neutron-mapper/src/test/java/org/opendaylight/groupbasedpolicy/neutron/mapper/mapping/rule/NeutronSecurityRuleAwareDataStoreTest.java

   1 package org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.rule;
   2
   3 import static org.junit.Assert.assertTrue;
   4 import static org.junit.Assert.fail;
   5
   6 import java.util.ArrayList;
   7 import java.util.List;
   8
   9 import org.junit.Test;
  10 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
  11 import org.opendaylight.controller.md.sal.binding.api.ReadWriteTransaction;
  12 import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
  13 import org.opendaylight.groupbasedpolicy.neutron.mapper.test.ConfigDataStoreReader;
  14 import org.opendaylight.groupbasedpolicy.neutron.mapper.test.NeutronMapperDataBrokerTest;
  15 import org.opendaylight.groupbasedpolicy.neutron.mapper.test.NeutronEntityFactory;
  16 import org.opendaylight.groupbasedpolicy.neutron.mapper.test.PolicyAssert;
  17 import org.opendaylight.groupbasedpolicy.neutron.mapper.util.MappingUtils;
  18 import org.opendaylight.groupbasedpolicy.util.IidFactory;
  19 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev100924.IpPrefix;
  20 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev100924.Ipv4Prefix;
  21 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.Uuid;
  22 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ContractId;
  23 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.EndpointGroupId;
  24 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.TenantId;
  25 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.Tenant;
  26 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.Contract;
  27 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.EndpointGroup;
  28 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.constants.rev150712.DirectionEgress;
  29 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.constants.rev150712.DirectionIngress;
  30 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.constants.rev150712.EthertypeV4;
  31 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.constants.rev150712.ProtocolTcp;
  32 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.rev150712.Neutron;
  33 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.rev150712.NeutronBuilder;
  34 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.secgroups.rev150712.security.groups.attributes.SecurityGroupsBuilder;
  35 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.secgroups.rev150712.security.groups.attributes.security.groups.SecurityGroup;
  36 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.secgroups.rev150712.security.rules.attributes.SecurityRulesBuilder;
  37 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.secgroups.rev150712.security.rules.attributes.security.rules.SecurityRule;
  38 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.secgroups.rev150712.security.rules.attributes.security.rules.SecurityRuleBuilder;
  39
  40 import com.google.common.base.Optional;
  41 import com.google.common.collect.ImmutableList;
  42 import com.google.common.collect.ImmutableSet;
  43
  44 /**
  45  * END 2 END TESTING - inputs are Neutron entities and expected outputs are GBP entities in
  46  * datastore
  47  */
  48
  49 public class NeutronSecurityRuleAwareDataStoreTest extends NeutronMapperDataBrokerTest {
  50
  51     @Test
  52     public final void testAddNeutronSecurityRule_rulesWithRemoteIpPrefix() throws Exception {
  53         String tenant = "ad4c6c25-2424-4ad3-97ee-f9691ce03645";
  54         String goldSecGrp = "fe40e28f-ad6a-4a2d-b12a-47510876344a";
  55         SecurityRule goldInIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
  56                 "166aedab-fdf5-4788-9e36-2b00b5f8722f", tenant, EthertypeV4.class, DirectionIngress.class, goldSecGrp,
  57                 null);
  58         SecurityRule goldOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
  59                 "dabfd4da-af89-45dd-85f8-181768c1b4c9", tenant, EthertypeV4.class, DirectionEgress.class, goldSecGrp,
  60                 null);
  61         String serverSecGrp = "71cf4fe5-b146-409e-8151-cd921298ce32";
  62         SecurityRule serverIn80Tcp10_1_1_0 = new SecurityRuleBuilder().setId(new Uuid("9dbb533d-d9b2-4dc9-bae7-ee60c8df184d"))
