2 * Copyright (c) 2015 Cisco Systems, Inc. and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
8 package org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.rule;
10 import static org.junit.Assert.assertTrue;
11 import static org.junit.Assert.fail;
13 import com.google.common.base.Optional;
14 import com.google.common.collect.ImmutableList;
15 import com.google.common.collect.ImmutableSet;
17 import java.util.ArrayList;
18 import java.util.List;
20 import org.junit.Before;
21 import org.junit.Test;
22 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
23 import org.opendaylight.controller.md.sal.binding.api.ReadWriteTransaction;
24 import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
25 import org.opendaylight.groupbasedpolicy.neutron.mapper.EndpointRegistrator;
26 import org.opendaylight.groupbasedpolicy.neutron.mapper.test.ConfigDataStoreReader;
27 import org.opendaylight.groupbasedpolicy.neutron.mapper.test.NeutronEntityFactory;
28 import org.opendaylight.groupbasedpolicy.neutron.mapper.test.NeutronMapperDataBrokerTest;
29 import org.opendaylight.groupbasedpolicy.neutron.mapper.test.PolicyAssert;
30 import org.opendaylight.groupbasedpolicy.neutron.mapper.util.MappingUtils;
31 import org.opendaylight.groupbasedpolicy.util.IidFactory;
32 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IpPrefix;
33 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Ipv4Prefix;
34 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.Uuid;
35 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ContractId;
36 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.EndpointGroupId;
37 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.TenantId;
38 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.Tenant;
39 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.Contract;
40 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.EndpointGroup;
41 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.constants.rev150712.DirectionEgress;
42 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.constants.rev150712.DirectionIngress;
43 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.constants.rev150712.EthertypeV4;
44 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.constants.rev150712.ProtocolTcp;
45 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.rev150712.Neutron;
46 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.rev150712.NeutronBuilder;
47 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.secgroups.rev150712.SecurityRuleAttributes;
48 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.secgroups.rev150712.security.groups.attributes.SecurityGroupsBuilder;
49 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.secgroups.rev150712.security.groups.attributes.security.groups.SecurityGroup;
50 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.secgroups.rev150712.security.rules.attributes.SecurityRulesBuilder;
51 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.secgroups.rev150712.security.rules.attributes.security.rules.SecurityRule;
52 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.secgroups.rev150712.security.rules.attributes.security.rules.SecurityRuleBuilder;
55 * END 2 END TESTING - inputs are Neutron entities and expected outputs are GBP entities in datastore.
58 public class NeutronSecurityRuleAwareDataStoreTest extends NeutronMapperDataBrokerTest {
60 private EndpointRegistrator epRegistrator;
64 epRegistrator = getEpRegistrator();
68 public final void testAddNeutronSecurityRule_rulesWithRemoteIpPrefix() throws Exception {
69 final String tenant = "ad4c6c25-2424-4ad3-97ee-f9691ce03645";
70 final String goldSecGrp = "fe40e28f-ad6a-4a2d-b12a-47510876344a";
71 final SecurityRule goldInIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
