neutron-mapper/src/test/java/org/opendaylight/groupbasedpolicy/neutron/mapper/mapping/rule/NeutronSecurityRuleAwareDataStoreTest.java

   1 package org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.rule;
   2
   3 import static org.junit.Assert.assertTrue;
   4 import static org.junit.Assert.fail;
   5
   6 import java.util.ArrayList;
   7 import java.util.List;
   8
   9 import org.junit.Test;
  10 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
  11 import org.opendaylight.controller.md.sal.binding.api.ReadWriteTransaction;
  12 import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
  13 import org.opendaylight.groupbasedpolicy.neutron.mapper.test.ConfigDataStoreReader;
  14 import org.opendaylight.groupbasedpolicy.neutron.mapper.test.NeutronMapperDataBrokerTest;
  15 import org.opendaylight.groupbasedpolicy.neutron.mapper.test.NeutronEntityFactory;
  16 import org.opendaylight.groupbasedpolicy.neutron.mapper.test.PolicyAssert;
  17 import org.opendaylight.groupbasedpolicy.neutron.mapper.util.MappingUtils;
  18 import org.opendaylight.groupbasedpolicy.util.IidFactory;
  19 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IpPrefix;
  20 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Ipv4Prefix;
  21 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.Uuid;
  22 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ContractId;
  23 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.EndpointGroupId;
  24 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.TenantId;
  25 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.Tenant;
  26 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.Contract;
  27 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.EndpointGroup;
  28 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.constants.rev150712.DirectionEgress;
  29 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.constants.rev150712.DirectionIngress;
  30 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.constants.rev150712.EthertypeV4;
  31 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.constants.rev150712.ProtocolTcp;
  32 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.rev150712.Neutron;
  33 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.rev150712.NeutronBuilder;
  34 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.secgroups.rev150712.SecurityRuleAttributes;
  35 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.secgroups.rev150712.security.groups.attributes.SecurityGroupsBuilder;
  36 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.secgroups.rev150712.security.groups.attributes.security.groups.SecurityGroup;
  37 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.secgroups.rev150712.security.rules.attributes.SecurityRulesBuilder;
  38 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.secgroups.rev150712.security.rules.attributes.security.rules.SecurityRule;
  39 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.secgroups.rev150712.security.rules.attributes.security.rules.SecurityRuleBuilder;
  40
  41 import com.google.common.base.Optional;
  42 import com.google.common.collect.ImmutableList;
  43 import com.google.common.collect.ImmutableSet;
  44
  45 /**
  46  * END 2 END TESTING - inputs are Neutron entities and expected outputs are GBP entities in
  47  * datastore
  48  */
  49
  50 public class NeutronSecurityRuleAwareDataStoreTest extends NeutronMapperDataBrokerTest {
  51
  52     @Test
  53     public final void testAddNeutronSecurityRule_rulesWithRemoteIpPrefix() throws Exception {
  54         String tenant = "ad4c6c25-2424-4ad3-97ee-f9691ce03645";
  55         String goldSecGrp = "fe40e28f-ad6a-4a2d-b12a-47510876344a";
  56         SecurityRule goldInIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
  57                 "166aedab-fdf5-4788-9e36-2b00b5f8722f", tenant, EthertypeV4.class, DirectionIngress.class, goldSecGrp,
  58                 null);
  59         SecurityRule goldOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
  60                 "dabfd4da-af89-45dd-85f8-181768c1b4c9", tenant, EthertypeV4.class, DirectionEgress.class, goldSecGrp,
  61                 null);
  62         String serverSecGrp = "71cf4fe5-b146-409e-8151-cd921298ce32";
