neutron-mapper/src/test/java/org/opendaylight/groupbasedpolicy/neutron/mapper/mapping/rule/NeutronSecurityRuleAwareDataStoreTest.java

   1 package org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.rule;
   2
   3 import static org.junit.Assert.assertTrue;
   4 import static org.junit.Assert.fail;
   5
   6 import org.junit.Test;
   7 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
   8 import org.opendaylight.controller.md.sal.binding.api.ReadWriteTransaction;
   9 import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
  10 import org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.group.NeutronSecurityGroupAware;
  11 import org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.group.SecGroupDao;
  12 import org.opendaylight.groupbasedpolicy.neutron.mapper.test.ConfigDataStoreReader;
  13 import org.opendaylight.groupbasedpolicy.neutron.mapper.test.NeutronEntityFactory;
  14 import org.opendaylight.groupbasedpolicy.neutron.mapper.test.PolicyAssert;
  15 import org.opendaylight.groupbasedpolicy.neutron.mapper.test.GbpDataBrokerTest;
  16 import org.opendaylight.groupbasedpolicy.neutron.mapper.util.MappingUtils;
  17 import org.opendaylight.groupbasedpolicy.neutron.mapper.util.NeutronUtils;
  18 import org.opendaylight.groupbasedpolicy.util.IidFactory;
  19 import org.opendaylight.neutron.spi.NeutronSecurityRule;
  20 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ContractId;
  21 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.EndpointGroupId;
  22 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.TenantId;
  23 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.Tenant;
  24 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.Contract;
  25 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.EndpointGroup;
  26
  27 import com.google.common.base.Optional;
  28 import com.google.common.collect.ImmutableSet;
  29
  30 /**
  31  * END 2 END TESTING - inputs are Neutron entities and expected outputs are GBP entities in
  32  * datastore
  33  */
  34
  35 public class NeutronSecurityRuleAwareDataStoreTest extends GbpDataBrokerTest {
  36
  37     @Test
  38     public final void testAddNeutronSecurityRule_rulesWithRemoteIpPrefix() throws Exception {
  39         String tenant = "ad4c6c25-2424-4ad3-97ee-f9691ce03645";
  40         String goldSecGrp = "fe40e28f-ad6a-4a2d-b12a-47510876344a";
  41         NeutronSecurityRule goldInIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
  42                 "166aedab-fdf5-4788-9e36-2b00b5f8722f", tenant, NeutronUtils.IPv4, NeutronUtils.INGRESS, goldSecGrp,
  43                 null);
  44         NeutronSecurityRule goldOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
  45                 "dabfd4da-af89-45dd-85f8-181768c1b4c9", tenant, NeutronUtils.IPv4, NeutronUtils.EGRESS, goldSecGrp,
  46                 null);
  47         String serverSecGrp = "71cf4fe5-b146-409e-8151-cd921298ce32";
  48         NeutronSecurityRule serverIn80Tcp10_1_1_0 = NeutronEntityFactory.securityRuleWithEtherType(
  49                 "9dbb533d-d9b2-4dc9-bae7-ee60c8df184d", tenant, NeutronUtils.IPv4, NeutronUtils.INGRESS, serverSecGrp,
  50                 null);
  51         serverIn80Tcp10_1_1_0.setSecurityRuleProtocol(NeutronUtils.TCP);
  52         serverIn80Tcp10_1_1_0.setSecurityRulePortMin(80);
  53         serverIn80Tcp10_1_1_0.setSecurityRulePortMax(80);
  54         serverIn80Tcp10_1_1_0.setSecurityRuleRemoteIpPrefix("10.1.1.0/24");
  55         NeutronSecurityRule serverInIp20_1_1_0 = NeutronEntityFactory.securityRuleWithEtherType(
  56                 "adf7e558-de47-4f9e-a9b8-96e19db5d1ac", tenant, NeutronUtils.IPv4, NeutronUtils.INGRESS, serverSecGrp,
  57                 null);
  58         serverInIp20_1_1_0.setSecurityRuleRemoteIpPrefix("20.1.1.0/24");
  59         NeutronSecurityRule serverOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
  60                 "8b9c48d3-44a8-46be-be35-6f3237d98071", tenant, NeutronUtils.IPv4, NeutronUtils.EGRESS, serverSecGrp,
  61                 null);
  62         DataBroker dataBroker = getDataBroker();
  63         SecRuleDao secRuleDao = new SecRuleDao();
