2 * Copyright (c) 2015 Cisco Systems, Inc. and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
8 package org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.rule;
10 import static org.junit.Assert.assertTrue;
11 import static org.junit.Assert.fail;
13 import java.util.ArrayList;
14 import java.util.List;
16 import org.junit.Before;
17 import org.junit.Test;
18 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
19 import org.opendaylight.controller.md.sal.binding.api.ReadWriteTransaction;
20 import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
21 import org.opendaylight.groupbasedpolicy.neutron.mapper.EndpointRegistrator;
22 import org.opendaylight.groupbasedpolicy.neutron.mapper.test.ConfigDataStoreReader;
23 import org.opendaylight.groupbasedpolicy.neutron.mapper.test.NeutronEntityFactory;
24 import org.opendaylight.groupbasedpolicy.neutron.mapper.test.NeutronMapperDataBrokerTest;
25 import org.opendaylight.groupbasedpolicy.neutron.mapper.test.PolicyAssert;
26 import org.opendaylight.groupbasedpolicy.neutron.mapper.util.MappingUtils;
27 import org.opendaylight.groupbasedpolicy.util.IidFactory;
28 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IpPrefix;
29 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Ipv4Prefix;
30 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.Uuid;
31 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ContractId;
32 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.EndpointGroupId;
33 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.TenantId;
34 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.Tenant;
35 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.Contract;
36 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.EndpointGroup;
37 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.constants.rev150712.DirectionEgress;
38 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.constants.rev150712.DirectionIngress;
39 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.constants.rev150712.EthertypeV4;
40 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.constants.rev150712.ProtocolTcp;
41 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.rev150712.Neutron;
42 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.rev150712.NeutronBuilder;
43 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.secgroups.rev150712.SecurityRuleAttributes;
44 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.secgroups.rev150712.security.groups.attributes.SecurityGroupsBuilder;
45 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.secgroups.rev150712.security.groups.attributes.security.groups.SecurityGroup;
46 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.secgroups.rev150712.security.rules.attributes.SecurityRulesBuilder;
47 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.secgroups.rev150712.security.rules.attributes.security.rules.SecurityRule;
48 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.secgroups.rev150712.security.rules.attributes.security.rules.SecurityRuleBuilder;
50 import com.google.common.base.Optional;
51 import com.google.common.collect.ImmutableList;
52 import com.google.common.collect.ImmutableSet;
55 * END 2 END TESTING - inputs are Neutron entities and expected outputs are GBP entities in
59 public class NeutronSecurityRuleAwareDataStoreTest extends NeutronMapperDataBrokerTest {
61 private EndpointRegistrator epRegistrator;
65 epRegistrator = getEpRegistrator();
69 public final void testAddNeutronSecurityRule_rulesWithRemoteIpPrefix() throws Exception {
70 String tenant = "ad4c6c25-2424-4ad3-97ee-f9691ce03645";
71 String goldSecGrp = "fe40e28f-ad6a-4a2d-b12a-47510876344a";
72 SecurityRule goldInIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
