1 package org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.rule;
3 import static org.junit.Assert.assertTrue;
4 import static org.junit.Assert.fail;
6 import java.util.ArrayList;
10 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
11 import org.opendaylight.controller.md.sal.binding.api.ReadWriteTransaction;
12 import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
13 import org.opendaylight.groupbasedpolicy.neutron.mapper.test.ConfigDataStoreReader;
14 import org.opendaylight.groupbasedpolicy.neutron.mapper.test.NeutronMapperDataBrokerTest;
15 import org.opendaylight.groupbasedpolicy.neutron.mapper.test.NeutronEntityFactory;
16 import org.opendaylight.groupbasedpolicy.neutron.mapper.test.PolicyAssert;
17 import org.opendaylight.groupbasedpolicy.neutron.mapper.util.MappingUtils;
18 import org.opendaylight.groupbasedpolicy.util.IidFactory;
19 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IpPrefix;
20 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Ipv4Prefix;
21 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.Uuid;
22 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ContractId;
23 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.EndpointGroupId;
24 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.TenantId;
25 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.Tenant;
26 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.Contract;
27 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.EndpointGroup;
28 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.constants.rev150712.DirectionEgress;
29 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.constants.rev150712.DirectionIngress;
30 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.constants.rev150712.EthertypeV4;
31 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.constants.rev150712.ProtocolTcp;
32 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.rev150712.Neutron;
33 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.rev150712.NeutronBuilder;
34 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.secgroups.rev150712.SecurityRuleAttributes;
35 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.secgroups.rev150712.security.groups.attributes.SecurityGroupsBuilder;
36 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.secgroups.rev150712.security.groups.attributes.security.groups.SecurityGroup;
37 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.secgroups.rev150712.security.rules.attributes.SecurityRulesBuilder;
38 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.secgroups.rev150712.security.rules.attributes.security.rules.SecurityRule;
39 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.secgroups.rev150712.security.rules.attributes.security.rules.SecurityRuleBuilder;
41 import com.google.common.base.Optional;
42 import com.google.common.collect.ImmutableList;
43 import com.google.common.collect.ImmutableSet;
46 * END 2 END TESTING - inputs are Neutron entities and expected outputs are GBP entities in
50 public class NeutronSecurityRuleAwareDataStoreTest extends NeutronMapperDataBrokerTest {
53 public final void testAddNeutronSecurityRule_rulesWithRemoteIpPrefix() throws Exception {
54 String tenant = "ad4c6c25-2424-4ad3-97ee-f9691ce03645";
55 String goldSecGrp = "fe40e28f-ad6a-4a2d-b12a-47510876344a";
56 SecurityRule goldInIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
57 "166aedab-fdf5-4788-9e36-2b00b5f8722f", tenant, EthertypeV4.class, DirectionIngress.class, goldSecGrp,
59 SecurityRule goldOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
60 "dabfd4da-af89-45dd-85f8-181768c1b4c9", tenant, EthertypeV4.class, DirectionEgress.class, goldSecGrp,