  63         SecurityRuleAttributes.Protocol protocolTcp = new SecurityRuleAttributes.Protocol(ProtocolTcp.class);
  64         SecurityRule serverIn80Tcp10_1_1_0 = new SecurityRuleBuilder().setUuid(new Uuid("9dbb533d-d9b2-4dc9-bae7-ee60c8df184d"))
  65                 .setTenantId(new Uuid(tenant))
  66                 .setEthertype(EthertypeV4.class)
  67                 .setProtocol(protocolTcp)
  68                 .setPortRangeMin(80)
  69                 .setPortRangeMax(80)
  70                 .setDirection(DirectionIngress.class)
  71                 .setSecurityGroupId(new Uuid(serverSecGrp))
  72                 .setRemoteIpPrefix(new IpPrefix(new Ipv4Prefix("10.1.1.0/24")))
  73                 .build();
  74         SecurityRule serverInIp20_1_1_0 = new SecurityRuleBuilder().setUuid(new Uuid("adf7e558-de47-4f9e-a9b8-96e19db5d1ac"))
  75                 .setTenantId(new Uuid(tenant))
  76                 .setEthertype(EthertypeV4.class)
  77                 .setDirection(DirectionIngress.class)
  78                 .setSecurityGroupId(new Uuid(serverSecGrp))
  79                 .setRemoteIpPrefix(new IpPrefix(new Ipv4Prefix("20.1.1.0/24")))
  80                 .build();
  81         SecurityRule serverOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
  82                 "8b9c48d3-44a8-46be-be35-6f3237d98071", tenant, EthertypeV4.class, DirectionEgress.class, serverSecGrp,
  83                 null);
  84         DataBroker dataBroker = getDataBroker();
  85         List<SecurityGroup> secGroups = new ArrayList<>();
  86         secGroups.add(NeutronEntityFactory.securityGroup(goldSecGrp, tenant));
  87         secGroups.add(NeutronEntityFactory.securityGroup(serverSecGrp, tenant));
  88         Neutron neutron = new NeutronBuilder()
  89             .setSecurityGroups(new SecurityGroupsBuilder().setSecurityGroup(secGroups).build())
  90             .setSecurityRules(new SecurityRulesBuilder().setSecurityRule(
  91                     ImmutableList.of(goldInIpv4, goldOutIpv4, serverIn80Tcp10_1_1_0, serverInIp20_1_1_0, serverOutIpv4))
  92                 .build())
  93             .build();
  94         NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker);
  95         ReadWriteTransaction rwTx = dataBroker.newReadWriteTransaction();
  96         ruleAware.addNeutronSecurityRule(goldInIpv4, neutron, rwTx);
  97         ruleAware.addNeutronSecurityRule(goldOutIpv4, neutron, rwTx);
  98         ruleAware.addNeutronSecurityRule(serverIn80Tcp10_1_1_0, neutron, rwTx);
  99         ruleAware.addNeutronSecurityRule(serverInIp20_1_1_0, neutron, rwTx);
 100         ruleAware.addNeutronSecurityRule(serverOutIpv4, neutron, rwTx);
 101         TenantId tenantId = new TenantId(tenant);
 102         Optional<Tenant> potentialTenant = rwTx.read(LogicalDatastoreType.CONFIGURATION, IidFactory.tenantIid(tenantId))
 103             .get();
 104         assertTrue(potentialTenant.isPresent());
 105         Optional<Contract> potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 106                 IidFactory.contractIid(tenantId, new ContractId(goldInIpv4.getUuid().getValue()))).get();
 107         assertTrue(potentialContract.isPresent());
 108         Contract contract = potentialContract.get();
 109         PolicyAssert.assertContract(contract, goldInIpv4);
 110         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 111                 IidFactory.contractIid(tenantId, new ContractId(goldOutIpv4.getUuid().getValue()))).get();
 112         assertTrue(potentialContract.isPresent());
 113         contract = potentialContract.get();
 114         PolicyAssert.assertContract(contract, goldOutIpv4);
 115         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 116                 IidFactory.contractIid(tenantId, new ContractId(serverOutIpv4.getUuid().getValue()))).get();
 117         assertTrue(potentialContract.isPresent());
 118         contract = potentialContract.get();
 119         PolicyAssert.assertContract(contract, serverOutIpv4);
 120         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 121                 IidFactory.contractIid(tenantId, new ContractId(serverIn80Tcp10_1_1_0.getUuid().getValue()))).get();
 122         assertTrue(potentialContract.isPresent());
 123         contract = potentialContract.get();