73 "166aedab-fdf5-4788-9e36-2b00b5f8722f", tenant, EthertypeV4.class, DirectionIngress.class, goldSecGrp,
75 SecurityRule goldOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
76 "dabfd4da-af89-45dd-85f8-181768c1b4c9", tenant, EthertypeV4.class, DirectionEgress.class, goldSecGrp,
78 String serverSecGrp = "71cf4fe5-b146-409e-8151-cd921298ce32";
79 SecurityRuleAttributes.Protocol protocolTcp = new SecurityRuleAttributes.Protocol(ProtocolTcp.class);
80 SecurityRule serverIn80Tcp10_1_1_0 = new SecurityRuleBuilder().setUuid(new Uuid("9dbb533d-d9b2-4dc9-bae7-ee60c8df184d"))
81 .setTenantId(new Uuid(tenant))
82 .setEthertype(EthertypeV4.class)
83 .setProtocol(protocolTcp)
86 .setDirection(DirectionIngress.class)
87 .setSecurityGroupId(new Uuid(serverSecGrp))
88 .setRemoteIpPrefix(new IpPrefix(new Ipv4Prefix("10.1.1.0/24")))
90 SecurityRule serverInIp20_1_1_0 = new SecurityRuleBuilder().setUuid(new Uuid("adf7e558-de47-4f9e-a9b8-96e19db5d1ac"))
91 .setTenantId(new Uuid(tenant))
92 .setEthertype(EthertypeV4.class)
93 .setDirection(DirectionIngress.class)
94 .setSecurityGroupId(new Uuid(serverSecGrp))
95 .setRemoteIpPrefix(new IpPrefix(new Ipv4Prefix("20.1.1.0/24")))
97 SecurityRule serverOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
98 "8b9c48d3-44a8-46be-be35-6f3237d98071", tenant, EthertypeV4.class, DirectionEgress.class, serverSecGrp,
100 DataBroker dataBroker = getDataBroker();
101 List<SecurityGroup> secGroups = new ArrayList<>();
102 secGroups.add(NeutronEntityFactory.securityGroup(goldSecGrp, tenant));
103 secGroups.add(NeutronEntityFactory.securityGroup(serverSecGrp, tenant));
104 Neutron neutron = new NeutronBuilder()
105 .setSecurityGroups(new SecurityGroupsBuilder().setSecurityGroup(secGroups).build())
106 .setSecurityRules(new SecurityRulesBuilder().setSecurityRule(
107 ImmutableList.of(goldInIpv4, goldOutIpv4, serverIn80Tcp10_1_1_0, serverInIp20_1_1_0, serverOutIpv4))
110 NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker, epRegistrator);
111 ReadWriteTransaction rwTx = dataBroker.newReadWriteTransaction();
112 ruleAware.addNeutronSecurityRule(goldInIpv4, neutron, rwTx);
113 ruleAware.addNeutronSecurityRule(goldOutIpv4, neutron, rwTx);
114 ruleAware.addNeutronSecurityRule(serverIn80Tcp10_1_1_0, neutron, rwTx);
115 ruleAware.addNeutronSecurityRule(serverInIp20_1_1_0, neutron, rwTx);
116 ruleAware.addNeutronSecurityRule(serverOutIpv4, neutron, rwTx);
117 TenantId tenantId = new TenantId(tenant);
118 Optional<Tenant> potentialTenant = rwTx.read(LogicalDatastoreType.CONFIGURATION, IidFactory.tenantIid(tenantId))
120 assertTrue(potentialTenant.isPresent());
121 Optional<Contract> potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
122 IidFactory.contractIid(tenantId, new ContractId(goldInIpv4.getUuid().getValue()))).get();
123 assertTrue(potentialContract.isPresent());
124 Contract contract = potentialContract.get();
125 PolicyAssert.assertContract(contract, goldInIpv4);
126 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
127 IidFactory.contractIid(tenantId, new ContractId(goldOutIpv4.getUuid().getValue()))).get();
128 assertTrue(potentialContract.isPresent());
129 contract = potentialContract.get();
130 PolicyAssert.assertContract(contract, goldOutIpv4);
131 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
132 IidFactory.contractIid(tenantId, new ContractId(serverOutIpv4.getUuid().getValue()))).get();
133 assertTrue(potentialContract.isPresent());
134 contract = potentialContract.get();
135 PolicyAssert.assertContract(contract, serverOutIpv4);
136 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
137 IidFactory.contractIid(tenantId, new ContractId(serverIn80Tcp10_1_1_0.getUuid().getValue()))).get();