62 String serverSecGrp = "71cf4fe5-b146-409e-8151-cd921298ce32";
63 SecurityRuleAttributes.Protocol protocolTcp = new SecurityRuleAttributes.Protocol(ProtocolTcp.class);
64 SecurityRule serverIn80Tcp10_1_1_0 = new SecurityRuleBuilder().setUuid(new Uuid("9dbb533d-d9b2-4dc9-bae7-ee60c8df184d"))
65 .setTenantId(new Uuid(tenant))
66 .setEthertype(EthertypeV4.class)
67 .setProtocol(protocolTcp)
70 .setDirection(DirectionIngress.class)
71 .setSecurityGroupId(new Uuid(serverSecGrp))
72 .setRemoteIpPrefix(new IpPrefix(new Ipv4Prefix("10.1.1.0/24")))
74 SecurityRule serverInIp20_1_1_0 = new SecurityRuleBuilder().setUuid(new Uuid("adf7e558-de47-4f9e-a9b8-96e19db5d1ac"))
75 .setTenantId(new Uuid(tenant))
76 .setEthertype(EthertypeV4.class)
77 .setDirection(DirectionIngress.class)
78 .setSecurityGroupId(new Uuid(serverSecGrp))
79 .setRemoteIpPrefix(new IpPrefix(new Ipv4Prefix("20.1.1.0/24")))
81 SecurityRule serverOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
82 "8b9c48d3-44a8-46be-be35-6f3237d98071", tenant, EthertypeV4.class, DirectionEgress.class, serverSecGrp,
84 DataBroker dataBroker = getDataBroker();
85 List<SecurityGroup> secGroups = new ArrayList<>();
86 secGroups.add(NeutronEntityFactory.securityGroup(goldSecGrp, tenant));
87 secGroups.add(NeutronEntityFactory.securityGroup(serverSecGrp, tenant));
88 Neutron neutron = new NeutronBuilder()
89 .setSecurityGroups(new SecurityGroupsBuilder().setSecurityGroup(secGroups).build())
90 .setSecurityRules(new SecurityRulesBuilder().setSecurityRule(
91 ImmutableList.of(goldInIpv4, goldOutIpv4, serverIn80Tcp10_1_1_0, serverInIp20_1_1_0, serverOutIpv4))
94 NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker);
95 ReadWriteTransaction rwTx = dataBroker.newReadWriteTransaction();
96 ruleAware.addNeutronSecurityRule(goldInIpv4, neutron, rwTx);
97 ruleAware.addNeutronSecurityRule(goldOutIpv4, neutron, rwTx);
98 ruleAware.addNeutronSecurityRule(serverIn80Tcp10_1_1_0, neutron, rwTx);
99 ruleAware.addNeutronSecurityRule(serverInIp20_1_1_0, neutron, rwTx);
100 ruleAware.addNeutronSecurityRule(serverOutIpv4, neutron, rwTx);
101 TenantId tenantId = new TenantId(tenant);
102 Optional<Tenant> potentialTenant = rwTx.read(LogicalDatastoreType.CONFIGURATION, IidFactory.tenantIid(tenantId))
104 assertTrue(potentialTenant.isPresent());
105 Optional<Contract> potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
106 IidFactory.contractIid(tenantId, new ContractId(goldInIpv4.getUuid().getValue()))).get();
107 assertTrue(potentialContract.isPresent());
108 Contract contract = potentialContract.get();
109 PolicyAssert.assertContract(contract, goldInIpv4);
110 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
111 IidFactory.contractIid(tenantId, new ContractId(goldOutIpv4.getUuid().getValue()))).get();
112 assertTrue(potentialContract.isPresent());
113 contract = potentialContract.get();
114 PolicyAssert.assertContract(contract, goldOutIpv4);
115 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
116 IidFactory.contractIid(tenantId, new ContractId(serverOutIpv4.getUuid().getValue()))).get();
117 assertTrue(potentialContract.isPresent());
118 contract = potentialContract.get();
119 PolicyAssert.assertContract(contract, serverOutIpv4);
120 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
121 IidFactory.contractIid(tenantId, new ContractId(serverIn80Tcp10_1_1_0.getUuid().getValue()))).get();
122 assertTrue(potentialContract.isPresent());
123 contract = potentialContract.get();
124 PolicyAssert.assertContractWithEic(contract, serverIn80Tcp10_1_1_0);
125 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
