1 package org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.rule;
3 import static org.junit.Assert.assertTrue;
4 import static org.junit.Assert.fail;
7 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
8 import org.opendaylight.controller.md.sal.binding.api.ReadWriteTransaction;
9 import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
10 import org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.group.NeutronSecurityGroupAware;
11 import org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.group.SecGroupDao;
12 import org.opendaylight.groupbasedpolicy.neutron.mapper.test.ConfigDataStoreReader;
13 import org.opendaylight.groupbasedpolicy.neutron.mapper.test.NeutronEntityFactory;
14 import org.opendaylight.groupbasedpolicy.neutron.mapper.test.PolicyAssert;
15 import org.opendaylight.groupbasedpolicy.neutron.mapper.test.GbpDataBrokerTest;
16 import org.opendaylight.groupbasedpolicy.neutron.mapper.util.MappingUtils;
17 import org.opendaylight.groupbasedpolicy.neutron.mapper.util.NeutronUtils;
18 import org.opendaylight.groupbasedpolicy.util.IidFactory;
19 import org.opendaylight.neutron.spi.NeutronSecurityRule;
20 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ContractId;
21 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.EndpointGroupId;
22 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.TenantId;
23 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.Tenant;
24 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.Contract;
25 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.EndpointGroup;
27 import com.google.common.base.Optional;
28 import com.google.common.collect.ImmutableSet;
31 * END 2 END TESTING - inputs are Neutron entities and expected outputs are GBP entities in
35 public class NeutronSecurityRuleAwareDataStoreTest extends GbpDataBrokerTest {
38 public final void testAddNeutronSecurityRule_rulesWithRemoteIpPrefix() throws Exception {
39 String tenant = "ad4c6c25-2424-4ad3-97ee-f9691ce03645";
40 String goldSecGrp = "fe40e28f-ad6a-4a2d-b12a-47510876344a";
41 NeutronSecurityRule goldInIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
42 "166aedab-fdf5-4788-9e36-2b00b5f8722f", tenant, NeutronUtils.IPv4, NeutronUtils.INGRESS, goldSecGrp,
44 NeutronSecurityRule goldOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
45 "dabfd4da-af89-45dd-85f8-181768c1b4c9", tenant, NeutronUtils.IPv4, NeutronUtils.EGRESS, goldSecGrp,
47 String serverSecGrp = "71cf4fe5-b146-409e-8151-cd921298ce32";
48 NeutronSecurityRule serverIn80Tcp10_1_1_0 = NeutronEntityFactory.securityRuleWithEtherType(
49 "9dbb533d-d9b2-4dc9-bae7-ee60c8df184d", tenant, NeutronUtils.IPv4, NeutronUtils.INGRESS, serverSecGrp,
51 serverIn80Tcp10_1_1_0.setSecurityRuleProtocol(NeutronUtils.TCP);
52 serverIn80Tcp10_1_1_0.setSecurityRulePortMin(80);
53 serverIn80Tcp10_1_1_0.setSecurityRulePortMax(80);
54 serverIn80Tcp10_1_1_0.setSecurityRuleRemoteIpPrefix("10.1.1.0/24");
55 NeutronSecurityRule serverInIp20_1_1_0 = NeutronEntityFactory.securityRuleWithEtherType(
56 "adf7e558-de47-4f9e-a9b8-96e19db5d1ac", tenant, NeutronUtils.IPv4, NeutronUtils.INGRESS, serverSecGrp,
58 serverInIp20_1_1_0.setSecurityRuleRemoteIpPrefix("20.1.1.0/24");
59 NeutronSecurityRule serverOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
60 "8b9c48d3-44a8-46be-be35-6f3237d98071", tenant, NeutronUtils.IPv4, NeutronUtils.EGRESS, serverSecGrp,
62 DataBroker dataBroker = getDataBroker();
63 SecRuleDao secRuleDao = new SecRuleDao();
