neutron-mapper/src/test/java/org/opendaylight/groupbasedpolicy/neutron/mapper/mapping/rule/NeutronSecurityRuleAwareDataStoreTest.java

   1 /*
   2  * Copyright (c) 2015 Cisco Systems, Inc. and others.  All rights reserved.
   3  *
   4  * This program and the accompanying materials are made available under the
   5  * terms of the Eclipse Public License v1.0 which accompanies this distribution,
   6  * and is available at http://www.eclipse.org/legal/epl-v10.html
   7  */
   8 package org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.rule;
   9
  10 import static org.junit.Assert.assertTrue;
  11 import static org.junit.Assert.fail;
  12
  13 import java.util.ArrayList;
  14 import java.util.List;
  15
  16 import org.junit.Test;
  17 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
  18 import org.opendaylight.controller.md.sal.binding.api.ReadWriteTransaction;
  19 import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
  20 import org.opendaylight.groupbasedpolicy.neutron.mapper.test.ConfigDataStoreReader;
  21 import org.opendaylight.groupbasedpolicy.neutron.mapper.test.NeutronMapperDataBrokerTest;
  22 import org.opendaylight.groupbasedpolicy.neutron.mapper.test.NeutronEntityFactory;
  23 import org.opendaylight.groupbasedpolicy.neutron.mapper.test.PolicyAssert;
  24 import org.opendaylight.groupbasedpolicy.neutron.mapper.util.MappingUtils;
  25 import org.opendaylight.groupbasedpolicy.util.IidFactory;
  26 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IpPrefix;
  27 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Ipv4Prefix;
  28 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.Uuid;
  29 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ContractId;
  30 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.EndpointGroupId;
  31 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.TenantId;
  32 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.Tenant;
  33 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.Contract;
  34 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.EndpointGroup;
  35 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.constants.rev150712.DirectionEgress;
  36 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.constants.rev150712.DirectionIngress;
  37 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.constants.rev150712.EthertypeV4;
  38 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.constants.rev150712.ProtocolTcp;
  39 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.rev150712.Neutron;
  40 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.rev150712.NeutronBuilder;
  41 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.secgroups.rev150712.SecurityRuleAttributes;
  42 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.secgroups.rev150712.security.groups.attributes.SecurityGroupsBuilder;
  43 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.secgroups.rev150712.security.groups.attributes.security.groups.SecurityGroup;
  44 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.secgroups.rev150712.security.rules.attributes.SecurityRulesBuilder;
  45 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.secgroups.rev150712.security.rules.attributes.security.rules.SecurityRule;
  46 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.secgroups.rev150712.security.rules.attributes.security.rules.SecurityRuleBuilder;
  47
  48 import com.google.common.base.Optional;
  49 import com.google.common.collect.ImmutableList;
  50 import com.google.common.collect.ImmutableSet;
  51
  52 /**
  53  * END 2 END TESTING - inputs are Neutron entities and expected outputs are GBP entities in
  54  * datastore
  55  */
  56
  57 public class NeutronSecurityRuleAwareDataStoreTest extends NeutronMapperDataBrokerTest {
  58
  59     @Test
  60     public final void testAddNeutronSecurityRule_rulesWithRemoteIpPrefix() throws Exception {
  61         String tenant = "ad4c6c25-2424-4ad3-97ee-f9691ce03645";
  62         String goldSecGrp = "fe40e28f-ad6a-4a2d-b12a-47510876344a";
