1 package org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.rule;
3 import static org.junit.Assert.assertTrue;
4 import static org.junit.Assert.fail;
6 import java.util.ArrayList;
10 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
11 import org.opendaylight.controller.md.sal.binding.api.ReadWriteTransaction;
12 import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
13 import org.opendaylight.groupbasedpolicy.neutron.mapper.test.ConfigDataStoreReader;
14 import org.opendaylight.groupbasedpolicy.neutron.mapper.test.NeutronMapperDataBrokerTest;
15 import org.opendaylight.groupbasedpolicy.neutron.mapper.test.NeutronEntityFactory;
16 import org.opendaylight.groupbasedpolicy.neutron.mapper.test.PolicyAssert;
17 import org.opendaylight.groupbasedpolicy.neutron.mapper.util.MappingUtils;
18 import org.opendaylight.groupbasedpolicy.util.IidFactory;
19 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev100924.IpPrefix;
20 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev100924.Ipv4Prefix;
21 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.Uuid;
22 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ContractId;
23 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.EndpointGroupId;
24 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.TenantId;
25 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.Tenant;
26 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.Contract;
27 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.EndpointGroup;
28 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.constants.rev150712.DirectionEgress;
29 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.constants.rev150712.DirectionIngress;
30 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.constants.rev150712.EthertypeV4;
31 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.constants.rev150712.ProtocolTcp;
32 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.rev150712.Neutron;
33 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.rev150712.NeutronBuilder;
34 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.secgroups.rev150712.security.groups.attributes.SecurityGroupsBuilder;
35 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.secgroups.rev150712.security.groups.attributes.security.groups.SecurityGroup;
36 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.secgroups.rev150712.security.rules.attributes.SecurityRulesBuilder;
37 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.secgroups.rev150712.security.rules.attributes.security.rules.SecurityRule;
38 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.secgroups.rev150712.security.rules.attributes.security.rules.SecurityRuleBuilder;
40 import com.google.common.base.Optional;
41 import com.google.common.collect.ImmutableList;
42 import com.google.common.collect.ImmutableSet;
45 * END 2 END TESTING - inputs are Neutron entities and expected outputs are GBP entities in
49 public class NeutronSecurityRuleAwareDataStoreTest extends NeutronMapperDataBrokerTest {
52 public final void testAddNeutronSecurityRule_rulesWithRemoteIpPrefix() throws Exception {
53 String tenant = "ad4c6c25-2424-4ad3-97ee-f9691ce03645";
54 String goldSecGrp = "fe40e28f-ad6a-4a2d-b12a-47510876344a";
55 SecurityRule goldInIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
56 "166aedab-fdf5-4788-9e36-2b00b5f8722f", tenant, EthertypeV4.class, DirectionIngress.class, goldSecGrp,
58 SecurityRule goldOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
59 "dabfd4da-af89-45dd-85f8-181768c1b4c9", tenant, EthertypeV4.class, DirectionEgress.class, goldSecGrp,
