2 * Copyright (c) 2015 Cisco Systems, Inc. and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
8 package org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.rule;
10 import static org.junit.Assert.assertTrue;
11 import static org.junit.Assert.fail;
13 import java.util.ArrayList;
14 import java.util.List;
16 import org.junit.Test;
17 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
18 import org.opendaylight.controller.md.sal.binding.api.ReadWriteTransaction;
19 import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
20 import org.opendaylight.groupbasedpolicy.neutron.mapper.test.ConfigDataStoreReader;
21 import org.opendaylight.groupbasedpolicy.neutron.mapper.test.NeutronMapperDataBrokerTest;
22 import org.opendaylight.groupbasedpolicy.neutron.mapper.test.NeutronEntityFactory;
23 import org.opendaylight.groupbasedpolicy.neutron.mapper.test.PolicyAssert;
24 import org.opendaylight.groupbasedpolicy.neutron.mapper.util.MappingUtils;
25 import org.opendaylight.groupbasedpolicy.util.IidFactory;
26 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IpPrefix;
27 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Ipv4Prefix;
28 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.Uuid;
29 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ContractId;
30 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.EndpointGroupId;
31 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.TenantId;
32 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.Tenant;
33 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.Contract;
34 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.EndpointGroup;
35 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.constants.rev150712.DirectionEgress;
36 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.constants.rev150712.DirectionIngress;
37 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.constants.rev150712.EthertypeV4;
38 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.constants.rev150712.ProtocolTcp;
39 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.rev150712.Neutron;
40 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.rev150712.NeutronBuilder;
41 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.secgroups.rev150712.SecurityRuleAttributes;
42 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.secgroups.rev150712.security.groups.attributes.SecurityGroupsBuilder;
43 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.secgroups.rev150712.security.groups.attributes.security.groups.SecurityGroup;
44 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.secgroups.rev150712.security.rules.attributes.SecurityRulesBuilder;
45 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.secgroups.rev150712.security.rules.attributes.security.rules.SecurityRule;
46 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.secgroups.rev150712.security.rules.attributes.security.rules.SecurityRuleBuilder;
48 import com.google.common.base.Optional;
49 import com.google.common.collect.ImmutableList;
50 import com.google.common.collect.ImmutableSet;
53 * END 2 END TESTING - inputs are Neutron entities and expected outputs are GBP entities in
57 public class NeutronSecurityRuleAwareDataStoreTest extends NeutronMapperDataBrokerTest {
60 public final void testAddNeutronSecurityRule_rulesWithRemoteIpPrefix() throws Exception {
61 String tenant = "ad4c6c25-2424-4ad3-97ee-f9691ce03645";
62 String goldSecGrp = "fe40e28f-ad6a-4a2d-b12a-47510876344a";
63 SecurityRule goldInIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
64 "166aedab-fdf5-4788-9e36-2b00b5f8722f", tenant, EthertypeV4.class, DirectionIngress.class, goldSecGrp,