64 SecGroupDao secGroupDao = new SecGroupDao();
65 secGroupDao.addSecGroup(NeutronEntityFactory.securityGroup(goldSecGrp, tenant));
66 secGroupDao.addSecGroup(NeutronEntityFactory.securityGroup(serverSecGrp, tenant));
67 NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker, secRuleDao, secGroupDao);
68 ReadWriteTransaction rwTx = dataBroker.newReadWriteTransaction();
69 ruleAware.addNeutronSecurityRule(goldInIpv4, rwTx);
70 ruleAware.addNeutronSecurityRule(goldOutIpv4, rwTx);
71 ruleAware.addNeutronSecurityRule(serverIn80Tcp10_1_1_0, rwTx);
72 ruleAware.addNeutronSecurityRule(serverInIp20_1_1_0, rwTx);
73 ruleAware.addNeutronSecurityRule(serverOutIpv4, rwTx);
74 TenantId tenantId = new TenantId(tenant);
75 Optional<Tenant> potentialTenant = rwTx.read(LogicalDatastoreType.CONFIGURATION, IidFactory.tenantIid(tenantId))
77 assertTrue(potentialTenant.isPresent());
78 Optional<Contract> potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
79 IidFactory.contractIid(tenantId, new ContractId(goldInIpv4.getSecurityRuleUUID()))).get();
80 assertTrue(potentialContract.isPresent());
81 Contract contract = potentialContract.get();
82 PolicyAssert.assertContract(contract, goldInIpv4);
83 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
84 IidFactory.contractIid(tenantId, new ContractId(goldOutIpv4.getSecurityRuleUUID()))).get();
85 assertTrue(potentialContract.isPresent());
86 contract = potentialContract.get();
87 PolicyAssert.assertContract(contract, goldOutIpv4);
88 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
89 IidFactory.contractIid(tenantId, new ContractId(serverOutIpv4.getSecurityRuleUUID()))).get();
90 assertTrue(potentialContract.isPresent());
91 contract = potentialContract.get();
92 PolicyAssert.assertContract(contract, serverOutIpv4);
93 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
94 IidFactory.contractIid(tenantId, new ContractId(serverIn80Tcp10_1_1_0.getSecurityRuleUUID()))).get();
95 assertTrue(potentialContract.isPresent());
96 contract = potentialContract.get();
97 PolicyAssert.assertContractWithEic(contract, serverIn80Tcp10_1_1_0);
98 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
99 IidFactory.contractIid(tenantId, new ContractId(serverInIp20_1_1_0.getSecurityRuleUUID()))).get();
100 assertTrue(potentialContract.isPresent());
101 contract = potentialContract.get();
102 PolicyAssert.assertContractWithEic(contract, serverInIp20_1_1_0);
103 Optional<EndpointGroup> potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
104 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(goldSecGrp))).get();
105 assertTrue(potentialEpg.isPresent());
106 EndpointGroup epg = potentialEpg.get();
107 PolicyAssert.assertConsumerNamedSelectors(
109 ImmutableSet.of(new ContractId(goldInIpv4.getSecurityRuleUUID()),
110 new ContractId(goldOutIpv4.getSecurityRuleUUID()),
111 new ContractId(serverIn80Tcp10_1_1_0.getSecurityRuleUUID()),
112 new ContractId(serverInIp20_1_1_0.getSecurityRuleUUID()),
113 new ContractId(serverOutIpv4.getSecurityRuleUUID())));
114 potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
115 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(serverSecGrp))).get();
116 assertTrue(potentialEpg.isPresent());
117 epg = potentialEpg.get();
118 PolicyAssert.assertConsumerNamedSelectors(epg, ImmutableSet.of(
119 new ContractId(serverIn80Tcp10_1_1_0.getSecurityRuleUUID()),
120 new ContractId(serverInIp20_1_1_0.getSecurityRuleUUID()),