72 "166aedab-fdf5-4788-9e36-2b00b5f8722f", tenant, EthertypeV4.class, DirectionIngress.class, goldSecGrp,
74 final SecurityRule goldOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
75 "dabfd4da-af89-45dd-85f8-181768c1b4c9", tenant, EthertypeV4.class, DirectionEgress.class, goldSecGrp,
77 final String serverSecGrp = "71cf4fe5-b146-409e-8151-cd921298ce32";
78 final SecurityRuleAttributes.Protocol protocolTcp = new SecurityRuleAttributes.Protocol(ProtocolTcp.class);
79 final SecurityRule serverIn80Tcp10_1_1_0 = new SecurityRuleBuilder()
80 .setUuid(new Uuid("9dbb533d-d9b2-4dc9-bae7-ee60c8df184d"))
81 .setTenantId(new Uuid(tenant))
82 .setEthertype(EthertypeV4.class)
83 .setProtocol(protocolTcp)
86 .setDirection(DirectionIngress.class)
87 .setSecurityGroupId(new Uuid(serverSecGrp))
88 .setRemoteIpPrefix(new IpPrefix(new Ipv4Prefix("10.1.1.0/24")))
90 final SecurityRule serverInIp20_1_1_0 = new SecurityRuleBuilder()
91 .setUuid(new Uuid("adf7e558-de47-4f9e-a9b8-96e19db5d1ac"))
92 .setTenantId(new Uuid(tenant))
93 .setEthertype(EthertypeV4.class)
94 .setDirection(DirectionIngress.class)
95 .setSecurityGroupId(new Uuid(serverSecGrp))
96 .setRemoteIpPrefix(new IpPrefix(new Ipv4Prefix("20.1.1.0/24")))
98 final SecurityRule serverOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
99 "8b9c48d3-44a8-46be-be35-6f3237d98071", tenant, EthertypeV4.class, DirectionEgress.class, serverSecGrp,
101 DataBroker dataBroker = getDataBroker();
102 List<SecurityGroup> secGroups = new ArrayList<>();
103 secGroups.add(NeutronEntityFactory.securityGroup(goldSecGrp, tenant));
104 secGroups.add(NeutronEntityFactory.securityGroup(serverSecGrp, tenant));
105 Neutron neutron = new NeutronBuilder()
106 .setSecurityGroups(new SecurityGroupsBuilder().setSecurityGroup(secGroups).build())
107 .setSecurityRules(new SecurityRulesBuilder().setSecurityRule(
108 ImmutableList.of(goldInIpv4, goldOutIpv4, serverIn80Tcp10_1_1_0, serverInIp20_1_1_0, serverOutIpv4))
111 NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker, epRegistrator);
112 ReadWriteTransaction rwTx = dataBroker.newReadWriteTransaction();
113 ruleAware.addNeutronSecurityRule(goldInIpv4, neutron, rwTx);
114 ruleAware.addNeutronSecurityRule(goldOutIpv4, neutron, rwTx);
115 ruleAware.addNeutronSecurityRule(serverIn80Tcp10_1_1_0, neutron, rwTx);
116 ruleAware.addNeutronSecurityRule(serverInIp20_1_1_0, neutron, rwTx);
117 ruleAware.addNeutronSecurityRule(serverOutIpv4, neutron, rwTx);
118 TenantId tenantId = new TenantId(tenant);
119 Optional<Tenant> potentialTenant = rwTx.read(LogicalDatastoreType.CONFIGURATION, IidFactory.tenantIid(tenantId))
121 assertTrue(potentialTenant.isPresent());
122 Optional<Contract> potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
123 IidFactory.contractIid(tenantId, new ContractId(goldInIpv4.getUuid().getValue()))).get();
124 assertTrue(potentialContract.isPresent());
125 Contract contract = potentialContract.get();
126 PolicyAssert.assertContract(contract, goldInIpv4);
127 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
128 IidFactory.contractIid(tenantId, new ContractId(goldOutIpv4.getUuid().getValue()))).get();
129 assertTrue(potentialContract.isPresent());
130 contract = potentialContract.get();
131 PolicyAssert.assertContract(contract, goldOutIpv4);
132 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
133 IidFactory.contractIid(tenantId, new ContractId(serverOutIpv4.getUuid().getValue()))).get();
134 assertTrue(potentialContract.isPresent());
135 contract = potentialContract.get();
136 PolicyAssert.assertContract(contract, serverOutIpv4);
137 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
138 IidFactory.contractIid(tenantId, new ContractId(serverIn80Tcp10_1_1_0.getUuid().getValue()))).get();