66 SecurityRule goldOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
67 "dabfd4da-af89-45dd-85f8-181768c1b4c9", tenant, EthertypeV4.class, DirectionEgress.class, goldSecGrp,
69 String serverSecGrp = "71cf4fe5-b146-409e-8151-cd921298ce32";
70 SecurityRuleAttributes.Protocol protocolTcp = new SecurityRuleAttributes.Protocol(ProtocolTcp.class);
71 SecurityRule serverIn80Tcp10_1_1_0 = new SecurityRuleBuilder().setUuid(new Uuid("9dbb533d-d9b2-4dc9-bae7-ee60c8df184d"))
72 .setTenantId(new Uuid(tenant))
73 .setEthertype(EthertypeV4.class)
74 .setProtocol(protocolTcp)
77 .setDirection(DirectionIngress.class)
78 .setSecurityGroupId(new Uuid(serverSecGrp))
79 .setRemoteIpPrefix(new IpPrefix(new Ipv4Prefix("10.1.1.0/24")))
81 SecurityRule serverInIp20_1_1_0 = new SecurityRuleBuilder().setUuid(new Uuid("adf7e558-de47-4f9e-a9b8-96e19db5d1ac"))
82 .setTenantId(new Uuid(tenant))
83 .setEthertype(EthertypeV4.class)
84 .setDirection(DirectionIngress.class)
85 .setSecurityGroupId(new Uuid(serverSecGrp))
86 .setRemoteIpPrefix(new IpPrefix(new Ipv4Prefix("20.1.1.0/24")))
88 SecurityRule serverOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
89 "8b9c48d3-44a8-46be-be35-6f3237d98071", tenant, EthertypeV4.class, DirectionEgress.class, serverSecGrp,
91 DataBroker dataBroker = getDataBroker();
92 List<SecurityGroup> secGroups = new ArrayList<>();
93 secGroups.add(NeutronEntityFactory.securityGroup(goldSecGrp, tenant));
94 secGroups.add(NeutronEntityFactory.securityGroup(serverSecGrp, tenant));
95 Neutron neutron = new NeutronBuilder()
96 .setSecurityGroups(new SecurityGroupsBuilder().setSecurityGroup(secGroups).build())
97 .setSecurityRules(new SecurityRulesBuilder().setSecurityRule(
98 ImmutableList.of(goldInIpv4, goldOutIpv4, serverIn80Tcp10_1_1_0, serverInIp20_1_1_0, serverOutIpv4))
101 NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker);
102 ReadWriteTransaction rwTx = dataBroker.newReadWriteTransaction();
103 ruleAware.addNeutronSecurityRule(goldInIpv4, neutron, rwTx);
104 ruleAware.addNeutronSecurityRule(goldOutIpv4, neutron, rwTx);
105 ruleAware.addNeutronSecurityRule(serverIn80Tcp10_1_1_0, neutron, rwTx);
106 ruleAware.addNeutronSecurityRule(serverInIp20_1_1_0, neutron, rwTx);
107 ruleAware.addNeutronSecurityRule(serverOutIpv4, neutron, rwTx);
108 TenantId tenantId = new TenantId(tenant);
109 Optional<Tenant> potentialTenant = rwTx.read(LogicalDatastoreType.CONFIGURATION, IidFactory.tenantIid(tenantId))
111 assertTrue(potentialTenant.isPresent());
112 Optional<Contract> potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
113 IidFactory.contractIid(tenantId, new ContractId(goldInIpv4.getUuid().getValue()))).get();
114 assertTrue(potentialContract.isPresent());
115 Contract contract = potentialContract.get();
116 PolicyAssert.assertContract(contract, goldInIpv4);
117 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
118 IidFactory.contractIid(tenantId, new ContractId(goldOutIpv4.getUuid().getValue()))).get();
119 assertTrue(potentialContract.isPresent());
120 contract = potentialContract.get();
121 PolicyAssert.assertContract(contract, goldOutIpv4);
122 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
123 IidFactory.contractIid(tenantId, new ContractId(serverOutIpv4.getUuid().getValue()))).get();
124 assertTrue(potentialContract.isPresent());
125 contract = potentialContract.get();
126 PolicyAssert.assertContract(contract, serverOutIpv4);
127 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
128 IidFactory.contractIid(tenantId, new ContractId(serverIn80Tcp10_1_1_0.getUuid().getValue()))).get();
129 assertTrue(potentialContract.isPresent());
130 contract = potentialContract.get();