  63         SecurityRule goldInIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
  64                 "166aedab-fdf5-4788-9e36-2b00b5f8722f", tenant, EthertypeV4.class, DirectionIngress.class, goldSecGrp,
  65                 null);
  66         SecurityRule goldOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
  67                 "dabfd4da-af89-45dd-85f8-181768c1b4c9", tenant, EthertypeV4.class, DirectionEgress.class, goldSecGrp,
  68                 null);
  69         String serverSecGrp = "71cf4fe5-b146-409e-8151-cd921298ce32";
  70         SecurityRuleAttributes.Protocol protocolTcp = new SecurityRuleAttributes.Protocol(ProtocolTcp.class);
  71         SecurityRule serverIn80Tcp10_1_1_0 = new SecurityRuleBuilder().setUuid(new Uuid("9dbb533d-d9b2-4dc9-bae7-ee60c8df184d"))
  72                 .setTenantId(new Uuid(tenant))
  73                 .setEthertype(EthertypeV4.class)
  74                 .setProtocol(protocolTcp)
  75                 .setPortRangeMin(80)
  76                 .setPortRangeMax(80)
  77                 .setDirection(DirectionIngress.class)
  78                 .setSecurityGroupId(new Uuid(serverSecGrp))
  79                 .setRemoteIpPrefix(new IpPrefix(new Ipv4Prefix("10.1.1.0/24")))
  80                 .build();
  81         SecurityRule serverInIp20_1_1_0 = new SecurityRuleBuilder().setUuid(new Uuid("adf7e558-de47-4f9e-a9b8-96e19db5d1ac"))
  82                 .setTenantId(new Uuid(tenant))
  83                 .setEthertype(EthertypeV4.class)
  84                 .setDirection(DirectionIngress.class)
  85                 .setSecurityGroupId(new Uuid(serverSecGrp))
  86                 .setRemoteIpPrefix(new IpPrefix(new Ipv4Prefix("20.1.1.0/24")))
  87                 .build();
  88         SecurityRule serverOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
  89                 "8b9c48d3-44a8-46be-be35-6f3237d98071", tenant, EthertypeV4.class, DirectionEgress.class, serverSecGrp,
  90                 null);
  91         DataBroker dataBroker = getDataBroker();
  92         List<SecurityGroup> secGroups = new ArrayList<>();
  93         secGroups.add(NeutronEntityFactory.securityGroup(goldSecGrp, tenant));
  94         secGroups.add(NeutronEntityFactory.securityGroup(serverSecGrp, tenant));
  95         Neutron neutron = new NeutronBuilder()
  96             .setSecurityGroups(new SecurityGroupsBuilder().setSecurityGroup(secGroups).build())
  97             .setSecurityRules(new SecurityRulesBuilder().setSecurityRule(
  98                     ImmutableList.of(goldInIpv4, goldOutIpv4, serverIn80Tcp10_1_1_0, serverInIp20_1_1_0, serverOutIpv4))
  99                 .build())
 100             .build();
 101         NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker);
 102         ReadWriteTransaction rwTx = dataBroker.newReadWriteTransaction();
 103         ruleAware.addNeutronSecurityRule(goldInIpv4, neutron, rwTx);
 104         ruleAware.addNeutronSecurityRule(goldOutIpv4, neutron, rwTx);
 105         ruleAware.addNeutronSecurityRule(serverIn80Tcp10_1_1_0, neutron, rwTx);
 106         ruleAware.addNeutronSecurityRule(serverInIp20_1_1_0, neutron, rwTx);
 107         ruleAware.addNeutronSecurityRule(serverOutIpv4, neutron, rwTx);
 108         TenantId tenantId = new TenantId(tenant);
 109         Optional<Tenant> potentialTenant = rwTx.read(LogicalDatastoreType.CONFIGURATION, IidFactory.tenantIid(tenantId))
 110             .get();
 111         assertTrue(potentialTenant.isPresent());
 112         Optional<Contract> potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 113                 IidFactory.contractIid(tenantId, new ContractId(goldInIpv4.getUuid().getValue()))).get();
 114         assertTrue(potentialContract.isPresent());
 115         Contract contract = potentialContract.get();
 116         PolicyAssert.assertContract(contract, goldInIpv4);
 117         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 118                 IidFactory.contractIid(tenantId, new ContractId(goldOutIpv4.getUuid().getValue()))).get();