 124         PolicyAssert.assertContractWithEic(contract, serverIn80Tcp10_1_1_0);
 125         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 126                 IidFactory.contractIid(tenantId, new ContractId(serverInIp20_1_1_0.getUuid().getValue()))).get();
 127         assertTrue(potentialContract.isPresent());
 128         contract = potentialContract.get();
 129         PolicyAssert.assertContractWithEic(contract, serverInIp20_1_1_0);
 130         Optional<EndpointGroup> potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 131                 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(goldSecGrp))).get();
 132         assertTrue(potentialEpg.isPresent());
 133         EndpointGroup epg = potentialEpg.get();
 134         PolicyAssert.assertConsumerNamedSelectors(
 135                 epg,
 136                 ImmutableSet.of(new ContractId(goldInIpv4.getUuid().getValue()),
 137                         new ContractId(goldOutIpv4.getUuid().getValue()),
 138                         new ContractId(serverIn80Tcp10_1_1_0.getUuid().getValue()),
 139                         new ContractId(serverInIp20_1_1_0.getUuid().getValue()),
 140                         new ContractId(serverOutIpv4.getUuid().getValue())));
 141         potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 142                 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(serverSecGrp))).get();
 143         assertTrue(potentialEpg.isPresent());
 144         epg = potentialEpg.get();
 145         PolicyAssert.assertConsumerNamedSelectors(epg, ImmutableSet.of(
 146                 new ContractId(serverIn80Tcp10_1_1_0.getUuid().getValue()),
 147                 new ContractId(serverInIp20_1_1_0.getUuid().getValue()),
 148                 new ContractId(goldInIpv4.getUuid().getValue())));
 149     }
 150
 151     @Test
 152     public final void testAddAndDeleteNeutronSecurityRule() throws Exception {
 153         DataBroker dataBroker = getDataBroker();
 154         NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker);
 155
 156         final String tenantId = "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa";
 157         final String secGroupId1 = "bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb";
 158         final String secGroupId2 = "cccccccc-cccc-cccc-cccc-cccccccccccc";
 159         final String secRuleId1 = "dddddddd-dddd-dddd-dddd-dddddddddddd";
 160         final String secRuleId2 = "eeeeeeee-eeee-eeee-eeee-eeeeeeeeeeee";
 161
 162         List<SecurityGroup> secGroups = new ArrayList<>();
 163         secGroups.add(NeutronEntityFactory.securityGroup(secGroupId1, tenantId));
 164         secGroups.add(NeutronEntityFactory.securityGroup(secGroupId2, tenantId));
 165         SecurityRule secRule1 = NeutronEntityFactory.securityRuleWithEtherType(secRuleId1, tenantId,
 166                 EthertypeV4.class, DirectionEgress.class, secGroupId1, secGroupId2);
 167         SecurityRule secRule2 = NeutronEntityFactory.securityRuleWithEtherType(secRuleId2, tenantId,
 168                 EthertypeV4.class, DirectionIngress.class, secGroupId2, secGroupId1);
 169         NeutronBuilder neutronBuilder = new NeutronBuilder()
 170             .setSecurityGroups(new SecurityGroupsBuilder().setSecurityGroup(secGroups).build())
 171             .setSecurityRules(new SecurityRulesBuilder()
 172                     .setSecurityRule(ImmutableList.of(secRule1)).build());
 173
 174         ruleAware.onCreated(secRule1, neutronBuilder.build());
 175
 176         PolicyAssert.assertTenantExists(dataBroker, tenantId);
 177         PolicyAssert.assertContractExists(dataBroker, tenantId, secRuleId1);
 178         Optional<Contract> contract = ConfigDataStoreReader.readContract(dataBroker, tenantId, secRuleId1);
 179         PolicyAssert.assertContract(contract.get(), secRule1);
 180         PolicyAssert.assertContractCount(dataBroker, tenantId, 1);
 181         PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId1);
 182         Optional<EndpointGroup> epGroup1 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId1);
 183         PolicyAssert.assertProviderNamedSelectors(epGroup1.get(), ImmutableSet.of(new ContractId(secRuleId1)));
 184         PolicyAssert.assertNoConsumerNamedSelectors(dataBroker, tenantId, secGroupId1);
 185