139 assertTrue(potentialContract.isPresent());
140 contract = potentialContract.get();
141 PolicyAssert.assertContractWithEic(contract, serverIn80Tcp10_1_1_0);
142 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
143 IidFactory.contractIid(tenantId, new ContractId(serverInIp20_1_1_0.getUuid().getValue()))).get();
144 assertTrue(potentialContract.isPresent());
145 contract = potentialContract.get();
146 PolicyAssert.assertContractWithEic(contract, serverInIp20_1_1_0);
147 Optional<EndpointGroup> potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
148 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(goldSecGrp))).get();
149 assertTrue(potentialEpg.isPresent());
150 EndpointGroup epg = potentialEpg.get();
151 PolicyAssert.assertConsumerNamedSelectors(
153 ImmutableSet.of(new ContractId(goldInIpv4.getUuid().getValue()),
154 new ContractId(goldOutIpv4.getUuid().getValue()),
155 new ContractId(serverIn80Tcp10_1_1_0.getUuid().getValue()),
156 new ContractId(serverInIp20_1_1_0.getUuid().getValue()),
157 new ContractId(serverOutIpv4.getUuid().getValue())));
158 potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
159 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(serverSecGrp))).get();
160 assertTrue(potentialEpg.isPresent());
161 epg = potentialEpg.get();
162 PolicyAssert.assertConsumerNamedSelectors(epg, ImmutableSet.of(
163 new ContractId(serverIn80Tcp10_1_1_0.getUuid().getValue()),
164 new ContractId(serverInIp20_1_1_0.getUuid().getValue()),
165 new ContractId(goldInIpv4.getUuid().getValue())));
169 public final void testAddAndDeleteNeutronSecurityRule() throws Exception {
170 DataBroker dataBroker = getDataBroker();
171 NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker, epRegistrator);
173 final String tenantId = "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa";
174 final String secGroupId1 = "bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb";
175 final String secGroupId2 = "cccccccc-cccc-cccc-cccc-cccccccccccc";
176 final String secRuleId1 = "dddddddd-dddd-dddd-dddd-dddddddddddd";
177 final String secRuleId2 = "eeeeeeee-eeee-eeee-eeee-eeeeeeeeeeee";
179 final List<SecurityGroup> secGroups = new ArrayList<>();
180 secGroups.add(NeutronEntityFactory.securityGroup(secGroupId1, tenantId));
181 secGroups.add(NeutronEntityFactory.securityGroup(secGroupId2, tenantId));
182 final SecurityRule secRule1 = NeutronEntityFactory.securityRuleWithEtherType(secRuleId1, tenantId,
183 EthertypeV4.class, DirectionEgress.class, secGroupId1, secGroupId2);
184 final SecurityRule secRule2 = NeutronEntityFactory.securityRuleWithEtherType(secRuleId2, tenantId,
185 EthertypeV4.class, DirectionIngress.class, secGroupId2, secGroupId1);
186 NeutronBuilder neutronBuilder = new NeutronBuilder()
187 .setSecurityGroups(new SecurityGroupsBuilder().setSecurityGroup(secGroups).build())
188 .setSecurityRules(new SecurityRulesBuilder()
189 .setSecurityRule(ImmutableList.of(secRule1)).build());
191 ruleAware.onCreated(secRule1, neutronBuilder.build());
193 PolicyAssert.assertTenantExists(dataBroker, tenantId);
194 PolicyAssert.assertContractExists(dataBroker, tenantId, secRuleId1);
195 Optional<Contract> contract = ConfigDataStoreReader.readContract(dataBroker, tenantId, secRuleId1);
196 PolicyAssert.assertContract(contract.get(), secRule1);
197 PolicyAssert.assertContractCount(dataBroker, tenantId, 1);
198 PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId1);
199 Optional<EndpointGroup> epGroup1 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId1);
200 PolicyAssert.assertProviderNamedSelectors(epGroup1.get(), ImmutableSet.of(new ContractId(secRuleId1)));
201 PolicyAssert.assertNoConsumerNamedSelectors(dataBroker, tenantId, secGroupId1);
