neutron-mapper/src/test/java/org/opendaylight/groupbasedpolicy/neutron/mapper/mapping/rule/NeutronSecurityRuleAwareDataStoreTest.java

   1 /*
   2  * Copyright (c) 2015 Cisco Systems, Inc. and others.  All rights reserved.
   3  *
   4  * This program and the accompanying materials are made available under the
   5  * terms of the Eclipse Public License v1.0 which accompanies this distribution,
   6  * and is available at http://www.eclipse.org/legal/epl-v10.html
   7  */
   8 package org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.rule;
   9
  10 import static org.junit.Assert.assertTrue;
  11 import static org.junit.Assert.fail;
  12
  13 import java.util.ArrayList;
  14 import java.util.List;
  15
  16 import org.junit.Before;
  17 import org.junit.Test;
  18 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
  19 import org.opendaylight.controller.md.sal.binding.api.ReadWriteTransaction;
  20 import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
  21 import org.opendaylight.groupbasedpolicy.neutron.mapper.EndpointRegistrator;
  22 import org.opendaylight.groupbasedpolicy.neutron.mapper.test.ConfigDataStoreReader;
  23 import org.opendaylight.groupbasedpolicy.neutron.mapper.test.NeutronEntityFactory;
  24 import org.opendaylight.groupbasedpolicy.neutron.mapper.test.NeutronMapperDataBrokerTest;
  25 import org.opendaylight.groupbasedpolicy.neutron.mapper.test.PolicyAssert;
  26 import org.opendaylight.groupbasedpolicy.neutron.mapper.util.MappingUtils;
  27 import org.opendaylight.groupbasedpolicy.util.IidFactory;
  28 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IpPrefix;
  29 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Ipv4Prefix;
  30 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.Uuid;
  31 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ContractId;
  32 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.EndpointGroupId;
  33 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.TenantId;
  34 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.Tenant;
  35 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.Contract;
  36 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.EndpointGroup;
  37 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.constants.rev150712.DirectionEgress;
  38 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.constants.rev150712.DirectionIngress;
  39 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.constants.rev150712.EthertypeV4;
  40 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.constants.rev150712.ProtocolTcp;
  41 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.rev150712.Neutron;
  42 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.rev150712.NeutronBuilder;
  43 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.secgroups.rev150712.SecurityRuleAttributes;
  44 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.secgroups.rev150712.security.groups.attributes.SecurityGroupsBuilder;
  45 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.secgroups.rev150712.security.groups.attributes.security.groups.SecurityGroup;
  46 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.secgroups.rev150712.security.rules.attributes.SecurityRulesBuilder;
  47 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.secgroups.rev150712.security.rules.attributes.security.rules.SecurityRule;
  48 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.secgroups.rev150712.security.rules.attributes.security.rules.SecurityRuleBuilder;
  49
  50 import com.google.common.base.Optional;
  51 import com.google.common.collect.ImmutableList;
  52 import com.google.common.collect.ImmutableSet;
  53
  54 /**
  55  * END 2 END TESTING - inputs are Neutron entities and expected outputs are GBP entities in
  56  * datastore
  57  */
  58
  59 public class NeutronSecurityRuleAwareDataStoreTest extends NeutronMapperDataBrokerTest {
  60
  61     private EndpointRegistrator epRegistrator;
  62
  63     @Before
  64     public void init() {
  65         epRegistrator = getEpRegistrator();
  66     }
  67
  68     @Test