138 assertTrue(potentialContract.isPresent());
139 contract = potentialContract.get();
140 PolicyAssert.assertContractWithEic(contract, serverIn80Tcp10_1_1_0);
141 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
142 IidFactory.contractIid(tenantId, new ContractId(serverInIp20_1_1_0.getUuid().getValue()))).get();
143 assertTrue(potentialContract.isPresent());
144 contract = potentialContract.get();
145 PolicyAssert.assertContractWithEic(contract, serverInIp20_1_1_0);
146 Optional<EndpointGroup> potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
147 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(goldSecGrp))).get();
148 assertTrue(potentialEpg.isPresent());
149 EndpointGroup epg = potentialEpg.get();
150 PolicyAssert.assertConsumerNamedSelectors(
152 ImmutableSet.of(new ContractId(goldInIpv4.getUuid().getValue()),
153 new ContractId(goldOutIpv4.getUuid().getValue()),
154 new ContractId(serverIn80Tcp10_1_1_0.getUuid().getValue()),
155 new ContractId(serverInIp20_1_1_0.getUuid().getValue()),
156 new ContractId(serverOutIpv4.getUuid().getValue())));
157 potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
158 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(serverSecGrp))).get();
159 assertTrue(potentialEpg.isPresent());
160 epg = potentialEpg.get();
161 PolicyAssert.assertConsumerNamedSelectors(epg, ImmutableSet.of(
162 new ContractId(serverIn80Tcp10_1_1_0.getUuid().getValue()),
163 new ContractId(serverInIp20_1_1_0.getUuid().getValue()),
164 new ContractId(goldInIpv4.getUuid().getValue())));
168 public final void testAddAndDeleteNeutronSecurityRule() throws Exception {
169 DataBroker dataBroker = getDataBroker();
170 NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker, epRegistrator);
172 final String tenantId = "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa";
173 final String secGroupId1 = "bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb";
174 final String secGroupId2 = "cccccccc-cccc-cccc-cccc-cccccccccccc";
175 final String secRuleId1 = "dddddddd-dddd-dddd-dddd-dddddddddddd";
176 final String secRuleId2 = "eeeeeeee-eeee-eeee-eeee-eeeeeeeeeeee";
178 List<SecurityGroup> secGroups = new ArrayList<>();
179 secGroups.add(NeutronEntityFactory.securityGroup(secGroupId1, tenantId));
180 secGroups.add(NeutronEntityFactory.securityGroup(secGroupId2, tenantId));
181 SecurityRule secRule1 = NeutronEntityFactory.securityRuleWithEtherType(secRuleId1, tenantId,
182 EthertypeV4.class, DirectionEgress.class, secGroupId1, secGroupId2);
183 SecurityRule secRule2 = NeutronEntityFactory.securityRuleWithEtherType(secRuleId2, tenantId,
184 EthertypeV4.class, DirectionIngress.class, secGroupId2, secGroupId1);
185 NeutronBuilder neutronBuilder = new NeutronBuilder()
186 .setSecurityGroups(new SecurityGroupsBuilder().setSecurityGroup(secGroups).build())
187 .setSecurityRules(new SecurityRulesBuilder()
188 .setSecurityRule(ImmutableList.of(secRule1)).build());
190 ruleAware.onCreated(secRule1, neutronBuilder.build());
192 PolicyAssert.assertTenantExists(dataBroker, tenantId);
193 PolicyAssert.assertContractExists(dataBroker, tenantId, secRuleId1);
194 Optional<Contract> contract = ConfigDataStoreReader.readContract(dataBroker, tenantId, secRuleId1);
195 PolicyAssert.assertContract(contract.get(), secRule1);
196 PolicyAssert.assertContractCount(dataBroker, tenantId, 1);
197 PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId1);
198 Optional<EndpointGroup> epGroup1 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId1);
199 PolicyAssert.assertProviderNamedSelectors(epGroup1.get(), ImmutableSet.of(new ContractId(secRuleId1)));
200 PolicyAssert.assertNoConsumerNamedSelectors(dataBroker, tenantId, secGroupId1);
202 PolicyAssert.assertClassifierInstanceExists(dataBroker, secRule1);