121 new ContractId(goldInIpv4.getSecurityRuleUUID())));
125 public final void testAddAndDeleteNeutronSecurityRule() throws Exception {
126 DataBroker dataBroker = getDataBroker();
127 SecRuleDao secRuleDao = new SecRuleDao();
128 SecGroupDao secGroupDao = new SecGroupDao();
129 NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker, secRuleDao, secGroupDao);
131 final String tenantId = "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa";
132 final String secGroupId1 = "bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb";
133 final String secGroupId2 = "cccccccc-cccc-cccc-cccc-cccccccccccc";
134 final String secRuleId1 = "dddddddd-dddd-dddd-dddd-dddddddddddd";
135 final String secRuleId2 = "eeeeeeee-eeee-eeee-eeee-eeeeeeeeeeee";
137 NeutronSecurityRule secRule1 = NeutronEntityFactory.securityRuleWithEtherType(secRuleId1, tenantId,
138 NeutronUtils.IPv4, NeutronUtils.EGRESS, secGroupId1, secGroupId2);
139 NeutronSecurityRule secRule2 = NeutronEntityFactory.securityRuleWithEtherType(secRuleId2, tenantId,
140 NeutronUtils.IPv4, NeutronUtils.INGRESS, secGroupId2, secGroupId1);
142 ruleAware.neutronSecurityRuleCreated(secRule1);
144 PolicyAssert.assertTenantExists(dataBroker, tenantId);
145 PolicyAssert.assertContractExists(dataBroker, tenantId, secRuleId1);
146 Optional<Contract> contract = ConfigDataStoreReader.readContract(dataBroker, tenantId, secRuleId1);
147 PolicyAssert.assertContract(contract.get(), secRule1);
148 PolicyAssert.assertContractCount(dataBroker, tenantId, 1);
149 PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId1);
150 Optional<EndpointGroup> epGroup1 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId1);
151 PolicyAssert.assertProviderNamedSelectors(epGroup1.get(), ImmutableSet.of(new ContractId(secRuleId1)));
152 PolicyAssert.assertNoConsumerNamedSelectors(dataBroker, tenantId, secGroupId1);
154 PolicyAssert.assertClassifierInstanceExists(dataBroker, secRule1);
155 PolicyAssert.assertActionInstanceExists(dataBroker, tenantId, MappingUtils.ACTION_ALLOW.getName());
157 ruleAware.neutronSecurityRuleCreated(secRule2);
159 PolicyAssert.assertTenantExists(dataBroker, tenantId);
160 PolicyAssert.assertContractExists(dataBroker, tenantId, secRuleId1);
161 contract = ConfigDataStoreReader.readContract(dataBroker, tenantId, secRuleId1);
162 PolicyAssert.assertContract(contract.get(), secRule1);
163 PolicyAssert.assertContractCount(dataBroker, tenantId, 2);
164 PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId1);
165 epGroup1 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId1);
166 PolicyAssert.assertProviderNamedSelectors(epGroup1.get(), ImmutableSet.of(new ContractId(secRuleId1)));
167 PolicyAssert.assertConsumerNamedSelectors(epGroup1.get(), ImmutableSet.of(new ContractId(secRuleId2)));
169 PolicyAssert.assertContractExists(dataBroker, tenantId, secRuleId2);
170 contract = ConfigDataStoreReader.readContract(dataBroker, tenantId, secRuleId2);
171 PolicyAssert.assertContract(contract.get(), secRule2);
172 PolicyAssert.assertContractCount(dataBroker, tenantId, 2);
173 PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId2);
174 Optional<EndpointGroup> epGroup2 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId2);
175 PolicyAssert.assertProviderNamedSelectors(epGroup2.get(), ImmutableSet.of(new ContractId(secRuleId2)));
176 PolicyAssert.assertConsumerNamedSelectors(epGroup2.get(), ImmutableSet.of(new ContractId(secRuleId1)));
178 ruleAware.neutronSecurityRuleDeleted(secRule2);