  69     public final void testAddNeutronSecurityRule_rulesWithRemoteIpPrefix() throws Exception {
  70         String tenant = "ad4c6c25-2424-4ad3-97ee-f9691ce03645";
  71         String goldSecGrp = "fe40e28f-ad6a-4a2d-b12a-47510876344a";
  72         SecurityRule goldInIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
  73                 "166aedab-fdf5-4788-9e36-2b00b5f8722f", tenant, EthertypeV4.class, DirectionIngress.class, goldSecGrp,
  74                 null);
  75         SecurityRule goldOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
  76                 "dabfd4da-af89-45dd-85f8-181768c1b4c9", tenant, EthertypeV4.class, DirectionEgress.class, goldSecGrp,
  77                 null);
  78         String serverSecGrp = "71cf4fe5-b146-409e-8151-cd921298ce32";
  79         SecurityRuleAttributes.Protocol protocolTcp = new SecurityRuleAttributes.Protocol(ProtocolTcp.class);
  80         SecurityRule serverIn80Tcp10_1_1_0 = new SecurityRuleBuilder().setUuid(new Uuid("9dbb533d-d9b2-4dc9-bae7-ee60c8df184d"))
  81                 .setTenantId(new Uuid(tenant))
  82                 .setEthertype(EthertypeV4.class)
  83                 .setProtocol(protocolTcp)
  84                 .setPortRangeMin(80)
  85                 .setPortRangeMax(80)
  86                 .setDirection(DirectionIngress.class)
  87                 .setSecurityGroupId(new Uuid(serverSecGrp))
  88                 .setRemoteIpPrefix(new IpPrefix(new Ipv4Prefix("10.1.1.0/24")))
  89                 .build();
  90         SecurityRule serverInIp20_1_1_0 = new SecurityRuleBuilder().setUuid(new Uuid("adf7e558-de47-4f9e-a9b8-96e19db5d1ac"))
  91                 .setTenantId(new Uuid(tenant))
  92                 .setEthertype(EthertypeV4.class)
  93                 .setDirection(DirectionIngress.class)
  94                 .setSecurityGroupId(new Uuid(serverSecGrp))
  95                 .setRemoteIpPrefix(new IpPrefix(new Ipv4Prefix("20.1.1.0/24")))
  96                 .build();
  97         SecurityRule serverOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
  98                 "8b9c48d3-44a8-46be-be35-6f3237d98071", tenant, EthertypeV4.class, DirectionEgress.class, serverSecGrp,
  99                 null);
 100         DataBroker dataBroker = getDataBroker();
 101         List<SecurityGroup> secGroups = new ArrayList<>();
 102         secGroups.add(NeutronEntityFactory.securityGroup(goldSecGrp, tenant));
 103         secGroups.add(NeutronEntityFactory.securityGroup(serverSecGrp, tenant));
 104         Neutron neutron = new NeutronBuilder()
 105             .setSecurityGroups(new SecurityGroupsBuilder().setSecurityGroup(secGroups).build())
 106             .setSecurityRules(new SecurityRulesBuilder().setSecurityRule(
 107                     ImmutableList.of(goldInIpv4, goldOutIpv4, serverIn80Tcp10_1_1_0, serverInIp20_1_1_0, serverOutIpv4))
 108                 .build())
 109             .build();
 110         NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker, epRegistrator);
 111         ReadWriteTransaction rwTx = dataBroker.newReadWriteTransaction();
 112         ruleAware.addNeutronSecurityRule(goldInIpv4, neutron, rwTx);
 113         ruleAware.addNeutronSecurityRule(goldOutIpv4, neutron, rwTx);
 114         ruleAware.addNeutronSecurityRule(serverIn80Tcp10_1_1_0, neutron, rwTx);
 115         ruleAware.addNeutronSecurityRule(serverInIp20_1_1_0, neutron, rwTx);
 116         ruleAware.addNeutronSecurityRule(serverOutIpv4, neutron, rwTx);
 117         TenantId tenantId = new TenantId(tenant);
 118         Optional<Tenant> potentialTenant = rwTx.read(LogicalDatastoreType.CONFIGURATION, IidFactory.tenantIid(tenantId))
 119             .get();
 120         assertTrue(potentialTenant.isPresent());
 121         Optional<Contract> potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 122                 IidFactory.contractIid(tenantId, new ContractId(goldInIpv4.getUuid().getValue()))).get();
 123         assertTrue(potentialContract.isPresent());
 124         Contract contract = potentialContract.get();
 125         PolicyAssert.assertContract(contract, goldInIpv4);
