfd4da-af89-45dd-85f8-181768c1b4c9", tenant,
 278                 EthertypeV4.class, DirectionEgress.class, goldSecGrp, null);
 279         String serverSecGrp = "71cf4fe5-b146-409e-8151-cd921298ce32";
 280         SecurityRule serverOutIpv4 =
 281             NeutronEntityFactory.securityRuleWithEtherType("8b9c48d3-44a8-46be-be35-6f3237d98071", tenant,
 282                 EthertypeV4.class, DirectionEgress.class, serverSecGrp, null);
 283         SecurityRule serverInIpv4 =
 284             NeutronEntityFactory.securityRuleWithEtherType("adf7e558-de47-4f9e-a9b8-96e19db5d1ac", tenant,
 285                 EthertypeV4.class, DirectionIngress.class, serverSecGrp, null);
 286         DataBroker dataBroker = getDataBroker();
 287         List<SecurityGroup> secGroups = new ArrayList<>();
 288         secGroups.add(NeutronEntityFactory.securityGroup(goldSecGrp, tenant));
 289         secGroups.add(NeutronEntityFactory.securityGroup(serverSecGrp, tenant));
 290         Neutron neutron = new NeutronBuilder()
 291             .setSecurityGroups(new SecurityGroupsBuilder().setSecurityGroup(secGroups).build())
 292             .setSecurityRules(new SecurityRulesBuilder()
 293                     .setSecurityRule(ImmutableList.of(goldInIpv4, goldOutIpv4, serverOutIpv4, serverInIpv4)).build())
 294             .build();
 295         NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker, epRegistrator);
 296         ReadWriteTransaction rwTx = dataBroker.newReadWriteTransaction();
 297         ruleAware.addNeutronSecurityRule(goldInIpv4, neutron, rwTx);
 298         ruleAware.addNeutronSecurityRule(goldOutIpv4, neutron, rwTx);
 299         ruleAware.addNeutronSecurityRule(serverOutIpv4, neutron, rwTx);
 300         ruleAware.addNeutronSecurityRule(serverInIpv4, neutron, rwTx);
 301         TenantId tenantId = new TenantId(tenant);
 302         Optional<Contract> potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 303                 IidFactory.contractIid(tenantId, new ContractId(goldInIpv4.getUuid().getValue()))).get();
 304         assertTrue(potentialContract.isPresent());
 305         Contract contract = potentialContract.get();
 306         PolicyAssert.assertContract(contract, goldInIpv4);
 307         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 308                 IidFactory.contractIid(tenantId, new ContractId(goldOutIpv4.getUuid().getValue()))).get();
 309         assertTrue(potentialContract.isPresent());
 310         contract = potentialContract.get();
 311         PolicyAssert.assertContract(contract, goldOutIpv4);
 312         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 313                 IidFactory.contractIid(tenantId, new ContractId(serverOutIpv4.getUuid().getValue()))).get();
 314         assertTrue(potentialContract.isPresent());
 315         contract = potentialContract.get();
 316         PolicyAssert.assertContract(contract, serverOutIpv4);
 317         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 318                 IidFactory.contractIid(tenantId, new ContractId(serverInIpv4.getUuid().getValue()))).get();
 319         assertTrue(potentialContract.isPresent());
 320         contract = potentialContract.get();
 321         PolicyAssert.assertContract(contract, serverInIpv4);
 322         Optional<EndpointGroup> potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 323                 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(goldSecGrp))).get();
 324         assertTrue(potentialEpg.isPresent());
 325         EndpointGroup epg = potentialEpg.get();
 326         PolicyAssert.assertConsumerNamedSelectors(
 327                 epg,
 328                 ImmutableSet.of(new ContractId(goldInIpv4.getUuid().getValue()),
 329                         new ContractId(goldOutIpv4.getUuid().getValue()),
 330                         new ContractId(serverOutIpv4.getUuid().getValue()),
 331                         new ContractId(serverInIpv4.getUuid().getValue())));
 332         potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 333                 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(serverSecGrp))).get();
 334         assertTrue(potentialEpg.isPresent());
 335         PolicyAssert.assertConsumerNamedSelectors(
 336                 epg,
 337                 ImmutableSet.of(new ContractId(goldInIpv4.getUuid().getValue()),
 338                         new ContractId(goldOutIpv4.getUuid().getValue()),
 339                         new ContractId(serverOutIpv4.getUuid().getValue()),
 340                         new ContractId(serverInIpv4.getUuid().getValue())));
 341     }
 342
 343     @Test
 344     public final void testAddNeutronSecurityRule_asymmetricRulesWithoutRemote() throws Exception {