180 PolicyAssert.assertTenantExists(dataBroker, tenantId);
181 PolicyAssert.assertContractExists(dataBroker, tenantId, secRuleId1);
182 contract = ConfigDataStoreReader.readContract(dataBroker, tenantId, secRuleId1);
183 PolicyAssert.assertContract(contract.get(), secRule1);
184 PolicyAssert.assertContractCount(dataBroker, tenantId, 1);
185 PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId1);
186 epGroup1 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId1);
187 PolicyAssert.assertProviderNamedSelectors(epGroup1.get(), ImmutableSet.of(new ContractId(secRuleId1)));
188 PolicyAssert.assertNoConsumerNamedSelectors(dataBroker, tenantId, secGroupId1);
190 PolicyAssert.assertContractNotExists(dataBroker, tenantId, secRuleId2);
191 PolicyAssert.assertContractCount(dataBroker, tenantId, 1);
192 PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId2);
193 epGroup2 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId2);
194 PolicyAssert.assertNoProviderNamedSelectors(dataBroker, tenantId, secGroupId2);
195 PolicyAssert.assertNoConsumerNamedSelectors(dataBroker, tenantId, secGroupId2);
197 PolicyAssert.assertClassifierInstanceExists(dataBroker, secRule1);
198 PolicyAssert.assertActionInstanceExists(dataBroker, tenantId, MappingUtils.ACTION_ALLOW.getName());
200 ruleAware.neutronSecurityRuleDeleted(secRule1);
202 PolicyAssert.assertContractCount(dataBroker, tenantId, 0);
203 PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId1);
204 PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId2);
205 PolicyAssert.assertNoProviderNamedSelectors(dataBroker, tenantId, secGroupId1);
206 PolicyAssert.assertNoConsumerNamedSelectors(dataBroker, tenantId, secGroupId2);
208 PolicyAssert.assertClassifierInstanceNotExists(dataBroker, secRule1);
209 // TODO: Uncomment this when the life cycle of the Allow ActionInstance will be clarified.
210 // PolicyAssert.assertActionInstanceNotExists(dataBroker, tenantId,
211 // MappingUtils.ACTION_ALLOW.getName());
215 public final void testAddNeutronSecurityRule_rulesWithoutRemote() throws Exception {
216 String tenant = "ad4c6c25-2424-4ad3-97ee-f9691ce03645";
217 String goldSecGrp = "fe40e28f-ad6a-4a2d-b12a-47510876344a";
218 NeutronSecurityRule goldInIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
219 "166aedab-fdf5-4788-9e36-2b00b5f8722f", tenant, NeutronUtils.IPv4, NeutronUtils.INGRESS, goldSecGrp,
221 NeutronSecurityRule goldOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
222 "dabfd4da-af89-45dd-85f8-181768c1b4c9", tenant, NeutronUtils.IPv4, NeutronUtils.EGRESS, goldSecGrp,
224 String serverSecGrp = "71cf4fe5-b146-409e-8151-cd921298ce32";
225 NeutronSecurityRule serverOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
226 "8b9c48d3-44a8-46be-be35-6f3237d98071", tenant, NeutronUtils.IPv4, NeutronUtils.EGRESS, serverSecGrp,
228 NeutronSecurityRule serverInIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
229 "adf7e558-de47-4f9e-a9b8-96e19db5d1ac", tenant, NeutronUtils.IPv4, NeutronUtils.INGRESS, serverSecGrp,
231 DataBroker dataBroker = getDataBroker();
232 SecRuleDao secRuleDao = new SecRuleDao();
233 SecGroupDao secGroupDao = new SecGroupDao();
234 secGroupDao.addSecGroup(NeutronEntityFactory.securityGroup(goldSecGrp, tenant));
235 secGroupDao.addSecGroup(NeutronEntityFactory.securityGroup(serverSecGrp, tenant));
236 NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker, secRuleDao, secGroupDao);
237 ReadWriteTransaction rwTx = dataBroker.newReadWriteTransaction();