  64         SecGroupDao secGroupDao = new SecGroupDao();
  65         secGroupDao.addSecGroup(NeutronEntityFactory.securityGroup(goldSecGrp, tenant));
  66         secGroupDao.addSecGroup(NeutronEntityFactory.securityGroup(serverSecGrp, tenant));
  67         NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker, secRuleDao, secGroupDao);
  68         ReadWriteTransaction rwTx = dataBroker.newReadWriteTransaction();
  69         ruleAware.addNeutronSecurityRule(goldInIpv4, rwTx);
  70         ruleAware.addNeutronSecurityRule(goldOutIpv4, rwTx);
  71         ruleAware.addNeutronSecurityRule(serverIn80Tcp10_1_1_0, rwTx);
  72         ruleAware.addNeutronSecurityRule(serverInIp20_1_1_0, rwTx);
  73         ruleAware.addNeutronSecurityRule(serverOutIpv4, rwTx);
  74         TenantId tenantId = new TenantId(tenant);
  75         Optional<Tenant> potentialTenant = rwTx.read(LogicalDatastoreType.CONFIGURATION, IidFactory.tenantIid(tenantId))
  76             .get();
  77         assertTrue(potentialTenant.isPresent());
  78         Optional<Contract> potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
  79                 IidFactory.contractIid(tenantId, new ContractId(goldInIpv4.getSecurityRuleUUID()))).get();
  80         assertTrue(potentialContract.isPresent());
  81         Contract contract = potentialContract.get();
  82         PolicyAssert.assertContract(contract, goldInIpv4);
  83         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
  84                 IidFactory.contractIid(tenantId, new ContractId(goldOutIpv4.getSecurityRuleUUID()))).get();
  85         assertTrue(potentialContract.isPresent());
  86         contract = potentialContract.get();
  87         PolicyAssert.assertContract(contract, goldOutIpv4);
  88         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
  89                 IidFactory.contractIid(tenantId, new ContractId(serverOutIpv4.getSecurityRuleUUID()))).get();
  90         assertTrue(potentialContract.isPresent());
  91         contract = potentialContract.get();
  92         PolicyAssert.assertContract(contract, serverOutIpv4);
  93         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
  94                 IidFactory.contractIid(tenantId, new ContractId(serverIn80Tcp10_1_1_0.getSecurityRuleUUID()))).get();
  95         assertTrue(potentialContract.isPresent());
  96         contract = potentialContract.get();
  97         PolicyAssert.assertContractWithEic(contract, serverIn80Tcp10_1_1_0);
  98         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
  99                 IidFactory.contractIid(tenantId, new ContractId(serverInIp20_1_1_0.getSecurityRuleUUID()))).get();
 100         assertTrue(potentialContract.isPresent());
 101         contract = potentialContract.get();
 102         PolicyAssert.assertContractWithEic(contract, serverInIp20_1_1_0);
 103         Optional<EndpointGroup> potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 104                 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(goldSecGrp))).get();
 105         assertTrue(potentialEpg.isPresent());
 106         EndpointGroup epg = potentialEpg.get();
 107         PolicyAssert.assertConsumerNamedSelectors(
 108                 epg,
 109                 ImmutableSet.of(new ContractId(goldInIpv4.getSecurityRuleUUID()),
 110                         new ContractId(goldOutIpv4.getSecurityRuleUUID()),
 111                         new ContractId(serverIn80Tcp10_1_1_0.getSecurityRuleUUID()),
 112                         new ContractId(serverInIp20_1_1_0.getSecurityRuleUUID()),
 113                         new ContractId(serverOutIpv4.getSecurityRuleUUID())));
 114         potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 115                 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(serverSecGrp))).get();
 116         assertTrue(potentialEpg.isPresent());
 117         epg = potentialEpg.get();
 118         PolicyAssert.assertConsumerNamedSelectors(epg, ImmutableSet.of(
 119                 new ContractId(serverIn80Tcp10_1_1_0.getSecurityRuleUUID()),
 120                 new ContractId(serverInIp20_1_1_0.getSecurityRuleUUID()),