 126         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 127                 IidFactory.contractIid(tenantId, new ContractId(goldOutIpv4.getUuid().getValue()))).get();
 128         assertTrue(potentialContract.isPresent());
 129         contract = potentialContract.get();
 130         PolicyAssert.assertContract(contract, goldOutIpv4);
 131         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 132                 IidFactory.contractIid(tenantId, new ContractId(serverOutIpv4.getUuid().getValue()))).get();
 133         assertTrue(potentialContract.isPresent());
 134         contract = potentialContract.get();
 135         PolicyAssert.assertContract(contract, serverOutIpv4);
 136         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 137                 IidFactory.contractIid(tenantId, new ContractId(serverIn80Tcp10_1_1_0.getUuid().getValue()))).get();
 138         assertTrue(potentialContract.isPresent());
 139         contract = potentialContract.get();
 140         PolicyAssert.assertContractWithEic(contract, serverIn80Tcp10_1_1_0);
 141         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 142                 IidFactory.contractIid(tenantId, new ContractId(serverInIp20_1_1_0.getUuid().getValue()))).get();
 143         assertTrue(potentialContract.isPresent());
 144         contract = potentialContract.get();
 145         PolicyAssert.assertContractWithEic(contract, serverInIp20_1_1_0);
 146         Optional<EndpointGroup> potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 147                 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(goldSecGrp))).get();
 148         assertTrue(potentialEpg.isPresent());
 149         EndpointGroup epg = potentialEpg.get();
 150         PolicyAssert.assertConsumerNamedSelectors(
 151                 epg,
 152                 ImmutableSet.of(new ContractId(goldInIpv4.getUuid().getValue()),
 153                         new ContractId(goldOutIpv4.getUuid().getValue()),
 154                         new ContractId(serverIn80Tcp10_1_1_0.getUuid().getValue()),
 155                         new ContractId(serverInIp20_1_1_0.getUuid().getValue()),
 156                         new ContractId(serverOutIpv4.getUuid().getValue())));
 157         potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 158                 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(serverSecGrp))).get();
 159         assertTrue(potentialEpg.isPresent());
 160         epg = potentialEpg.get();
 161         PolicyAssert.assertConsumerNamedSelectors(epg, ImmutableSet.of(
 162                 new ContractId(serverIn80Tcp10_1_1_0.getUuid().getValue()),
 163                 new ContractId(serverInIp20_1_1_0.getUuid().getValue()),
 164                 new ContractId(goldInIpv4.getUuid().getValue())));
 165     }
 166
 167     @Test
 168     public final void testAddAndDeleteNeutronSecurityRule() throws Exception {
 169         DataBroker dataBroker = getDataBroker();
 170         NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker, epRegistrator);
 171
 172         final String tenantId = "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa";
 173         final String secGroupId1 = "bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb";
 174         final String secGroupId2 = "cccccccc-cccc-cccc-cccc-cccccccccccc";
 175         final String secRuleId1 = "dddddddd-dddd-dddd-dddd-dddddddddddd";
 176         final String secRuleId2 = "eeeeeeee-eeee-eeee-eeee-eeeeeeeeeeee";
 177
 178         List<SecurityGroup> secGroups = new ArrayList<>();
 179         secGroups.add(NeutronEntityFactory.securityGroup(secGroupId1, tenantId));
 180         secGroups.add(NeutronEntityFactory.securityGroup(secGroupId2, tenantId));
 181         SecurityRule secRule1 = NeutronEntityFactory.securityRuleWithEtherType(secRuleId1, tenantId,
 182                 EthertypeV4.class, DirectionEgress.class, secGroupId1, secGroupId2);
 183         SecurityRule secRule2 = NeutronEntityFactory.securityRuleWithEtherType(secRuleId2, tenantId,