126 IidFactory.contractIid(tenantId, new ContractId(serverInIp20_1_1_0.getUuid().getValue()))).get();
127 assertTrue(potentialContract.isPresent());
128 contract = potentialContract.get();
129 PolicyAssert.assertContractWithEic(contract, serverInIp20_1_1_0);
130 Optional<EndpointGroup> potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
131 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(goldSecGrp))).get();
132 assertTrue(potentialEpg.isPresent());
133 EndpointGroup epg = potentialEpg.get();
134 PolicyAssert.assertConsumerNamedSelectors(
136 ImmutableSet.of(new ContractId(goldInIpv4.getUuid().getValue()),
137 new ContractId(goldOutIpv4.getUuid().getValue()),
138 new ContractId(serverIn80Tcp10_1_1_0.getUuid().getValue()),
139 new ContractId(serverInIp20_1_1_0.getUuid().getValue()),
140 new ContractId(serverOutIpv4.getUuid().getValue())));
141 potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
142 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(serverSecGrp))).get();
143 assertTrue(potentialEpg.isPresent());
144 epg = potentialEpg.get();
145 PolicyAssert.assertConsumerNamedSelectors(epg, ImmutableSet.of(
146 new ContractId(serverIn80Tcp10_1_1_0.getUuid().getValue()),
147 new ContractId(serverInIp20_1_1_0.getUuid().getValue()),
148 new ContractId(goldInIpv4.getUuid().getValue())));
152 public final void testAddAndDeleteNeutronSecurityRule() throws Exception {
153 DataBroker dataBroker = getDataBroker();
154 NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker);
156 final String tenantId = "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa";
157 final String secGroupId1 = "bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb";
158 final String secGroupId2 = "cccccccc-cccc-cccc-cccc-cccccccccccc";
159 final String secRuleId1 = "dddddddd-dddd-dddd-dddd-dddddddddddd";
160 final String secRuleId2 = "eeeeeeee-eeee-eeee-eeee-eeeeeeeeeeee";
162 List<SecurityGroup> secGroups = new ArrayList<>();
163 secGroups.add(NeutronEntityFactory.securityGroup(secGroupId1, tenantId));
164 secGroups.add(NeutronEntityFactory.securityGroup(secGroupId2, tenantId));
165 SecurityRule secRule1 = NeutronEntityFactory.securityRuleWithEtherType(secRuleId1, tenantId,
166 EthertypeV4.class, DirectionEgress.class, secGroupId1, secGroupId2);
167 SecurityRule secRule2 = NeutronEntityFactory.securityRuleWithEtherType(secRuleId2, tenantId,
168 EthertypeV4.class, DirectionIngress.class, secGroupId2, secGroupId1);
169 NeutronBuilder neutronBuilder = new NeutronBuilder()
170 .setSecurityGroups(new SecurityGroupsBuilder().setSecurityGroup(secGroups).build())
171 .setSecurityRules(new SecurityRulesBuilder()
172 .setSecurityRule(ImmutableList.of(secRule1)).build());
174 ruleAware.onCreated(secRule1, neutronBuilder.build());
176 PolicyAssert.assertTenantExists(dataBroker, tenantId);
177 PolicyAssert.assertContractExists(dataBroker, tenantId, secRuleId1);
178 Optional<Contract> contract = ConfigDataStoreReader.readContract(dataBroker, tenantId, secRuleId1);
179 PolicyAssert.assertContract(contract.get(), secRule1);
180 PolicyAssert.assertContractCount(dataBroker, tenantId, 1);
181 PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId1);
182 Optional<EndpointGroup> epGroup1 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId1);
183 PolicyAssert.assertProviderNamedSelectors(epGroup1.get(), ImmutableSet.of(new ContractId(secRuleId1)));
184 PolicyAssert.assertNoConsumerNamedSelectors(dataBroker, tenantId, secGroupId1);
186 PolicyAssert.assertClassifierInstanceExists(dataBroker, secRule1);
187 PolicyAssert.assertActionInstanceExists(dataBroker, tenantId, MappingUtils.ACTION_ALLOW.getName());