131 PolicyAssert.assertContractWithEic(contract, serverIn80Tcp10_1_1_0);
132 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
133 IidFactory.contractIid(tenantId, new ContractId(serverInIp20_1_1_0.getUuid().getValue()))).get();
134 assertTrue(potentialContract.isPresent());
135 contract = potentialContract.get();
136 PolicyAssert.assertContractWithEic(contract, serverInIp20_1_1_0);
137 Optional<EndpointGroup> potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
138 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(goldSecGrp))).get();
139 assertTrue(potentialEpg.isPresent());
140 EndpointGroup epg = potentialEpg.get();
141 PolicyAssert.assertConsumerNamedSelectors(
143 ImmutableSet.of(new ContractId(goldInIpv4.getUuid().getValue()),
144 new ContractId(goldOutIpv4.getUuid().getValue()),
145 new ContractId(serverIn80Tcp10_1_1_0.getUuid().getValue()),
146 new ContractId(serverInIp20_1_1_0.getUuid().getValue()),
147 new ContractId(serverOutIpv4.getUuid().getValue())));
148 potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
149 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(serverSecGrp))).get();
150 assertTrue(potentialEpg.isPresent());
151 epg = potentialEpg.get();
152 PolicyAssert.assertConsumerNamedSelectors(epg, ImmutableSet.of(
153 new ContractId(serverIn80Tcp10_1_1_0.getUuid().getValue()),
154 new ContractId(serverInIp20_1_1_0.getUuid().getValue()),
155 new ContractId(goldInIpv4.getUuid().getValue())));
159 public final void testAddAndDeleteNeutronSecurityRule() throws Exception {
160 DataBroker dataBroker = getDataBroker();
161 NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker);
163 final String tenantId = "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa";
164 final String secGroupId1 = "bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb";
165 final String secGroupId2 = "cccccccc-cccc-cccc-cccc-cccccccccccc";
166 final String secRuleId1 = "dddddddd-dddd-dddd-dddd-dddddddddddd";
167 final String secRuleId2 = "eeeeeeee-eeee-eeee-eeee-eeeeeeeeeeee";
169 List<SecurityGroup> secGroups = new ArrayList<>();
170 secGroups.add(NeutronEntityFactory.securityGroup(secGroupId1, tenantId));
171 secGroups.add(NeutronEntityFactory.securityGroup(secGroupId2, tenantId));
172 SecurityRule secRule1 = NeutronEntityFactory.securityRuleWithEtherType(secRuleId1, tenantId,
173 EthertypeV4.class, DirectionEgress.class, secGroupId1, secGroupId2);
174 SecurityRule secRule2 = NeutronEntityFactory.securityRuleWithEtherType(secRuleId2, tenantId,
175 EthertypeV4.class, DirectionIngress.class, secGroupId2, secGroupId1);
176 NeutronBuilder neutronBuilder = new NeutronBuilder()
177 .setSecurityGroups(new SecurityGroupsBuilder().setSecurityGroup(secGroups).build())
178 .setSecurityRules(new SecurityRulesBuilder()
179 .setSecurityRule(ImmutableList.of(secRule1)).build());
181 ruleAware.onCreated(secRule1, neutronBuilder.build());
183 PolicyAssert.assertTenantExists(dataBroker, tenantId);
184 PolicyAssert.assertContractExists(dataBroker, tenantId, secRuleId1);
185 Optional<Contract> contract = ConfigDataStoreReader.readContract(dataBroker, tenantId, secRuleId1);
186 PolicyAssert.assertContract(contract.get(), secRule1);
187 PolicyAssert.assertContractCount(dataBroker, tenantId, 1);
188 PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId1);
189 Optional<EndpointGroup> epGroup1 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId1);
190 PolicyAssert.assertProviderNamedSelectors(epGroup1.get(), ImmutableSet.of(new ContractId(secRuleId1)));
191 PolicyAssert.assertNoConsumerNamedSelectors(dataBroker, tenantId, secGroupId1);
193 PolicyAssert.assertClassifierInstanceExists(dataBroker, secRule1);