203 PolicyAssert.assertClassifierInstanceExists(dataBroker, secRule1);
204 PolicyAssert.assertActionInstanceExists(dataBroker, tenantId, MappingUtils.ACTION_ALLOW.getName());
206 neutronBuilder.setSecurityRules(new SecurityRulesBuilder()
207 .setSecurityRule(ImmutableList.of(secRule1, secRule2)).build());
209 ruleAware.onCreated(secRule2, neutronBuilder.build());
211 PolicyAssert.assertTenantExists(dataBroker, tenantId);
212 PolicyAssert.assertContractExists(dataBroker, tenantId, secRuleId1);
213 contract = ConfigDataStoreReader.readContract(dataBroker, tenantId, secRuleId1);
214 PolicyAssert.assertContract(contract.get(), secRule1);
215 PolicyAssert.assertContractCount(dataBroker, tenantId, 2);
216 PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId1);
217 epGroup1 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId1);
218 PolicyAssert.assertProviderNamedSelectors(epGroup1.get(), ImmutableSet.of(new ContractId(secRuleId1)));
219 PolicyAssert.assertConsumerNamedSelectors(epGroup1.get(), ImmutableSet.of(new ContractId(secRuleId2)));
221 PolicyAssert.assertContractExists(dataBroker, tenantId, secRuleId2);
222 contract = ConfigDataStoreReader.readContract(dataBroker, tenantId, secRuleId2);
223 PolicyAssert.assertContract(contract.get(), secRule2);
224 PolicyAssert.assertContractCount(dataBroker, tenantId, 2);
225 PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId2);
226 Optional<EndpointGroup> epGroup2 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId2);
227 PolicyAssert.assertProviderNamedSelectors(epGroup2.get(), ImmutableSet.of(new ContractId(secRuleId2)));
228 PolicyAssert.assertConsumerNamedSelectors(epGroup2.get(), ImmutableSet.of(new ContractId(secRuleId1)));
230 ruleAware.onDeleted(secRule2, neutronBuilder.build(), null);
232 PolicyAssert.assertTenantExists(dataBroker, tenantId);
233 PolicyAssert.assertContractExists(dataBroker, tenantId, secRuleId1);
234 contract = ConfigDataStoreReader.readContract(dataBroker, tenantId, secRuleId1);
235 PolicyAssert.assertContract(contract.get(), secRule1);
236 PolicyAssert.assertContractCount(dataBroker, tenantId, 1);
237 PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId1);
238 epGroup1 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId1);
239 PolicyAssert.assertProviderNamedSelectors(epGroup1.get(), ImmutableSet.of(new ContractId(secRuleId1)));
240 PolicyAssert.assertNoConsumerNamedSelectors(dataBroker, tenantId, secGroupId1);
242 PolicyAssert.assertContractNotExists(dataBroker, tenantId, secRuleId2);
243 PolicyAssert.assertContractCount(dataBroker, tenantId, 1);
244 PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId2);
245 epGroup2 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId2);
246 PolicyAssert.assertNoProviderNamedSelectors(dataBroker, tenantId, secGroupId2);
247 PolicyAssert.assertNoConsumerNamedSelectors(dataBroker, tenantId, secGroupId2);
249 PolicyAssert.assertClassifierInstanceExists(dataBroker, secRule1);
250 PolicyAssert.assertActionInstanceExists(dataBroker, tenantId, MappingUtils.ACTION_ALLOW.getName());
252 neutronBuilder.setSecurityRules(new SecurityRulesBuilder()
253 .setSecurityRule(ImmutableList.of(secRule1)).build());
255 ruleAware.onDeleted(secRule1, neutronBuilder.build(), null);
257 PolicyAssert.assertContractCount(dataBroker, tenantId, 0);
258 PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId1);
259 PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId2);
260 PolicyAssert.assertNoProviderNamedSelectors(dataBroker, tenantId, secGroupId1);
261 PolicyAssert.assertNoConsumerNamedSelectors(dataBroker, tenantId, secGroupId2);
263 PolicyAssert.assertClassifierInstanceNotExists(dataBroker, secRule1);
264 // TODO: Uncomment this when the life cycle of the Allow ActionInstance will be clarified.