203 PolicyAssert.assertActionInstanceExists(dataBroker, tenantId, MappingUtils.ACTION_ALLOW.getName());
205 neutronBuilder.setSecurityRules(new SecurityRulesBuilder()
206 .setSecurityRule(ImmutableList.of(secRule1, secRule2)).build());
208 ruleAware.onCreated(secRule2, neutronBuilder.build());
210 PolicyAssert.assertTenantExists(dataBroker, tenantId);
211 PolicyAssert.assertContractExists(dataBroker, tenantId, secRuleId1);
212 contract = ConfigDataStoreReader.readContract(dataBroker, tenantId, secRuleId1);
213 PolicyAssert.assertContract(contract.get(), secRule1);
214 PolicyAssert.assertContractCount(dataBroker, tenantId, 2);
215 PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId1);
216 epGroup1 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId1);
217 PolicyAssert.assertProviderNamedSelectors(epGroup1.get(), ImmutableSet.of(new ContractId(secRuleId1)));
218 PolicyAssert.assertConsumerNamedSelectors(epGroup1.get(), ImmutableSet.of(new ContractId(secRuleId2)));
220 PolicyAssert.assertContractExists(dataBroker, tenantId, secRuleId2);
221 contract = ConfigDataStoreReader.readContract(dataBroker, tenantId, secRuleId2);
222 PolicyAssert.assertContract(contract.get(), secRule2);
223 PolicyAssert.assertContractCount(dataBroker, tenantId, 2);
224 PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId2);
225 Optional<EndpointGroup> epGroup2 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId2);
226 PolicyAssert.assertProviderNamedSelectors(epGroup2.get(), ImmutableSet.of(new ContractId(secRuleId2)));
227 PolicyAssert.assertConsumerNamedSelectors(epGroup2.get(), ImmutableSet.of(new ContractId(secRuleId1)));
229 ruleAware.onDeleted(secRule2, neutronBuilder.build(), null);
231 PolicyAssert.assertTenantExists(dataBroker, tenantId);
232 PolicyAssert.assertContractExists(dataBroker, tenantId, secRuleId1);
233 contract = ConfigDataStoreReader.readContract(dataBroker, tenantId, secRuleId1);
234 PolicyAssert.assertContract(contract.get(), secRule1);
235 PolicyAssert.assertContractCount(dataBroker, tenantId, 1);
236 PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId1);
237 epGroup1 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId1);
238 PolicyAssert.assertProviderNamedSelectors(epGroup1.get(), ImmutableSet.of(new ContractId(secRuleId1)));
239 PolicyAssert.assertNoConsumerNamedSelectors(dataBroker, tenantId, secGroupId1);
241 PolicyAssert.assertContractNotExists(dataBroker, tenantId, secRuleId2);
242 PolicyAssert.assertContractCount(dataBroker, tenantId, 1);
243 PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId2);
244 epGroup2 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId2);
245 PolicyAssert.assertNoProviderNamedSelectors(dataBroker, tenantId, secGroupId2);
246 PolicyAssert.assertNoConsumerNamedSelectors(dataBroker, tenantId, secGroupId2);
248 PolicyAssert.assertClassifierInstanceExists(dataBroker, secRule1);
249 PolicyAssert.assertActionInstanceExists(dataBroker, tenantId, MappingUtils.ACTION_ALLOW.getName());
251 neutronBuilder.setSecurityRules(new SecurityRulesBuilder()
252 .setSecurityRule(ImmutableList.of(secRule1)).build());
254 ruleAware.onDeleted(secRule1, neutronBuilder.build(), null);
256 PolicyAssert.assertContractCount(dataBroker, tenantId, 0);
257 PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId1);
258 PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId2);
259 PolicyAssert.assertNoProviderNamedSelectors(dataBroker, tenantId, secGroupId1);
260 PolicyAssert.assertNoConsumerNamedSelectors(dataBroker, tenantId, secGroupId2);
262 PolicyAssert.assertClassifierInstanceNotExists(dataBroker, secRule1);
263 // TODO: Uncomment this when the life cycle of the Allow ActionInstance will be clarified.