194 PolicyAssert.assertActionInstanceExists(dataBroker, tenantId, MappingUtils.ACTION_ALLOW.getName());
196 neutronBuilder.setSecurityRules(new SecurityRulesBuilder()
197 .setSecurityRule(ImmutableList.of(secRule1, secRule2)).build());
199 ruleAware.onCreated(secRule2, neutronBuilder.build());
201 PolicyAssert.assertTenantExists(dataBroker, tenantId);
202 PolicyAssert.assertContractExists(dataBroker, tenantId, secRuleId1);
203 contract = ConfigDataStoreReader.readContract(dataBroker, tenantId, secRuleId1);
204 PolicyAssert.assertContract(contract.get(), secRule1);
205 PolicyAssert.assertContractCount(dataBroker, tenantId, 2);
206 PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId1);
207 epGroup1 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId1);
208 PolicyAssert.assertProviderNamedSelectors(epGroup1.get(), ImmutableSet.of(new ContractId(secRuleId1)));
209 PolicyAssert.assertConsumerNamedSelectors(epGroup1.get(), ImmutableSet.of(new ContractId(secRuleId2)));
211 PolicyAssert.assertContractExists(dataBroker, tenantId, secRuleId2);
212 contract = ConfigDataStoreReader.readContract(dataBroker, tenantId, secRuleId2);
213 PolicyAssert.assertContract(contract.get(), secRule2);
214 PolicyAssert.assertContractCount(dataBroker, tenantId, 2);
215 PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId2);
216 Optional<EndpointGroup> epGroup2 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId2);
217 PolicyAssert.assertProviderNamedSelectors(epGroup2.get(), ImmutableSet.of(new ContractId(secRuleId2)));
218 PolicyAssert.assertConsumerNamedSelectors(epGroup2.get(), ImmutableSet.of(new ContractId(secRuleId1)));
220 ruleAware.onDeleted(secRule2, neutronBuilder.build(), null);
222 PolicyAssert.assertTenantExists(dataBroker, tenantId);
223 PolicyAssert.assertContractExists(dataBroker, tenantId, secRuleId1);
224 contract = ConfigDataStoreReader.readContract(dataBroker, tenantId, secRuleId1);
225 PolicyAssert.assertContract(contract.get(), secRule1);
226 PolicyAssert.assertContractCount(dataBroker, tenantId, 1);
227 PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId1);
228 epGroup1 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId1);
229 PolicyAssert.assertProviderNamedSelectors(epGroup1.get(), ImmutableSet.of(new ContractId(secRuleId1)));
230 PolicyAssert.assertNoConsumerNamedSelectors(dataBroker, tenantId, secGroupId1);
232 PolicyAssert.assertContractNotExists(dataBroker, tenantId, secRuleId2);
233 PolicyAssert.assertContractCount(dataBroker, tenantId, 1);
234 PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId2);
235 epGroup2 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId2);
236 PolicyAssert.assertNoProviderNamedSelectors(dataBroker, tenantId, secGroupId2);
237 PolicyAssert.assertNoConsumerNamedSelectors(dataBroker, tenantId, secGroupId2);
239 PolicyAssert.assertClassifierInstanceExists(dataBroker, secRule1);
240 PolicyAssert.assertActionInstanceExists(dataBroker, tenantId, MappingUtils.ACTION_ALLOW.getName());
242 neutronBuilder.setSecurityRules(new SecurityRulesBuilder()
243 .setSecurityRule(ImmutableList.of(secRule1)).build());
245 ruleAware.onDeleted(secRule1, neutronBuilder.build(), null);
247 PolicyAssert.assertContractCount(dataBroker, tenantId, 0);
248 PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId1);
249 PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId2);
250 PolicyAssert.assertNoProviderNamedSelectors(dataBroker, tenantId, secGroupId1);
251 PolicyAssert.assertNoConsumerNamedSelectors(dataBroker, tenantId, secGroupId2);
253 PolicyAssert.assertClassifierInstanceNotExists(dataBroker, secRule1);
254 // TODO: Uncomment this when the life cycle of the Allow ActionInstance will be clarified.