189 neutronBuilder.setSecurityRules(new SecurityRulesBuilder()
190 .setSecurityRule(ImmutableList.of(secRule1, secRule2)).build());
192 ruleAware.onCreated(secRule2, neutronBuilder.build());
194 PolicyAssert.assertTenantExists(dataBroker, tenantId);
195 PolicyAssert.assertContractExists(dataBroker, tenantId, secRuleId1);
196 contract = ConfigDataStoreReader.readContract(dataBroker, tenantId, secRuleId1);
197 PolicyAssert.assertContract(contract.get(), secRule1);
198 PolicyAssert.assertContractCount(dataBroker, tenantId, 2);
199 PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId1);
200 epGroup1 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId1);
201 PolicyAssert.assertProviderNamedSelectors(epGroup1.get(), ImmutableSet.of(new ContractId(secRuleId1)));
202 PolicyAssert.assertConsumerNamedSelectors(epGroup1.get(), ImmutableSet.of(new ContractId(secRuleId2)));
204 PolicyAssert.assertContractExists(dataBroker, tenantId, secRuleId2);
205 contract = ConfigDataStoreReader.readContract(dataBroker, tenantId, secRuleId2);
206 PolicyAssert.assertContract(contract.get(), secRule2);
207 PolicyAssert.assertContractCount(dataBroker, tenantId, 2);
208 PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId2);
209 Optional<EndpointGroup> epGroup2 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId2);
210 PolicyAssert.assertProviderNamedSelectors(epGroup2.get(), ImmutableSet.of(new ContractId(secRuleId2)));
211 PolicyAssert.assertConsumerNamedSelectors(epGroup2.get(), ImmutableSet.of(new ContractId(secRuleId1)));
213 ruleAware.onDeleted(secRule2, neutronBuilder.build(), null);
215 PolicyAssert.assertTenantExists(dataBroker, tenantId);
216 PolicyAssert.assertContractExists(dataBroker, tenantId, secRuleId1);
217 contract = ConfigDataStoreReader.readContract(dataBroker, tenantId, secRuleId1);
218 PolicyAssert.assertContract(contract.get(), secRule1);
219 PolicyAssert.assertContractCount(dataBroker, tenantId, 1);
220 PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId1);
221 epGroup1 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId1);
222 PolicyAssert.assertProviderNamedSelectors(epGroup1.get(), ImmutableSet.of(new ContractId(secRuleId1)));
223 PolicyAssert.assertNoConsumerNamedSelectors(dataBroker, tenantId, secGroupId1);
225 PolicyAssert.assertContractNotExists(dataBroker, tenantId, secRuleId2);
226 PolicyAssert.assertContractCount(dataBroker, tenantId, 1);
227 PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId2);
228 epGroup2 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId2);
229 PolicyAssert.assertNoProviderNamedSelectors(dataBroker, tenantId, secGroupId2);
230 PolicyAssert.assertNoConsumerNamedSelectors(dataBroker, tenantId, secGroupId2);
232 PolicyAssert.assertClassifierInstanceExists(dataBroker, secRule1);
233 PolicyAssert.assertActionInstanceExists(dataBroker, tenantId, MappingUtils.ACTION_ALLOW.getName());
235 neutronBuilder.setSecurityRules(new SecurityRulesBuilder()
236 .setSecurityRule(ImmutableList.of(secRule1)).build());
238 ruleAware.onDeleted(secRule1, neutronBuilder.build(), null);
240 PolicyAssert.assertContractCount(dataBroker, tenantId, 0);
241 PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId1);
242 PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId2);
243 PolicyAssert.assertNoProviderNamedSelectors(dataBroker, tenantId, secGroupId1);
244 PolicyAssert.assertNoConsumerNamedSelectors(dataBroker, tenantId, secGroupId2);
246 PolicyAssert.assertClassifierInstanceNotExists(dataBroker, secRule1);
247 // TODO: Uncomment this when the life cycle of the Allow ActionInstance will be clarified.