  63                 .setTenantId(new Uuid(tenant))
  64                 .setEthertype(EthertypeV4.class)
  65                 .setProtocol(ProtocolTcp.class)
  66                 .setPortRangeMin(80)
  67                 .setPortRangeMax(80)
  68                 .setDirection(DirectionIngress.class)
  69                 .setSecurityGroupId(new Uuid(serverSecGrp))
  70                 .setRemoteIpPrefix(new IpPrefix(new Ipv4Prefix("10.1.1.0/24")))
  71                 .build();
  72         SecurityRule serverInIp20_1_1_0 = new SecurityRuleBuilder().setId(new Uuid("adf7e558-de47-4f9e-a9b8-96e19db5d1ac"))
  73                 .setTenantId(new Uuid(tenant))
  74                 .setEthertype(EthertypeV4.class)
  75                 .setDirection(DirectionIngress.class)
  76                 .setSecurityGroupId(new Uuid(serverSecGrp))
  77                 .setRemoteIpPrefix(new IpPrefix(new Ipv4Prefix("20.1.1.0/24")))
  78                 .build();
  79         SecurityRule serverOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
  80                 "8b9c48d3-44a8-46be-be35-6f3237d98071", tenant, EthertypeV4.class, DirectionEgress.class, serverSecGrp,
  81                 null);
  82         DataBroker dataBroker = getDataBroker();
  83         List<SecurityGroup> secGroups = new ArrayList<>();
  84         secGroups.add(NeutronEntityFactory.securityGroup(goldSecGrp, tenant));
  85         secGroups.add(NeutronEntityFactory.securityGroup(serverSecGrp, tenant));
  86         Neutron neutron = new NeutronBuilder()
  87             .setSecurityGroups(new SecurityGroupsBuilder().setSecurityGroup(secGroups).build())
  88             .setSecurityRules(new SecurityRulesBuilder().setSecurityRule(
  89                     ImmutableList.of(goldInIpv4, goldOutIpv4, serverIn80Tcp10_1_1_0, serverInIp20_1_1_0, serverOutIpv4))
  90                 .build())
  91             .build();
  92         NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker);
  93         ReadWriteTransaction rwTx = dataBroker.newReadWriteTransaction();
  94         ruleAware.addNeutronSecurityRule(goldInIpv4, neutron, rwTx);
  95         ruleAware.addNeutronSecurityRule(goldOutIpv4, neutron, rwTx);
  96         ruleAware.addNeutronSecurityRule(serverIn80Tcp10_1_1_0, neutron, rwTx);
  97         ruleAware.addNeutronSecurityRule(serverInIp20_1_1_0, neutron, rwTx);
  98         ruleAware.addNeutronSecurityRule(serverOutIpv4, neutron, rwTx);
  99         TenantId tenantId = new TenantId(tenant);
 100         Optional<Tenant> potentialTenant = rwTx.read(LogicalDatastoreType.CONFIGURATION, IidFactory.tenantIid(tenantId))
 101             .get();
 102         assertTrue(potentialTenant.isPresent());
 103         Optional<Contract> potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 104                 IidFactory.contractIid(tenantId, new ContractId(goldInIpv4.getId().getValue()))).get();
 105         assertTrue(potentialContract.isPresent());
 106         Contract contract = potentialContract.get();
 107         PolicyAssert.assertContract(contract, goldInIpv4);
 108         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 109                 IidFactory.contractIid(tenantId, new ContractId(goldOutIpv4.getId().getValue()))).get();
 110         assertTrue(potentialContract.isPresent());
 111         contract = potentialContract.get();
 112         PolicyAssert.assertContract(contract, goldOutIpv4);
 113         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 114                 IidFactory.contractIid(tenantId, new ContractId(serverOutIpv4.getId().getValue()))).get();
 115         assertTrue(potentialContract.isPresent());
 116         contract = potentialContract.get();
 117         PolicyAssert.assertContract(contract, serverOutIpv4);
 118         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 119                 IidFactory.contractIid(tenantId, new ContractId(serverIn80Tcp10_1_1_0.getId().getValue()))).get();
 120         assertTrue(potentialContract.isPresent());
 121         contract = potentialContract.get();
 122         PolicyAssert.assertContractWithEic(contract, serverIn80Tcp10_1_1_0);