 186         PolicyAssert.assertClassifierInstanceExists(dataBroker, secRule1);
 187         PolicyAssert.assertActionInstanceExists(dataBroker, tenantId, MappingUtils.ACTION_ALLOW.getName());
 188
 189         neutronBuilder.setSecurityRules(new SecurityRulesBuilder()
 190                 .setSecurityRule(ImmutableList.of(secRule1, secRule2)).build());
 191
 192         ruleAware.onCreated(secRule2, neutronBuilder.build());
 193
 194         PolicyAssert.assertTenantExists(dataBroker, tenantId);
 195         PolicyAssert.assertContractExists(dataBroker, tenantId, secRuleId1);
 196         contract = ConfigDataStoreReader.readContract(dataBroker, tenantId, secRuleId1);
 197         PolicyAssert.assertContract(contract.get(), secRule1);
 198         PolicyAssert.assertContractCount(dataBroker, tenantId, 2);
 199         PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId1);
 200         epGroup1 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId1);
 201         PolicyAssert.assertProviderNamedSelectors(epGroup1.get(), ImmutableSet.of(new ContractId(secRuleId1)));
 202         PolicyAssert.assertConsumerNamedSelectors(epGroup1.get(), ImmutableSet.of(new ContractId(secRuleId2)));
 203
 204         PolicyAssert.assertContractExists(dataBroker, tenantId, secRuleId2);
 205         contract = ConfigDataStoreReader.readContract(dataBroker, tenantId, secRuleId2);
 206         PolicyAssert.assertContract(contract.get(), secRule2);
 207         PolicyAssert.assertContractCount(dataBroker, tenantId, 2);
 208         PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId2);
 209         Optional<EndpointGroup> epGroup2 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId2);
 210         PolicyAssert.assertProviderNamedSelectors(epGroup2.get(), ImmutableSet.of(new ContractId(secRuleId2)));
 211         PolicyAssert.assertConsumerNamedSelectors(epGroup2.get(), ImmutableSet.of(new ContractId(secRuleId1)));
 212
 213         ruleAware.onDeleted(secRule2, neutronBuilder.build(), null);
 214
 215         PolicyAssert.assertTenantExists(dataBroker, tenantId);
 216         PolicyAssert.assertContractExists(dataBroker, tenantId, secRuleId1);
 217         contract = ConfigDataStoreReader.readContract(dataBroker, tenantId, secRuleId1);
 218         PolicyAssert.assertContract(contract.get(), secRule1);
 219         PolicyAssert.assertContractCount(dataBroker, tenantId, 1);
 220         PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId1);
 221         epGroup1 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId1);
 222         PolicyAssert.assertProviderNamedSelectors(epGroup1.get(), ImmutableSet.of(new ContractId(secRuleId1)));
 223         PolicyAssert.assertNoConsumerNamedSelectors(dataBroker, tenantId, secGroupId1);
 224
 225         PolicyAssert.assertContractNotExists(dataBroker, tenantId, secRuleId2);
 226         PolicyAssert.assertContractCount(dataBroker, tenantId, 1);
 227         PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId2);
 228         epGroup2 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId2);
 229         PolicyAssert.assertNoProviderNamedSelectors(dataBroker, tenantId, secGroupId2);
 230         PolicyAssert.assertNoConsumerNamedSelectors(dataBroker, tenantId, secGroupId2);
 231
 232         PolicyAssert.assertClassifierInstanceExists(dataBroker, secRule1);
 233         PolicyAssert.assertActionInstanceExists(dataBroker, tenantId, MappingUtils.ACTION_ALLOW.getName());
 234
 235         neutronBuilder.setSecurityRules(new SecurityRulesBuilder()
 236                 .setSecurityRule(ImmutableList.of(secRule1)).build());
 237
 238         ruleAware.onDeleted(secRule1, neutronBuilder.build(), null);
 239
 240         PolicyAssert.assertContractCount(dataBroker, tenantId, 0);
 241         PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId1);
 242         PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId2);
 243         PolicyAssert.assertNoProviderNamedSelectors(dataBroker, tenantId, secGroupId1);
 244         PolicyAssert.assertNoConsumerNamedSelectors(dataBroker, tenantId, secGroupId2);
 245
 246         PolicyAssert.assertClassifierInstanceNotExists(dataBroker, secRule1);
 247         // TODO: Uncomment this when the life cycle of the Allow ActionInstance will be clarified.