 121                 new ContractId(goldInIpv4.getSecurityRuleUUID())));
 122     }
 123
 124     @Test
 125     public final void testAddAndDeleteNeutronSecurityRule() throws Exception {
 126         DataBroker dataBroker = getDataBroker();
 127         SecRuleDao secRuleDao = new SecRuleDao();
 128         SecGroupDao secGroupDao = new SecGroupDao();
 129         NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker, secRuleDao, secGroupDao);
 130
 131         final String tenantId = "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa";
 132         final String secGroupId1 = "bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb";
 133         final String secGroupId2 = "cccccccc-cccc-cccc-cccc-cccccccccccc";
 134         final String secRuleId1 = "dddddddd-dddd-dddd-dddd-dddddddddddd";
 135         final String secRuleId2 = "eeeeeeee-eeee-eeee-eeee-eeeeeeeeeeee";
 136
 137         NeutronSecurityRule secRule1 = NeutronEntityFactory.securityRuleWithEtherType(secRuleId1, tenantId,
 138                 NeutronUtils.IPv4, NeutronUtils.EGRESS, secGroupId1, secGroupId2);
 139         NeutronSecurityRule secRule2 = NeutronEntityFactory.securityRuleWithEtherType(secRuleId2, tenantId,
 140                 NeutronUtils.IPv4, NeutronUtils.INGRESS, secGroupId2, secGroupId1);
 141
 142         ruleAware.neutronSecurityRuleCreated(secRule1);
 143
 144         PolicyAssert.assertTenantExists(dataBroker, tenantId);
 145         PolicyAssert.assertContractExists(dataBroker, tenantId, secRuleId1);
 146         Optional<Contract> contract = ConfigDataStoreReader.readContract(dataBroker, tenantId, secRuleId1);
 147         PolicyAssert.assertContract(contract.get(), secRule1);
 148         PolicyAssert.assertContractCount(dataBroker, tenantId, 1);
 149         PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId1);
 150         Optional<EndpointGroup> epGroup1 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId1);
 151         PolicyAssert.assertProviderNamedSelectors(epGroup1.get(), ImmutableSet.of(new ContractId(secRuleId1)));
 152         PolicyAssert.assertNoConsumerNamedSelectors(dataBroker, tenantId, secGroupId1);
 153
 154         PolicyAssert.assertClassifierInstanceExists(dataBroker, secRule1);
 155         PolicyAssert.assertActionInstanceExists(dataBroker, tenantId, MappingUtils.ACTION_ALLOW.getName());
 156
 157         ruleAware.neutronSecurityRuleCreated(secRule2);
 158
 159         PolicyAssert.assertTenantExists(dataBroker, tenantId);
 160         PolicyAssert.assertContractExists(dataBroker, tenantId, secRuleId1);
 161         contract = ConfigDataStoreReader.readContract(dataBroker, tenantId, secRuleId1);
 162         PolicyAssert.assertContract(contract.get(), secRule1);
 163         PolicyAssert.assertContractCount(dataBroker, tenantId, 2);
 164         PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId1);
 165         epGroup1 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId1);
 166         PolicyAssert.assertProviderNamedSelectors(epGroup1.get(), ImmutableSet.of(new ContractId(secRuleId1)));
 167         PolicyAssert.assertConsumerNamedSelectors(epGroup1.get(), ImmutableSet.of(new ContractId(secRuleId2)));
 168
 169         PolicyAssert.assertContractExists(dataBroker, tenantId, secRuleId2);
 170         contract = ConfigDataStoreReader.readContract(dataBroker, tenantId, secRuleId2);
 171         PolicyAssert.assertContract(contract.get(), secRule2);
 172         PolicyAssert.assertContractCount(dataBroker, tenantId, 2);
 173         PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId2);
 174         Optional<EndpointGroup> epGroup2 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId2);
 175         PolicyAssert.assertProviderNamedSelectors(epGroup2.get(), ImmutableSet.of(new ContractId(secRuleId2)));
 176         PolicyAssert.assertConsumerNamedSelectors(epGroup2.get(), ImmutableSet.of(new ContractId(secRuleId1)));
 177
 178         ruleAware.neutronSecurityRuleDeleted(secRule2);
 179
 180         PolicyAssert.assertTenantExists(dataBroker, tenantId);
 181         PolicyAssert.assertContractExists(dataBroker, tenantId, secRuleId1);