265 // PolicyAssert.assertActionInstanceNotExists(dataBroker, tenantId,
266 // MappingUtils.ACTION_ALLOW.getName());
270 public final void testAddNeutronSecurityRule_rulesWithoutRemote() throws Exception {
271 String tenant = "ad4c6c25-2424-4ad3-97ee-f9691ce03645";
272 String goldSecGrp = "fe40e28f-ad6a-4a2d-b12a-47510876344a";
273 SecurityRule goldInIpv4 =
274 NeutronEntityFactory.securityRuleWithEtherType("166aedab-fdf5-4788-9e36-2b00b5f8722f", tenant,
275 EthertypeV4.class, DirectionIngress.class, goldSecGrp, null);
276 SecurityRule goldOutIpv4 =
277 NeutronEntityFactory.securityRuleWithEtherType("dabfd4da-af89-45dd-85f8-181768c1b4c9", tenant,
278 EthertypeV4.class, DirectionEgress.class, goldSecGrp, null);
279 String serverSecGrp = "71cf4fe5-b146-409e-8151-cd921298ce32";
280 SecurityRule serverOutIpv4 =
281 NeutronEntityFactory.securityRuleWithEtherType("8b9c48d3-44a8-46be-be35-6f3237d98071", tenant,
282 EthertypeV4.class, DirectionEgress.class, serverSecGrp, null);
283 SecurityRule serverInIpv4 =
284 NeutronEntityFactory.securityRuleWithEtherType("adf7e558-de47-4f9e-a9b8-96e19db5d1ac", tenant,
285 EthertypeV4.class, DirectionIngress.class, serverSecGrp, null);
286 DataBroker dataBroker = getDataBroker();
287 List<SecurityGroup> secGroups = new ArrayList<>();
288 secGroups.add(NeutronEntityFactory.securityGroup(goldSecGrp, tenant));
289 secGroups.add(NeutronEntityFactory.securityGroup(serverSecGrp, tenant));
290 Neutron neutron = new NeutronBuilder()
291 .setSecurityGroups(new SecurityGroupsBuilder().setSecurityGroup(secGroups).build())
292 .setSecurityRules(new SecurityRulesBuilder()
293 .setSecurityRule(ImmutableList.of(goldInIpv4, goldOutIpv4, serverOutIpv4, serverInIpv4)).build())
295 NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker, epRegistrator);
296 ReadWriteTransaction rwTx = dataBroker.newReadWriteTransaction();
297 ruleAware.addNeutronSecurityRule(goldInIpv4, neutron, rwTx);
298 ruleAware.addNeutronSecurityRule(goldOutIpv4, neutron, rwTx);
299 ruleAware.addNeutronSecurityRule(serverOutIpv4, neutron, rwTx);
300 ruleAware.addNeutronSecurityRule(serverInIpv4, neutron, rwTx);
301 TenantId tenantId = new TenantId(tenant);
302 Optional<Contract> potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
303 IidFactory.contractIid(tenantId, new ContractId(goldInIpv4.getUuid().getValue()))).get();
304 assertTrue(potentialContract.isPresent());
305 Contract contract = potentialContract.get();
306 PolicyAssert.assertContract(contract, goldInIpv4);
307 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
308 IidFactory.contractIid(tenantId, new ContractId(goldOutIpv4.getUuid().getValue()))).get();
309 assertTrue(potentialContract.isPresent());
310 contract = potentialContract.get();
311 PolicyAssert.assertContract(contract, goldOutIpv4);
312 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
313 IidFactory.contractIid(tenantId, new ContractId(serverOutIpv4.getUuid().getValue()))).get();
314 assertTrue(potentialContract.isPresent());
315 contract = potentialContract.get();
316 PolicyAssert.assertContract(contract, serverOutIpv4);
317 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
318 IidFactory.contractIid(tenantId, new ContractId(serverInIpv4.getUuid().getValue()))).get();
319 assertTrue(potentialContract.isPresent());
320 contract = potentialContract.get();
321 PolicyAssert.assertContract(contract, serverInIpv4);
322 Optional<EndpointGroup> potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
323 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(goldSecGrp))).get();
324 assertTrue(potentialEpg.isPresent());
325 EndpointGroup epg = potentialEpg.get();
326 PolicyAssert.assertConsumerNamedSelectors(
328 ImmutableSet.of(new ContractId(goldInIpv4.getUuid().getValue()),
329 new ContractId(goldOutIpv4.getUuid().getValue()),
330 new ContractId(serverOutIpv4.getUuid().getValue()),
331 new ContractId(serverInIpv4.getUuid().getValue())));
332 potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
333 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(serverSecGrp))).get();