 184                 EthertypeV4.class, DirectionIngress.class, secGroupId2, secGroupId1);
 185         NeutronBuilder neutronBuilder = new NeutronBuilder()
 186             .setSecurityGroups(new SecurityGroupsBuilder().setSecurityGroup(secGroups).build())
 187             .setSecurityRules(new SecurityRulesBuilder()
 188                     .setSecurityRule(ImmutableList.of(secRule1)).build());
 189
 190         ruleAware.onCreated(secRule1, neutronBuilder.build());
 191
 192         PolicyAssert.assertTenantExists(dataBroker, tenantId);
 193         PolicyAssert.assertContractExists(dataBroker, tenantId, secRuleId1);
 194         Optional<Contract> contract = ConfigDataStoreReader.readContract(dataBroker, tenantId, secRuleId1);
 195         PolicyAssert.assertContract(contract.get(), secRule1);
 196         PolicyAssert.assertContractCount(dataBroker, tenantId, 1);
 197         PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId1);
 198         Optional<EndpointGroup> epGroup1 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId1);
 199         PolicyAssert.assertProviderNamedSelectors(epGroup1.get(), ImmutableSet.of(new ContractId(secRuleId1)));
 200         PolicyAssert.assertNoConsumerNamedSelectors(dataBroker, tenantId, secGroupId1);
 201
 202         PolicyAssert.assertClassifierInstanceExists(dataBroker, secRule1);
 203         PolicyAssert.assertActionInstanceExists(dataBroker, tenantId, MappingUtils.ACTION_ALLOW.getName());
 204
 205         neutronBuilder.setSecurityRules(new SecurityRulesBuilder()
 206                 .setSecurityRule(ImmutableList.of(secRule1, secRule2)).build());
 207
 208         ruleAware.onCreated(secRule2, neutronBuilder.build());
 209
 210         PolicyAssert.assertTenantExists(dataBroker, tenantId);
 211         PolicyAssert.assertContractExists(dataBroker, tenantId, secRuleId1);
 212         contract = ConfigDataStoreReader.readContract(dataBroker, tenantId, secRuleId1);
 213         PolicyAssert.assertContract(contract.get(), secRule1);
 214         PolicyAssert.assertContractCount(dataBroker, tenantId, 2);
 215         PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId1);
 216         epGroup1 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId1);
 217         PolicyAssert.assertProviderNamedSelectors(epGroup1.get(), ImmutableSet.of(new ContractId(secRuleId1)));
 218         PolicyAssert.assertConsumerNamedSelectors(epGroup1.get(), ImmutableSet.of(new ContractId(secRuleId2)));
 219
 220         PolicyAssert.assertContractExists(dataBroker, tenantId, secRuleId2);
 221         contract = ConfigDataStoreReader.readContract(dataBroker, tenantId, secRuleId2);
 222         PolicyAssert.assertContract(contract.get(), secRule2);
 223         PolicyAssert.assertContractCount(dataBroker, tenantId, 2);
 224         PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId2);
 225         Optional<EndpointGroup> epGroup2 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId2);
 226         PolicyAssert.assertProviderNamedSelectors(epGroup2.get(), ImmutableSet.of(new ContractId(secRuleId2)));
 227         PolicyAssert.assertConsumerNamedSelectors(epGroup2.get(), ImmutableSet.of(new ContractId(secRuleId1)));
 228
 229         ruleAware.onDeleted(secRule2, neutronBuilder.build(), null);
 230
 231         PolicyAssert.assertTenantExists(dataBroker, tenantId);
 232         PolicyAssert.assertContractExists(dataBroker, tenantId, secRuleId1);
 233         contract = ConfigDataStoreReader.readContract(dataBroker, tenantId, secRuleId1);
 234         PolicyAssert.assertContract(contract.get(), secRule1);
 235         PolicyAssert.assertContractCount(dataBroker, tenantId, 1);
 236         PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId1);
 237         epGroup1 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId1);
 238         PolicyAssert.assertProviderNamedSelectors(epGroup1.get(), ImmutableSet.of(new ContractId(secRuleId1)));
 239         PolicyAssert.assertNoConsumerNamedSelectors(dataBroker, tenantId, secGroupId1);
 240
 241         PolicyAssert.assertContractNotExists(dataBroker, tenantId, secRuleId2);
