neutron-mapper/src/test/java/org/opendaylight/groupbasedpolicy/neutron/mapper/mapping/rule/NeutronSecurityRuleAwareDataStoreTest.java

   1 package org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.rule;
   2
   3 import static org.junit.Assert.assertTrue;
   4 import static org.junit.Assert.fail;
   5
   6 import org.junit.Test;
   7 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
   8 import org.opendaylight.controller.md.sal.binding.api.ReadWriteTransaction;
   9 import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
  10 import org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.group.SecGroupDao;
  11 import org.opendaylight.groupbasedpolicy.neutron.mapper.test.ConfigDataStoreReader;
  12 import org.opendaylight.groupbasedpolicy.neutron.mapper.test.GbpDataBrokerTest;
  13 import org.opendaylight.groupbasedpolicy.neutron.mapper.test.NeutronEntityFactory;
  14 import org.opendaylight.groupbasedpolicy.neutron.mapper.test.PolicyAssert;
  15 import org.opendaylight.groupbasedpolicy.neutron.mapper.util.MappingUtils;
  16 import org.opendaylight.groupbasedpolicy.neutron.mapper.util.NeutronUtils;
  17 import org.opendaylight.groupbasedpolicy.util.IidFactory;
  18 import org.opendaylight.neutron.spi.NeutronSecurityRule;
  19 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ContractId;
  20 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.EndpointGroupId;
  21 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.TenantId;
  22 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.Tenant;
  23 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.Contract;
  24 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.EndpointGroup;
  25
  26 import com.google.common.base.Optional;
  27 import com.google.common.collect.ImmutableSet;
  28
  29 /**
  30  * END 2 END TESTING - inputs are Neutron entities and expected outputs are GBP entities in
  31  * datastore
  32  */
  33
  34 public class NeutronSecurityRuleAwareDataStoreTest extends GbpDataBrokerTest {
  35
  36     @Test
  37     public final void testAddNeutronSecurityRule_rulesWithRemoteIpPrefix() throws Exception {
  38         String tenant = "ad4c6c25-2424-4ad3-97ee-f9691ce03645";
  39         String goldSecGrp = "fe40e28f-ad6a-4a2d-b12a-47510876344a";
  40         NeutronSecurityRule goldInIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
  41                 "166aedab-fdf5-4788-9e36-2b00b5f8722f", tenant, NeutronUtils.IPv4, NeutronUtils.INGRESS, goldSecGrp,
  42                 null);
  43         NeutronSecurityRule goldOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
  44                 "dabfd4da-af89-45dd-85f8-181768c1b4c9", tenant, NeutronUtils.IPv4, NeutronUtils.EGRESS, goldSecGrp,
  45                 null);
  46         String serverSecGrp = "71cf4fe5-b146-409e-8151-cd921298ce32";
  47         NeutronSecurityRule serverIn80Tcp10_1_1_0 = NeutronEntityFactory.securityRuleWithEtherType(
  48                 "9dbb533d-d9b2-4dc9-bae7-ee60c8df184d", tenant, NeutronUtils.IPv4, NeutronUtils.INGRESS, serverSecGrp,
  49                 null);
  50         serverIn80Tcp10_1_1_0.setSecurityRuleProtocol(NeutronUtils.TCP);
  51         serverIn80Tcp10_1_1_0.setSecurityRulePortMin(80);
  52         serverIn80Tcp10_1_1_0.setSecurityRulePortMax(80);
  53         serverIn80Tcp10_1_1_0.setSecurityRuleRemoteIpPrefix("10.1.1.0/24");
  54         NeutronSecurityRule serverInIp20_1_1_0 = NeutronEntityFactory.securityRuleWithEtherType(
  55                 "adf7e558-de47-4f9e-a9b8-96e19db5d1ac", tenant, NeutronUtils.IPv4, NeutronUtils.INGRESS, serverSecGrp,
  56                 null);
  57         serverInIp20_1_1_0.setSecurityRuleRemoteIpPrefix("20.1.1.0/24");
  58         NeutronSecurityRule serverOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
  59                 "8b9c48d3-44a8-46be-be35-6f3237d98071", tenant, NeutronUtils.IPv4, NeutronUtils.EGRESS, serverSecGrp,
  60                 null);
  61         DataBroker dataBroker = getDataBroker();
  62         SecRuleDao secRuleDao = new SecRuleDao();
  63         SecGroupDao secGroupDao = new SecGroupDao();