 248         // PolicyAssert.assertActionInstanceNotExists(dataBroker, tenantId,
 249         // MappingUtils.ACTION_ALLOW.getName());
 250     }
 251
 252     @Test
 253     public final void testAddNeutronSecurityRule_rulesWithoutRemote() throws Exception {
 254         String tenant = "ad4c6c25-2424-4ad3-97ee-f9691ce03645";
 255         String goldSecGrp = "fe40e28f-ad6a-4a2d-b12a-47510876344a";
 256         SecurityRule goldInIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
 257                 "166aedab-fdf5-4788-9e36-2b00b5f8722f", tenant, EthertypeV4.class, DirectionIngress.class, goldSecGrp,
 258                 null);
 259         SecurityRule goldOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
 260                 "dabfd4da-af89-45dd-85f8-181768c1b4c9", tenant, EthertypeV4.class, DirectionEgress.class, goldSecGrp,
 261                 null);
 262         String serverSecGrp = "71cf4fe5-b146-409e-8151-cd921298ce32";
 263         SecurityRule serverOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
 264                 "8b9c48d3-44a8-46be-be35-6f3237d98071", tenant, EthertypeV4.class, DirectionEgress.class, serverSecGrp,
 265                 null);
 266         SecurityRule serverInIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
 267                 "adf7e558-de47-4f9e-a9b8-96e19db5d1ac", tenant, EthertypeV4.class, DirectionIngress.class, serverSecGrp,
 268                 null);
 269         DataBroker dataBroker = getDataBroker();
 270         List<SecurityGroup> secGroups = new ArrayList<>();
 271         secGroups.add(NeutronEntityFactory.securityGroup(goldSecGrp, tenant));
 272         secGroups.add(NeutronEntityFactory.securityGroup(serverSecGrp, tenant));
 273         Neutron neutron = new NeutronBuilder()
 274             .setSecurityGroups(new SecurityGroupsBuilder().setSecurityGroup(secGroups).build())
 275             .setSecurityRules(new SecurityRulesBuilder()
 276                     .setSecurityRule(ImmutableList.of(goldInIpv4, goldOutIpv4, serverOutIpv4, serverInIpv4)).build())
 277             .build();
 278         NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker);
 279         ReadWriteTransaction rwTx = dataBroker.newReadWriteTransaction();
 280         ruleAware.addNeutronSecurityRule(goldInIpv4, neutron, rwTx);
 281         ruleAware.addNeutronSecurityRule(goldOutIpv4, neutron, rwTx);
 282         ruleAware.addNeutronSecurityRule(serverOutIpv4, neutron, rwTx);
 283         ruleAware.addNeutronSecurityRule(serverInIpv4, neutron, rwTx);
 284         TenantId tenantId = new TenantId(tenant);
 285         Optional<Contract> potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 286                 IidFactory.contractIid(tenantId, new ContractId(goldInIpv4.getUuid().getValue()))).get();
 287         assertTrue(potentialContract.isPresent());
 288         Contract contract = potentialContract.get();
 289         PolicyAssert.assertContract(contract, goldInIpv4);
 290         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 291                 IidFactory.contractIid(tenantId, new ContractId(goldOutIpv4.getUuid().getValue()))).get();
 292         assertTrue(potentialContract.isPresent());
 293         contract = potentialContract.get();
 294         PolicyAssert.assertContract(contract, goldOutIpv4);
 295         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 296                 IidFactory.contractIid(tenantId, new ContractId(serverOutIpv4.getUuid().getValue()))).get();
 297         assertTrue(potentialContract.isPresent());
 298         contract = potentialContract.get();
 299         PolicyAssert.assertContract(contract, serverOutIpv4);