248 // PolicyAssert.assertActionInstanceNotExists(dataBroker, tenantId,
249 // MappingUtils.ACTION_ALLOW.getName());
253 public final void testAddNeutronSecurityRule_rulesWithoutRemote() throws Exception {
254 String tenant = "ad4c6c25-2424-4ad3-97ee-f9691ce03645";
255 String goldSecGrp = "fe40e28f-ad6a-4a2d-b12a-47510876344a";
256 SecurityRule goldInIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
257 "166aedab-fdf5-4788-9e36-2b00b5f8722f", tenant, EthertypeV4.class, DirectionIngress.class, goldSecGrp,
259 SecurityRule goldOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
260 "dabfd4da-af89-45dd-85f8-181768c1b4c9", tenant, EthertypeV4.class, DirectionEgress.class, goldSecGrp,
262 String serverSecGrp = "71cf4fe5-b146-409e-8151-cd921298ce32";
263 SecurityRule serverOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
264 "8b9c48d3-44a8-46be-be35-6f3237d98071", tenant, EthertypeV4.class, DirectionEgress.class, serverSecGrp,
266 SecurityRule serverInIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
267 "adf7e558-de47-4f9e-a9b8-96e19db5d1ac", tenant, EthertypeV4.class, DirectionIngress.class, serverSecGrp,
269 DataBroker dataBroker = getDataBroker();
270 List<SecurityGroup> secGroups = new ArrayList<>();
271 secGroups.add(NeutronEntityFactory.securityGroup(goldSecGrp, tenant));
272 secGroups.add(NeutronEntityFactory.securityGroup(serverSecGrp, tenant));
273 Neutron neutron = new NeutronBuilder()
274 .setSecurityGroups(new SecurityGroupsBuilder().setSecurityGroup(secGroups).build())
275 .setSecurityRules(new SecurityRulesBuilder()
276 .setSecurityRule(ImmutableList.of(goldInIpv4, goldOutIpv4, serverOutIpv4, serverInIpv4)).build())
278 NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker);
279 ReadWriteTransaction rwTx = dataBroker.newReadWriteTransaction();
280 ruleAware.addNeutronSecurityRule(goldInIpv4, neutron, rwTx);
281 ruleAware.addNeutronSecurityRule(goldOutIpv4, neutron, rwTx);
282 ruleAware.addNeutronSecurityRule(serverOutIpv4, neutron, rwTx);
283 ruleAware.addNeutronSecurityRule(serverInIpv4, neutron, rwTx);
284 TenantId tenantId = new TenantId(tenant);
285 Optional<Contract> potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
286 IidFactory.contractIid(tenantId, new ContractId(goldInIpv4.getUuid().getValue()))).get();
287 assertTrue(potentialContract.isPresent());
288 Contract contract = potentialContract.get();
289 PolicyAssert.assertContract(contract, goldInIpv4);
290 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
291 IidFactory.contractIid(tenantId, new ContractId(goldOutIpv4.getUuid().getValue()))).get();
292 assertTrue(potentialContract.isPresent());
293 contract = potentialContract.get();
294 PolicyAssert.assertContract(contract, goldOutIpv4);
295 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
296 IidFactory.contractIid(tenantId, new ContractId(serverOutIpv4.getUuid().getValue()))).get();
297 assertTrue(potentialContract.isPresent());
298 contract = potentialContract.get();
299 PolicyAssert.assertContract(contract, serverOutIpv4);
300 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
301 IidFactory.contractIid(tenantId, new ContractId(serverInIpv4.getUuid().getValue()))).get();
302 assertTrue(potentialContract.isPresent());
303 contract = potentialContract.get();
304 PolicyAssert.assertContract(contract, serverInIpv4);
305 Optional<EndpointGroup> potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
306 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(goldSecGrp))).get();
307 assertTrue(potentialEpg.isPresent());
308 EndpointGroup epg = potentialEpg.get();
309 PolicyAssert.assertConsumerNamedSelectors(
311 ImmutableSet.of(new ContractId(goldInIpv4.getUuid().getValue()),
312 new ContractId(goldOutIpv4.getUuid().getValue()),
313 new ContractId(serverOutIpv4.getUuid().getValue()),
314 new ContractId(serverInIpv4.getUuid().getValue())));
315 potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
316 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(serverSecGrp))).get();