 119         assertTrue(potentialContract.isPresent());
 120         contract = potentialContract.get();
 121         PolicyAssert.assertContract(contract, goldOutIpv4);
 122         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 123                 IidFactory.contractIid(tenantId, new ContractId(serverOutIpv4.getUuid().getValue()))).get();
 124         assertTrue(potentialContract.isPresent());
 125         contract = potentialContract.get();
 126         PolicyAssert.assertContract(contract, serverOutIpv4);
 127         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 128                 IidFactory.contractIid(tenantId, new ContractId(serverIn80Tcp10_1_1_0.getUuid().getValue()))).get();
 129         assertTrue(potentialContract.isPresent());
 130         contract = potentialContract.get();
 131         PolicyAssert.assertContractWithEic(contract, serverIn80Tcp10_1_1_0);
 132         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 133                 IidFactory.contractIid(tenantId, new ContractId(serverInIp20_1_1_0.getUuid().getValue()))).get();
 134         assertTrue(potentialContract.isPresent());
 135         contract = potentialContract.get();
 136         PolicyAssert.assertContractWithEic(contract, serverInIp20_1_1_0);
 137         Optional<EndpointGroup> potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 138                 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(goldSecGrp))).get();
 139         assertTrue(potentialEpg.isPresent());
 140         EndpointGroup epg = potentialEpg.get();
 141         PolicyAssert.assertConsumerNamedSelectors(
 142                 epg,
 143                 ImmutableSet.of(new ContractId(goldInIpv4.getUuid().getValue()),
 144                         new ContractId(goldOutIpv4.getUuid().getValue()),
 145                         new ContractId(serverIn80Tcp10_1_1_0.getUuid().getValue()),
 146                         new ContractId(serverInIp20_1_1_0.getUuid().getValue()),
 147                         new ContractId(serverOutIpv4.getUuid().getValue())));
 148         potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 149                 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(serverSecGrp))).get();
 150         assertTrue(potentialEpg.isPresent());
 151         epg = potentialEpg.get();
 152         PolicyAssert.assertConsumerNamedSelectors(epg, ImmutableSet.of(
 153                 new ContractId(serverIn80Tcp10_1_1_0.getUuid().getValue()),
 154                 new ContractId(serverInIp20_1_1_0.getUuid().getValue()),
 155                 new ContractId(goldInIpv4.getUuid().getValue())));
 156     }
 157
 158     @Test
 159     public final void testAddAndDeleteNeutronSecurityRule() throws Exception {
 160         DataBroker dataBroker = getDataBroker();
 161         NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker);
 162
 163         final String tenantId = "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa";
 164         final String secGroupId1 = "bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb";
 165         final String secGroupId2 = "cccccccc-cccc-cccc-cccc-cccccccccccc";
 166         final String secRuleId1 = "dddddddd-dddd-dddd-dddd-dddddddddddd";
 167         final String secRuleId2 = "eeeeeeee-eeee-eeee-eeee-eeeeeeeeeeee";
 168
 169         List<SecurityGroup> secGroups = new ArrayList<>();
 170         secGroups.add(NeutronEntityFactory.securityGroup(secGroupId1, tenantId));
 171         secGroups.add(NeutronEntityFactory.securityGroup(secGroupId2, tenantId));
 172         SecurityRule secRule1 = NeutronEntityFactory.securityRuleWithEtherType(secRuleId1, tenantId,
 173                 EthertypeV4.class, DirectionEgress.class, secGroupId1, secGroupId2);
 174         SecurityRule secRule2 = NeutronEntityFactory.securityRuleWithEtherType(secRuleId2, tenantId,
 175                 EthertypeV4.class, DirectionIngress.class, secGroupId2, secGroupId1);
 176         NeutronBuilder neutronBuilder = new NeutronBuilder()
 177             .setSecurityGroups(new SecurityGroupsBuilder().setSecurityGroup(secGroups).build())