 300         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 301                 IidFactory.contractIid(tenantId, new ContractId(serverInIpv4.getUuid().getValue()))).get();
 302         assertTrue(potentialContract.isPresent());
 303         contract = potentialContract.get();
 304         PolicyAssert.assertContract(contract, serverInIpv4);
 305         Optional<EndpointGroup> potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 306                 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(goldSecGrp))).get();
 307         assertTrue(potentialEpg.isPresent());
 308         EndpointGroup epg = potentialEpg.get();
 309         PolicyAssert.assertConsumerNamedSelectors(
 310                 epg,
 311                 ImmutableSet.of(new ContractId(goldInIpv4.getUuid().getValue()),
 312                         new ContractId(goldOutIpv4.getUuid().getValue()),
 313                         new ContractId(serverOutIpv4.getUuid().getValue()),
 314                         new ContractId(serverInIpv4.getUuid().getValue())));
 315         potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 316                 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(serverSecGrp))).get();
 317         assertTrue(potentialEpg.isPresent());
 318         PolicyAssert.assertConsumerNamedSelectors(
 319                 epg,
 320                 ImmutableSet.of(new ContractId(goldInIpv4.getUuid().getValue()),
 321                         new ContractId(goldOutIpv4.getUuid().getValue()),
 322                         new ContractId(serverOutIpv4.getUuid().getValue()),
 323                         new ContractId(serverInIpv4.getUuid().getValue())));
 324     }
 325
 326     @Test
 327     public final void testAddNeutronSecurityRule_asymmetricRulesWithoutRemote() throws Exception {
 328         String tenant = "ad4c6c25-2424-4ad3-97ee-f9691ce03645";
 329         String goldSecGrp = "fe40e28f-ad6a-4a2d-b12a-47510876344a";
 330         SecurityRule goldInIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
 331                 "166aedab-fdf5-4788-9e36-2b00b5f8722f", tenant, EthertypeV4.class, DirectionIngress.class, goldSecGrp,
 332                 null);
 333         SecurityRule goldOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
 334                 "dabfd4da-af89-45dd-85f8-181768c1b4c9", tenant, EthertypeV4.class, DirectionEgress.class, goldSecGrp,
 335                 null);
 336         String serverSecGrp = "71cf4fe5-b146-409e-8151-cd921298ce32";
 337         SecurityRule serverOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
 338                 "8b9c48d3-44a8-46be-be35-6f3237d98071", tenant, EthertypeV4.class, DirectionEgress.class, serverSecGrp,
 339                 null);
 340         SecurityRuleAttributes.Protocol protocolTcp = new SecurityRuleAttributes.Protocol(ProtocolTcp.class);
 341         SecurityRule serverIn80TcpIpv4 = new SecurityRuleBuilder().setUuid(new Uuid("adf7e558-de47-4f9e-a9b8-96e19db5d1ac"))
 342                 .setTenantId(new Uuid(tenant))
 343                 .setEthertype(EthertypeV4.class)
 344                 .setProtocol(protocolTcp)
 345                 .setPortRangeMin(80)
 346                 .setPortRangeMax(80)
 347                 .setDirection(DirectionIngress.class)
 348                 .setSecurityGroupId(new Uuid(serverSecGrp))
 349                 .build();
 350         DataBroker dataBroker = getDataBroker();
 351         List<SecurityGroup> secGroups = new ArrayList<>();
 352         secGroups.add(NeutronEntityFactory.securityGroup(goldSecGrp, tenant));
 353         secGroups.add(NeutronEntityFactory.securityGroup(serverSecGrp, tenant));
 354         Neutron neutron = new NeutronBuilder()
 355             .setSecurityGroups(new SecurityGroupsBuilder().setSecurityGroup(secGroups).build())