317 assertTrue(potentialEpg.isPresent());
318 PolicyAssert.assertConsumerNamedSelectors(
320 ImmutableSet.of(new ContractId(goldInIpv4.getUuid().getValue()),
321 new ContractId(goldOutIpv4.getUuid().getValue()),
322 new ContractId(serverOutIpv4.getUuid().getValue()),
323 new ContractId(serverInIpv4.getUuid().getValue())));
327 public final void testAddNeutronSecurityRule_asymmetricRulesWithoutRemote() throws Exception {
328 String tenant = "ad4c6c25-2424-4ad3-97ee-f9691ce03645";
329 String goldSecGrp = "fe40e28f-ad6a-4a2d-b12a-47510876344a";
330 SecurityRule goldInIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
331 "166aedab-fdf5-4788-9e36-2b00b5f8722f", tenant, EthertypeV4.class, DirectionIngress.class, goldSecGrp,
333 SecurityRule goldOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
334 "dabfd4da-af89-45dd-85f8-181768c1b4c9", tenant, EthertypeV4.class, DirectionEgress.class, goldSecGrp,
336 String serverSecGrp = "71cf4fe5-b146-409e-8151-cd921298ce32";
337 SecurityRule serverOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
338 "8b9c48d3-44a8-46be-be35-6f3237d98071", tenant, EthertypeV4.class, DirectionEgress.class, serverSecGrp,
340 SecurityRuleAttributes.Protocol protocolTcp = new SecurityRuleAttributes.Protocol(ProtocolTcp.class);
341 SecurityRule serverIn80TcpIpv4 = new SecurityRuleBuilder().setUuid(new Uuid("adf7e558-de47-4f9e-a9b8-96e19db5d1ac"))
342 .setTenantId(new Uuid(tenant))
343 .setEthertype(EthertypeV4.class)
344 .setProtocol(protocolTcp)
347 .setDirection(DirectionIngress.class)
348 .setSecurityGroupId(new Uuid(serverSecGrp))
350 DataBroker dataBroker = getDataBroker();
351 List<SecurityGroup> secGroups = new ArrayList<>();
352 secGroups.add(NeutronEntityFactory.securityGroup(goldSecGrp, tenant));
353 secGroups.add(NeutronEntityFactory.securityGroup(serverSecGrp, tenant));
354 Neutron neutron = new NeutronBuilder()
355 .setSecurityGroups(new SecurityGroupsBuilder().setSecurityGroup(secGroups).build())
356 .setSecurityRules(new SecurityRulesBuilder()
357 .setSecurityRule(ImmutableList.of(goldInIpv4, goldOutIpv4, serverOutIpv4, serverIn80TcpIpv4)).build())
359 NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker);
360 ReadWriteTransaction rwTx = dataBroker.newReadWriteTransaction();
361 ruleAware.addNeutronSecurityRule(goldInIpv4, neutron, rwTx);
362 ruleAware.addNeutronSecurityRule(goldOutIpv4, neutron, rwTx);
363 ruleAware.addNeutronSecurityRule(serverOutIpv4, neutron, rwTx);
364 ruleAware.addNeutronSecurityRule(serverIn80TcpIpv4, neutron, rwTx);
365 TenantId tenantId = new TenantId(tenant);
366 Optional<Contract> potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
367 IidFactory.contractIid(tenantId, new ContractId(goldInIpv4.getUuid().getValue()))).get();
368 assertTrue(potentialContract.isPresent());
369 Contract contract = potentialContract.get();
370 PolicyAssert.assertContract(contract, goldInIpv4);
371 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
372 IidFactory.contractIid(tenantId, new ContractId(goldOutIpv4.getUuid().getValue()))).get();
373 assertTrue(potentialContract.isPresent());
374 contract = potentialContract.get();
375 PolicyAssert.assertContract(contract, goldOutIpv4);
376 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
377 IidFactory.contractIid(tenantId, new ContractId(serverOutIpv4.getUuid().getValue()))).get();
378 assertTrue(potentialContract.isPresent());
379 contract = potentialContract.get();
380 PolicyAssert.assertContract(contract, serverOutIpv4);
381 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
382 IidFactory.contractIid(tenantId, new ContractId(serverIn80TcpIpv4.getUuid().getValue()))).get();
383 assertTrue(potentialContract.isPresent());
384 contract = potentialContract.get();
385 PolicyAssert.assertContract(contract, serverIn80TcpIpv4);
386 Optional<EndpointGroup> potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
387 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(goldSecGrp))).get();
388 assertTrue(potentialEpg.isPresent());