238 ruleAware.addNeutronSecurityRule(goldInIpv4, rwTx);
239 ruleAware.addNeutronSecurityRule(goldOutIpv4, rwTx);
240 ruleAware.addNeutronSecurityRule(serverOutIpv4, rwTx);
241 ruleAware.addNeutronSecurityRule(serverInIpv4, rwTx);
242 TenantId tenantId = new TenantId(tenant);
243 Optional<Contract> potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
244 IidFactory.contractIid(tenantId, new ContractId(goldInIpv4.getSecurityRuleUUID()))).get();
245 assertTrue(potentialContract.isPresent());
246 Contract contract = potentialContract.get();
247 PolicyAssert.assertContract(contract, goldInIpv4);
248 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
249 IidFactory.contractIid(tenantId, new ContractId(goldOutIpv4.getSecurityRuleUUID()))).get();
250 assertTrue(potentialContract.isPresent());
251 contract = potentialContract.get();
252 PolicyAssert.assertContract(contract, goldOutIpv4);
253 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
254 IidFactory.contractIid(tenantId, new ContractId(serverOutIpv4.getSecurityRuleUUID()))).get();
255 assertTrue(potentialContract.isPresent());
256 contract = potentialContract.get();
257 PolicyAssert.assertContract(contract, serverOutIpv4);
258 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
259 IidFactory.contractIid(tenantId, new ContractId(serverInIpv4.getSecurityRuleUUID()))).get();
260 assertTrue(potentialContract.isPresent());
261 contract = potentialContract.get();
262 PolicyAssert.assertContract(contract, serverInIpv4);
263 Optional<EndpointGroup> potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
264 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(goldSecGrp))).get();
265 assertTrue(potentialEpg.isPresent());
266 EndpointGroup epg = potentialEpg.get();
267 PolicyAssert.assertConsumerNamedSelectors(
269 ImmutableSet.of(new ContractId(goldInIpv4.getSecurityRuleUUID()),
270 new ContractId(goldOutIpv4.getSecurityRuleUUID()),
271 new ContractId(serverOutIpv4.getSecurityRuleUUID()),
272 new ContractId(serverInIpv4.getSecurityRuleUUID())));
273 potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
274 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(serverSecGrp))).get();
275 assertTrue(potentialEpg.isPresent());
276 PolicyAssert.assertConsumerNamedSelectors(
278 ImmutableSet.of(new ContractId(goldInIpv4.getSecurityRuleUUID()),
279 new ContractId(goldOutIpv4.getSecurityRuleUUID()),
280 new ContractId(serverOutIpv4.getSecurityRuleUUID()),
281 new ContractId(serverInIpv4.getSecurityRuleUUID())));
285 public final void testAddNeutronSecurityRule_asymmetricRulesWithoutRemote() throws Exception {
286 String tenant = "ad4c6c25-2424-4ad3-97ee-f9691ce03645";
287 String goldSecGrp = "fe40e28f-ad6a-4a2d-b12a-47510876344a";
288 NeutronSecurityRule goldInIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
289 "166aedab-fdf5-4788-9e36-2b00b5f8722f", tenant, NeutronUtils.IPv4, NeutronUtils.INGRESS, goldSecGrp,
291 NeutronSecurityRule goldOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
292 "dabfd4da-af89-45dd-85f8-181768c1b4c9", tenant, NeutronUtils.IPv4, NeutronUtils.EGRESS, goldSecGrp,
294 String serverSecGrp = "71cf4fe5-b146-409e-8151-cd921298ce32";
295 NeutronSecurityRule serverOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
296 "8b9c48d3-44a8-46be-be35-6f3237d98071", tenant, NeutronUtils.IPv4, NeutronUtils.EGRESS, serverSecGrp,
298 NeutronSecurityRule serverIn80TcpIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
