1 package org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.rule;
3 import static org.junit.Assert.assertTrue;
4 import static org.junit.Assert.fail;
7 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
8 import org.opendaylight.controller.md.sal.binding.api.ReadWriteTransaction;
9 import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
10 import org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.group.SecGroupDao;
11 import org.opendaylight.groupbasedpolicy.neutron.mapper.test.ConfigDataStoreReader;
12 import org.opendaylight.groupbasedpolicy.neutron.mapper.test.GbpDataBrokerTest;
13 import org.opendaylight.groupbasedpolicy.neutron.mapper.test.NeutronEntityFactory;
14 import org.opendaylight.groupbasedpolicy.neutron.mapper.test.PolicyAssert;
15 import org.opendaylight.groupbasedpolicy.neutron.mapper.util.MappingUtils;
16 import org.opendaylight.groupbasedpolicy.neutron.mapper.util.NeutronUtils;
17 import org.opendaylight.groupbasedpolicy.util.IidFactory;
18 import org.opendaylight.neutron.spi.NeutronSecurityRule;
19 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ContractId;
20 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.EndpointGroupId;
21 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.TenantId;
22 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.Tenant;
23 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.Contract;
24 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.EndpointGroup;
26 import com.google.common.base.Optional;
27 import com.google.common.collect.ImmutableSet;
30 * END 2 END TESTING - inputs are Neutron entities and expected outputs are GBP entities in
34 public class NeutronSecurityRuleAwareDataStoreTest extends GbpDataBrokerTest {
37 public final void testAddNeutronSecurityRule_rulesWithRemoteIpPrefix() throws Exception {
38 String tenant = "ad4c6c25-2424-4ad3-97ee-f9691ce03645";
39 String goldSecGrp = "fe40e28f-ad6a-4a2d-b12a-47510876344a";
40 NeutronSecurityRule goldInIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
41 "166aedab-fdf5-4788-9e36-2b00b5f8722f", tenant, NeutronUtils.IPv4, NeutronUtils.INGRESS, goldSecGrp,
43 NeutronSecurityRule goldOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
44 "dabfd4da-af89-45dd-85f8-181768c1b4c9", tenant, NeutronUtils.IPv4, NeutronUtils.EGRESS, goldSecGrp,
46 String serverSecGrp = "71cf4fe5-b146-409e-8151-cd921298ce32";
47 NeutronSecurityRule serverIn80Tcp10_1_1_0 = NeutronEntityFactory.securityRuleWithEtherType(
48 "9dbb533d-d9b2-4dc9-bae7-ee60c8df184d", tenant, NeutronUtils.IPv4, NeutronUtils.INGRESS, serverSecGrp,
50 serverIn80Tcp10_1_1_0.setSecurityRuleProtocol(NeutronUtils.TCP);
51 serverIn80Tcp10_1_1_0.setSecurityRulePortMin(80);
52 serverIn80Tcp10_1_1_0.setSecurityRulePortMax(80);
53 serverIn80Tcp10_1_1_0.setSecurityRuleRemoteIpPrefix("10.1.1.0/24");
54 NeutronSecurityRule serverInIp20_1_1_0 = NeutronEntityFactory.securityRuleWithEtherType(
55 "adf7e558-de47-4f9e-a9b8-96e19db5d1ac", tenant, NeutronUtils.IPv4, NeutronUtils.INGRESS, serverSecGrp,
57 serverInIp20_1_1_0.setSecurityRuleRemoteIpPrefix("20.1.1.0/24");
58 NeutronSecurityRule serverOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
59 "8b9c48d3-44a8-46be-be35-6f3237d98071", tenant, NeutronUtils.IPv4, NeutronUtils.EGRESS, serverSecGrp,
61 DataBroker dataBroker = getDataBroker();
62 SecRuleDao secRuleDao = new SecRuleDao();
63 SecGroupDao secGroupDao = new SecGroupDao();
64 secGroupDao.addSecGroup(NeutronEntityFactory.securityGroup(goldSecGrp, tenant));
65 secGroupDao.addSecGroup(NeutronEntityFactory.securityGroup(serverSecGrp, tenant));
66 NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker, secRuleDao, secGroupDao);
67 ReadWriteTransaction rwTx = dataBroker.newReadWriteTransaction();
68 ruleAware.addNeutronSecurityRule(goldInIpv4, rwTx);
69 ruleAware.addNeutronSecurityRule(goldOutIpv4, rwTx);
70 ruleAware.addNeutronSecurityRule(serverIn80Tcp10_1_1_0, rwTx);
71 ruleAware.addNeutronSecurityRule(serverInIp20_1_1_0, rwTx);
72 ruleAware.addNeutronSecurityRule(serverOutIpv4, rwTx);
73 TenantId tenantId = new TenantId(tenant);
74 Optional<Tenant> potentialTenant = rwTx.read(LogicalDatastoreType.CONFIGURATION, IidFactory.tenantIid(tenantId))
76 assertTrue(potentialTenant.isPresent());
77 Optional<Contract> potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
78 IidFactory.contractIid(tenantId, new ContractId(goldInIpv4.getSecurityRuleUUID()))).get();
79 assertTrue(potentialContract.isPresent());
80 Contract contract = potentialContract.get();
81 PolicyAssert.assertContract(contract, goldInIpv4);
82 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
83 IidFactory.contractIid(tenantId, new ContractId(goldOutIpv4.getSecurityRuleUUID()))).get();
84 assertTrue(potentialContract.isPresent());
85 contract = potentialContract.get();
86 PolicyAssert.assertContract(contract, goldOutIpv4);
87 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
88 IidFactory.contractIid(tenantId, new ContractId(serverOutIpv4.getSecurityRuleUUID()))).get();
89 assertTrue(potentialContract.isPresent());
90 contract = potentialContract.get();