  64         secGroupDao.addSecGroup(NeutronEntityFactory.securityGroup(goldSecGrp, tenant));
  65         secGroupDao.addSecGroup(NeutronEntityFactory.securityGroup(serverSecGrp, tenant));
  66         NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker, secRuleDao, secGroupDao);
  67         ReadWriteTransaction rwTx = dataBroker.newReadWriteTransaction();
  68         ruleAware.addNeutronSecurityRule(goldInIpv4, rwTx);
  69         ruleAware.addNeutronSecurityRule(goldOutIpv4, rwTx);
  70         ruleAware.addNeutronSecurityRule(serverIn80Tcp10_1_1_0, rwTx);
  71         ruleAware.addNeutronSecurityRule(serverInIp20_1_1_0, rwTx);
  72         ruleAware.addNeutronSecurityRule(serverOutIpv4, rwTx);
  73         TenantId tenantId = new TenantId(tenant);
  74         Optional<Tenant> potentialTenant = rwTx.read(LogicalDatastoreType.CONFIGURATION, IidFactory.tenantIid(tenantId))
  75             .get();
  76         assertTrue(potentialTenant.isPresent());
  77         Optional<Contract> potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
  78                 IidFactory.contractIid(tenantId, new ContractId(goldInIpv4.getSecurityRuleUUID()))).get();
  79         assertTrue(potentialContract.isPresent());
  80         Contract contract = potentialContract.get();
  81         PolicyAssert.assertContract(contract, goldInIpv4);
  82         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
  83                 IidFactory.contractIid(tenantId, new ContractId(goldOutIpv4.getSecurityRuleUUID()))).get();
  84         assertTrue(potentialContract.isPresent());
  85         contract = potentialContract.get();
  86         PolicyAssert.assertContract(contract, goldOutIpv4);
  87         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
  88                 IidFactory.contractIid(tenantId, new ContractId(serverOutIpv4.getSecurityRuleUUID()))).get();
  89         assertTrue(potentialContract.isPresent());
  90         contract = potentialContract.get();
  91         PolicyAssert.assertContract(contract, serverOutIpv4);
  92         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
  93                 IidFactory.contractIid(tenantId, new ContractId(serverIn80Tcp10_1_1_0.getSecurityRuleUUID()))).get();
  94         assertTrue(potentialContract.isPresent());
  95         contract = potentialContract.get();
  96         PolicyAssert.assertContractWithEic(contract, serverIn80Tcp10_1_1_0);
  97         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
  98                 IidFactory.contractIid(tenantId, new ContractId(serverInIp20_1_1_0.getSecurityRuleUUID()))).get();
  99         assertTrue(potentialContract.isPresent());
 100         contract = potentialContract.get();
 101         PolicyAssert.assertContractWithEic(contract, serverInIp20_1_1_0);
 102         Optional<EndpointGroup> potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 103                 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(goldSecGrp))).get();
 104         assertTrue(potentialEpg.isPresent());
 105         EndpointGroup epg = potentialEpg.get();
 106         PolicyAssert.assertConsumerNamedSelectors(
 107                 epg,
 108                 ImmutableSet.of(new ContractId(goldInIpv4.getSecurityRuleUUID()),
 109                         new ContractId(goldOutIpv4.getSecurityRuleUUID()),
 110                         new ContractId(serverIn80Tcp10_1_1_0.getSecurityRuleUUID()),
 111                         new ContractId(serverInIp20_1_1_0.getSecurityRuleUUID()),
 112                         new ContractId(serverOutIpv4.getSecurityRuleUUID())));
 113         potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 114                 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(serverSecGrp))).get();
 115         assertTrue(potentialEpg.isPresent());
 116         epg = potentialEpg.get();
 117         PolicyAssert.assertConsumerNamedSelectors(epg, ImmutableSet.of(
 118                 new ContractId(serverIn80Tcp10_1_1_0.getSecurityRuleUUID()),
 119                 new ContractId(serverInIp20_1_1_0.getSecurityRuleUUID()),
 120                 new ContractId(goldInIpv4.getSecurityRuleUUID())));