61 String serverSecGrp = "71cf4fe5-b146-409e-8151-cd921298ce32";
62 SecurityRule serverIn80Tcp10_1_1_0 = new SecurityRuleBuilder().setId(new Uuid("9dbb533d-d9b2-4dc9-bae7-ee60c8df184d"))
63 .setTenantId(new Uuid(tenant))
64 .setEthertype(EthertypeV4.class)
65 .setProtocol(ProtocolTcp.class)
68 .setDirection(DirectionIngress.class)
69 .setSecurityGroupId(new Uuid(serverSecGrp))
70 .setRemoteIpPrefix(new IpPrefix(new Ipv4Prefix("10.1.1.0/24")))
72 SecurityRule serverInIp20_1_1_0 = new SecurityRuleBuilder().setId(new Uuid("adf7e558-de47-4f9e-a9b8-96e19db5d1ac"))
73 .setTenantId(new Uuid(tenant))
74 .setEthertype(EthertypeV4.class)
75 .setDirection(DirectionIngress.class)
76 .setSecurityGroupId(new Uuid(serverSecGrp))
77 .setRemoteIpPrefix(new IpPrefix(new Ipv4Prefix("20.1.1.0/24")))
79 SecurityRule serverOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
80 "8b9c48d3-44a8-46be-be35-6f3237d98071", tenant, EthertypeV4.class, DirectionEgress.class, serverSecGrp,
82 DataBroker dataBroker = getDataBroker();
83 List<SecurityGroup> secGroups = new ArrayList<>();
84 secGroups.add(NeutronEntityFactory.securityGroup(goldSecGrp, tenant));
85 secGroups.add(NeutronEntityFactory.securityGroup(serverSecGrp, tenant));
86 Neutron neutron = new NeutronBuilder()
87 .setSecurityGroups(new SecurityGroupsBuilder().setSecurityGroup(secGroups).build())
88 .setSecurityRules(new SecurityRulesBuilder().setSecurityRule(
89 ImmutableList.of(goldInIpv4, goldOutIpv4, serverIn80Tcp10_1_1_0, serverInIp20_1_1_0, serverOutIpv4))
92 NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker);
93 ReadWriteTransaction rwTx = dataBroker.newReadWriteTransaction();
94 ruleAware.addNeutronSecurityRule(goldInIpv4, neutron, rwTx);
95 ruleAware.addNeutronSecurityRule(goldOutIpv4, neutron, rwTx);
96 ruleAware.addNeutronSecurityRule(serverIn80Tcp10_1_1_0, neutron, rwTx);
97 ruleAware.addNeutronSecurityRule(serverInIp20_1_1_0, neutron, rwTx);
98 ruleAware.addNeutronSecurityRule(serverOutIpv4, neutron, rwTx);
99 TenantId tenantId = new TenantId(tenant);
100 Optional<Tenant> potentialTenant = rwTx.read(LogicalDatastoreType.CONFIGURATION, IidFactory.tenantIid(tenantId))
102 assertTrue(potentialTenant.isPresent());
103 Optional<Contract> potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
104 IidFactory.contractIid(tenantId, new ContractId(goldInIpv4.getId().getValue()))).get();
105 assertTrue(potentialContract.isPresent());
106 Contract contract = potentialContract.get();
107 PolicyAssert.assertContract(contract, goldInIpv4);
108 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
109 IidFactory.contractIid(tenantId, new ContractId(goldOutIpv4.getId().getValue()))).get();
110 assertTrue(potentialContract.isPresent());
111 contract = potentialContract.get();
112 PolicyAssert.assertContract(contract, goldOutIpv4);
113 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
114 IidFactory.contractIid(tenantId, new ContractId(serverOutIpv4.getId().getValue()))).get();
115 assertTrue(potentialContract.isPresent());
116 contract = potentialContract.get();
117 PolicyAssert.assertContract(contract, serverOutIpv4);
118 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
119 IidFactory.contractIid(tenantId, new ContractId(serverIn80Tcp10_1_1_0.getId().getValue()))).get();
120 assertTrue(potentialContract.isPresent());
121 contract = potentialContract.get();
122 PolicyAssert.assertContractWithEic(contract, serverIn80Tcp10_1_1_0);
123 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
124 IidFactory.contractIid(tenantId, new ContractId(serverInIp20_1_1_0.getId().getValue()))).get();