 123         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 124                 IidFactory.contractIid(tenantId, new ContractId(serverInIp20_1_1_0.getId().getValue()))).get();
 125         assertTrue(potentialContract.isPresent());
 126         contract = potentialContract.get();
 127         PolicyAssert.assertContractWithEic(contract, serverInIp20_1_1_0);
 128         Optional<EndpointGroup> potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 129                 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(goldSecGrp))).get();
 130         assertTrue(potentialEpg.isPresent());
 131         EndpointGroup epg = potentialEpg.get();
 132         PolicyAssert.assertConsumerNamedSelectors(
 133                 epg,
 134                 ImmutableSet.of(new ContractId(goldInIpv4.getId().getValue()),
 135                         new ContractId(goldOutIpv4.getId().getValue()),
 136                         new ContractId(serverIn80Tcp10_1_1_0.getId().getValue()),
 137                         new ContractId(serverInIp20_1_1_0.getId().getValue()),
 138                         new ContractId(serverOutIpv4.getId().getValue())));
 139         potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 140                 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(serverSecGrp))).get();
 141         assertTrue(potentialEpg.isPresent());
 142         epg = potentialEpg.get();
 143         PolicyAssert.assertConsumerNamedSelectors(epg, ImmutableSet.of(
 144                 new ContractId(serverIn80Tcp10_1_1_0.getId().getValue()),
 145                 new ContractId(serverInIp20_1_1_0.getId().getValue()),
 146                 new ContractId(goldInIpv4.getId().getValue())));
 147     }
 148
 149     @Test
 150     public final void testAddAndDeleteNeutronSecurityRule() throws Exception {
 151         DataBroker dataBroker = getDataBroker();
 152         NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker);
 153
 154         final String tenantId = "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa";
 155         final String secGroupId1 = "bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb";
 156         final String secGroupId2 = "cccccccc-cccc-cccc-cccc-cccccccccccc";
 157         final String secRuleId1 = "dddddddd-dddd-dddd-dddd-dddddddddddd";
 158         final String secRuleId2 = "eeeeeeee-eeee-eeee-eeee-eeeeeeeeeeee";
 159
 160         List<SecurityGroup> secGroups = new ArrayList<>();
 161         secGroups.add(NeutronEntityFactory.securityGroup(secGroupId1, tenantId));
 162         secGroups.add(NeutronEntityFactory.securityGroup(secGroupId2, tenantId));
 163         SecurityRule secRule1 = NeutronEntityFactory.securityRuleWithEtherType(secRuleId1, tenantId,
 164                 EthertypeV4.class, DirectionEgress.class, secGroupId1, secGroupId2);
 165         SecurityRule secRule2 = NeutronEntityFactory.securityRuleWithEtherType(secRuleId2, tenantId,
 166                 EthertypeV4.class, DirectionIngress.class, secGroupId2, secGroupId1);
 167         NeutronBuilder neutronBuilder = new NeutronBuilder()
 168             .setSecurityGroups(new SecurityGroupsBuilder().setSecurityGroup(secGroups).build())
 169             .setSecurityRules(new SecurityRulesBuilder()
 170                     .setSecurityRule(ImmutableList.of(secRule1)).build());
 171
 172         ruleAware.onCreated(secRule1, neutronBuilder.build());
 173
 174         PolicyAssert.assertTenantExists(dataBroker, tenantId);
 175         PolicyAssert.assertContractExists(dataBroker, tenantId, secRuleId1);
 176         Optional<Contract> contract = ConfigDataStoreReader.readContract(dataBroker, tenantId, secRuleId1);
 177         PolicyAssert.assertContract(contract.get(), secRule1);
 178         PolicyAssert.assertContractCount(dataBroker, tenantId, 1);
 179         PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId1);
 180         Optional<EndpointGroup> epGroup1 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId1);
 181         PolicyAssert.assertProviderNamedSelectors(epGroup1.get(), ImmutableSet.of(new ContractId(secRuleId1)));
 182         PolicyAssert.assertNoConsumerNamedSelectors(dataBroker, tenantId, secGroupId1);
 183
 184         PolicyAssert.assertClassifierInstanceExists(dataBroker, secRule1);