 345         String tenant = "ad4c6c25-2424-4ad3-97ee-f9691ce03645";
 346         String goldSecGrp = "fe40e28f-ad6a-4a2d-b12a-47510876344a";
 347         SecurityRule goldInIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
 348             "166aedab-fdf5-4788-9e36-2b00b5f8722f", tenant, EthertypeV4.class, DirectionIngress.class, goldSecGrp,
 349             null);
 350         SecurityRule goldOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
 351             "dabfd4da-af89-45dd-85f8-181768c1b4c9", tenant, EthertypeV4.class, DirectionEgress.class, goldSecGrp,
 352             null);
 353         String serverSecGrp = "71cf4fe5-b146-409e-8151-cd921298ce32";
 354         SecurityRule serverOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
 355             "8b9c48d3-44a8-46be-be35-6f3237d98071", tenant, EthertypeV4.class, DirectionEgress.class, serverSecGrp,
 356             null);
 357         SecurityRuleAttributes.Protocol protocolTcp = new SecurityRuleAttributes.Protocol(ProtocolTcp.class);
 358         SecurityRule serverIn80TcpIpv4 = new SecurityRuleBuilder()
 359             .setUuid(new Uuid("adf7e558-de47-4f9e-a9b8-96e19db5d1ac"))
 360             .setTenantId(new Uuid(tenant))
 361             .setEthertype(EthertypeV4.class)
 362             .setProtocol(protocolTcp)
 363             .setPortRangeMin(80)
 364             .setPortRangeMax(80)
 365             .setDirection(DirectionIngress.class)
 366             .setSecurityGroupId(new Uuid(serverSecGrp))
 367             .build();
 368         DataBroker dataBroker = getDataBroker();
 369         List<SecurityGroup> secGroups = new ArrayList<>();
 370         secGroups.add(NeutronEntityFactory.securityGroup(goldSecGrp, tenant));
 371         secGroups.add(NeutronEntityFactory.securityGroup(serverSecGrp, tenant));
 372         Neutron neutron = new NeutronBuilder()
 373             .setSecurityGroups(new SecurityGroupsBuilder().setSecurityGroup(secGroups).build())
 374             .setSecurityRules(new SecurityRulesBuilder()
 375                 .setSecurityRule(ImmutableList.of(goldInIpv4, goldOutIpv4, serverOutIpv4, serverIn80TcpIpv4)).build())
 376             .build();
 377         NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker, epRegistrator);
 378         ReadWriteTransaction rwTx = dataBroker.newReadWriteTransaction();
 379         ruleAware.addNeutronSecurityRule(goldInIpv4, neutron, rwTx);
 380         ruleAware.addNeutronSecurityRule(goldOutIpv4, neutron, rwTx);
 381         ruleAware.addNeutronSecurityRule(serverOutIpv4, neutron, rwTx);
 382         ruleAware.addNeutronSecurityRule(serverIn80TcpIpv4, neutron, rwTx);
 383         TenantId tenantId = new TenantId(tenant);
 384         Optional<Contract> potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 385                 IidFactory.contractIid(tenantId, new ContractId(goldInIpv4.getUuid().getValue()))).get();
 386         assertTrue(potentialContract.isPresent());
 387         Contract contract = potentialContract.get();
 388         PolicyAssert.assertContract(contract, goldInIpv4);
 389         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 390                 IidFactory.contractIid(tenantId, new ContractId(goldOutIpv4.getUuid().getValue()))).get();
 391         assertTrue(potentialContract.isPresent());
 392         contract = potentialContract.get();
 393         PolicyAssert.assertContract(contract, goldOutIpv4);
 394         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 395                 IidFactory.contractIid(tenantId, new ContractId(serverOutIpv4.getUuid().getValue()))).get();
 396         assertTrue(potentialContract.isPresent());
 397         contract = potentialContract.get();
 398         PolicyAssert.assertContract(contract, serverOutIpv4);
 399         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 400                 IidFactory.contractIid(tenantId, new ContractId(serverIn80TcpIpv4.getUuid().getValue()))).get();
 401         assertTrue(potentialContract.isPresent());
 402         contract = potentialContract.get();
 403         PolicyAssert.assertContract(contract, serverIn80TcpIpv4);
 404         Optional<EndpointGroup> potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 405                 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(goldSecGrp))).get();
 406         assertTrue(potentialEpg.isPresent());
 407         EndpointGroup epg = potentialEpg.get();
 408         PolicyAssert.assertConsumerNamedSelectors(
 409                 epg,
 410                 ImmutableSet.of(new ContractId(goldInIpv4.getUuid().getValue()),
 411                         new ContractId(goldOutIpv4.getUuid().getValue()),