 242         PolicyAssert.assertContractCount(dataBroker, tenantId, 1);
 243         PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId2);
 244         epGroup2 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId2);
 245         PolicyAssert.assertNoProviderNamedSelectors(dataBroker, tenantId, secGroupId2);
 246         PolicyAssert.assertNoConsumerNamedSelectors(dataBroker, tenantId, secGroupId2);
 247
 248         PolicyAssert.assertClassifierInstanceExists(dataBroker, secRule1);
 249         PolicyAssert.assertActionInstanceExists(dataBroker, tenantId, MappingUtils.ACTION_ALLOW.getName());
 250
 251         neutronBuilder.setSecurityRules(new SecurityRulesBuilder()
 252                 .setSecurityRule(ImmutableList.of(secRule1)).build());
 253
 254         ruleAware.onDeleted(secRule1, neutronBuilder.build(), null);
 255
 256         PolicyAssert.assertContractCount(dataBroker, tenantId, 0);
 257         PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId1);
 258         PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId2);
 259         PolicyAssert.assertNoProviderNamedSelectors(dataBroker, tenantId, secGroupId1);
 260         PolicyAssert.assertNoConsumerNamedSelectors(dataBroker, tenantId, secGroupId2);
 261
 262         PolicyAssert.assertClassifierInstanceNotExists(dataBroker, secRule1);
 263         // TODO: Uncomment this when the life cycle of the Allow ActionInstance will be clarified.
 264         // PolicyAssert.assertActionInstanceNotExists(dataBroker, tenantId,
 265         // MappingUtils.ACTION_ALLOW.getName());
 266     }
 267
 268     @Test
 269     public final void testAddNeutronSecurityRule_rulesWithoutRemote() throws Exception {
 270         String tenant = "ad4c6c25-2424-4ad3-97ee-f9691ce03645";
 271         String goldSecGrp = "fe40e28f-ad6a-4a2d-b12a-47510876344a";
 272         SecurityRule goldInIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
 273                 "166aedab-fdf5-4788-9e36-2b00b5f8722f", tenant, EthertypeV4.class, DirectionIngress.class, goldSecGrp,
 274                 null);
 275         SecurityRule goldOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
 276                 "dabfd4da-af89-45dd-85f8-181768c1b4c9", tenant, EthertypeV4.class, DirectionEgress.class, goldSecGrp,
 277                 null);
 278         String serverSecGrp = "71cf4fe5-b146-409e-8151-cd921298ce32";
 279         SecurityRule serverOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
 280                 "8b9c48d3-44a8-46be-be35-6f3237d98071", tenant, EthertypeV4.class, DirectionEgress.class, serverSecGrp,
 281                 null);
 282         SecurityRule serverInIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
 283                 "adf7e558-de47-4f9e-a9b8-96e19db5d1ac", tenant, EthertypeV4.class, DirectionIngress.class, serverSecGrp,
 284                 null);
 285         DataBroker dataBroker = getDataBroker();
 286         List<SecurityGroup> secGroups = new ArrayList<>();
 287         secGroups.add(NeutronEntityFactory.securityGroup(goldSecGrp, tenant));
 288         secGroups.add(NeutronEntityFactory.securityGroup(serverSecGrp, tenant));
 289         Neutron neutron = new NeutronBuilder()
 290             .setSecurityGroups(new SecurityGroupsBuilder().setSecurityGroup(secGroups).build())
 291             .setSecurityRules(new SecurityRulesBuilder()
 292                     .setSecurityRule(ImmutableList.of(goldInIpv4, goldOutIpv4, serverOutIpv4, serverInIpv4)).build())
 293             .build();
 294         NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker, epRegistrator);
 295         ReadWriteTransaction rwTx = dataBroker.newReadWriteTransaction();
 296         ruleAware.addNeutronSecurityRule(goldInIpv4, neutron, rwTx);
 297         ruleAware.addNeutronSecurityRule(goldOutIpv4, neutron, rwTx);
 298         ruleAware.addNeutronSecurityRule(serverOutIpv4, neutron, rwTx);
 299         ruleAware.addNeutronSecurityRule(serverInIpv4, neutron, rwTx);
 300         TenantId tenantId = new TenantId(tenant);