255 // PolicyAssert.assertActionInstanceNotExists(dataBroker, tenantId,
256 // MappingUtils.ACTION_ALLOW.getName());
260 public final void testAddNeutronSecurityRule_rulesWithoutRemote() throws Exception {
261 String tenant = "ad4c6c25-2424-4ad3-97ee-f9691ce03645";
262 String goldSecGrp = "fe40e28f-ad6a-4a2d-b12a-47510876344a";
263 SecurityRule goldInIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
264 "166aedab-fdf5-4788-9e36-2b00b5f8722f", tenant, EthertypeV4.class, DirectionIngress.class, goldSecGrp,
266 SecurityRule goldOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
267 "dabfd4da-af89-45dd-85f8-181768c1b4c9", tenant, EthertypeV4.class, DirectionEgress.class, goldSecGrp,
269 String serverSecGrp = "71cf4fe5-b146-409e-8151-cd921298ce32";
270 SecurityRule serverOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
271 "8b9c48d3-44a8-46be-be35-6f3237d98071", tenant, EthertypeV4.class, DirectionEgress.class, serverSecGrp,
273 SecurityRule serverInIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
274 "adf7e558-de47-4f9e-a9b8-96e19db5d1ac", tenant, EthertypeV4.class, DirectionIngress.class, serverSecGrp,
276 DataBroker dataBroker = getDataBroker();
277 List<SecurityGroup> secGroups = new ArrayList<>();
278 secGroups.add(NeutronEntityFactory.securityGroup(goldSecGrp, tenant));
279 secGroups.add(NeutronEntityFactory.securityGroup(serverSecGrp, tenant));
280 Neutron neutron = new NeutronBuilder()
281 .setSecurityGroups(new SecurityGroupsBuilder().setSecurityGroup(secGroups).build())
282 .setSecurityRules(new SecurityRulesBuilder()
283 .setSecurityRule(ImmutableList.of(goldInIpv4, goldOutIpv4, serverOutIpv4, serverInIpv4)).build())
285 NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker);
286 ReadWriteTransaction rwTx = dataBroker.newReadWriteTransaction();
287 ruleAware.addNeutronSecurityRule(goldInIpv4, neutron, rwTx);
288 ruleAware.addNeutronSecurityRule(goldOutIpv4, neutron, rwTx);
289 ruleAware.addNeutronSecurityRule(serverOutIpv4, neutron, rwTx);
290 ruleAware.addNeutronSecurityRule(serverInIpv4, neutron, rwTx);
291 TenantId tenantId = new TenantId(tenant);
292 Optional<Contract> potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
293 IidFactory.contractIid(tenantId, new ContractId(goldInIpv4.getUuid().getValue()))).get();
294 assertTrue(potentialContract.isPresent());
295 Contract contract = potentialContract.get();
296 PolicyAssert.assertContract(contract, goldInIpv4);
297 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
298 IidFactory.contractIid(tenantId, new ContractId(goldOutIpv4.getUuid().getValue()))).get();
299 assertTrue(potentialContract.isPresent());
300 contract = potentialContract.get();
301 PolicyAssert.assertContract(contract, goldOutIpv4);
302 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
303 IidFactory.contractIid(tenantId, new ContractId(serverOutIpv4.getUuid().getValue()))).get();
304 assertTrue(potentialContract.isPresent());
305 contract = potentialContract.get();
306 PolicyAssert.assertContract(contract, serverOutIpv4);
307 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
308 IidFactory.contractIid(tenantId, new ContractId(serverInIpv4.getUuid().getValue()))).get();
309 assertTrue(potentialContract.isPresent());
310 contract = potentialContract.get();
311 PolicyAssert.assertContract(contract, serverInIpv4);
312 Optional<EndpointGroup> potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
313 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(goldSecGrp))).get();
314 assertTrue(potentialEpg.isPresent());
315 EndpointGroup epg = potentialEpg.get();
316 PolicyAssert.assertConsumerNamedSelectors(
318 ImmutableSet.of(new ContractId(goldInIpv4.getUuid().getValue()),
319 new ContractId(goldOutIpv4.getUuid().getValue()),
320 new ContractId(serverOutIpv4.getUuid().getValue()),
321 new ContractId(serverInIpv4.getUuid().getValue())));
322 potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
323 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(serverSecGrp))).get();