264 // PolicyAssert.assertActionInstanceNotExists(dataBroker, tenantId,
265 // MappingUtils.ACTION_ALLOW.getName());
269 public final void testAddNeutronSecurityRule_rulesWithoutRemote() throws Exception {
270 String tenant = "ad4c6c25-2424-4ad3-97ee-f9691ce03645";
271 String goldSecGrp = "fe40e28f-ad6a-4a2d-b12a-47510876344a";
272 SecurityRule goldInIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
273 "166aedab-fdf5-4788-9e36-2b00b5f8722f", tenant, EthertypeV4.class, DirectionIngress.class, goldSecGrp,
275 SecurityRule goldOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
276 "dabfd4da-af89-45dd-85f8-181768c1b4c9", tenant, EthertypeV4.class, DirectionEgress.class, goldSecGrp,
278 String serverSecGrp = "71cf4fe5-b146-409e-8151-cd921298ce32";
279 SecurityRule serverOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
280 "8b9c48d3-44a8-46be-be35-6f3237d98071", tenant, EthertypeV4.class, DirectionEgress.class, serverSecGrp,
282 SecurityRule serverInIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
283 "adf7e558-de47-4f9e-a9b8-96e19db5d1ac", tenant, EthertypeV4.class, DirectionIngress.class, serverSecGrp,
285 DataBroker dataBroker = getDataBroker();
286 List<SecurityGroup> secGroups = new ArrayList<>();
287 secGroups.add(NeutronEntityFactory.securityGroup(goldSecGrp, tenant));
288 secGroups.add(NeutronEntityFactory.securityGroup(serverSecGrp, tenant));
289 Neutron neutron = new NeutronBuilder()
290 .setSecurityGroups(new SecurityGroupsBuilder().setSecurityGroup(secGroups).build())
291 .setSecurityRules(new SecurityRulesBuilder()
292 .setSecurityRule(ImmutableList.of(goldInIpv4, goldOutIpv4, serverOutIpv4, serverInIpv4)).build())
294 NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker, epRegistrator);
295 ReadWriteTransaction rwTx = dataBroker.newReadWriteTransaction();
296 ruleAware.addNeutronSecurityRule(goldInIpv4, neutron, rwTx);
297 ruleAware.addNeutronSecurityRule(goldOutIpv4, neutron, rwTx);
298 ruleAware.addNeutronSecurityRule(serverOutIpv4, neutron, rwTx);
299 ruleAware.addNeutronSecurityRule(serverInIpv4, neutron, rwTx);
300 TenantId tenantId = new TenantId(tenant);
301 Optional<Contract> potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
302 IidFactory.contractIid(tenantId, new ContractId(goldInIpv4.getUuid().getValue()))).get();
303 assertTrue(potentialContract.isPresent());
304 Contract contract = potentialContract.get();
305 PolicyAssert.assertContract(contract, goldInIpv4);
306 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
307 IidFactory.contractIid(tenantId, new ContractId(goldOutIpv4.getUuid().getValue()))).get();
308 assertTrue(potentialContract.isPresent());
309 contract = potentialContract.get();
310 PolicyAssert.assertContract(contract, goldOutIpv4);
311 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
312 IidFactory.contractIid(tenantId, new ContractId(serverOutIpv4.getUuid().getValue()))).get();
313 assertTrue(potentialContract.isPresent());
314 contract = potentialContract.get();
315 PolicyAssert.assertContract(contract, serverOutIpv4);
316 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
317 IidFactory.contractIid(tenantId, new ContractId(serverInIpv4.getUuid().getValue()))).get();
318 assertTrue(potentialContract.isPresent());
319 contract = potentialContract.get();
320 PolicyAssert.assertContract(contract, serverInIpv4);
321 Optional<EndpointGroup> potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
322 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(goldSecGrp))).get();
323 assertTrue(potentialEpg.isPresent());
324 EndpointGroup epg = potentialEpg.get();
325 PolicyAssert.assertConsumerNamedSelectors(
327 ImmutableSet.of(new ContractId(goldInIpv4.getUuid().getValue()),
328 new ContractId(goldOutIpv4.getUuid().getValue()),
329 new ContractId(serverOutIpv4.getUuid().getValue()),
330 new ContractId(serverInIpv4.getUuid().getValue())));
331 potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
332 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(serverSecGrp))).get();