 185         PolicyAssert.assertActionInstanceExists(dataBroker, tenantId, MappingUtils.ACTION_ALLOW.getName());
 186
 187         neutronBuilder.setSecurityRules(new SecurityRulesBuilder()
 188                 .setSecurityRule(ImmutableList.of(secRule1, secRule2)).build());
 189
 190         ruleAware.onCreated(secRule2, neutronBuilder.build());
 191
 192         PolicyAssert.assertTenantExists(dataBroker, tenantId);
 193         PolicyAssert.assertContractExists(dataBroker, tenantId, secRuleId1);
 194         contract = ConfigDataStoreReader.readContract(dataBroker, tenantId, secRuleId1);
 195         PolicyAssert.assertContract(contract.get(), secRule1);
 196         PolicyAssert.assertContractCount(dataBroker, tenantId, 2);
 197         PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId1);
 198         epGroup1 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId1);
 199         PolicyAssert.assertProviderNamedSelectors(epGroup1.get(), ImmutableSet.of(new ContractId(secRuleId1)));
 200         PolicyAssert.assertConsumerNamedSelectors(epGroup1.get(), ImmutableSet.of(new ContractId(secRuleId2)));
 201
 202         PolicyAssert.assertContractExists(dataBroker, tenantId, secRuleId2);
 203         contract = ConfigDataStoreReader.readContract(dataBroker, tenantId, secRuleId2);
 204         PolicyAssert.assertContract(contract.get(), secRule2);
 205         PolicyAssert.assertContractCount(dataBroker, tenantId, 2);
 206         PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId2);
 207         Optional<EndpointGroup> epGroup2 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId2);
 208         PolicyAssert.assertProviderNamedSelectors(epGroup2.get(), ImmutableSet.of(new ContractId(secRuleId2)));
 209         PolicyAssert.assertConsumerNamedSelectors(epGroup2.get(), ImmutableSet.of(new ContractId(secRuleId1)));
 210
 211         ruleAware.onDeleted(secRule2, neutronBuilder.build(), null);
 212
 213         PolicyAssert.assertTenantExists(dataBroker, tenantId);
 214         PolicyAssert.assertContractExists(dataBroker, tenantId, secRuleId1);
 215         contract = ConfigDataStoreReader.readContract(dataBroker, tenantId, secRuleId1);
 216         PolicyAssert.assertContract(contract.get(), secRule1);
 217         PolicyAssert.assertContractCount(dataBroker, tenantId, 1);
 218         PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId1);
 219         epGroup1 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId1);
 220         PolicyAssert.assertProviderNamedSelectors(epGroup1.get(), ImmutableSet.of(new ContractId(secRuleId1)));
 221         PolicyAssert.assertNoConsumerNamedSelectors(dataBroker, tenantId, secGroupId1);
 222
 223         PolicyAssert.assertContractNotExists(dataBroker, tenantId, secRuleId2);
 224         PolicyAssert.assertContractCount(dataBroker, tenantId, 1);
 225         PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId2);
 226         epGroup2 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId2);
 227         PolicyAssert.assertNoProviderNamedSelectors(dataBroker, tenantId, secGroupId2);
 228         PolicyAssert.assertNoConsumerNamedSelectors(dataBroker, tenantId, secGroupId2);
 229
 230         PolicyAssert.assertClassifierInstanceExists(dataBroker, secRule1);
 231         PolicyAssert.assertActionInstanceExists(dataBroker, tenantId, MappingUtils.ACTION_ALLOW.getName());
 232
 233         neutronBuilder.setSecurityRules(new SecurityRulesBuilder()
 234                 .setSecurityRule(ImmutableList.of(secRule1)).build());
 235
 236         ruleAware.onDeleted(secRule1, neutronBuilder.build(), null);
 237
 238         PolicyAssert.assertContractCount(dataBroker, tenantId, 0);
 239         PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId1);
 240         PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId2);
 241         PolicyAssert.assertNoProviderNamedSelectors(dataBroker, tenantId, secGroupId1);
 242         PolicyAssert.assertNoConsumerNamedSelectors(dataBroker, tenantId, secGroupId2);
 243
 244         PolicyAssert.assertClassifierInstanceNotExists(dataBroker, secRule1);
 245         // TODO: Uncomment this when the life cycle of the Allow ActionInstance will be clarified.