324 assertTrue(potentialEpg.isPresent());
325 PolicyAssert.assertConsumerNamedSelectors(
327 ImmutableSet.of(new ContractId(goldInIpv4.getUuid().getValue()),
328 new ContractId(goldOutIpv4.getUuid().getValue()),
329 new ContractId(serverOutIpv4.getUuid().getValue()),
330 new ContractId(serverInIpv4.getUuid().getValue())));
334 public final void testAddNeutronSecurityRule_asymmetricRulesWithoutRemote() throws Exception {
335 String tenant = "ad4c6c25-2424-4ad3-97ee-f9691ce03645";
336 String goldSecGrp = "fe40e28f-ad6a-4a2d-b12a-47510876344a";
337 SecurityRule goldInIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
338 "166aedab-fdf5-4788-9e36-2b00b5f8722f", tenant, EthertypeV4.class, DirectionIngress.class, goldSecGrp,
340 SecurityRule goldOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
341 "dabfd4da-af89-45dd-85f8-181768c1b4c9", tenant, EthertypeV4.class, DirectionEgress.class, goldSecGrp,
343 String serverSecGrp = "71cf4fe5-b146-409e-8151-cd921298ce32";
344 SecurityRule serverOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
345 "8b9c48d3-44a8-46be-be35-6f3237d98071", tenant, EthertypeV4.class, DirectionEgress.class, serverSecGrp,
347 SecurityRuleAttributes.Protocol protocolTcp = new SecurityRuleAttributes.Protocol(ProtocolTcp.class);
348 SecurityRule serverIn80TcpIpv4 = new SecurityRuleBuilder().setUuid(new Uuid("adf7e558-de47-4f9e-a9b8-96e19db5d1ac"))
349 .setTenantId(new Uuid(tenant))
350 .setEthertype(EthertypeV4.class)
351 .setProtocol(protocolTcp)
354 .setDirection(DirectionIngress.class)
355 .setSecurityGroupId(new Uuid(serverSecGrp))
357 DataBroker dataBroker = getDataBroker();
358 List<SecurityGroup> secGroups = new ArrayList<>();
359 secGroups.add(NeutronEntityFactory.securityGroup(goldSecGrp, tenant));
360 secGroups.add(NeutronEntityFactory.securityGroup(serverSecGrp, tenant));
361 Neutron neutron = new NeutronBuilder()
362 .setSecurityGroups(new SecurityGroupsBuilder().setSecurityGroup(secGroups).build())
363 .setSecurityRules(new SecurityRulesBuilder()
364 .setSecurityRule(ImmutableList.of(goldInIpv4, goldOutIpv4, serverOutIpv4, serverIn80TcpIpv4)).build())
366 NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker);
367 ReadWriteTransaction rwTx = dataBroker.newReadWriteTransaction();
368 ruleAware.addNeutronSecurityRule(goldInIpv4, neutron, rwTx);
369 ruleAware.addNeutronSecurityRule(goldOutIpv4, neutron, rwTx);
370 ruleAware.addNeutronSecurityRule(serverOutIpv4, neutron, rwTx);
371 ruleAware.addNeutronSecurityRule(serverIn80TcpIpv4, neutron, rwTx);
372 TenantId tenantId = new TenantId(tenant);
373 Optional<Contract> potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
374 IidFactory.contractIid(tenantId, new ContractId(goldInIpv4.getUuid().getValue()))).get();
375 assertTrue(potentialContract.isPresent());
376 Contract contract = potentialContract.get();
377 PolicyAssert.assertContract(contract, goldInIpv4);
378 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
379 IidFactory.contractIid(tenantId, new ContractId(goldOutIpv4.getUuid().getValue()))).get();
380 assertTrue(potentialContract.isPresent());
381 contract = potentialContract.get();
382 PolicyAssert.assertContract(contract, goldOutIpv4);
383 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
384 IidFactory.contractIid(tenantId, new ContractId(serverOutIpv4.getUuid().getValue()))).get();
385 assertTrue(potentialContract.isPresent());
386 contract = potentialContract.get();
387 PolicyAssert.assertContract(contract, serverOutIpv4);
388 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
389 IidFactory.contractIid(tenantId, new ContractId(serverIn80TcpIpv4.getUuid().getValue()))).get();
390 assertTrue(potentialContract.isPresent());
391 contract = potentialContract.get();
392 PolicyAssert.assertContract(contract, serverIn80TcpIpv4);
393 Optional<EndpointGroup> potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
394 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(goldSecGrp))).get();
395 assertTrue(potentialEpg.isPresent());