334 assertTrue(potentialEpg.isPresent());
335 PolicyAssert.assertConsumerNamedSelectors(
337 ImmutableSet.of(new ContractId(goldInIpv4.getUuid().getValue()),
338 new ContractId(goldOutIpv4.getUuid().getValue()),
339 new ContractId(serverOutIpv4.getUuid().getValue()),
340 new ContractId(serverInIpv4.getUuid().getValue())));
344 public final void testAddNeutronSecurityRule_asymmetricRulesWithoutRemote() throws Exception {
345 String tenant = "ad4c6c25-2424-4ad3-97ee-f9691ce03645";
346 String goldSecGrp = "fe40e28f-ad6a-4a2d-b12a-47510876344a";
347 SecurityRule goldInIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
348 "166aedab-fdf5-4788-9e36-2b00b5f8722f", tenant, EthertypeV4.class, DirectionIngress.class, goldSecGrp,
350 SecurityRule goldOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
351 "dabfd4da-af89-45dd-85f8-181768c1b4c9", tenant, EthertypeV4.class, DirectionEgress.class, goldSecGrp,
353 String serverSecGrp = "71cf4fe5-b146-409e-8151-cd921298ce32";
354 SecurityRule serverOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
355 "8b9c48d3-44a8-46be-be35-6f3237d98071", tenant, EthertypeV4.class, DirectionEgress.class, serverSecGrp,
357 SecurityRuleAttributes.Protocol protocolTcp = new SecurityRuleAttributes.Protocol(ProtocolTcp.class);
358 SecurityRule serverIn80TcpIpv4 = new SecurityRuleBuilder()
359 .setUuid(new Uuid("adf7e558-de47-4f9e-a9b8-96e19db5d1ac"))
360 .setTenantId(new Uuid(tenant))
361 .setEthertype(EthertypeV4.class)
362 .setProtocol(protocolTcp)
365 .setDirection(DirectionIngress.class)
366 .setSecurityGroupId(new Uuid(serverSecGrp))
368 DataBroker dataBroker = getDataBroker();
369 List<SecurityGroup> secGroups = new ArrayList<>();
370 secGroups.add(NeutronEntityFactory.securityGroup(goldSecGrp, tenant));
371 secGroups.add(NeutronEntityFactory.securityGroup(serverSecGrp, tenant));
372 Neutron neutron = new NeutronBuilder()
373 .setSecurityGroups(new SecurityGroupsBuilder().setSecurityGroup(secGroups).build())
374 .setSecurityRules(new SecurityRulesBuilder()
375 .setSecurityRule(ImmutableList.of(goldInIpv4, goldOutIpv4, serverOutIpv4, serverIn80TcpIpv4)).build())
377 NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker, epRegistrator);
378 ReadWriteTransaction rwTx = dataBroker.newReadWriteTransaction();
379 ruleAware.addNeutronSecurityRule(goldInIpv4, neutron, rwTx);
380 ruleAware.addNeutronSecurityRule(goldOutIpv4, neutron, rwTx);
381 ruleAware.addNeutronSecurityRule(serverOutIpv4, neutron, rwTx);
382 ruleAware.addNeutronSecurityRule(serverIn80TcpIpv4, neutron, rwTx);
383 TenantId tenantId = new TenantId(tenant);
384 Optional<Contract> potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
385 IidFactory.contractIid(tenantId, new ContractId(goldInIpv4.getUuid().getValue()))).get();
386 assertTrue(potentialContract.isPresent());
387 Contract contract = potentialContract.get();
388 PolicyAssert.assertContract(contract, goldInIpv4);
389 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
390 IidFactory.contractIid(tenantId, new ContractId(goldOutIpv4.getUuid().getValue()))).get();
391 assertTrue(potentialContract.isPresent());
392 contract = potentialContract.get();
393 PolicyAssert.assertContract(contract, goldOutIpv4);
394 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
395 IidFactory.contractIid(tenantId, new ContractId(serverOutIpv4.getUuid().getValue()))).get();
396 assertTrue(potentialContract.isPresent());
397 contract = potentialContract.get();
398 PolicyAssert.assertContract(contract, serverOutIpv4);
399 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
400 IidFactory.contractIid(tenantId, new ContractId(serverIn80TcpIpv4.getUuid().getValue()))).get();
401 assertTrue(potentialContract.isPresent());
402 contract = potentialContract.get();
403 PolicyAssert.assertContract(contract, serverIn80TcpIpv4);
404 Optional<EndpointGroup> potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
405 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(goldSecGrp))).get();
406 assertTrue(potentialEpg.isPresent());