 121     }
 122
 123     @Test
 124     public final void testAddAndDeleteNeutronSecurityRule() throws Exception {
 125         DataBroker dataBroker = getDataBroker();
 126         SecRuleDao secRuleDao = new SecRuleDao();
 127         SecGroupDao secGroupDao = new SecGroupDao();
 128         NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker, secRuleDao, secGroupDao);
 129
 130         final String tenantId = "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa";
 131         final String secGroupId1 = "bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb";
 132         final String secGroupId2 = "cccccccc-cccc-cccc-cccc-cccccccccccc";
 133         final String secRuleId1 = "dddddddd-dddd-dddd-dddd-dddddddddddd";
 134         final String secRuleId2 = "eeeeeeee-eeee-eeee-eeee-eeeeeeeeeeee";
 135
 136         NeutronSecurityRule secRule1 = NeutronEntityFactory.securityRuleWithEtherType(secRuleId1, tenantId,
 137                 NeutronUtils.IPv4, NeutronUtils.EGRESS, secGroupId1, secGroupId2);
 138         NeutronSecurityRule secRule2 = NeutronEntityFactory.securityRuleWithEtherType(secRuleId2, tenantId,
 139                 NeutronUtils.IPv4, NeutronUtils.INGRESS, secGroupId2, secGroupId1);
 140
 141         ruleAware.neutronSecurityRuleCreated(secRule1);
 142
 143         PolicyAssert.assertTenantExists(dataBroker, tenantId);
 144         PolicyAssert.assertContractExists(dataBroker, tenantId, secRuleId1);
 145         Optional<Contract> contract = ConfigDataStoreReader.readContract(dataBroker, tenantId, secRuleId1);
 146         PolicyAssert.assertContract(contract.get(), secRule1);
 147         PolicyAssert.assertContractCount(dataBroker, tenantId, 1);
 148         PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId1);
 149         Optional<EndpointGroup> epGroup1 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId1);
 150         PolicyAssert.assertProviderNamedSelectors(epGroup1.get(), ImmutableSet.of(new ContractId(secRuleId1)));
 151         PolicyAssert.assertNoConsumerNamedSelectors(dataBroker, tenantId, secGroupId1);
 152
 153         PolicyAssert.assertClassifierInstanceExists(dataBroker, secRule1);
 154         PolicyAssert.assertActionInstanceExists(dataBroker, tenantId, MappingUtils.ACTION_ALLOW.getName());
 155
 156         ruleAware.neutronSecurityRuleCreated(secRule2);
 157
 158         PolicyAssert.assertTenantExists(dataBroker, tenantId);
 159         PolicyAssert.assertContractExists(dataBroker, tenantId, secRuleId1);
 160         contract = ConfigDataStoreReader.readContract(dataBroker, tenantId, secRuleId1);
 161         PolicyAssert.assertContract(contract.get(), secRule1);
 162         PolicyAssert.assertContractCount(dataBroker, tenantId, 2);
 163         PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId1);
 164         epGroup1 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId1);
 165         PolicyAssert.assertProviderNamedSelectors(epGroup1.get(), ImmutableSet.of(new ContractId(secRuleId1)));
 166         PolicyAssert.assertConsumerNamedSelectors(epGroup1.get(), ImmutableSet.of(new ContractId(secRuleId2)));
 167
 168         PolicyAssert.assertContractExists(dataBroker, tenantId, secRuleId2);
 169         contract = ConfigDataStoreReader.readContract(dataBroker, tenantId, secRuleId2);
 170         PolicyAssert.assertContract(contract.get(), secRule2);
 171         PolicyAssert.assertContractCount(dataBroker, tenantId, 2);
 172         PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId2);
 173         Optional<EndpointGroup> epGroup2 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId2);
 174         PolicyAssert.assertProviderNamedSelectors(epGroup2.get(), ImmutableSet.of(new ContractId(secRuleId2)));
 175         PolicyAssert.assertConsumerNamedSelectors(epGroup2.get(), ImmutableSet.of(new ContractId(secRuleId1)));
 176
 177         ruleAware.neutronSecurityRuleDeleted(secRule2);
 178
 179         PolicyAssert.assertTenantExists(dataBroker, tenantId);
 180         PolicyAssert.assertContractExists(dataBroker, tenantId, secRuleId1);
 181         contract = ConfigDataStoreReader.readContract(dataBroker, tenantId, secRuleId1);