 178             .setSecurityRules(new SecurityRulesBuilder()
 179                     .setSecurityRule(ImmutableList.of(secRule1)).build());
 180
 181         ruleAware.onCreated(secRule1, neutronBuilder.build());
 182
 183         PolicyAssert.assertTenantExists(dataBroker, tenantId);
 184         PolicyAssert.assertContractExists(dataBroker, tenantId, secRuleId1);
 185         Optional<Contract> contract = ConfigDataStoreReader.readContract(dataBroker, tenantId, secRuleId1);
 186         PolicyAssert.assertContract(contract.get(), secRule1);
 187         PolicyAssert.assertContractCount(dataBroker, tenantId, 1);
 188         PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId1);
 189         Optional<EndpointGroup> epGroup1 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId1);
 190         PolicyAssert.assertProviderNamedSelectors(epGroup1.get(), ImmutableSet.of(new ContractId(secRuleId1)));
 191         PolicyAssert.assertNoConsumerNamedSelectors(dataBroker, tenantId, secGroupId1);
 192
 193         PolicyAssert.assertClassifierInstanceExists(dataBroker, secRule1);
 194         PolicyAssert.assertActionInstanceExists(dataBroker, tenantId, MappingUtils.ACTION_ALLOW.getName());
 195
 196         neutronBuilder.setSecurityRules(new SecurityRulesBuilder()
 197                 .setSecurityRule(ImmutableList.of(secRule1, secRule2)).build());
 198
 199         ruleAware.onCreated(secRule2, neutronBuilder.build());
 200
 201         PolicyAssert.assertTenantExists(dataBroker, tenantId);
 202         PolicyAssert.assertContractExists(dataBroker, tenantId, secRuleId1);
 203         contract = ConfigDataStoreReader.readContract(dataBroker, tenantId, secRuleId1);
 204         PolicyAssert.assertContract(contract.get(), secRule1);
 205         PolicyAssert.assertContractCount(dataBroker, tenantId, 2);
 206         PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId1);
 207         epGroup1 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId1);
 208         PolicyAssert.assertProviderNamedSelectors(epGroup1.get(), ImmutableSet.of(new ContractId(secRuleId1)));
 209         PolicyAssert.assertConsumerNamedSelectors(epGroup1.get(), ImmutableSet.of(new ContractId(secRuleId2)));
 210
 211         PolicyAssert.assertContractExists(dataBroker, tenantId, secRuleId2);
 212         contract = ConfigDataStoreReader.readContract(dataBroker, tenantId, secRuleId2);
 213         PolicyAssert.assertContract(contract.get(), secRule2);
 214         PolicyAssert.assertContractCount(dataBroker, tenantId, 2);
 215         PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId2);
 216         Optional<EndpointGroup> epGroup2 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId2);
 217         PolicyAssert.assertProviderNamedSelectors(epGroup2.get(), ImmutableSet.of(new ContractId(secRuleId2)));
 218         PolicyAssert.assertConsumerNamedSelectors(epGroup2.get(), ImmutableSet.of(new ContractId(secRuleId1)));
 219
 220         ruleAware.onDeleted(secRule2, neutronBuilder.build(), null);
 221
 222         PolicyAssert.assertTenantExists(dataBroker, tenantId);
 223         PolicyAssert.assertContractExists(dataBroker, tenantId, secRuleId1);
 224         contract = ConfigDataStoreReader.readContract(dataBroker, tenantId, secRuleId1);
 225         PolicyAssert.assertContract(contract.get(), secRule1);
 226         PolicyAssert.assertContractCount(dataBroker, tenantId, 1);
 227         PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId1);
 228         epGroup1 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId1);
 229         PolicyAssert.assertProviderNamedSelectors(epGroup1.get(), ImmutableSet.of(new ContractId(secRuleId1)));
 230         PolicyAssert.assertNoConsumerNamedSelectors(dataBroker, tenantId, secGroupId1);
 231
 232         PolicyAssert.assertContractNotExists(dataBroker, tenantId, secRuleId2);
 233         PolicyAssert.assertContractCount(dataBroker, tenantId, 1);
 234         PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId2);