 246         // PolicyAssert.assertActionInstanceNotExists(dataBroker, tenantId,
 247         // MappingUtils.ACTION_ALLOW.getName());
 248     }
 249
 250     @Test
 251     public final void testAddNeutronSecurityRule_rulesWithoutRemote() throws Exception {
 252         String tenant = "ad4c6c25-2424-4ad3-97ee-f9691ce03645";
 253         String goldSecGrp = "fe40e28f-ad6a-4a2d-b12a-47510876344a";
 254         SecurityRule goldInIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
 255                 "166aedab-fdf5-4788-9e36-2b00b5f8722f", tenant, EthertypeV4.class, DirectionIngress.class, goldSecGrp,
 256                 null);
 257         SecurityRule goldOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
 258                 "dabfd4da-af89-45dd-85f8-181768c1b4c9", tenant, EthertypeV4.class, DirectionEgress.class, goldSecGrp,
 259                 null);
 260         String serverSecGrp = "71cf4fe5-b146-409e-8151-cd921298ce32";
 261         SecurityRule serverOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
 262                 "8b9c48d3-44a8-46be-be35-6f3237d98071", tenant, EthertypeV4.class, DirectionEgress.class, serverSecGrp,
 263                 null);
 264         SecurityRule serverInIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
 265                 "adf7e558-de47-4f9e-a9b8-96e19db5d1ac", tenant, EthertypeV4.class, DirectionIngress.class, serverSecGrp,
 266                 null);
 267         DataBroker dataBroker = getDataBroker();
 268         List<SecurityGroup> secGroups = new ArrayList<>();
 269         secGroups.add(NeutronEntityFactory.securityGroup(goldSecGrp, tenant));
 270         secGroups.add(NeutronEntityFactory.securityGroup(serverSecGrp, tenant));
 271         Neutron neutron = new NeutronBuilder()
 272             .setSecurityGroups(new SecurityGroupsBuilder().setSecurityGroup(secGroups).build())
 273             .setSecurityRules(new SecurityRulesBuilder()
 274                     .setSecurityRule(ImmutableList.of(goldInIpv4, goldOutIpv4, serverOutIpv4, serverInIpv4)).build())
 275             .build();
 276         NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker);
 277         ReadWriteTransaction rwTx = dataBroker.newReadWriteTransaction();
 278         ruleAware.addNeutronSecurityRule(goldInIpv4, neutron, rwTx);
 279         ruleAware.addNeutronSecurityRule(goldOutIpv4, neutron, rwTx);
 280         ruleAware.addNeutronSecurityRule(serverOutIpv4, neutron, rwTx);
 281         ruleAware.addNeutronSecurityRule(serverInIpv4, neutron, rwTx);
 282         TenantId tenantId = new TenantId(tenant);
 283         Optional<Contract> potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 284                 IidFactory.contractIid(tenantId, new ContractId(goldInIpv4.getId().getValue()))).get();
 285         assertTrue(potentialContract.isPresent());
 286         Contract contract = potentialContract.get();
 287         PolicyAssert.assertContract(contract, goldInIpv4);
 288         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 289                 IidFactory.contractIid(tenantId, new ContractId(goldOutIpv4.getId().getValue()))).get();
 290         assertTrue(potentialContract.isPresent());
 291         contract = potentialContract.get();
 292         PolicyAssert.assertContract(contract, goldOutIpv4);
 293         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 294                 IidFactory.contractIid(tenantId, new ContractId(serverOutIpv4.getId().getValue()))).get();
 295         assertTrue(potentialContract.isPresent());
 296         contract = potentialContract.get();
 297         PolicyAssert.assertContract(contract, serverOutIpv4);
 298         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 299                 IidFactory.contractIid(tenantId, new ContractId(serverInIpv4.getId().getValue()))).get();
 300         assertTrue(potentialContract.isPresent());
 301         contract = potentialContract.get();
 302         PolicyAssert.assertContract(contract, serverInIpv4);
 303         Optional<EndpointGroup> potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 304                 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(goldSecGrp))).get();
 305         assertTrue(potentialEpg.isPresent());
 306         EndpointGroup epg = potentialEpg.get();
 307         PolicyAssert.assertConsumerNamedSelectors(
 308                 epg,
 309                 ImmutableSet.of(new ContractId(goldInIpv4.getId().getValue()),
 310                         new ContractId(goldOutIpv4.getId().getValue()),
 311                         new ContractId(serverOutIpv4.getId().getValue()),
 312                         new ContractId(serverInIpv4.getId().getValue())));
 313         potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 314                 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(serverSecGrp))).get();
 315         assertTrue(potentialEpg.isPresent());