 182         PolicyAssert.assertContract(contract.get(), secRule1);
 183         PolicyAssert.assertContractCount(dataBroker, tenantId, 1);
 184         PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId1);
 185         epGroup1 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId1);
 186         PolicyAssert.assertProviderNamedSelectors(epGroup1.get(), ImmutableSet.of(new ContractId(secRuleId1)));
 187         PolicyAssert.assertNoConsumerNamedSelectors(dataBroker, tenantId, secGroupId1);
 188
 189         PolicyAssert.assertContractNotExists(dataBroker, tenantId, secRuleId2);
 190         PolicyAssert.assertContractCount(dataBroker, tenantId, 1);
 191         PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId2);
 192         epGroup2 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId2);
 193         PolicyAssert.assertNoProviderNamedSelectors(dataBroker, tenantId, secGroupId2);
 194         PolicyAssert.assertNoConsumerNamedSelectors(dataBroker, tenantId, secGroupId2);
 195
 196         PolicyAssert.assertClassifierInstanceExists(dataBroker, secRule1);
 197         PolicyAssert.assertActionInstanceExists(dataBroker, tenantId, MappingUtils.ACTION_ALLOW.getName());
 198
 199         ruleAware.neutronSecurityRuleDeleted(secRule1);
 200
 201         PolicyAssert.assertContractCount(dataBroker, tenantId, 0);
 202         PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId1);
 203         PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId2);
 204         PolicyAssert.assertNoProviderNamedSelectors(dataBroker, tenantId, secGroupId1);
 205         PolicyAssert.assertNoConsumerNamedSelectors(dataBroker, tenantId, secGroupId2);
 206
 207         PolicyAssert.assertClassifierInstanceNotExists(dataBroker, secRule1);
 208         // TODO: Uncomment this when the life cycle of the Allow ActionInstance will be clarified.
 209         // PolicyAssert.assertActionInstanceNotExists(dataBroker, tenantId,
 210         // MappingUtils.ACTION_ALLOW.getName());
 211     }
 212
 213     @Test
 214     public final void testAddNeutronSecurityRule_rulesWithoutRemote() throws Exception {
 215         String tenant = "ad4c6c25-2424-4ad3-97ee-f9691ce03645";
 216         String goldSecGrp = "fe40e28f-ad6a-4a2d-b12a-47510876344a";
 217         NeutronSecurityRule goldInIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
 218                 "166aedab-fdf5-4788-9e36-2b00b5f8722f", tenant, NeutronUtils.IPv4, NeutronUtils.INGRESS, goldSecGrp,
 219                 null);
 220         NeutronSecurityRule goldOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
 221                 "dabfd4da-af89-45dd-85f8-181768c1b4c9", tenant, NeutronUtils.IPv4, NeutronUtils.EGRESS, goldSecGrp,
 222                 null);
 223         String serverSecGrp = "71cf4fe5-b146-409e-8151-cd921298ce32";
 224         NeutronSecurityRule serverOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
 225                 "8b9c48d3-44a8-46be-be35-6f3237d98071", tenant, NeutronUtils.IPv4, NeutronUtils.EGRESS, serverSecGrp,
 226                 null);
 227         NeutronSecurityRule serverInIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
 228                 "adf7e558-de47-4f9e-a9b8-96e19db5d1ac", tenant, NeutronUtils.IPv4, NeutronUtils.INGRESS, serverSecGrp,
 229                 null);
 230         DataBroker dataBroker = getDataBroker();
 231         SecRuleDao secRuleDao = new SecRuleDao();
 232         SecGroupDao secGroupDao = new SecGroupDao();
 233         secGroupDao.addSecGroup(NeutronEntityFactory.securityGroup(goldSecGrp, tenant));
 234         secGroupDao.addSecGroup(NeutronEntityFactory.securityGroup(serverSecGrp, tenant));
 235         NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker, secRuleDao, secGroupDao);
 236         ReadWriteTransaction rwTx = dataBroker.newReadWriteTransaction();
 237         ruleAware.addNeutronSecurityRule(goldInIpv4, rwTx);
 238         ruleAware.addNeutronSecurityRule(goldOutIpv4, rwTx);
 239         ruleAware.addNeutronSecurityRule(serverOutIpv4, rwTx);
 240         ruleAware.addNeutronSecurityRule(serverInIpv4, rwTx);