 301         Optional<Contract> potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 302                 IidFactory.contractIid(tenantId, new ContractId(goldInIpv4.getUuid().getValue()))).get();
 303         assertTrue(potentialContract.isPresent());
 304         Contract contract = potentialContract.get();
 305         PolicyAssert.assertContract(contract, goldInIpv4);
 306         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 307                 IidFactory.contractIid(tenantId, new ContractId(goldOutIpv4.getUuid().getValue()))).get();
 308         assertTrue(potentialContract.isPresent());
 309         contract = potentialContract.get();
 310         PolicyAssert.assertContract(contract, goldOutIpv4);
 311         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 312                 IidFactory.contractIid(tenantId, new ContractId(serverOutIpv4.getUuid().getValue()))).get();
 313         assertTrue(potentialContract.isPresent());
 314         contract = potentialContract.get();
 315         PolicyAssert.assertContract(contract, serverOutIpv4);
 316         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 317                 IidFactory.contractIid(tenantId, new ContractId(serverInIpv4.getUuid().getValue()))).get();
 318         assertTrue(potentialContract.isPresent());
 319         contract = potentialContract.get();
 320         PolicyAssert.assertContract(contract, serverInIpv4);
 321         Optional<EndpointGroup> potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 322                 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(goldSecGrp))).get();
 323         assertTrue(potentialEpg.isPresent());
 324         EndpointGroup epg = potentialEpg.get();
 325         PolicyAssert.assertConsumerNamedSelectors(
 326                 epg,
 327                 ImmutableSet.of(new ContractId(goldInIpv4.getUuid().getValue()),
 328                         new ContractId(goldOutIpv4.getUuid().getValue()),
 329                         new ContractId(serverOutIpv4.getUuid().getValue()),
 330                         new ContractId(serverInIpv4.getUuid().getValue())));
 331         potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 332                 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(serverSecGrp))).get();
 333         assertTrue(potentialEpg.isPresent());
 334         PolicyAssert.assertConsumerNamedSelectors(
 335                 epg,
 336                 ImmutableSet.of(new ContractId(goldInIpv4.getUuid().getValue()),
 337                         new ContractId(goldOutIpv4.getUuid().getValue()),
 338                         new ContractId(serverOutIpv4.getUuid().getValue()),
 339                         new ContractId(serverInIpv4.getUuid().getValue())));
 340     }
 341
 342     @Test
 343     public final void testAddNeutronSecurityRule_asymmetricRulesWithoutRemote() throws Exception {
 344         String tenant = "ad4c6c25-2424-4ad3-97ee-f9691ce03645";
 345         String goldSecGrp = "fe40e28f-ad6a-4a2d-b12a-47510876344a";
 346         SecurityRule goldInIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
 347                 "166aedab-fdf5-4788-9e36-2b00b5f8722f", tenant, EthertypeV4.class, DirectionIngress.class, goldSecGrp,
 348                 null);
 349         SecurityRule goldOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
 350                 "dabfd4da-af89-45dd-85f8-181768c1b4c9", tenant, EthertypeV4.class, DirectionEgress.class, goldSecGrp,
 351                 null);
 352         String serverSecGrp = "71cf4fe5-b146-409e-8151-cd921298ce32";
 353         SecurityRule serverOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
 354                 "8b9c48d3-44a8-46be-be35-6f3237d98071", tenant, EthertypeV4.class, DirectionEgress.class, serverSecGrp,
 355                 null);
 356         SecurityRuleAttributes.Protocol protocolTcp = new SecurityRuleAttributes.Protocol(ProtocolTcp.class);
 357         SecurityRule serverIn80TcpIpv4 = new SecurityRuleBuilder().setUuid(new Uuid("adf7e558-de47-4f9e-a9b8-96e19db5d1ac"))
 358                 .setTenantId(new Uuid(tenant))
 359                 .setEthertype(EthertypeV4.class)