 235         epGroup2 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId2);
 236         PolicyAssert.assertNoProviderNamedSelectors(dataBroker, tenantId, secGroupId2);
 237         PolicyAssert.assertNoConsumerNamedSelectors(dataBroker, tenantId, secGroupId2);
 238
 239         PolicyAssert.assertClassifierInstanceExists(dataBroker, secRule1);
 240         PolicyAssert.assertActionInstanceExists(dataBroker, tenantId, MappingUtils.ACTION_ALLOW.getName());
 241
 242         neutronBuilder.setSecurityRules(new SecurityRulesBuilder()
 243                 .setSecurityRule(ImmutableList.of(secRule1)).build());
 244
 245         ruleAware.onDeleted(secRule1, neutronBuilder.build(), null);
 246
 247         PolicyAssert.assertContractCount(dataBroker, tenantId, 0);
 248         PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId1);
 249         PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId2);
 250         PolicyAssert.assertNoProviderNamedSelectors(dataBroker, tenantId, secGroupId1);
 251         PolicyAssert.assertNoConsumerNamedSelectors(dataBroker, tenantId, secGroupId2);
 252
 253         PolicyAssert.assertClassifierInstanceNotExists(dataBroker, secRule1);
 254         // TODO: Uncomment this when the life cycle of the Allow ActionInstance will be clarified.
 255         // PolicyAssert.assertActionInstanceNotExists(dataBroker, tenantId,
 256         // MappingUtils.ACTION_ALLOW.getName());
 257     }
 258
 259     @Test
 260     public final void testAddNeutronSecurityRule_rulesWithoutRemote() throws Exception {
 261         String tenant = "ad4c6c25-2424-4ad3-97ee-f9691ce03645";
 262         String goldSecGrp = "fe40e28f-ad6a-4a2d-b12a-47510876344a";
 263         SecurityRule goldInIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
 264                 "166aedab-fdf5-4788-9e36-2b00b5f8722f", tenant, EthertypeV4.class, DirectionIngress.class, goldSecGrp,
 265                 null);
 266         SecurityRule goldOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
 267                 "dabfd4da-af89-45dd-85f8-181768c1b4c9", tenant, EthertypeV4.class, DirectionEgress.class, goldSecGrp,
 268                 null);
 269         String serverSecGrp = "71cf4fe5-b146-409e-8151-cd921298ce32";
 270         SecurityRule serverOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
 271                 "8b9c48d3-44a8-46be-be35-6f3237d98071", tenant, EthertypeV4.class, DirectionEgress.class, serverSecGrp,
 272                 null);
 273         SecurityRule serverInIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
 274                 "adf7e558-de47-4f9e-a9b8-96e19db5d1ac", tenant, EthertypeV4.class, DirectionIngress.class, serverSecGrp,
 275                 null);
 276         DataBroker dataBroker = getDataBroker();
 277         List<SecurityGroup> secGroups = new ArrayList<>();
 278         secGroups.add(NeutronEntityFactory.securityGroup(goldSecGrp, tenant));
 279         secGroups.add(NeutronEntityFactory.securityGroup(serverSecGrp, tenant));
 280         Neutron neutron = new NeutronBuilder()
 281             .setSecurityGroups(new SecurityGroupsBuilder().setSecurityGroup(secGroups).build())
 282             .setSecurityRules(new SecurityRulesBuilder()
 283                     .setSecurityRule(ImmutableList.of(goldInIpv4, goldOutIpv4, serverOutIpv4, serverInIpv4)).build())
 284             .build();
 285         NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker);
 286         ReadWriteTransaction rwTx = dataBroker.newReadWriteTransaction();
 287         ruleAware.addNeutronSecurityRule(goldInIpv4, neutron, rwTx);
 288         ruleAware.addNeutronSecurityRule(goldOutIpv4, neutron, rwTx);
 289         ruleAware.addNeutronSecurityRule(serverOutIpv4, neutron, rwTx);
 290         ruleAware.addNeutronSecurityRule(serverInIpv4, neutron, rwTx);
 291         TenantId tenantId = new TenantId(tenant);
 292         Optional<Contract> potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 293                 IidFactory.contractIid(tenantId, new ContractId(goldInIpv4.getUuid().getValue()))).get();