 241         TenantId tenantId = new TenantId(tenant);
 242         Optional<Contract> potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 243                 IidFactory.contractIid(tenantId, new ContractId(goldInIpv4.getSecurityRuleUUID()))).get();
 244         assertTrue(potentialContract.isPresent());
 245         Contract contract = potentialContract.get();
 246         PolicyAssert.assertContract(contract, goldInIpv4);
 247         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 248                 IidFactory.contractIid(tenantId, new ContractId(goldOutIpv4.getSecurityRuleUUID()))).get();
 249         assertTrue(potentialContract.isPresent());
 250         contract = potentialContract.get();
 251         PolicyAssert.assertContract(contract, goldOutIpv4);
 252         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 253                 IidFactory.contractIid(tenantId, new ContractId(serverOutIpv4.getSecurityRuleUUID()))).get();
 254         assertTrue(potentialContract.isPresent());
 255         contract = potentialContract.get();
 256         PolicyAssert.assertContract(contract, serverOutIpv4);
 257         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 258                 IidFactory.contractIid(tenantId, new ContractId(serverInIpv4.getSecurityRuleUUID()))).get();
 259         assertTrue(potentialContract.isPresent());
 260         contract = potentialContract.get();
 261         PolicyAssert.assertContract(contract, serverInIpv4);
 262         Optional<EndpointGroup> potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 263                 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(goldSecGrp))).get();
 264         assertTrue(potentialEpg.isPresent());
 265         EndpointGroup epg = potentialEpg.get();
 266         PolicyAssert.assertConsumerNamedSelectors(
 267                 epg,
 268                 ImmutableSet.of(new ContractId(goldInIpv4.getSecurityRuleUUID()),
 269                         new ContractId(goldOutIpv4.getSecurityRuleUUID()),
 270                         new ContractId(serverOutIpv4.getSecurityRuleUUID()),
 271                         new ContractId(serverInIpv4.getSecurityRuleUUID())));
 272         potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 273                 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(serverSecGrp))).get();
 274         assertTrue(potentialEpg.isPresent());
 275         PolicyAssert.assertConsumerNamedSelectors(
 276                 epg,
 277                 ImmutableSet.of(new ContractId(goldInIpv4.getSecurityRuleUUID()),
 278                         new ContractId(goldOutIpv4.getSecurityRuleUUID()),
 279                         new ContractId(serverOutIpv4.getSecurityRuleUUID()),
 280                         new ContractId(serverInIpv4.getSecurityRuleUUID())));
 281     }
 282
 283     @Test
 284     public final void testAddNeutronSecurityRule_asymmetricRulesWithoutRemote() throws Exception {
 285         String tenant = "ad4c6c25-2424-4ad3-97ee-f9691ce03645";
 286         String goldSecGrp = "fe40e28f-ad6a-4a2d-b12a-47510876344a";
 287         NeutronSecurityRule goldInIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
 288                 "166aedab-fdf5-4788-9e36-2b00b5f8722f", tenant, NeutronUtils.IPv4, NeutronUtils.INGRESS, goldSecGrp,
 289                 null);
 290         NeutronSecurityRule goldOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
 291                 "dabfd4da-af89-45dd-85f8-181768c1b4c9", tenant, NeutronUtils.IPv4, NeutronUtils.EGRESS, goldSecGrp,
 292                 null);
 293         String serverSecGrp = "71cf4fe5-b146-409e-8151-cd921298ce32";
 294         NeutronSecurityRule serverOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
 295                 "8b9c48d3-44a8-46be-be35-6f3237d98071", tenant, NeutronUtils.IPv4, NeutronUtils.EGRESS, serverSecGrp,
 296                 null);
 297         NeutronSecurityRule serverIn80TcpIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
 298                 "adf7e558-de47-4f9e-a9b8-96e19db5d1ac", tenant, NeutronUtils.IPv4, NeutronUtils.INGRESS, serverSecGrp,