125 assertTrue(potentialContract.isPresent());
126 contract = potentialContract.get();
127 PolicyAssert.assertContractWithEic(contract, serverInIp20_1_1_0);
128 Optional<EndpointGroup> potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
129 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(goldSecGrp))).get();
130 assertTrue(potentialEpg.isPresent());
131 EndpointGroup epg = potentialEpg.get();
132 PolicyAssert.assertConsumerNamedSelectors(
134 ImmutableSet.of(new ContractId(goldInIpv4.getId().getValue()),
135 new ContractId(goldOutIpv4.getId().getValue()),
136 new ContractId(serverIn80Tcp10_1_1_0.getId().getValue()),
137 new ContractId(serverInIp20_1_1_0.getId().getValue()),
138 new ContractId(serverOutIpv4.getId().getValue())));
139 potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
140 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(serverSecGrp))).get();
141 assertTrue(potentialEpg.isPresent());
142 epg = potentialEpg.get();
143 PolicyAssert.assertConsumerNamedSelectors(epg, ImmutableSet.of(
144 new ContractId(serverIn80Tcp10_1_1_0.getId().getValue()),
145 new ContractId(serverInIp20_1_1_0.getId().getValue()),
146 new ContractId(goldInIpv4.getId().getValue())));
150 public final void testAddAndDeleteNeutronSecurityRule() throws Exception {
151 DataBroker dataBroker = getDataBroker();
152 NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker);
154 final String tenantId = "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa";
155 final String secGroupId1 = "bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb";
156 final String secGroupId2 = "cccccccc-cccc-cccc-cccc-cccccccccccc";
157 final String secRuleId1 = "dddddddd-dddd-dddd-dddd-dddddddddddd";
158 final String secRuleId2 = "eeeeeeee-eeee-eeee-eeee-eeeeeeeeeeee";
160 List<SecurityGroup> secGroups = new ArrayList<>();
161 secGroups.add(NeutronEntityFactory.securityGroup(secGroupId1, tenantId));
162 secGroups.add(NeutronEntityFactory.securityGroup(secGroupId2, tenantId));
163 SecurityRule secRule1 = NeutronEntityFactory.securityRuleWithEtherType(secRuleId1, tenantId,
164 EthertypeV4.class, DirectionEgress.class, secGroupId1, secGroupId2);
165 SecurityRule secRule2 = NeutronEntityFactory.securityRuleWithEtherType(secRuleId2, tenantId,
166 EthertypeV4.class, DirectionIngress.class, secGroupId2, secGroupId1);
167 NeutronBuilder neutronBuilder = new NeutronBuilder()
168 .setSecurityGroups(new SecurityGroupsBuilder().setSecurityGroup(secGroups).build())
169 .setSecurityRules(new SecurityRulesBuilder()
170 .setSecurityRule(ImmutableList.of(secRule1)).build());
172 ruleAware.onCreated(secRule1, neutronBuilder.build());
174 PolicyAssert.assertTenantExists(dataBroker, tenantId);
175 PolicyAssert.assertContractExists(dataBroker, tenantId, secRuleId1);
176 Optional<Contract> contract = ConfigDataStoreReader.readContract(dataBroker, tenantId, secRuleId1);
177 PolicyAssert.assertContract(contract.get(), secRule1);
178 PolicyAssert.assertContractCount(dataBroker, tenantId, 1);
179 PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId1);
180 Optional<EndpointGroup> epGroup1 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId1);
181 PolicyAssert.assertProviderNamedSelectors(epGroup1.get(), ImmutableSet.of(new ContractId(secRuleId1)));
182 PolicyAssert.assertNoConsumerNamedSelectors(dataBroker, tenantId, secGroupId1);
184 PolicyAssert.assertClassifierInstanceExists(dataBroker, secRule1);
185 PolicyAssert.assertActionInstanceExists(dataBroker, tenantId, MappingUtils.ACTION_ALLOW.getName());