 360                 .setProtocol(protocolTcp)
 361                 .setPortRangeMin(80)
 362                 .setPortRangeMax(80)
 363                 .setDirection(DirectionIngress.class)
 364                 .setSecurityGroupId(new Uuid(serverSecGrp))
 365                 .build();
 366         DataBroker dataBroker = getDataBroker();
 367         List<SecurityGroup> secGroups = new ArrayList<>();
 368         secGroups.add(NeutronEntityFactory.securityGroup(goldSecGrp, tenant));
 369         secGroups.add(NeutronEntityFactory.securityGroup(serverSecGrp, tenant));
 370         Neutron neutron = new NeutronBuilder()
 371             .setSecurityGroups(new SecurityGroupsBuilder().setSecurityGroup(secGroups).build())
 372             .setSecurityRules(new SecurityRulesBuilder()
 373                 .setSecurityRule(ImmutableList.of(goldInIpv4, goldOutIpv4, serverOutIpv4, serverIn80TcpIpv4)).build())
 374             .build();
 375         NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker, epRegistrator);
 376         ReadWriteTransaction rwTx = dataBroker.newReadWriteTransaction();
 377         ruleAware.addNeutronSecurityRule(goldInIpv4, neutron, rwTx);
 378         ruleAware.addNeutronSecurityRule(goldOutIpv4, neutron, rwTx);
 379         ruleAware.addNeutronSecurityRule(serverOutIpv4, neutron, rwTx);
 380         ruleAware.addNeutronSecurityRule(serverIn80TcpIpv4, neutron, rwTx);
 381         TenantId tenantId = new TenantId(tenant);
 382         Optional<Contract> potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 383                 IidFactory.contractIid(tenantId, new ContractId(goldInIpv4.getUuid().getValue()))).get();
 384         assertTrue(potentialContract.isPresent());
 385         Contract contract = potentialContract.get();
 386         PolicyAssert.assertContract(contract, goldInIpv4);
 387         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 388                 IidFactory.contractIid(tenantId, new ContractId(goldOutIpv4.getUuid().getValue()))).get();
 389         assertTrue(potentialContract.isPresent());
 390         contract = potentialContract.get();
 391         PolicyAssert.assertContract(contract, goldOutIpv4);
 392         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 393                 IidFactory.contractIid(tenantId, new ContractId(serverOutIpv4.getUuid().getValue()))).get();
 394         assertTrue(potentialContract.isPresent());
 395         contract = potentialContract.get();
 396         PolicyAssert.assertContract(contract, serverOutIpv4);
 397         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 398                 IidFactory.contractIid(tenantId, new ContractId(serverIn80TcpIpv4.getUuid().getValue()))).get();
 399         assertTrue(potentialContract.isPresent());
 400         contract = potentialContract.get();
 401         PolicyAssert.assertContract(contract, serverIn80TcpIpv4);
 402         Optional<EndpointGroup> potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 403                 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(goldSecGrp))).get();
 404         assertTrue(potentialEpg.isPresent());
 405         EndpointGroup epg = potentialEpg.get();
 406         PolicyAssert.assertConsumerNamedSelectors(
 407                 epg,
 408                 ImmutableSet.of(new ContractId(goldInIpv4.getUuid().getValue()),
 409                         new ContractId(goldOutIpv4.getUuid().getValue()),
 410                         new ContractId(serverOutIpv4.getUuid().getValue()),
 411                         new ContractId(serverIn80TcpIpv4.getUuid().getValue())));
 412         potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 413                 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(serverSecGrp))).get();
 414         assertTrue(potentialEpg.isPresent());
 415         epg = potentialEpg.get();
 416         PolicyAssert.assertConsumerNamedSelectors(
 417                 epg,
 418                 ImmutableSet.of(new ContractId(goldInIpv4.getUuid().getValue()),