 299                 null);
 300         serverIn80TcpIpv4.setSecurityRuleProtocol(NeutronUtils.TCP);
 301         serverIn80TcpIpv4.setSecurityRulePortMin(80);
 302         serverIn80TcpIpv4.setSecurityRulePortMax(80);
 303         DataBroker dataBroker = getDataBroker();
 304         SecRuleDao secRuleDao = new SecRuleDao();
 305         SecGroupDao secGroupDao = new SecGroupDao();
 306         secGroupDao.addSecGroup(NeutronEntityFactory.securityGroup(goldSecGrp, tenant));
 307         secGroupDao.addSecGroup(NeutronEntityFactory.securityGroup(serverSecGrp, tenant));
 308         NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker, secRuleDao, secGroupDao);
 309         ReadWriteTransaction rwTx = dataBroker.newReadWriteTransaction();
 310         ruleAware.addNeutronSecurityRule(goldInIpv4, rwTx);
 311         ruleAware.addNeutronSecurityRule(goldOutIpv4, rwTx);
 312         ruleAware.addNeutronSecurityRule(serverOutIpv4, rwTx);
 313         ruleAware.addNeutronSecurityRule(serverIn80TcpIpv4, rwTx);
 314         TenantId tenantId = new TenantId(tenant);
 315         Optional<Contract> potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 316                 IidFactory.contractIid(tenantId, new ContractId(goldInIpv4.getSecurityRuleUUID()))).get();
 317         assertTrue(potentialContract.isPresent());
 318         Contract contract = potentialContract.get();
 319         PolicyAssert.assertContract(contract, goldInIpv4);
 320         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 321                 IidFactory.contractIid(tenantId, new ContractId(goldOutIpv4.getSecurityRuleUUID()))).get();
 322         assertTrue(potentialContract.isPresent());
 323         contract = potentialContract.get();
 324         PolicyAssert.assertContract(contract, goldOutIpv4);
 325         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 326                 IidFactory.contractIid(tenantId, new ContractId(serverOutIpv4.getSecurityRuleUUID()))).get();
 327         assertTrue(potentialContract.isPresent());
 328         contract = potentialContract.get();
 329         PolicyAssert.assertContract(contract, serverOutIpv4);
 330         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 331                 IidFactory.contractIid(tenantId, new ContractId(serverIn80TcpIpv4.getSecurityRuleUUID()))).get();
 332         assertTrue(potentialContract.isPresent());
 333         contract = potentialContract.get();
 334         PolicyAssert.assertContract(contract, serverIn80TcpIpv4);
 335         Optional<EndpointGroup> potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 336                 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(goldSecGrp))).get();
 337         assertTrue(potentialEpg.isPresent());
 338         EndpointGroup epg = potentialEpg.get();
 339         PolicyAssert.assertConsumerNamedSelectors(
 340                 epg,
 341                 ImmutableSet.of(new ContractId(goldInIpv4.getSecurityRuleUUID()),
 342                         new ContractId(goldOutIpv4.getSecurityRuleUUID()),
 343                         new ContractId(serverOutIpv4.getSecurityRuleUUID()),
 344                         new ContractId(serverIn80TcpIpv4.getSecurityRuleUUID())));
 345         potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 346                 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(serverSecGrp))).get();
 347         assertTrue(potentialEpg.isPresent());
 348         epg = potentialEpg.get();
 349         PolicyAssert.assertConsumerNamedSelectors(
 350                 epg,
 351                 ImmutableSet.of(new ContractId(goldInIpv4.getSecurityRuleUUID()),
 352                         new ContractId(serverIn80TcpIpv4.getSecurityRuleUUID())));
 353     }
 354
 355     @Test
 356     public final void testAddNeutronSecurityRule_defaultSecGrp() throws Exception {
 357         String tenant = "111aaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa";
 358         String defaultSecGrp = "111fffff-ffff-ffff-ffff-ffffffffffff";
 359         NeutronSecurityRule defaultInIpv4Default = NeutronEntityFactory.securityRuleWithEtherType(