 316         PolicyAssert.assertConsumerNamedSelectors(
 317                 epg,
 318                 ImmutableSet.of(new ContractId(goldInIpv4.getId().getValue()),
 319                         new ContractId(goldOutIpv4.getId().getValue()),
 320                         new ContractId(serverOutIpv4.getId().getValue()),
 321                         new ContractId(serverInIpv4.getId().getValue())));
 322     }
 323
 324     @Test
 325     public final void testAddNeutronSecurityRule_asymmetricRulesWithoutRemote() throws Exception {
 326         String tenant = "ad4c6c25-2424-4ad3-97ee-f9691ce03645";
 327         String goldSecGrp = "fe40e28f-ad6a-4a2d-b12a-47510876344a";
 328         SecurityRule goldInIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
 329                 "166aedab-fdf5-4788-9e36-2b00b5f8722f", tenant, EthertypeV4.class, DirectionIngress.class, goldSecGrp,
 330                 null);
 331         SecurityRule goldOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
 332                 "dabfd4da-af89-45dd-85f8-181768c1b4c9", tenant, EthertypeV4.class, DirectionEgress.class, goldSecGrp,
 333                 null);
 334         String serverSecGrp = "71cf4fe5-b146-409e-8151-cd921298ce32";
 335         SecurityRule serverOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
 336                 "8b9c48d3-44a8-46be-be35-6f3237d98071", tenant, EthertypeV4.class, DirectionEgress.class, serverSecGrp,
 337                 null);
 338         SecurityRule serverIn80TcpIpv4 = new SecurityRuleBuilder().setId(new Uuid("adf7e558-de47-4f9e-a9b8-96e19db5d1ac"))
 339                 .setTenantId(new Uuid(tenant))
 340                 .setEthertype(EthertypeV4.class)
 341                 .setProtocol(ProtocolTcp.class)
 342                 .setPortRangeMin(80)
 343                 .setPortRangeMax(80)
 344                 .setDirection(DirectionIngress.class)
 345                 .setSecurityGroupId(new Uuid(serverSecGrp))
 346                 .build();
 347         DataBroker dataBroker = getDataBroker();
 348         List<SecurityGroup> secGroups = new ArrayList<>();
 349         secGroups.add(NeutronEntityFactory.securityGroup(goldSecGrp, tenant));
 350         secGroups.add(NeutronEntityFactory.securityGroup(serverSecGrp, tenant));
 351         Neutron neutron = new NeutronBuilder()
 352             .setSecurityGroups(new SecurityGroupsBuilder().setSecurityGroup(secGroups).build())
 353             .setSecurityRules(new SecurityRulesBuilder()
 354                 .setSecurityRule(ImmutableList.of(goldInIpv4, goldOutIpv4, serverOutIpv4, serverIn80TcpIpv4)).build())
 355             .build();
 356         NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker);
 357         ReadWriteTransaction rwTx = dataBroker.newReadWriteTransaction();
 358         ruleAware.addNeutronSecurityRule(goldInIpv4, neutron, rwTx);
 359         ruleAware.addNeutronSecurityRule(goldOutIpv4, neutron, rwTx);
 360         ruleAware.addNeutronSecurityRule(serverOutIpv4, neutron, rwTx);
 361         ruleAware.addNeutronSecurityRule(serverIn80TcpIpv4, neutron, rwTx);
 362         TenantId tenantId = new TenantId(tenant);
 363         Optional<Contract> potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 364                 IidFactory.contractIid(tenantId, new ContractId(goldInIpv4.getId().getValue()))).get();
 365         assertTrue(potentialContract.isPresent());
 366         Contract contract = potentialContract.get();
 367         PolicyAssert.assertContract(contract, goldInIpv4);
 368         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 369                 IidFactory.contractIid(tenantId, new ContractId(goldOutIpv4.getId().getValue()))).get();
 370         assertTrue(potentialContract.isPresent());
 371         contract = potentialContract.get();
 372         PolicyAssert.assertContract(contract, goldOutIpv4);
 373         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 374                 IidFactory.contractIid(tenantId, new ContractId(serverOutIpv4.getId().getValue()))).get();
 375         assertTrue(potentialContract.isPresent());
 376         contract = potentialContract.get();
 377         PolicyAssert.assertContract(contract, serverOutIpv4);
 378         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 379                 IidFactory.contractIid(tenantId, new ContractId(serverIn80TcpIpv4.getId().getValue()))).get();
 380         assertTrue(potentialContract.isPresent());
 381         contract = potentialContract.get();
 382         PolicyAssert.assertContract(contract, serverIn80TcpIpv4);
 383         Optional<EndpointGroup> potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 384                 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(goldSecGrp))).get();
 385         assertTrue(potentialEpg.isPresent());
 386         EndpointGroup epg = potentialEpg.get();