 419                         new ContractId(serverIn80TcpIpv4.getUuid().getValue())));
 420     }
 421
 422     @Test
 423     public final void testAddNeutronSecurityRule_defaultSecGrp() throws Exception {
 424         String tenant = "111aaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa";
 425         String defaultSecGrp = "111fffff-ffff-ffff-ffff-ffffffffffff";
 426         SecurityRule defaultInIpv4Default = NeutronEntityFactory.securityRuleWithEtherType(
 427                 "111ccccc-111c-cccc-cccc-cccccccccccc", tenant, EthertypeV4.class, DirectionIngress.class, defaultSecGrp,
 428                 defaultSecGrp);
 429         SecurityRule defaultInIpv6Default = NeutronEntityFactory.securityRuleWithEtherType(
 430                 "222ccccc-111c-cccc-cccc-cccccccccccc", tenant, EthertypeV4.class, DirectionIngress.class, defaultSecGrp,
 431                 defaultSecGrp);
 432         SecurityRule defaultOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
 433                 "333ccccc-111c-cccc-cccc-cccccccccccc", tenant, EthertypeV4.class, DirectionEgress.class, defaultSecGrp,
 434                 null);
 435         SecurityRule defaultOutIpv6 = NeutronEntityFactory.securityRuleWithEtherType(
 436                 "444ccccc-111c-cccc-cccc-cccccccccccc", tenant, EthertypeV4.class, DirectionEgress.class, defaultSecGrp,
 437                 null);
 438         DataBroker dataBroker = getDataBroker();
 439         List<SecurityGroup> secGroups = new ArrayList<>();
 440         secGroups.add(NeutronEntityFactory.securityGroup(defaultSecGrp, tenant));
 441         Neutron neutron = new NeutronBuilder()
 442             .setSecurityGroups(new SecurityGroupsBuilder().setSecurityGroup(secGroups).build()).build();
 443         NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker, epRegistrator);
 444         ReadWriteTransaction rwTx = dataBroker.newReadWriteTransaction();
 445         ruleAware.addNeutronSecurityRule(defaultInIpv4Default, neutron, rwTx);
 446         ruleAware.addNeutronSecurityRule(defaultInIpv6Default, neutron, rwTx);
 447         ruleAware.addNeutronSecurityRule(defaultOutIpv4, neutron, rwTx);
 448         ruleAware.addNeutronSecurityRule(defaultOutIpv6, neutron, rwTx);
 449         TenantId tenantId = new TenantId(tenant);
 450         Optional<Contract> potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 451                 IidFactory.contractIid(tenantId, new ContractId(defaultInIpv4Default.getUuid().getValue()))).get();
 452         assertTrue(potentialContract.isPresent());
 453         Contract contract = potentialContract.get();
 454         PolicyAssert.assertContract(contract, defaultInIpv4Default);
 455         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 456                 IidFactory.contractIid(tenantId, new ContractId(defaultInIpv6Default.getUuid().getValue()))).get();
 457         assertTrue(potentialContract.isPresent());
 458         contract = potentialContract.get();
 459         PolicyAssert.assertContract(contract, defaultInIpv6Default);
 460         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 461                 IidFactory.contractIid(tenantId, new ContractId(defaultOutIpv4.getUuid().getValue()))).get();
 462         assertTrue(potentialContract.isPresent());
 463         contract = potentialContract.get();
 464         PolicyAssert.assertContract(contract, defaultOutIpv4);
 465         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 466                 IidFactory.contractIid(tenantId, new ContractId(defaultOutIpv6.getUuid().getValue()))).get();
 467         assertTrue(potentialContract.isPresent());
 468         contract = potentialContract.get();
 469         PolicyAssert.assertContract(contract, defaultOutIpv6);
 470     }
 471
 472     @Test
 473     public void testConstructor_invalidArgument() throws Exception {
 474         try {
 475             new NeutronSecurityRuleAware(null, null);
 476             fail(NullPointerException.class.getName() + " expected");
 477         } catch (NullPointerException ex) {
 478             // do nothing
 479         }
 480     }
 481
 482 }