 360                 "111ccccc-111c-cccc-cccc-cccccccccccc", tenant, NeutronUtils.IPv4, NeutronUtils.INGRESS, defaultSecGrp,
 361                 defaultSecGrp);
 362         NeutronSecurityRule defaultInIpv6Default = NeutronEntityFactory.securityRuleWithEtherType(
 363                 "222ccccc-111c-cccc-cccc-cccccccccccc", tenant, NeutronUtils.IPv6, NeutronUtils.INGRESS, defaultSecGrp,
 364                 defaultSecGrp);
 365         NeutronSecurityRule defaultOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
 366                 "333ccccc-111c-cccc-cccc-cccccccccccc", tenant, NeutronUtils.IPv4, NeutronUtils.EGRESS, defaultSecGrp,
 367                 null);
 368         NeutronSecurityRule defaultOutIpv6 = NeutronEntityFactory.securityRuleWithEtherType(
 369                 "444ccccc-111c-cccc-cccc-cccccccccccc", tenant, NeutronUtils.IPv6, NeutronUtils.EGRESS, defaultSecGrp,
 370                 null);
 371         DataBroker dataBroker = getDataBroker();
 372         SecRuleDao secRuleDao = new SecRuleDao();
 373         SecGroupDao secGroupDao = new SecGroupDao();
 374         secGroupDao.addSecGroup(NeutronEntityFactory.securityGroup(defaultSecGrp, tenant));
 375         NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker, secRuleDao, secGroupDao);
 376         ReadWriteTransaction rwTx = dataBroker.newReadWriteTransaction();
 377         ruleAware.addNeutronSecurityRule(defaultInIpv4Default, rwTx);
 378         ruleAware.addNeutronSecurityRule(defaultInIpv6Default, rwTx);
 379         ruleAware.addNeutronSecurityRule(defaultOutIpv4, rwTx);
 380         ruleAware.addNeutronSecurityRule(defaultOutIpv6, rwTx);
 381         TenantId tenantId = new TenantId(tenant);
 382         Optional<Contract> potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 383                 IidFactory.contractIid(tenantId, new ContractId(defaultInIpv4Default.getSecurityRuleUUID()))).get();
 384         assertTrue(potentialContract.isPresent());
 385         Contract contract = potentialContract.get();
 386         PolicyAssert.assertContract(contract, defaultInIpv4Default);
 387         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 388                 IidFactory.contractIid(tenantId, new ContractId(defaultInIpv6Default.getSecurityRuleUUID()))).get();
 389         assertTrue(potentialContract.isPresent());
 390         contract = potentialContract.get();
 391         PolicyAssert.assertContract(contract, defaultInIpv6Default);
 392         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 393                 IidFactory.contractIid(tenantId, new ContractId(defaultOutIpv4.getSecurityRuleUUID()))).get();
 394         assertTrue(potentialContract.isPresent());
 395         contract = potentialContract.get();
 396         PolicyAssert.assertContract(contract, defaultOutIpv4);
 397         potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
 398                 IidFactory.contractIid(tenantId, new ContractId(defaultOutIpv6.getSecurityRuleUUID()))).get();
 399         assertTrue(potentialContract.isPresent());
 400         contract = potentialContract.get();
 401         PolicyAssert.assertContract(contract, defaultOutIpv6);
 402     }
 403
 404     @Test
 405     public void testConstructor_invalidArgument() throws Exception {
 406         DataBroker dataBroker = getDataBroker();
 407         SecRuleDao secRuleDao = new SecRuleDao();
 408         SecGroupDao secGroupDao = new SecGroupDao();
 409         assertExceptionInConstructor(null, secRuleDao, secGroupDao);
 410         assertExceptionInConstructor(dataBroker, null, secGroupDao);
 411         assertExceptionInConstructor(dataBroker, secRuleDao, null);
 412         assertExceptionInConstructor(null, null, null);
 413     }
 414
 415     private void assertExceptionInConstructor(DataBroker dataBroker, SecRuleDao secRuleDao, SecGroupDao secGroupDao) {
 416         try {
 417             new NeutronSecurityRuleAware(dataBroker, secRuleDao, secGroupDao);
 418             fail(NullPointerException.class.getName() + " expected");
 419         } catch (NullPointerException ex) {
 420             // do nothing
 421         }
 422     }
 423 }