 182         contract = ConfigDataStoreReader.readContract(dataBroker, tenantId, secRuleId1);
 183         PolicyAssert.assertContract(contract.get(), secRule1);
 184         PolicyAssert.assertContractCount(dataBroker, tenantId, 1);
 185         PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId1);
 186         epGroup1 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId1);
 187         PolicyAssert.assertProviderNamedSelectors(epGroup1.get(), ImmutableSet.of(new ContractId(secRuleId1)));
 188         PolicyAssert.assertNoConsumerNamedSelectors(dataBroker, tenantId, secGroupId1);
 189
 190         PolicyAssert.assertContractNotExists(dataBroker, tenantId, secRuleId2);
 191         PolicyAssert.assertContractCount(dataBroker, tenantId, 1);
 192         PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId2);
 193         epGroup2 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId2);
 194         PolicyAssert.assertNoProviderNamedSelectors(dataBroker, tenantId, secGroupId2);
 195         PolicyAssert.assertNoConsumerNamedSelectors(dataBroker, tenantId, secGroupId2);
 196
 197         PolicyAssert.assertClassifierInstanceExists(dataBroker, secRule1);
 198         PolicyAssert.assertActionInstanceExists(dataBroker, tenantId, MappingUtils.ACTION_ALLOW.getName());
 199
 200         ruleAware.neutronSecurityRuleDeleted(secRule1);
 201
 202         PolicyAssert.assertContractCount(dataBroker, tenantId, 0);
 203         PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId1);
 204         PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId2);
 205         PolicyAssert.assertNoProviderNamedSelectors(dataBroker, tenantId, secGroupId1);
 206         PolicyAssert.assertNoConsumerNamedSelectors(dataBroker, tenantId, secGroupId2);
 207
 208         PolicyAssert.assertClassifierInstanceNotExists(dataBroker, secRule1);
 209         // TODO: Uncomment this when the life cycle of the Allow ActionInstance will be clarified.
 210         // PolicyAssert.assertActionInstanceNotExists(dataBroker, tenantId,
 211         // MappingUtils.ACTION_ALLOW.getName());
 212     }
 213
 214     @Test
 215     public final void testAddNeutronSecurityRule_rulesWithoutRemote() throws Exception {
 216         String tenant = "ad4c6c25-2424-4ad3-97ee-f9691ce03645";
 217         String goldSecGrp = "fe40e28f-ad6a-4a2d-b12a-47510876344a";
 218         NeutronSecurityRule goldInIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
 219                 "166aedab-fdf5-4788-9e36-2b00b5f8722f", tenant, NeutronUtils.IPv4, NeutronUtils.INGRESS, goldSecGrp,
 220                 null);
 221         NeutronSecurityRule goldOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
 222                 "dabfd4da-af89-45dd-85f8-181768c1b4c9", tenant, NeutronUtils.IPv4, NeutronUtils.EGRESS, goldSecGrp,
 223                 null);
 224         String serverSecGrp = "71cf4fe5-b146-409e-8151-cd921298ce32";
 225         NeutronSecurityRule serverOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
 226                 "8b9c48d3-44a8-46be-be35-6f3237d98071", tenant, NeutronUtils.IPv4, NeutronUtils.EGRESS, serverSecGrp,
 227                 null);
 228         NeutronSecurityRule serverInIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
 229                 "adf7e558-de47-4f9e-a9b8-96e19db5d1ac", tenant, NeutronUtils.IPv4, NeutronUtils.INGRESS, serverSecGrp,
 230                 null);
 231         DataBroker dataBroker = getDataBroker();
 232         SecRuleDao secRuleDao = new SecRuleDao();
 233         SecGroupDao secGroupDao = new SecGroupDao();
 234         secGroupDao.addSecGroup(NeutronEntityFactory.securityGroup(goldSecGrp, tenant));
 235         secGroupDao.addSecGroup(NeutronEntityFactory.securityGroup(serverSecGrp, tenant));
 236         NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker, secRuleDao, secGroupDao);
 237         ReadWriteTransaction rwTx = dataBroker.newReadWriteTransaction();
 238         ruleAware.addNeutronSecurityRule(goldInIpv4, rwTx);
 239         ruleAware.addNeutronSecurityRule(goldOutIpv4, rwTx);
 240         ruleAware.addNeutronSecurityRule(serverOutIpv4, rwTx);