 294         assertTrue(potentialContract.isPresent());
 295         Contract contract = potentialContract.get();
 296         PolicyAssert.assertContract(contract, goldInIpv4);
 297         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 298                 IidFactory.contractIid(tenantId, new ContractId(goldOutIpv4.getUuid().getValue()))).get();
 299         assertTrue(potentialContract.isPresent());
 300         contract = potentialContract.get();
 301         PolicyAssert.assertContract(contract, goldOutIpv4);
 302         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 303                 IidFactory.contractIid(tenantId, new ContractId(serverOutIpv4.getUuid().getValue()))).get();
 304         assertTrue(potentialContract.isPresent());
 305         contract = potentialContract.get();
 306         PolicyAssert.assertContract(contract, serverOutIpv4);
 307         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 308                 IidFactory.contractIid(tenantId, new ContractId(serverInIpv4.getUuid().getValue()))).get();
 309         assertTrue(potentialContract.isPresent());
 310         contract = potentialContract.get();
 311         PolicyAssert.assertContract(contract, serverInIpv4);
 312         Optional<EndpointGroup> potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 313                 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(goldSecGrp))).get();
 314         assertTrue(potentialEpg.isPresent());
 315         EndpointGroup epg = potentialEpg.get();
 316         PolicyAssert.assertConsumerNamedSelectors(
 317                 epg,
 318                 ImmutableSet.of(new ContractId(goldInIpv4.getUuid().getValue()),
 319                         new ContractId(goldOutIpv4.getUuid().getValue()),
 320                         new ContractId(serverOutIpv4.getUuid().getValue()),
 321                         new ContractId(serverInIpv4.getUuid().getValue())));
 322         potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 323                 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(serverSecGrp))).get();
 324         assertTrue(potentialEpg.isPresent());
 325         PolicyAssert.assertConsumerNamedSelectors(
 326                 epg,
 327                 ImmutableSet.of(new ContractId(goldInIpv4.getUuid().getValue()),
 328                         new ContractId(goldOutIpv4.getUuid().getValue()),
 329                         new ContractId(serverOutIpv4.getUuid().getValue()),
 330                         new ContractId(serverInIpv4.getUuid().getValue())));
 331     }
 332
 333     @Test
 334     public final void testAddNeutronSecurityRule_asymmetricRulesWithoutRemote() throws Exception {
 335         String tenant = "ad4c6c25-2424-4ad3-97ee-f9691ce03645";
 336         String goldSecGrp = "fe40e28f-ad6a-4a2d-b12a-47510876344a";
 337         SecurityRule goldInIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
 338                 "166aedab-fdf5-4788-9e36-2b00b5f8722f", tenant, EthertypeV4.class, DirectionIngress.class, goldSecGrp,
 339                 null);
 340         SecurityRule goldOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
 341                 "dabfd4da-af89-45dd-85f8-181768c1b4c9", tenant, EthertypeV4.class, DirectionEgress.class, goldSecGrp,
 342                 null);
 343         String serverSecGrp = "71cf4fe5-b146-409e-8151-cd921298ce32";
 344         SecurityRule serverOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
 345                 "8b9c48d3-44a8-46be-be35-6f3237d98071", tenant, EthertypeV4.class, DirectionEgress.class, serverSecGrp,
 346                 null);
 347         SecurityRuleAttributes.Protocol protocolTcp = new SecurityRuleAttributes.Protocol(ProtocolTcp.class);
 348         SecurityRule serverIn80TcpIpv4 = new SecurityRuleBuilder().setUuid(new Uuid("adf7e558-de47-4f9e-a9b8-96e19db5d1ac"))
 349                 .setTenantId(new Uuid(tenant))
 350                 .setEthertype(EthertypeV4.class)
 351                 .setProtocol(protocolTcp)