299 "adf7e558-de47-4f9e-a9b8-96e19db5d1ac", tenant, NeutronUtils.IPv4, NeutronUtils.INGRESS, serverSecGrp,
301 serverIn80TcpIpv4.setSecurityRuleProtocol(NeutronUtils.TCP);
302 serverIn80TcpIpv4.setSecurityRulePortMin(80);
303 serverIn80TcpIpv4.setSecurityRulePortMax(80);
304 DataBroker dataBroker = getDataBroker();
305 SecRuleDao secRuleDao = new SecRuleDao();
306 SecGroupDao secGroupDao = new SecGroupDao();
307 secGroupDao.addSecGroup(NeutronEntityFactory.securityGroup(goldSecGrp, tenant));
308 secGroupDao.addSecGroup(NeutronEntityFactory.securityGroup(serverSecGrp, tenant));
309 NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker, secRuleDao, secGroupDao);
310 ReadWriteTransaction rwTx = dataBroker.newReadWriteTransaction();
311 ruleAware.addNeutronSecurityRule(goldInIpv4, rwTx);
312 ruleAware.addNeutronSecurityRule(goldOutIpv4, rwTx);
313 ruleAware.addNeutronSecurityRule(serverOutIpv4, rwTx);
314 ruleAware.addNeutronSecurityRule(serverIn80TcpIpv4, rwTx);
315 TenantId tenantId = new TenantId(tenant);
316 Optional<Contract> potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
317 IidFactory.contractIid(tenantId, new ContractId(goldInIpv4.getSecurityRuleUUID()))).get();
318 assertTrue(potentialContract.isPresent());
319 Contract contract = potentialContract.get();
320 PolicyAssert.assertContract(contract, goldInIpv4);
321 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
322 IidFactory.contractIid(tenantId, new ContractId(goldOutIpv4.getSecurityRuleUUID()))).get();
323 assertTrue(potentialContract.isPresent());
324 contract = potentialContract.get();
325 PolicyAssert.assertContract(contract, goldOutIpv4);
326 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
327 IidFactory.contractIid(tenantId, new ContractId(serverOutIpv4.getSecurityRuleUUID()))).get();
328 assertTrue(potentialContract.isPresent());
329 contract = potentialContract.get();
330 PolicyAssert.assertContract(contract, serverOutIpv4);
331 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
332 IidFactory.contractIid(tenantId, new ContractId(serverIn80TcpIpv4.getSecurityRuleUUID()))).get();
333 assertTrue(potentialContract.isPresent());
334 contract = potentialContract.get();
335 PolicyAssert.assertContract(contract, serverIn80TcpIpv4);
336 Optional<EndpointGroup> potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
337 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(goldSecGrp))).get();
338 assertTrue(potentialEpg.isPresent());
339 EndpointGroup epg = potentialEpg.get();
340 PolicyAssert.assertConsumerNamedSelectors(
342 ImmutableSet.of(new ContractId(goldInIpv4.getSecurityRuleUUID()),
343 new ContractId(goldOutIpv4.getSecurityRuleUUID()),
344 new ContractId(serverOutIpv4.getSecurityRuleUUID()),
345 new ContractId(serverIn80TcpIpv4.getSecurityRuleUUID())));
346 potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
347 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(serverSecGrp))).get();
348 assertTrue(potentialEpg.isPresent());
349 epg = potentialEpg.get();
350 PolicyAssert.assertConsumerNamedSelectors(
352 ImmutableSet.of(new ContractId(goldInIpv4.getSecurityRuleUUID()),
353 new ContractId(serverIn80TcpIpv4.getSecurityRuleUUID())));
357 public final void testAddNeutronSecurityRule_defaultSecGrp() throws Exception {
358 String tenant = "111aaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa";
359 String defaultSecGrp = "111fffff-ffff-ffff-ffff-ffffffffffff";