 241         ruleAware.addNeutronSecurityRule(serverInIpv4, rwTx);
 242         TenantId tenantId = new TenantId(tenant);
 243         Optional<Contract> potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 244                 IidFactory.contractIid(tenantId, new ContractId(goldInIpv4.getSecurityRuleUUID()))).get();
 245         assertTrue(potentialContract.isPresent());
 246         Contract contract = potentialContract.get();
 247         PolicyAssert.assertContract(contract, goldInIpv4);
 248         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 249                 IidFactory.contractIid(tenantId, new ContractId(goldOutIpv4.getSecurityRuleUUID()))).get();
 250         assertTrue(potentialContract.isPresent());
 251         contract = potentialContract.get();
 252         PolicyAssert.assertContract(contract, goldOutIpv4);
 253         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 254                 IidFactory.contractIid(tenantId, new ContractId(serverOutIpv4.getSecurityRuleUUID()))).get();
 255         assertTrue(potentialContract.isPresent());
 256         contract = potentialContract.get();
 257         PolicyAssert.assertContract(contract, serverOutIpv4);
 258         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 259                 IidFactory.contractIid(tenantId, new ContractId(serverInIpv4.getSecurityRuleUUID()))).get();
 260         assertTrue(potentialContract.isPresent());
 261         contract = potentialContract.get();
 262         PolicyAssert.assertContract(contract, serverInIpv4);
 263         Optional<EndpointGroup> potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 264                 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(goldSecGrp))).get();
 265         assertTrue(potentialEpg.isPresent());
 266         EndpointGroup epg = potentialEpg.get();
 267         PolicyAssert.assertConsumerNamedSelectors(
 268                 epg,
 269                 ImmutableSet.of(new ContractId(goldInIpv4.getSecurityRuleUUID()),
 270                         new ContractId(goldOutIpv4.getSecurityRuleUUID()),
 271                         new ContractId(serverOutIpv4.getSecurityRuleUUID()),
 272                         new ContractId(serverInIpv4.getSecurityRuleUUID())));
 273         potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 274                 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(serverSecGrp))).get();
 275         assertTrue(potentialEpg.isPresent());
 276         PolicyAssert.assertConsumerNamedSelectors(
 277                 epg,
 278                 ImmutableSet.of(new ContractId(goldInIpv4.getSecurityRuleUUID()),
 279                         new ContractId(goldOutIpv4.getSecurityRuleUUID()),
 280                         new ContractId(serverOutIpv4.getSecurityRuleUUID()),
 281                         new ContractId(serverInIpv4.getSecurityRuleUUID())));
 282     }
 283
 284     @Test
 285     public final void testAddNeutronSecurityRule_asymmetricRulesWithoutRemote() throws Exception {
 286         String tenant = "ad4c6c25-2424-4ad3-97ee-f9691ce03645";
 287         String goldSecGrp = "fe40e28f-ad6a-4a2d-b12a-47510876344a";
 288         NeutronSecurityRule goldInIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
 289                 "166aedab-fdf5-4788-9e36-2b00b5f8722f", tenant, NeutronUtils.IPv4, NeutronUtils.INGRESS, goldSecGrp,
 290                 null);
 291         NeutronSecurityRule goldOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
 292                 "dabfd4da-af89-45dd-85f8-181768c1b4c9", tenant, NeutronUtils.IPv4, NeutronUtils.EGRESS, goldSecGrp,
 293                 null);
 294         String serverSecGrp = "71cf4fe5-b146-409e-8151-cd921298ce32";
 295         NeutronSecurityRule serverOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
 296                 "8b9c48d3-44a8-46be-be35-6f3237d98071", tenant, NeutronUtils.IPv4, NeutronUtils.EGRESS, serverSecGrp,
 297                 null);
 298         NeutronSecurityRule serverIn80TcpIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
 299                 "adf7e558-de47-4f9e-a9b8-96e19db5d1ac", tenant, NeutronUtils.IPv4, NeutronUtils.INGRESS, serverSecGrp,