333 assertTrue(potentialEpg.isPresent());
334 PolicyAssert.assertConsumerNamedSelectors(
336 ImmutableSet.of(new ContractId(goldInIpv4.getUuid().getValue()),
337 new ContractId(goldOutIpv4.getUuid().getValue()),
338 new ContractId(serverOutIpv4.getUuid().getValue()),
339 new ContractId(serverInIpv4.getUuid().getValue())));
343 public final void testAddNeutronSecurityRule_asymmetricRulesWithoutRemote() throws Exception {
344 String tenant = "ad4c6c25-2424-4ad3-97ee-f9691ce03645";
345 String goldSecGrp = "fe40e28f-ad6a-4a2d-b12a-47510876344a";
346 SecurityRule goldInIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
347 "166aedab-fdf5-4788-9e36-2b00b5f8722f", tenant, EthertypeV4.class, DirectionIngress.class, goldSecGrp,
349 SecurityRule goldOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
350 "dabfd4da-af89-45dd-85f8-181768c1b4c9", tenant, EthertypeV4.class, DirectionEgress.class, goldSecGrp,
352 String serverSecGrp = "71cf4fe5-b146-409e-8151-cd921298ce32";
353 SecurityRule serverOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
354 "8b9c48d3-44a8-46be-be35-6f3237d98071", tenant, EthertypeV4.class, DirectionEgress.class, serverSecGrp,
356 SecurityRuleAttributes.Protocol protocolTcp = new SecurityRuleAttributes.Protocol(ProtocolTcp.class);
357 SecurityRule serverIn80TcpIpv4 = new SecurityRuleBuilder().setUuid(new Uuid("adf7e558-de47-4f9e-a9b8-96e19db5d1ac"))
358 .setTenantId(new Uuid(tenant))
359 .setEthertype(EthertypeV4.class)
360 .setProtocol(protocolTcp)
363 .setDirection(DirectionIngress.class)
364 .setSecurityGroupId(new Uuid(serverSecGrp))
366 DataBroker dataBroker = getDataBroker();
367 List<SecurityGroup> secGroups = new ArrayList<>();
368 secGroups.add(NeutronEntityFactory.securityGroup(goldSecGrp, tenant));
369 secGroups.add(NeutronEntityFactory.securityGroup(serverSecGrp, tenant));
370 Neutron neutron = new NeutronBuilder()
371 .setSecurityGroups(new SecurityGroupsBuilder().setSecurityGroup(secGroups).build())
372 .setSecurityRules(new SecurityRulesBuilder()
373 .setSecurityRule(ImmutableList.of(goldInIpv4, goldOutIpv4, serverOutIpv4, serverIn80TcpIpv4)).build())
375 NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker, epRegistrator);
376 ReadWriteTransaction rwTx = dataBroker.newReadWriteTransaction();
377 ruleAware.addNeutronSecurityRule(goldInIpv4, neutron, rwTx);
378 ruleAware.addNeutronSecurityRule(goldOutIpv4, neutron, rwTx);
379 ruleAware.addNeutronSecurityRule(serverOutIpv4, neutron, rwTx);
380 ruleAware.addNeutronSecurityRule(serverIn80TcpIpv4, neutron, rwTx);
381 TenantId tenantId = new TenantId(tenant);
382 Optional<Contract> potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
383 IidFactory.contractIid(tenantId, new ContractId(goldInIpv4.getUuid().getValue()))).get();
384 assertTrue(potentialContract.isPresent());
385 Contract contract = potentialContract.get();
386 PolicyAssert.assertContract(contract, goldInIpv4);
387 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
388 IidFactory.contractIid(tenantId, new ContractId(goldOutIpv4.getUuid().getValue()))).get();
389 assertTrue(potentialContract.isPresent());
390 contract = potentialContract.get();
391 PolicyAssert.assertContract(contract, goldOutIpv4);
392 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
393 IidFactory.contractIid(tenantId, new ContractId(serverOutIpv4.getUuid().getValue()))).get();
394 assertTrue(potentialContract.isPresent());
395 contract = potentialContract.get();
396 PolicyAssert.assertContract(contract, serverOutIpv4);
397 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
398 IidFactory.contractIid(tenantId, new ContractId(serverIn80TcpIpv4.getUuid().getValue()))).get();
399 assertTrue(potentialContract.isPresent());
400 contract = potentialContract.get();
401 PolicyAssert.assertContract(contract, serverIn80TcpIpv4);
402 Optional<EndpointGroup> potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
403 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(goldSecGrp))).get();
404 assertTrue(potentialEpg.isPresent());