389 EndpointGroup epg = potentialEpg.get();
390 PolicyAssert.assertConsumerNamedSelectors(
392 ImmutableSet.of(new ContractId(goldInIpv4.getUuid().getValue()),
393 new ContractId(goldOutIpv4.getUuid().getValue()),
394 new ContractId(serverOutIpv4.getUuid().getValue()),
395 new ContractId(serverIn80TcpIpv4.getUuid().getValue())));
396 potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
397 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(serverSecGrp))).get();
398 assertTrue(potentialEpg.isPresent());
399 epg = potentialEpg.get();
400 PolicyAssert.assertConsumerNamedSelectors(
402 ImmutableSet.of(new ContractId(goldInIpv4.getUuid().getValue()),
403 new ContractId(serverIn80TcpIpv4.getUuid().getValue())));
407 public final void testAddNeutronSecurityRule_defaultSecGrp() throws Exception {
408 String tenant = "111aaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa";
409 String defaultSecGrp = "111fffff-ffff-ffff-ffff-ffffffffffff";
410 SecurityRule defaultInIpv4Default = NeutronEntityFactory.securityRuleWithEtherType(
411 "111ccccc-111c-cccc-cccc-cccccccccccc", tenant, EthertypeV4.class, DirectionIngress.class, defaultSecGrp,
413 SecurityRule defaultInIpv6Default = NeutronEntityFactory.securityRuleWithEtherType(
414 "222ccccc-111c-cccc-cccc-cccccccccccc", tenant, EthertypeV4.class, DirectionIngress.class, defaultSecGrp,
416 SecurityRule defaultOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
417 "333ccccc-111c-cccc-cccc-cccccccccccc", tenant, EthertypeV4.class, DirectionEgress.class, defaultSecGrp,
419 SecurityRule defaultOutIpv6 = NeutronEntityFactory.securityRuleWithEtherType(
420 "444ccccc-111c-cccc-cccc-cccccccccccc", tenant, EthertypeV4.class, DirectionEgress.class, defaultSecGrp,
422 DataBroker dataBroker = getDataBroker();
423 List<SecurityGroup> secGroups = new ArrayList<>();
424 secGroups.add(NeutronEntityFactory.securityGroup(defaultSecGrp, tenant));
425 Neutron neutron = new NeutronBuilder()
426 .setSecurityGroups(new SecurityGroupsBuilder().setSecurityGroup(secGroups).build()).build();
427 NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker);
428 ReadWriteTransaction rwTx = dataBroker.newReadWriteTransaction();
429 ruleAware.addNeutronSecurityRule(defaultInIpv4Default, neutron, rwTx);
430 ruleAware.addNeutronSecurityRule(defaultInIpv6Default, neutron, rwTx);
431 ruleAware.addNeutronSecurityRule(defaultOutIpv4, neutron, rwTx);
432 ruleAware.addNeutronSecurityRule(defaultOutIpv6, neutron, rwTx);
433 TenantId tenantId = new TenantId(tenant);
434 Optional<Contract> potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
435 IidFactory.contractIid(tenantId, new ContractId(defaultInIpv4Default.getUuid().getValue()))).get();
436 assertTrue(potentialContract.isPresent());
437 Contract contract = potentialContract.get();
438 PolicyAssert.assertContract(contract, defaultInIpv4Default);
439 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
440 IidFactory.contractIid(tenantId, new ContractId(defaultInIpv6Default.getUuid().getValue()))).get();
441 assertTrue(potentialContract.isPresent());
442 contract = potentialContract.get();
443 PolicyAssert.assertContract(contract, defaultInIpv6Default);
444 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
445 IidFactory.contractIid(tenantId, new ContractId(defaultOutIpv4.getUuid().getValue()))).get();
446 assertTrue(potentialContract.isPresent());
447 contract = potentialContract.get();
448 PolicyAssert.assertContract(contract, defaultOutIpv4);
449 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
450 IidFactory.contractIid(tenantId, new ContractId(defaultOutIpv6.getUuid().getValue()))).get();
451 assertTrue(potentialContract.isPresent());
452 contract = potentialContract.get();
453 PolicyAssert.assertContract(contract, defaultOutIpv6);
457 public void testConstructor_invalidArgument() throws Exception {
459 new NeutronSecurityRuleAware(null);
460 fail(NullPointerException.class.getName() + " expected");
461 } catch (NullPointerException ex) {