360 NeutronSecurityRule defaultInIpv4Default = NeutronEntityFactory.securityRuleWithEtherType(
361 "111ccccc-111c-cccc-cccc-cccccccccccc", tenant, NeutronUtils.IPv4, NeutronUtils.INGRESS, defaultSecGrp,
363 NeutronSecurityRule defaultInIpv6Default = NeutronEntityFactory.securityRuleWithEtherType(
364 "222ccccc-111c-cccc-cccc-cccccccccccc", tenant, NeutronUtils.IPv6, NeutronUtils.INGRESS, defaultSecGrp,
366 NeutronSecurityRule defaultOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
367 "333ccccc-111c-cccc-cccc-cccccccccccc", tenant, NeutronUtils.IPv4, NeutronUtils.EGRESS, defaultSecGrp,
369 NeutronSecurityRule defaultOutIpv6 = NeutronEntityFactory.securityRuleWithEtherType(
370 "444ccccc-111c-cccc-cccc-cccccccccccc", tenant, NeutronUtils.IPv6, NeutronUtils.EGRESS, defaultSecGrp,
372 DataBroker dataBroker = getDataBroker();
373 SecRuleDao secRuleDao = new SecRuleDao();
374 SecGroupDao secGroupDao = new SecGroupDao();
375 secGroupDao.addSecGroup(NeutronEntityFactory.securityGroup(defaultSecGrp, tenant));
376 NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker, secRuleDao, secGroupDao);
377 ReadWriteTransaction rwTx = dataBroker.newReadWriteTransaction();
378 ruleAware.addNeutronSecurityRule(defaultInIpv4Default, rwTx);
379 ruleAware.addNeutronSecurityRule(defaultInIpv6Default, rwTx);
380 ruleAware.addNeutronSecurityRule(defaultOutIpv4, rwTx);
381 ruleAware.addNeutronSecurityRule(defaultOutIpv6, rwTx);
382 TenantId tenantId = new TenantId(tenant);
383 Optional<Contract> potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
384 IidFactory.contractIid(tenantId, new ContractId(defaultInIpv4Default.getSecurityRuleUUID()))).get();
385 assertTrue(potentialContract.isPresent());
386 Contract contract = potentialContract.get();
387 PolicyAssert.assertContract(contract, defaultInIpv4Default);
388 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
389 IidFactory.contractIid(tenantId, new ContractId(defaultInIpv6Default.getSecurityRuleUUID()))).get();
390 assertTrue(potentialContract.isPresent());
391 contract = potentialContract.get();
392 PolicyAssert.assertContract(contract, defaultInIpv6Default);
393 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
394 IidFactory.contractIid(tenantId, new ContractId(defaultOutIpv4.getSecurityRuleUUID()))).get();
395 assertTrue(potentialContract.isPresent());
396 contract = potentialContract.get();
397 PolicyAssert.assertContract(contract, defaultOutIpv4);
398 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
399 IidFactory.contractIid(tenantId, new ContractId(defaultOutIpv6.getSecurityRuleUUID()))).get();
400 assertTrue(potentialContract.isPresent());
401 contract = potentialContract.get();
402 PolicyAssert.assertContract(contract, defaultOutIpv6);
406 public void testConstructor_invalidArgument() throws Exception {
407 DataBroker dataBroker = getDataBroker();
408 SecRuleDao secRuleDao = new SecRuleDao();
409 SecGroupDao secGroupDao = new SecGroupDao();
410 assertExceptionInConstructor(null, secRuleDao, secGroupDao);
411 assertExceptionInConstructor(dataBroker, null, secGroupDao);
412 assertExceptionInConstructor(dataBroker, secRuleDao, null);
413 assertExceptionInConstructor(null, null, null);
416 private void assertExceptionInConstructor(DataBroker dataBroker, SecRuleDao secRuleDao, SecGroupDao secGroupDao) {
418 new NeutronSecurityRuleAware(dataBroker, secRuleDao, secGroupDao);
419 fail(NullPointerException.class.getName() + " expected");
420 } catch (NullPointerException ex) {