 300                 null);
 301         serverIn80TcpIpv4.setSecurityRuleProtocol(NeutronUtils.TCP);
 302         serverIn80TcpIpv4.setSecurityRulePortMin(80);
 303         serverIn80TcpIpv4.setSecurityRulePortMax(80);
 304         DataBroker dataBroker = getDataBroker();
 305         SecRuleDao secRuleDao = new SecRuleDao();
 306         SecGroupDao secGroupDao = new SecGroupDao();
 307         secGroupDao.addSecGroup(NeutronEntityFactory.securityGroup(goldSecGrp, tenant));
 308         secGroupDao.addSecGroup(NeutronEntityFactory.securityGroup(serverSecGrp, tenant));
 309         NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker, secRuleDao, secGroupDao);
 310         ReadWriteTransaction rwTx = dataBroker.newReadWriteTransaction();
 311         ruleAware.addNeutronSecurityRule(goldInIpv4, rwTx);
 312         ruleAware.addNeutronSecurityRule(goldOutIpv4, rwTx);
 313         ruleAware.addNeutronSecurityRule(serverOutIpv4, rwTx);
 314         ruleAware.addNeutronSecurityRule(serverIn80TcpIpv4, rwTx);
 315         TenantId tenantId = new TenantId(tenant);
 316         Optional<Contract> potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 317                 IidFactory.contractIid(tenantId, new ContractId(goldInIpv4.getSecurityRuleUUID()))).get();
 318         assertTrue(potentialContract.isPresent());
 319         Contract contract = potentialContract.get();
 320         PolicyAssert.assertContract(contract, goldInIpv4);
 321         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 322                 IidFactory.contractIid(tenantId, new ContractId(goldOutIpv4.getSecurityRuleUUID()))).get();
 323         assertTrue(potentialContract.isPresent());
 324         contract = potentialContract.get();
 325         PolicyAssert.assertContract(contract, goldOutIpv4);
 326         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 327                 IidFactory.contractIid(tenantId, new ContractId(serverOutIpv4.getSecurityRuleUUID()))).get();
 328         assertTrue(potentialContract.isPresent());
 329         contract = potentialContract.get();
 330         PolicyAssert.assertContract(contract, serverOutIpv4);
 331         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 332                 IidFactory.contractIid(tenantId, new ContractId(serverIn80TcpIpv4.getSecurityRuleUUID()))).get();
 333         assertTrue(potentialContract.isPresent());
 334         contract = potentialContract.get();
 335         PolicyAssert.assertContract(contract, serverIn80TcpIpv4);
 336         Optional<EndpointGroup> potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 337                 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(goldSecGrp))).get();
 338         assertTrue(potentialEpg.isPresent());
 339         EndpointGroup epg = potentialEpg.get();
 340         PolicyAssert.assertConsumerNamedSelectors(
 341                 epg,
 342                 ImmutableSet.of(new ContractId(goldInIpv4.getSecurityRuleUUID()),
 343                         new ContractId(goldOutIpv4.getSecurityRuleUUID()),
 344                         new ContractId(serverOutIpv4.getSecurityRuleUUID()),
 345                         new ContractId(serverIn80TcpIpv4.getSecurityRuleUUID())));
 346         potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 347                 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(serverSecGrp))).get();
 348         assertTrue(potentialEpg.isPresent());
 349         epg = potentialEpg.get();
 350         PolicyAssert.assertConsumerNamedSelectors(
 351                 epg,
 352                 ImmutableSet.of(new ContractId(goldInIpv4.getSecurityRuleUUID()),
 353                         new ContractId(serverIn80TcpIpv4.getSecurityRuleUUID())));
 354     }
 355
 356     @Test
 357     public final void testAddNeutronSecurityRule_defaultSecGrp() throws Exception {
 358         String tenant = "111aaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa";
 359         String defaultSecGrp = "111fffff-ffff-ffff-ffff-ffffffffffff";
 360         NeutronSecurityRule defaultInIpv4Default = NeutronEntityFactory.securityRuleWithEtherType(