 412                         new ContractId(serverOutIpv4.getUuid().getValue()),
 413                         new ContractId(serverIn80TcpIpv4.getUuid().getValue())));
 414         potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 415                 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(serverSecGrp))).get();
 416         assertTrue(potentialEpg.isPresent());
 417         epg = potentialEpg.get();
 418         PolicyAssert.assertConsumerNamedSelectors(
 419                 epg,
 420                 ImmutableSet.of(new ContractId(goldInIpv4.getUuid().getValue()),
 421                         new ContractId(serverIn80TcpIpv4.getUuid().getValue())));
 422     }
 423
 424     @Test
 425     public final void testAddNeutronSecurityRule_defaultSecGrp() throws Exception {
 426         final String tenant = "111aaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa";
 427         final String defaultSecGrp = "111fffff-ffff-ffff-ffff-ffffffffffff";
 428         final SecurityRule defaultInIpv4Default = NeutronEntityFactory.securityRuleWithEtherType(
 429             "111ccccc-111c-cccc-cccc-cccccccccccc", tenant, EthertypeV4.class, DirectionIngress.class, defaultSecGrp,
 430             defaultSecGrp);
 431         final SecurityRule defaultInIpv6Default = NeutronEntityFactory.securityRuleWithEtherType(
 432             "222ccccc-111c-cccc-cccc-cccccccccccc", tenant, EthertypeV4.class, DirectionIngress.class, defaultSecGrp,
 433             defaultSecGrp);
 434         final SecurityRule defaultOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
 435             "333ccccc-111c-cccc-cccc-cccccccccccc", tenant, EthertypeV4.class, DirectionEgress.class, defaultSecGrp,
 436             null);
 437         final SecurityRule defaultOutIpv6 = NeutronEntityFactory.securityRuleWithEtherType(
 438             "444ccccc-111c-cccc-cccc-cccccccccccc", tenant, EthertypeV4.class, DirectionEgress.class, defaultSecGrp,
 439             null);
 440         DataBroker dataBroker = getDataBroker();
 441         List<SecurityGroup> secGroups = new ArrayList<>();
 442         secGroups.add(NeutronEntityFactory.securityGroup(defaultSecGrp, tenant));
 443         Neutron neutron = new NeutronBuilder()
 444             .setSecurityGroups(new SecurityGroupsBuilder().setSecurityGroup(secGroups).build()).build();
 445         NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker, epRegistrator);
 446         ReadWriteTransaction rwTx = dataBroker.newReadWriteTransaction();
 447         ruleAware.addNeutronSecurityRule(defaultInIpv4Default, neutron, rwTx);
 448         ruleAware.addNeutronSecurityRule(defaultInIpv6Default, neutron, rwTx);
 449         ruleAware.addNeutronSecurityRule(defaultOutIpv4, neutron, rwTx);
 450         ruleAware.addNeutronSecurityRule(defaultOutIpv6, neutron, rwTx);
 451         TenantId tenantId = new TenantId(tenant);
 452         Optional<Contract> potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 453                 IidFactory.contractIid(tenantId, new ContractId(defaultInIpv4Default.getUuid().getValue()))).get();
 454         assertTrue(potentialContract.isPresent());
 455         Contract contract = potentialContract.get();
 456         PolicyAssert.assertContract(contract, defaultInIpv4Default);
 457         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 458                 IidFactory.contractIid(tenantId, new ContractId(defaultInIpv6Default.getUuid().getValue()))).get();
 459         assertTrue(potentialContract.isPresent());
 460         contract = potentialContract.get();
 461         PolicyAssert.assertContract(contract, defaultInIpv6Default);
 462         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 463                 IidFactory.contractIid(tenantId, new ContractId(defaultOutIpv4.getUuid().getValue()))).get();
 464         assertTrue(potentialContract.isPresent());
 465         contract = potentialContract.get();
 466         PolicyAssert.assertContract(contract, defaultOutIpv4);
 467         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 468                 IidFactory.contractIid(tenantId, new ContractId(defaultOutIpv6.getUuid().getValue()))).get();
 469         assertTrue(potentialContract.isPresent());
 470         contract = potentialContract.get();
 471         PolicyAssert.assertContract(contract, defaultOutIpv6);
 472     }
 473
 474     @Test
 475     public void testConstructor_invalidArgument() throws Exception {
 476         try {
 477             new NeutronSecurityRuleAware(null, null);
 478             fail(NullPointerException.class.getName() + " expected");
 479         } catch (NullPointerException ex) {
 480             // do nothing
 481         }
 482     }
 483
 484 }