396 EndpointGroup epg = potentialEpg.get();
397 PolicyAssert.assertConsumerNamedSelectors(
399 ImmutableSet.of(new ContractId(goldInIpv4.getUuid().getValue()),
400 new ContractId(goldOutIpv4.getUuid().getValue()),
401 new ContractId(serverOutIpv4.getUuid().getValue()),
402 new ContractId(serverIn80TcpIpv4.getUuid().getValue())));
403 potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
404 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(serverSecGrp))).get();
405 assertTrue(potentialEpg.isPresent());
406 epg = potentialEpg.get();
407 PolicyAssert.assertConsumerNamedSelectors(
409 ImmutableSet.of(new ContractId(goldInIpv4.getUuid().getValue()),
410 new ContractId(serverIn80TcpIpv4.getUuid().getValue())));
414 public final void testAddNeutronSecurityRule_defaultSecGrp() throws Exception {
415 String tenant = "111aaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa";
416 String defaultSecGrp = "111fffff-ffff-ffff-ffff-ffffffffffff";
417 SecurityRule defaultInIpv4Default = NeutronEntityFactory.securityRuleWithEtherType(
418 "111ccccc-111c-cccc-cccc-cccccccccccc", tenant, EthertypeV4.class, DirectionIngress.class, defaultSecGrp,
420 SecurityRule defaultInIpv6Default = NeutronEntityFactory.securityRuleWithEtherType(
421 "222ccccc-111c-cccc-cccc-cccccccccccc", tenant, EthertypeV4.class, DirectionIngress.class, defaultSecGrp,
423 SecurityRule defaultOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
424 "333ccccc-111c-cccc-cccc-cccccccccccc", tenant, EthertypeV4.class, DirectionEgress.class, defaultSecGrp,
426 SecurityRule defaultOutIpv6 = NeutronEntityFactory.securityRuleWithEtherType(
427 "444ccccc-111c-cccc-cccc-cccccccccccc", tenant, EthertypeV4.class, DirectionEgress.class, defaultSecGrp,
429 DataBroker dataBroker = getDataBroker();
430 List<SecurityGroup> secGroups = new ArrayList<>();
431 secGroups.add(NeutronEntityFactory.securityGroup(defaultSecGrp, tenant));
432 Neutron neutron = new NeutronBuilder()
433 .setSecurityGroups(new SecurityGroupsBuilder().setSecurityGroup(secGroups).build()).build();
434 NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker);
435 ReadWriteTransaction rwTx = dataBroker.newReadWriteTransaction();
436 ruleAware.addNeutronSecurityRule(defaultInIpv4Default, neutron, rwTx);
437 ruleAware.addNeutronSecurityRule(defaultInIpv6Default, neutron, rwTx);
438 ruleAware.addNeutronSecurityRule(defaultOutIpv4, neutron, rwTx);
439 ruleAware.addNeutronSecurityRule(defaultOutIpv6, neutron, rwTx);
440 TenantId tenantId = new TenantId(tenant);
441 Optional<Contract> potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
442 IidFactory.contractIid(tenantId, new ContractId(defaultInIpv4Default.getUuid().getValue()))).get();
443 assertTrue(potentialContract.isPresent());
444 Contract contract = potentialContract.get();
445 PolicyAssert.assertContract(contract, defaultInIpv4Default);
446 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
447 IidFactory.contractIid(tenantId, new ContractId(defaultInIpv6Default.getUuid().getValue()))).get();
448 assertTrue(potentialContract.isPresent());
449 contract = potentialContract.get();
450 PolicyAssert.assertContract(contract, defaultInIpv6Default);
451 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
452 IidFactory.contractIid(tenantId, new ContractId(defaultOutIpv4.getUuid().getValue()))).get();
453 assertTrue(potentialContract.isPresent());
454 contract = potentialContract.get();
455 PolicyAssert.assertContract(contract, defaultOutIpv4);
456 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
457 IidFactory.contractIid(tenantId, new ContractId(defaultOutIpv6.getUuid().getValue()))).get();
458 assertTrue(potentialContract.isPresent());
459 contract = potentialContract.get();
460 PolicyAssert.assertContract(contract, defaultOutIpv6);
464 public void testConstructor_invalidArgument() throws Exception {
466 new NeutronSecurityRuleAware(null);
467 fail(NullPointerException.class.getName() + " expected");
468 } catch (NullPointerException ex) {