 387         PolicyAssert.assertConsumerNamedSelectors(
 388                 epg,
 389                 ImmutableSet.of(new ContractId(goldInIpv4.getId().getValue()),
 390                         new ContractId(goldOutIpv4.getId().getValue()),
 391                         new ContractId(serverOutIpv4.getId().getValue()),
 392                         new ContractId(serverIn80TcpIpv4.getId().getValue())));
 393         potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 394                 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(serverSecGrp))).get();
 395         assertTrue(potentialEpg.isPresent());
 396         epg = potentialEpg.get();
 397         PolicyAssert.assertConsumerNamedSelectors(
 398                 epg,
 399                 ImmutableSet.of(new ContractId(goldInIpv4.getId().getValue()),
 400                         new ContractId(serverIn80TcpIpv4.getId().getValue())));
 401     }
 402
 403     @Test
 404     public final void testAddNeutronSecurityRule_defaultSecGrp() throws Exception {
 405         String tenant = "111aaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa";
 406         String defaultSecGrp = "111fffff-ffff-ffff-ffff-ffffffffffff";
 407         SecurityRule defaultInIpv4Default = NeutronEntityFactory.securityRuleWithEtherType(
 408                 "111ccccc-111c-cccc-cccc-cccccccccccc", tenant, EthertypeV4.class, DirectionIngress.class, defaultSecGrp,
 409                 defaultSecGrp);
 410         SecurityRule defaultInIpv6Default = NeutronEntityFactory.securityRuleWithEtherType(
 411                 "222ccccc-111c-cccc-cccc-cccccccccccc", tenant, EthertypeV4.class, DirectionIngress.class, defaultSecGrp,
 412                 defaultSecGrp);
 413         SecurityRule defaultOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
 414                 "333ccccc-111c-cccc-cccc-cccccccccccc", tenant, EthertypeV4.class, DirectionEgress.class, defaultSecGrp,
 415                 null);
 416         SecurityRule defaultOutIpv6 = NeutronEntityFactory.securityRuleWithEtherType(
 417                 "444ccccc-111c-cccc-cccc-cccccccccccc", tenant, EthertypeV4.class, DirectionEgress.class, defaultSecGrp,
 418                 null);
 419         DataBroker dataBroker = getDataBroker();
 420         List<SecurityGroup> secGroups = new ArrayList<>();
 421         secGroups.add(NeutronEntityFactory.securityGroup(defaultSecGrp, tenant));
 422         Neutron neutron = new NeutronBuilder()
 423             .setSecurityGroups(new SecurityGroupsBuilder().setSecurityGroup(secGroups).build()).build();
 424         NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker);
 425         ReadWriteTransaction rwTx = dataBroker.newReadWriteTransaction();
 426         ruleAware.addNeutronSecurityRule(defaultInIpv4Default, neutron, rwTx);
 427         ruleAware.addNeutronSecurityRule(defaultInIpv6Default, neutron, rwTx);
 428         ruleAware.addNeutronSecurityRule(defaultOutIpv4, neutron, rwTx);
 429         ruleAware.addNeutronSecurityRule(defaultOutIpv6, neutron, rwTx);
 430         TenantId tenantId = new TenantId(tenant);
 431         Optional<Contract> potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 432                 IidFactory.contractIid(tenantId, new ContractId(defaultInIpv4Default.getId().getValue()))).get();
 433         assertTrue(potentialContract.isPresent());
 434         Contract contract = potentialContract.get();
 435         PolicyAssert.assertContract(contract, defaultInIpv4Default);
 436         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 437                 IidFactory.contractIid(tenantId, new ContractId(defaultInIpv6Default.getId().getValue()))).get();
 438         assertTrue(potentialContract.isPresent());
 439         contract = potentialContract.get();
 440         PolicyAssert.assertContract(contract, defaultInIpv6Default);
 441         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 442                 IidFactory.contractIid(tenantId, new ContractId(defaultOutIpv4.getId().getValue()))).get();
 443         assertTrue(potentialContract.isPresent());
 444         contract = potentialContract.get();
 445         PolicyAssert.assertContract(contract, defaultOutIpv4);
 446         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 447                 IidFactory.contractIid(tenantId, new ContractId(defaultOutIpv6.getId().getValue()))).get();
 448         assertTrue(potentialContract.isPresent());
 449         contract = potentialContract.get();
 450         PolicyAssert.assertContract(contract, defaultOutIpv6);
 451     }
 452
 453     @Test
 454     public void testConstructor_invalidArgument() throws Exception {
 455         try {
 456             new NeutronSecurityRuleAware(null);
 457             fail(NullPointerException.class.getName() + " expected");
 458         } catch (NullPointerException ex) {
 459             // do nothing
 460         }
 461     }
 462
 463 }