187 neutronBuilder.setSecurityRules(new SecurityRulesBuilder()
188 .setSecurityRule(ImmutableList.of(secRule1, secRule2)).build());
190 ruleAware.onCreated(secRule2, neutronBuilder.build());
192 PolicyAssert.assertTenantExists(dataBroker, tenantId);
193 PolicyAssert.assertContractExists(dataBroker, tenantId, secRuleId1);
194 contract = ConfigDataStoreReader.readContract(dataBroker, tenantId, secRuleId1);
195 PolicyAssert.assertContract(contract.get(), secRule1);
196 PolicyAssert.assertContractCount(dataBroker, tenantId, 2);
197 PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId1);
198 epGroup1 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId1);
199 PolicyAssert.assertProviderNamedSelectors(epGroup1.get(), ImmutableSet.of(new ContractId(secRuleId1)));
200 PolicyAssert.assertConsumerNamedSelectors(epGroup1.get(), ImmutableSet.of(new ContractId(secRuleId2)));
202 PolicyAssert.assertContractExists(dataBroker, tenantId, secRuleId2);
203 contract = ConfigDataStoreReader.readContract(dataBroker, tenantId, secRuleId2);
204 PolicyAssert.assertContract(contract.get(), secRule2);
205 PolicyAssert.assertContractCount(dataBroker, tenantId, 2);
206 PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId2);
207 Optional<EndpointGroup> epGroup2 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId2);
208 PolicyAssert.assertProviderNamedSelectors(epGroup2.get(), ImmutableSet.of(new ContractId(secRuleId2)));
209 PolicyAssert.assertConsumerNamedSelectors(epGroup2.get(), ImmutableSet.of(new ContractId(secRuleId1)));
211 ruleAware.onDeleted(secRule2, neutronBuilder.build(), null);
213 PolicyAssert.assertTenantExists(dataBroker, tenantId);
214 PolicyAssert.assertContractExists(dataBroker, tenantId, secRuleId1);
215 contract = ConfigDataStoreReader.readContract(dataBroker, tenantId, secRuleId1);
216 PolicyAssert.assertContract(contract.get(), secRule1);
217 PolicyAssert.assertContractCount(dataBroker, tenantId, 1);
218 PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId1);
219 epGroup1 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId1);
220 PolicyAssert.assertProviderNamedSelectors(epGroup1.get(), ImmutableSet.of(new ContractId(secRuleId1)));
221 PolicyAssert.assertNoConsumerNamedSelectors(dataBroker, tenantId, secGroupId1);
223 PolicyAssert.assertContractNotExists(dataBroker, tenantId, secRuleId2);
224 PolicyAssert.assertContractCount(dataBroker, tenantId, 1);
225 PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId2);
226 epGroup2 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId2);
227 PolicyAssert.assertNoProviderNamedSelectors(dataBroker, tenantId, secGroupId2);
228 PolicyAssert.assertNoConsumerNamedSelectors(dataBroker, tenantId, secGroupId2);
230 PolicyAssert.assertClassifierInstanceExists(dataBroker, secRule1);
231 PolicyAssert.assertActionInstanceExists(dataBroker, tenantId, MappingUtils.ACTION_ALLOW.getName());
233 neutronBuilder.setSecurityRules(new SecurityRulesBuilder()
234 .setSecurityRule(ImmutableList.of(secRule1)).build());
236 ruleAware.onDeleted(secRule1, neutronBuilder.build(), null);
238 PolicyAssert.assertContractCount(dataBroker, tenantId, 0);
239 PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId1);
240 PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId2);
241 PolicyAssert.assertNoProviderNamedSelectors(dataBroker, tenantId, secGroupId1);
242 PolicyAssert.assertNoConsumerNamedSelectors(dataBroker, tenantId, secGroupId2);
244 PolicyAssert.assertClassifierInstanceNotExists(dataBroker, secRule1);
245 // TODO: Uncomment this when the life cycle of the Allow ActionInstance will be clarified.