 356             .setSecurityRules(new SecurityRulesBuilder()
 357                 .setSecurityRule(ImmutableList.of(goldInIpv4, goldOutIpv4, serverOutIpv4, serverIn80TcpIpv4)).build())
 358             .build();
 359         NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker);
 360         ReadWriteTransaction rwTx = dataBroker.newReadWriteTransaction();
 361         ruleAware.addNeutronSecurityRule(goldInIpv4, neutron, rwTx);
 362         ruleAware.addNeutronSecurityRule(goldOutIpv4, neutron, rwTx);
 363         ruleAware.addNeutronSecurityRule(serverOutIpv4, neutron, rwTx);
 364         ruleAware.addNeutronSecurityRule(serverIn80TcpIpv4, neutron, rwTx);
 365         TenantId tenantId = new TenantId(tenant);
 366         Optional<Contract> potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 367                 IidFactory.contractIid(tenantId, new ContractId(goldInIpv4.getUuid().getValue()))).get();
 368         assertTrue(potentialContract.isPresent());
 369         Contract contract = potentialContract.get();
 370         PolicyAssert.assertContract(contract, goldInIpv4);
 371         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 372                 IidFactory.contractIid(tenantId, new ContractId(goldOutIpv4.getUuid().getValue()))).get();
 373         assertTrue(potentialContract.isPresent());
 374         contract = potentialContract.get();
 375         PolicyAssert.assertContract(contract, goldOutIpv4);
 376         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 377                 IidFactory.contractIid(tenantId, new ContractId(serverOutIpv4.getUuid().getValue()))).get();
 378         assertTrue(potentialContract.isPresent());
 379         contract = potentialContract.get();
 380         PolicyAssert.assertContract(contract, serverOutIpv4);
 381         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 382                 IidFactory.contractIid(tenantId, new ContractId(serverIn80TcpIpv4.getUuid().getValue()))).get();
 383         assertTrue(potentialContract.isPresent());
 384         contract = potentialContract.get();
 385         PolicyAssert.assertContract(contract, serverIn80TcpIpv4);
 386         Optional<EndpointGroup> potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 387                 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(goldSecGrp))).get();
 388         assertTrue(potentialEpg.isPresent());
 389         EndpointGroup epg = potentialEpg.get();
 390         PolicyAssert.assertConsumerNamedSelectors(
 391                 epg,
 392                 ImmutableSet.of(new ContractId(goldInIpv4.getUuid().getValue()),
 393                         new ContractId(goldOutIpv4.getUuid().getValue()),
 394                         new ContractId(serverOutIpv4.getUuid().getValue()),
 395                         new ContractId(serverIn80TcpIpv4.getUuid().getValue())));
 396         potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 397                 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(serverSecGrp))).get();
 398         assertTrue(potentialEpg.isPresent());
 399         epg = potentialEpg.get();
 400         PolicyAssert.assertConsumerNamedSelectors(
 401                 epg,
 402                 ImmutableSet.of(new ContractId(goldInIpv4.getUuid().getValue()),
 403                         new ContractId(serverIn80TcpIpv4.getUuid().getValue())));
 404     }
 405
 406     @Test
 407     public final void testAddNeutronSecurityRule_defaultSecGrp() throws Exception {
 408         String tenant = "111aaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa";
 409         String defaultSecGrp = "111fffff-ffff-ffff-ffff-ffffffffffff";