 352                 .setPortRangeMin(80)
 353                 .setPortRangeMax(80)
 354                 .setDirection(DirectionIngress.class)
 355                 .setSecurityGroupId(new Uuid(serverSecGrp))
 356                 .build();
 357         DataBroker dataBroker = getDataBroker();
 358         List<SecurityGroup> secGroups = new ArrayList<>();
 359         secGroups.add(NeutronEntityFactory.securityGroup(goldSecGrp, tenant));
 360         secGroups.add(NeutronEntityFactory.securityGroup(serverSecGrp, tenant));
 361         Neutron neutron = new NeutronBuilder()
 362             .setSecurityGroups(new SecurityGroupsBuilder().setSecurityGroup(secGroups).build())
 363             .setSecurityRules(new SecurityRulesBuilder()
 364                 .setSecurityRule(ImmutableList.of(goldInIpv4, goldOutIpv4, serverOutIpv4, serverIn80TcpIpv4)).build())
 365             .build();
 366         NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker);
 367         ReadWriteTransaction rwTx = dataBroker.newReadWriteTransaction();
 368         ruleAware.addNeutronSecurityRule(goldInIpv4, neutron, rwTx);
 369         ruleAware.addNeutronSecurityRule(goldOutIpv4, neutron, rwTx);
 370         ruleAware.addNeutronSecurityRule(serverOutIpv4, neutron, rwTx);
 371         ruleAware.addNeutronSecurityRule(serverIn80TcpIpv4, neutron, rwTx);
 372         TenantId tenantId = new TenantId(tenant);
 373         Optional<Contract> potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 374                 IidFactory.contractIid(tenantId, new ContractId(goldInIpv4.getUuid().getValue()))).get();
 375         assertTrue(potentialContract.isPresent());
 376         Contract contract = potentialContract.get();
 377         PolicyAssert.assertContract(contract, goldInIpv4);
 378         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 379                 IidFactory.contractIid(tenantId, new ContractId(goldOutIpv4.getUuid().getValue()))).get();
 380         assertTrue(potentialContract.isPresent());
 381         contract = potentialContract.get();
 382         PolicyAssert.assertContract(contract, goldOutIpv4);
 383         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 384                 IidFactory.contractIid(tenantId, new ContractId(serverOutIpv4.getUuid().getValue()))).get();
 385         assertTrue(potentialContract.isPresent());
 386         contract = potentialContract.get();
 387         PolicyAssert.assertContract(contract, serverOutIpv4);
 388         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 389                 IidFactory.contractIid(tenantId, new ContractId(serverIn80TcpIpv4.getUuid().getValue()))).get();
 390         assertTrue(potentialContract.isPresent());
 391         contract = potentialContract.get();
 392         PolicyAssert.assertContract(contract, serverIn80TcpIpv4);
 393         Optional<EndpointGroup> potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 394                 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(goldSecGrp))).get();
 395         assertTrue(potentialEpg.isPresent());
 396         EndpointGroup epg = potentialEpg.get();
 397         PolicyAssert.assertConsumerNamedSelectors(
 398                 epg,
 399                 ImmutableSet.of(new ContractId(goldInIpv4.getUuid().getValue()),
 400                         new ContractId(goldOutIpv4.getUuid().getValue()),
 401                         new ContractId(serverOutIpv4.getUuid().getValue()),
 402                         new ContractId(serverIn80TcpIpv4.getUuid().getValue())));
 403         potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 404                 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(serverSecGrp))).get();
 405         assertTrue(potentialEpg.isPresent());
 406         epg = potentialEpg.get();
 407         PolicyAssert.assertConsumerNamedSelectors(
 408                 epg,
 409                 ImmutableSet.of(new ContractId(goldInIpv4.getUuid().getValue()),
 410                         new ContractId(serverIn80TcpIpv4.getUuid().getValue())));