246 // PolicyAssert.assertActionInstanceNotExists(dataBroker, tenantId,
247 // MappingUtils.ACTION_ALLOW.getName());
251 public final void testAddNeutronSecurityRule_rulesWithoutRemote() throws Exception {
252 String tenant = "ad4c6c25-2424-4ad3-97ee-f9691ce03645";
253 String goldSecGrp = "fe40e28f-ad6a-4a2d-b12a-47510876344a";
254 SecurityRule goldInIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
255 "166aedab-fdf5-4788-9e36-2b00b5f8722f", tenant, EthertypeV4.class, DirectionIngress.class, goldSecGrp,
257 SecurityRule goldOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
258 "dabfd4da-af89-45dd-85f8-181768c1b4c9", tenant, EthertypeV4.class, DirectionEgress.class, goldSecGrp,
260 String serverSecGrp = "71cf4fe5-b146-409e-8151-cd921298ce32";
261 SecurityRule serverOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
262 "8b9c48d3-44a8-46be-be35-6f3237d98071", tenant, EthertypeV4.class, DirectionEgress.class, serverSecGrp,
264 SecurityRule serverInIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
265 "adf7e558-de47-4f9e-a9b8-96e19db5d1ac", tenant, EthertypeV4.class, DirectionIngress.class, serverSecGrp,
267 DataBroker dataBroker = getDataBroker();
268 List<SecurityGroup> secGroups = new ArrayList<>();
269 secGroups.add(NeutronEntityFactory.securityGroup(goldSecGrp, tenant));
270 secGroups.add(NeutronEntityFactory.securityGroup(serverSecGrp, tenant));
271 Neutron neutron = new NeutronBuilder()
272 .setSecurityGroups(new SecurityGroupsBuilder().setSecurityGroup(secGroups).build())
273 .setSecurityRules(new SecurityRulesBuilder()
274 .setSecurityRule(ImmutableList.of(goldInIpv4, goldOutIpv4, serverOutIpv4, serverInIpv4)).build())
276 NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker);
277 ReadWriteTransaction rwTx = dataBroker.newReadWriteTransaction();
278 ruleAware.addNeutronSecurityRule(goldInIpv4, neutron, rwTx);
279 ruleAware.addNeutronSecurityRule(goldOutIpv4, neutron, rwTx);
280 ruleAware.addNeutronSecurityRule(serverOutIpv4, neutron, rwTx);
281 ruleAware.addNeutronSecurityRule(serverInIpv4, neutron, rwTx);
282 TenantId tenantId = new TenantId(tenant);
283 Optional<Contract> potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
284 IidFactory.contractIid(tenantId, new ContractId(goldInIpv4.getId().getValue()))).get();
285 assertTrue(potentialContract.isPresent());
286 Contract contract = potentialContract.get();
287 PolicyAssert.assertContract(contract, goldInIpv4);
288 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
289 IidFactory.contractIid(tenantId, new ContractId(goldOutIpv4.getId().getValue()))).get();
290 assertTrue(potentialContract.isPresent());
291 contract = potentialContract.get();
292 PolicyAssert.assertContract(contract, goldOutIpv4);
293 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
294 IidFactory.contractIid(tenantId, new ContractId(serverOutIpv4.getId().getValue()))).get();
295 assertTrue(potentialContract.isPresent());
296 contract = potentialContract.get();
297 PolicyAssert.assertContract(contract, serverOutIpv4);
298 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
299 IidFactory.contractIid(tenantId, new ContractId(serverInIpv4.getId().getValue()))).get();
300 assertTrue(potentialContract.isPresent());
301 contract = potentialContract.get();
302 PolicyAssert.assertContract(contract, serverInIpv4);
303 Optional<EndpointGroup> potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
304 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(goldSecGrp))).get();
305 assertTrue(potentialEpg.isPresent());
306 EndpointGroup epg = potentialEpg.get();
307 PolicyAssert.assertConsumerNamedSelectors(
309 ImmutableSet.of(new ContractId(goldInIpv4.getId().getValue()),
310 new ContractId(goldOutIpv4.getId().getValue()),
311 new ContractId(serverOutIpv4.getId().getValue()),
312 new ContractId(serverInIpv4.getId().getValue())));
313 potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