405 EndpointGroup epg = potentialEpg.get();
406 PolicyAssert.assertConsumerNamedSelectors(
408 ImmutableSet.of(new ContractId(goldInIpv4.getUuid().getValue()),
409 new ContractId(goldOutIpv4.getUuid().getValue()),
410 new ContractId(serverOutIpv4.getUuid().getValue()),
411 new ContractId(serverIn80TcpIpv4.getUuid().getValue())));
412 potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
413 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(serverSecGrp))).get();
414 assertTrue(potentialEpg.isPresent());
415 epg = potentialEpg.get();
416 PolicyAssert.assertConsumerNamedSelectors(
418 ImmutableSet.of(new ContractId(goldInIpv4.getUuid().getValue()),
419 new ContractId(serverIn80TcpIpv4.getUuid().getValue())));
423 public final void testAddNeutronSecurityRule_defaultSecGrp() throws Exception {
424 String tenant = "111aaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa";
425 String defaultSecGrp = "111fffff-ffff-ffff-ffff-ffffffffffff";
426 SecurityRule defaultInIpv4Default = NeutronEntityFactory.securityRuleWithEtherType(
427 "111ccccc-111c-cccc-cccc-cccccccccccc", tenant, EthertypeV4.class, DirectionIngress.class, defaultSecGrp,
429 SecurityRule defaultInIpv6Default = NeutronEntityFactory.securityRuleWithEtherType(
430 "222ccccc-111c-cccc-cccc-cccccccccccc", tenant, EthertypeV4.class, DirectionIngress.class, defaultSecGrp,
432 SecurityRule defaultOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
433 "333ccccc-111c-cccc-cccc-cccccccccccc", tenant, EthertypeV4.class, DirectionEgress.class, defaultSecGrp,
435 SecurityRule defaultOutIpv6 = NeutronEntityFactory.securityRuleWithEtherType(
436 "444ccccc-111c-cccc-cccc-cccccccccccc", tenant, EthertypeV4.class, DirectionEgress.class, defaultSecGrp,
438 DataBroker dataBroker = getDataBroker();
439 List<SecurityGroup> secGroups = new ArrayList<>();
440 secGroups.add(NeutronEntityFactory.securityGroup(defaultSecGrp, tenant));
441 Neutron neutron = new NeutronBuilder()
442 .setSecurityGroups(new SecurityGroupsBuilder().setSecurityGroup(secGroups).build()).build();
443 NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker, epRegistrator);
444 ReadWriteTransaction rwTx = dataBroker.newReadWriteTransaction();
445 ruleAware.addNeutronSecurityRule(defaultInIpv4Default, neutron, rwTx);
446 ruleAware.addNeutronSecurityRule(defaultInIpv6Default, neutron, rwTx);
447 ruleAware.addNeutronSecurityRule(defaultOutIpv4, neutron, rwTx);
448 ruleAware.addNeutronSecurityRule(defaultOutIpv6, neutron, rwTx);
449 TenantId tenantId = new TenantId(tenant);
450 Optional<Contract> potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
451 IidFactory.contractIid(tenantId, new ContractId(defaultInIpv4Default.getUuid().getValue()))).get();
452 assertTrue(potentialContract.isPresent());
453 Contract contract = potentialContract.get();
454 PolicyAssert.assertContract(contract, defaultInIpv4Default);
455 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
456 IidFactory.contractIid(tenantId, new ContractId(defaultInIpv6Default.getUuid().getValue()))).get();
457 assertTrue(potentialContract.isPresent());
458 contract = potentialContract.get();
459 PolicyAssert.assertContract(contract, defaultInIpv6Default);
460 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
461 IidFactory.contractIid(tenantId, new ContractId(defaultOutIpv4.getUuid().getValue()))).get();
462 assertTrue(potentialContract.isPresent());
463 contract = potentialContract.get();
464 PolicyAssert.assertContract(contract, defaultOutIpv4);
465 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
466 IidFactory.contractIid(tenantId, new ContractId(defaultOutIpv6.getUuid().getValue()))).get();
467 assertTrue(potentialContract.isPresent());
468 contract = potentialContract.get();
469 PolicyAssert.assertContract(contract, defaultOutIpv6);
473 public void testConstructor_invalidArgument() throws Exception {
475 new NeutronSecurityRuleAware(null, null);
476 fail(NullPointerException.class.getName() + " expected");
477 } catch (NullPointerException ex) {