407 EndpointGroup epg = potentialEpg.get();
408 PolicyAssert.assertConsumerNamedSelectors(
410 ImmutableSet.of(new ContractId(goldInIpv4.getUuid().getValue()),
411 new ContractId(goldOutIpv4.getUuid().getValue()),
412 new ContractId(serverOutIpv4.getUuid().getValue()),
413 new ContractId(serverIn80TcpIpv4.getUuid().getValue())));
414 potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
415 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(serverSecGrp))).get();
416 assertTrue(potentialEpg.isPresent());
417 epg = potentialEpg.get();
418 PolicyAssert.assertConsumerNamedSelectors(
420 ImmutableSet.of(new ContractId(goldInIpv4.getUuid().getValue()),
421 new ContractId(serverIn80TcpIpv4.getUuid().getValue())));
425 public final void testAddNeutronSecurityRule_defaultSecGrp() throws Exception {
426 final String tenant = "111aaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa";
427 final String defaultSecGrp = "111fffff-ffff-ffff-ffff-ffffffffffff";
428 final SecurityRule defaultInIpv4Default = NeutronEntityFactory.securityRuleWithEtherType(
429 "111ccccc-111c-cccc-cccc-cccccccccccc", tenant, EthertypeV4.class, DirectionIngress.class, defaultSecGrp,
431 final SecurityRule defaultInIpv6Default = NeutronEntityFactory.securityRuleWithEtherType(
432 "222ccccc-111c-cccc-cccc-cccccccccccc", tenant, EthertypeV4.class, DirectionIngress.class, defaultSecGrp,
434 final SecurityRule defaultOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
435 "333ccccc-111c-cccc-cccc-cccccccccccc", tenant, EthertypeV4.class, DirectionEgress.class, defaultSecGrp,
437 final SecurityRule defaultOutIpv6 = NeutronEntityFactory.securityRuleWithEtherType(
438 "444ccccc-111c-cccc-cccc-cccccccccccc", tenant, EthertypeV4.class, DirectionEgress.class, defaultSecGrp,
440 DataBroker dataBroker = getDataBroker();
441 List<SecurityGroup> secGroups = new ArrayList<>();
442 secGroups.add(NeutronEntityFactory.securityGroup(defaultSecGrp, tenant));
443 Neutron neutron = new NeutronBuilder()
444 .setSecurityGroups(new SecurityGroupsBuilder().setSecurityGroup(secGroups).build()).build();
445 NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker, epRegistrator);
446 ReadWriteTransaction rwTx = dataBroker.newReadWriteTransaction();
447 ruleAware.addNeutronSecurityRule(defaultInIpv4Default, neutron, rwTx);
448 ruleAware.addNeutronSecurityRule(defaultInIpv6Default, neutron, rwTx);
449 ruleAware.addNeutronSecurityRule(defaultOutIpv4, neutron, rwTx);
450 ruleAware.addNeutronSecurityRule(defaultOutIpv6, neutron, rwTx);
451 TenantId tenantId = new TenantId(tenant);
452 Optional<Contract> potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
453 IidFactory.contractIid(tenantId, new ContractId(defaultInIpv4Default.getUuid().getValue()))).get();
454 assertTrue(potentialContract.isPresent());
455 Contract contract = potentialContract.get();
456 PolicyAssert.assertContract(contract, defaultInIpv4Default);
457 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
458 IidFactory.contractIid(tenantId, new ContractId(defaultInIpv6Default.getUuid().getValue()))).get();
459 assertTrue(potentialContract.isPresent());
460 contract = potentialContract.get();
461 PolicyAssert.assertContract(contract, defaultInIpv6Default);
462 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
463 IidFactory.contractIid(tenantId, new ContractId(defaultOutIpv4.getUuid().getValue()))).get();
464 assertTrue(potentialContract.isPresent());
465 contract = potentialContract.get();
466 PolicyAssert.assertContract(contract, defaultOutIpv4);
467 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
468 IidFactory.contractIid(tenantId, new ContractId(defaultOutIpv6.getUuid().getValue()))).get();
469 assertTrue(potentialContract.isPresent());
470 contract = potentialContract.get();
471 PolicyAssert.assertContract(contract, defaultOutIpv6);
475 public void testConstructor_invalidArgument() throws Exception {
477 new NeutronSecurityRuleAware(null, null);
478 fail(NullPointerException.class.getName() + " expected");
479 } catch (NullPointerException ex) {