 411     }
 412
 413     @Test
 414     public final void testAddNeutronSecurityRule_defaultSecGrp() throws Exception {
 415         String tenant = "111aaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa";
 416         String defaultSecGrp = "111fffff-ffff-ffff-ffff-ffffffffffff";
 417         SecurityRule defaultInIpv4Default = NeutronEntityFactory.securityRuleWithEtherType(
 418                 "111ccccc-111c-cccc-cccc-cccccccccccc", tenant, EthertypeV4.class, DirectionIngress.class, defaultSecGrp,
 419                 defaultSecGrp);
 420         SecurityRule defaultInIpv6Default = NeutronEntityFactory.securityRuleWithEtherType(
 421                 "222ccccc-111c-cccc-cccc-cccccccccccc", tenant, EthertypeV4.class, DirectionIngress.class, defaultSecGrp,
 422                 defaultSecGrp);
 423         SecurityRule defaultOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
 424                 "333ccccc-111c-cccc-cccc-cccccccccccc", tenant, EthertypeV4.class, DirectionEgress.class, defaultSecGrp,
 425                 null);
 426         SecurityRule defaultOutIpv6 = NeutronEntityFactory.securityRuleWithEtherType(
 427                 "444ccccc-111c-cccc-cccc-cccccccccccc", tenant, EthertypeV4.class, DirectionEgress.class, defaultSecGrp,
 428                 null);
 429         DataBroker dataBroker = getDataBroker();
 430         List<SecurityGroup> secGroups = new ArrayList<>();
 431         secGroups.add(NeutronEntityFactory.securityGroup(defaultSecGrp, tenant));
 432         Neutron neutron = new NeutronBuilder()
 433             .setSecurityGroups(new SecurityGroupsBuilder().setSecurityGroup(secGroups).build()).build();
 434         NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker);
 435         ReadWriteTransaction rwTx = dataBroker.newReadWriteTransaction();
 436         ruleAware.addNeutronSecurityRule(defaultInIpv4Default, neutron, rwTx);
 437         ruleAware.addNeutronSecurityRule(defaultInIpv6Default, neutron, rwTx);
 438         ruleAware.addNeutronSecurityRule(defaultOutIpv4, neutron, rwTx);
 439         ruleAware.addNeutronSecurityRule(defaultOutIpv6, neutron, rwTx);
 440         TenantId tenantId = new TenantId(tenant);
 441         Optional<Contract> potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 442                 IidFactory.contractIid(tenantId, new ContractId(defaultInIpv4Default.getUuid().getValue()))).get();
 443         assertTrue(potentialContract.isPresent());
 444         Contract contract = potentialContract.get();
 445         PolicyAssert.assertContract(contract, defaultInIpv4Default);
 446         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 447                 IidFactory.contractIid(tenantId, new ContractId(defaultInIpv6Default.getUuid().getValue()))).get();
 448         assertTrue(potentialContract.isPresent());
 449         contract = potentialContract.get();
 450         PolicyAssert.assertContract(contract, defaultInIpv6Default);
 451         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 452                 IidFactory.contractIid(tenantId, new ContractId(defaultOutIpv4.getUuid().getValue()))).get();
 453         assertTrue(potentialContract.isPresent());
 454         contract = potentialContract.get();
 455         PolicyAssert.assertContract(contract, defaultOutIpv4);
 456         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 457                 IidFactory.contractIid(tenantId, new ContractId(defaultOutIpv6.getUuid().getValue()))).get();
 458         assertTrue(potentialContract.isPresent());
 459         contract = potentialContract.get();
 460         PolicyAssert.assertContract(contract, defaultOutIpv6);
 461     }
 462
 463     @Test
 464     public void testConstructor_invalidArgument() throws Exception {
 465         try {
 466             new NeutronSecurityRuleAware(null);
 467             fail(NullPointerException.class.getName() + " expected");
 468         } catch (NullPointerException ex) {
 469             // do nothing
 470         }
 471     }
 472
 473 }