 410         SecurityRule defaultInIpv4Default = NeutronEntityFactory.securityRuleWithEtherType(
 411                 "111ccccc-111c-cccc-cccc-cccccccccccc", tenant, EthertypeV4.class, DirectionIngress.class, defaultSecGrp,
 412                 defaultSecGrp);
 413         SecurityRule defaultInIpv6Default = NeutronEntityFactory.securityRuleWithEtherType(
 414                 "222ccccc-111c-cccc-cccc-cccccccccccc", tenant, EthertypeV4.class, DirectionIngress.class, defaultSecGrp,
 415                 defaultSecGrp);
 416         SecurityRule defaultOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
 417                 "333ccccc-111c-cccc-cccc-cccccccccccc", tenant, EthertypeV4.class, DirectionEgress.class, defaultSecGrp,
 418                 null);
 419         SecurityRule defaultOutIpv6 = NeutronEntityFactory.securityRuleWithEtherType(
 420                 "444ccccc-111c-cccc-cccc-cccccccccccc", tenant, EthertypeV4.class, DirectionEgress.class, defaultSecGrp,
 421                 null);
 422         DataBroker dataBroker = getDataBroker();
 423         List<SecurityGroup> secGroups = new ArrayList<>();
 424         secGroups.add(NeutronEntityFactory.securityGroup(defaultSecGrp, tenant));
 425         Neutron neutron = new NeutronBuilder()
 426             .setSecurityGroups(new SecurityGroupsBuilder().setSecurityGroup(secGroups).build()).build();
 427         NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker);
 428         ReadWriteTransaction rwTx = dataBroker.newReadWriteTransaction();
 429         ruleAware.addNeutronSecurityRule(defaultInIpv4Default, neutron, rwTx);
 430         ruleAware.addNeutronSecurityRule(defaultInIpv6Default, neutron, rwTx);
 431         ruleAware.addNeutronSecurityRule(defaultOutIpv4, neutron, rwTx);
 432         ruleAware.addNeutronSecurityRule(defaultOutIpv6, neutron, rwTx);
 433         TenantId tenantId = new TenantId(tenant);
 434         Optional<Contract> potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 435                 IidFactory.contractIid(tenantId, new ContractId(defaultInIpv4Default.getUuid().getValue()))).get();
 436         assertTrue(potentialContract.isPresent());
 437         Contract contract = potentialContract.get();
 438         PolicyAssert.assertContract(contract, defaultInIpv4Default);
 439         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 440                 IidFactory.contractIid(tenantId, new ContractId(defaultInIpv6Default.getUuid().getValue()))).get();
 441         assertTrue(potentialContract.isPresent());
 442         contract = potentialContract.get();
 443         PolicyAssert.assertContract(contract, defaultInIpv6Default);
 444         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 445                 IidFactory.contractIid(tenantId, new ContractId(defaultOutIpv4.getUuid().getValue()))).get();
 446         assertTrue(potentialContract.isPresent());
 447         contract = potentialContract.get();
 448         PolicyAssert.assertContract(contract, defaultOutIpv4);
 449         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 450                 IidFactory.contractIid(tenantId, new ContractId(defaultOutIpv6.getUuid().getValue()))).get();
 451         assertTrue(potentialContract.isPresent());
 452         contract = potentialContract.get();
 453         PolicyAssert.assertContract(contract, defaultOutIpv6);
 454     }
 455
 456     @Test
 457     public void testConstructor_invalidArgument() throws Exception {
 458         try {
 459             new NeutronSecurityRuleAware(null);
 460             fail(NullPointerException.class.getName() + " expected");
 461         } catch (NullPointerException ex) {
 462             // do nothing
 463         }
 464     }
 465
 466 }