 361                 "111ccccc-111c-cccc-cccc-cccccccccccc", tenant, NeutronUtils.IPv4, NeutronUtils.INGRESS, defaultSecGrp,
 362                 defaultSecGrp);
 363         NeutronSecurityRule defaultInIpv6Default = NeutronEntityFactory.securityRuleWithEtherType(
 364                 "222ccccc-111c-cccc-cccc-cccccccccccc", tenant, NeutronUtils.IPv6, NeutronUtils.INGRESS, defaultSecGrp,
 365                 defaultSecGrp);
 366         NeutronSecurityRule defaultOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
 367                 "333ccccc-111c-cccc-cccc-cccccccccccc", tenant, NeutronUtils.IPv4, NeutronUtils.EGRESS, defaultSecGrp,
 368                 null);
 369         NeutronSecurityRule defaultOutIpv6 = NeutronEntityFactory.securityRuleWithEtherType(
 370                 "444ccccc-111c-cccc-cccc-cccccccccccc", tenant, NeutronUtils.IPv6, NeutronUtils.EGRESS, defaultSecGrp,
 371                 null);
 372         DataBroker dataBroker = getDataBroker();
 373         SecRuleDao secRuleDao = new SecRuleDao();
 374         SecGroupDao secGroupDao = new SecGroupDao();
 375         secGroupDao.addSecGroup(NeutronEntityFactory.securityGroup(defaultSecGrp, tenant));
 376         NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker, secRuleDao, secGroupDao);
 377         ReadWriteTransaction rwTx = dataBroker.newReadWriteTransaction();
 378         ruleAware.addNeutronSecurityRule(defaultInIpv4Default, rwTx);
 379         ruleAware.addNeutronSecurityRule(defaultInIpv6Default, rwTx);
 380         ruleAware.addNeutronSecurityRule(defaultOutIpv4, rwTx);
 381         ruleAware.addNeutronSecurityRule(defaultOutIpv6, rwTx);
 382         TenantId tenantId = new TenantId(tenant);
 383         Optional<Contract> potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 384                 IidFactory.contractIid(tenantId, new ContractId(defaultInIpv4Default.getSecurityRuleUUID()))).get();
 385         assertTrue(potentialContract.isPresent());
 386         Contract contract = potentialContract.get();
 387         PolicyAssert.assertContract(contract, defaultInIpv4Default);
 388         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 389                 IidFactory.contractIid(tenantId, new ContractId(defaultInIpv6Default.getSecurityRuleUUID()))).get();
 390         assertTrue(potentialContract.isPresent());
 391         contract = potentialContract.get();
 392         PolicyAssert.assertContract(contract, defaultInIpv6Default);
 393         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 394                 IidFactory.contractIid(tenantId, new ContractId(defaultOutIpv4.getSecurityRuleUUID()))).get();
 395         assertTrue(potentialContract.isPresent());
 396         contract = potentialContract.get();
 397         PolicyAssert.assertContract(contract, defaultOutIpv4);
 398         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 399                 IidFactory.contractIid(tenantId, new ContractId(defaultOutIpv6.getSecurityRuleUUID()))).get();
 400         assertTrue(potentialContract.isPresent());
 401         contract = potentialContract.get();
 402         PolicyAssert.assertContract(contract, defaultOutIpv6);
 403     }
 404
 405     @Test
 406     public void testConstructor_invalidArgument() throws Exception {
 407         DataBroker dataBroker = getDataBroker();
 408         SecRuleDao secRuleDao = new SecRuleDao();
 409         SecGroupDao secGroupDao = new SecGroupDao();
 410         assertExceptionInConstructor(null, secRuleDao, secGroupDao);
 411         assertExceptionInConstructor(dataBroker, null, secGroupDao);
 412         assertExceptionInConstructor(dataBroker, secRuleDao, null);
 413         assertExceptionInConstructor(null, null, null);
 414     }
 415
 416     private void assertExceptionInConstructor(DataBroker dataBroker, SecRuleDao secRuleDao, SecGroupDao secGroupDao) {
 417         try {
 418             new NeutronSecurityRuleAware(dataBroker, secRuleDao, secGroupDao);
 419             fail(NullPointerException.class.getName() + " expected");
 420         } catch (NullPointerException ex) {
 421             // do nothing
 422         }
 423     }
 424 }