314 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(serverSecGrp))).get();
315 assertTrue(potentialEpg.isPresent());
316 PolicyAssert.assertConsumerNamedSelectors(
318 ImmutableSet.of(new ContractId(goldInIpv4.getId().getValue()),
319 new ContractId(goldOutIpv4.getId().getValue()),
320 new ContractId(serverOutIpv4.getId().getValue()),
321 new ContractId(serverInIpv4.getId().getValue())));
325 public final void testAddNeutronSecurityRule_asymmetricRulesWithoutRemote() throws Exception {
326 String tenant = "ad4c6c25-2424-4ad3-97ee-f9691ce03645";
327 String goldSecGrp = "fe40e28f-ad6a-4a2d-b12a-47510876344a";
328 SecurityRule goldInIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
329 "166aedab-fdf5-4788-9e36-2b00b5f8722f", tenant, EthertypeV4.class, DirectionIngress.class, goldSecGrp,
331 SecurityRule goldOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
332 "dabfd4da-af89-45dd-85f8-181768c1b4c9", tenant, EthertypeV4.class, DirectionEgress.class, goldSecGrp,
334 String serverSecGrp = "71cf4fe5-b146-409e-8151-cd921298ce32";
335 SecurityRule serverOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
336 "8b9c48d3-44a8-46be-be35-6f3237d98071", tenant, EthertypeV4.class, DirectionEgress.class, serverSecGrp,
338 SecurityRule serverIn80TcpIpv4 = new SecurityRuleBuilder().setId(new Uuid("adf7e558-de47-4f9e-a9b8-96e19db5d1ac"))
339 .setTenantId(new Uuid(tenant))
340 .setEthertype(EthertypeV4.class)
341 .setProtocol(ProtocolTcp.class)
344 .setDirection(DirectionIngress.class)
345 .setSecurityGroupId(new Uuid(serverSecGrp))
347 DataBroker dataBroker = getDataBroker();
348 List<SecurityGroup> secGroups = new ArrayList<>();
349 secGroups.add(NeutronEntityFactory.securityGroup(goldSecGrp, tenant));
350 secGroups.add(NeutronEntityFactory.securityGroup(serverSecGrp, tenant));
351 Neutron neutron = new NeutronBuilder()
352 .setSecurityGroups(new SecurityGroupsBuilder().setSecurityGroup(secGroups).build())
353 .setSecurityRules(new SecurityRulesBuilder()
354 .setSecurityRule(ImmutableList.of(goldInIpv4, goldOutIpv4, serverOutIpv4, serverIn80TcpIpv4)).build())
356 NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker);
357 ReadWriteTransaction rwTx = dataBroker.newReadWriteTransaction();
358 ruleAware.addNeutronSecurityRule(goldInIpv4, neutron, rwTx);
359 ruleAware.addNeutronSecurityRule(goldOutIpv4, neutron, rwTx);
360 ruleAware.addNeutronSecurityRule(serverOutIpv4, neutron, rwTx);
361 ruleAware.addNeutronSecurityRule(serverIn80TcpIpv4, neutron, rwTx);
362 TenantId tenantId = new TenantId(tenant);
363 Optional<Contract> potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
364 IidFactory.contractIid(tenantId, new ContractId(goldInIpv4.getId().getValue()))).get();
365 assertTrue(potentialContract.isPresent());
366 Contract contract = potentialContract.get();
367 PolicyAssert.assertContract(contract, goldInIpv4);
368 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
369 IidFactory.contractIid(tenantId, new ContractId(goldOutIpv4.getId().getValue()))).get();
370 assertTrue(potentialContract.isPresent());
371 contract = potentialContract.get();
372 PolicyAssert.assertContract(contract, goldOutIpv4);
373 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
374 IidFactory.contractIid(tenantId, new ContractId(serverOutIpv4.getId().getValue()))).get();
375 assertTrue(potentialContract.isPresent());
376 contract = potentialContract.get();
377 PolicyAssert.assertContract(contract, serverOutIpv4);
378 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
379 IidFactory.contractIid(tenantId, new ContractId(serverIn80TcpIpv4.getId().getValue()))).get();
380 assertTrue(potentialContract.isPresent());
381 contract = potentialContract.get();
382 PolicyAssert.assertContract(contract, serverIn80TcpIpv4);
383 Optional<EndpointGroup> potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
384 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(goldSecGrp))).get();
385 assertTrue(potentialEpg.isPresent());
386 EndpointGroup epg = potentialEpg.get();
387 PolicyAssert.assertConsumerNamedSelectors(
389 ImmutableSet.of(new ContractId(goldInIpv4.getId().getValue()),
390 new ContractId(goldOutIpv4.getId().getValue()),
391 new ContractId(serverOutIpv4.getId().getValue()),
392 new ContractId(serverIn80TcpIpv4.getId().getValue())));
393 potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
394 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(serverSecGrp))).get();
395 assertTrue(potentialEpg.isPresent());
396 epg = potentialEpg.get();
397 PolicyAssert.assertConsumerNamedSelectors(
399 ImmutableSet.of(new ContractId(goldInIpv4.getId().getValue()),
400 new ContractId(serverIn80TcpIpv4.getId().getValue())));
404 public final void testAddNeutronSecurityRule_defaultSecGrp() throws Exception {
405 String tenant = "111aaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa";
406 String defaultSecGrp = "111fffff-ffff-ffff-ffff-ffffffffffff";
407 SecurityRule defaultInIpv4Default = NeutronEntityFactory.securityRuleWithEtherType(
408 "111ccccc-111c-cccc-cccc-cccccccccccc", tenant, EthertypeV4.class, DirectionIngress.class, defaultSecGrp,
410 SecurityRule defaultInIpv6Default = NeutronEntityFactory.securityRuleWithEtherType(
411 "222ccccc-111c-cccc-cccc-cccccccccccc", tenant, EthertypeV4.class, DirectionIngress.class, defaultSecGrp,
413 SecurityRule defaultOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
414 "333ccccc-111c-cccc-cccc-cccccccccccc", tenant, EthertypeV4.class, DirectionEgress.class, defaultSecGrp,
416 SecurityRule defaultOutIpv6 = NeutronEntityFactory.securityRuleWithEtherType(
417 "444ccccc-111c-cccc-cccc-cccccccccccc", tenant, EthertypeV4.class, DirectionEgress.class, defaultSecGrp,
419 DataBroker dataBroker = getDataBroker();
420 List<SecurityGroup> secGroups = new ArrayList<>();
421 secGroups.add(NeutronEntityFactory.securityGroup(defaultSecGrp, tenant));
422 Neutron neutron = new NeutronBuilder()
423 .setSecurityGroups(new SecurityGroupsBuilder().setSecurityGroup(secGroups).build()).build();
424 NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker);
425 ReadWriteTransaction rwTx = dataBroker.newReadWriteTransaction();
426 ruleAware.addNeutronSecurityRule(defaultInIpv4Default, neutron, rwTx);
427 ruleAware.addNeutronSecurityRule(defaultInIpv6Default, neutron, rwTx);
428 ruleAware.addNeutronSecurityRule(defaultOutIpv4, neutron, rwTx);
429 ruleAware.addNeutronSecurityRule(defaultOutIpv6, neutron, rwTx);
430 TenantId tenantId = new TenantId(tenant);
431 Optional<Contract> potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
432 IidFactory.contractIid(tenantId, new ContractId(defaultInIpv4Default.getId().getValue()))).get();
433 assertTrue(potentialContract.isPresent());
434 Contract contract = potentialContract.get();
435 PolicyAssert.assertContract(contract, defaultInIpv4Default);
436 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
437 IidFactory.contractIid(tenantId, new ContractId(defaultInIpv6Default.getId().getValue()))).get();
438 assertTrue(potentialContract.isPresent());
439 contract = potentialContract.get();
440 PolicyAssert.assertContract(contract, defaultInIpv6Default);
441 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
442 IidFactory.contractIid(tenantId, new ContractId(defaultOutIpv4.getId().getValue()))).get();
443 assertTrue(potentialContract.isPresent());
444 contract = potentialContract.get();
445 PolicyAssert.assertContract(contract, defaultOutIpv4);
446 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
447 IidFactory.contractIid(tenantId, new ContractId(defaultOutIpv6.getId().getValue()))).get();
448 assertTrue(potentialContract.isPresent());
449 contract = potentialContract.get();
450 PolicyAssert.assertContract(contract, defaultOutIpv6);
454 public void testConstructor_invalidArgument() throws Exception {
456 new NeutronSecurityRuleAware(null);
457 fail(NullPointerException.class.getName() + " expected");
458 } catch (NullPointerException ex) {