91 PolicyAssert.assertContract(contract, serverOutIpv4);
92 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
93 IidFactory.contractIid(tenantId, new ContractId(serverIn80Tcp10_1_1_0.getSecurityRuleUUID()))).get();
94 assertTrue(potentialContract.isPresent());
95 contract = potentialContract.get();
96 PolicyAssert.assertContractWithEic(contract, serverIn80Tcp10_1_1_0);
97 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
98 IidFactory.contractIid(tenantId, new ContractId(serverInIp20_1_1_0.getSecurityRuleUUID()))).get();
99 assertTrue(potentialContract.isPresent());
100 contract = potentialContract.get();
101 PolicyAssert.assertContractWithEic(contract, serverInIp20_1_1_0);
102 Optional<EndpointGroup> potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
103 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(goldSecGrp))).get();
104 assertTrue(potentialEpg.isPresent());
105 EndpointGroup epg = potentialEpg.get();
106 PolicyAssert.assertConsumerNamedSelectors(
108 ImmutableSet.of(new ContractId(goldInIpv4.getSecurityRuleUUID()),
109 new ContractId(goldOutIpv4.getSecurityRuleUUID()),
110 new ContractId(serverIn80Tcp10_1_1_0.getSecurityRuleUUID()),
111 new ContractId(serverInIp20_1_1_0.getSecurityRuleUUID()),
112 new ContractId(serverOutIpv4.getSecurityRuleUUID())));
113 potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
114 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(serverSecGrp))).get();
115 assertTrue(potentialEpg.isPresent());
116 epg = potentialEpg.get();
117 PolicyAssert.assertConsumerNamedSelectors(epg, ImmutableSet.of(
118 new ContractId(serverIn80Tcp10_1_1_0.getSecurityRuleUUID()),
119 new ContractId(serverInIp20_1_1_0.getSecurityRuleUUID()),
120 new ContractId(goldInIpv4.getSecurityRuleUUID())));
124 public final void testAddAndDeleteNeutronSecurityRule() throws Exception {
125 DataBroker dataBroker = getDataBroker();
126 SecRuleDao secRuleDao = new SecRuleDao();
127 SecGroupDao secGroupDao = new SecGroupDao();
128 NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker, secRuleDao, secGroupDao);
130 final String tenantId = "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa";
131 final String secGroupId1 = "bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb";
132 final String secGroupId2 = "cccccccc-cccc-cccc-cccc-cccccccccccc";
133 final String secRuleId1 = "dddddddd-dddd-dddd-dddd-dddddddddddd";
134 final String secRuleId2 = "eeeeeeee-eeee-eeee-eeee-eeeeeeeeeeee";
136 NeutronSecurityRule secRule1 = NeutronEntityFactory.securityRuleWithEtherType(secRuleId1, tenantId,
137 NeutronUtils.IPv4, NeutronUtils.EGRESS, secGroupId1, secGroupId2);
138 NeutronSecurityRule secRule2 = NeutronEntityFactory.securityRuleWithEtherType(secRuleId2, tenantId,
139 NeutronUtils.IPv4, NeutronUtils.INGRESS, secGroupId2, secGroupId1);
141 ruleAware.neutronSecurityRuleCreated(secRule1);
143 PolicyAssert.assertTenantExists(dataBroker, tenantId);
144 PolicyAssert.assertContractExists(dataBroker, tenantId, secRuleId1);
145 Optional<Contract> contract = ConfigDataStoreReader.readContract(dataBroker, tenantId, secRuleId1);
146 PolicyAssert.assertContract(contract.get(), secRule1);
147 PolicyAssert.assertContractCount(dataBroker, tenantId, 1);
148 PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId1);
149 Optional<EndpointGroup> epGroup1 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId1);
150 PolicyAssert.assertProviderNamedSelectors(epGroup1.get(), ImmutableSet.of(new ContractId(secRuleId1)));
151 PolicyAssert.assertNoConsumerNamedSelectors(dataBroker, tenantId, secGroupId1);
153 PolicyAssert.assertClassifierInstanceExists(dataBroker, secRule1);
154 PolicyAssert.assertActionInstanceExists(dataBroker, tenantId, MappingUtils.ACTION_ALLOW.getName());
156 ruleAware.neutronSecurityRuleCreated(secRule2);
158 PolicyAssert.assertTenantExists(dataBroker, tenantId);
159 PolicyAssert.assertContractExists(dataBroker, tenantId, secRuleId1);
160 contract = ConfigDataStoreReader.readContract(dataBroker, tenantId, secRuleId1);
161 PolicyAssert.assertContract(contract.get(), secRule1);
162 PolicyAssert.assertContractCount(dataBroker, tenantId, 2);
163 PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId1);
164 epGroup1 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId1);
165 PolicyAssert.assertProviderNamedSelectors(epGroup1.get(), ImmutableSet.of(new ContractId(secRuleId1)));
166 PolicyAssert.assertConsumerNamedSelectors(epGroup1.get(), ImmutableSet.of(new ContractId(secRuleId2)));
168 PolicyAssert.assertContractExists(dataBroker, tenantId, secRuleId2);
169 contract = ConfigDataStoreReader.readContract(dataBroker, tenantId, secRuleId2);
170 PolicyAssert.assertContract(contract.get(), secRule2);
171 PolicyAssert.assertContractCount(dataBroker, tenantId, 2);
172 PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId2);
173 Optional<EndpointGroup> epGroup2 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId2);
174 PolicyAssert.assertProviderNamedSelectors(epGroup2.get(), ImmutableSet.of(new ContractId(secRuleId2)));
175 PolicyAssert.assertConsumerNamedSelectors(epGroup2.get(), ImmutableSet.of(new ContractId(secRuleId1)));
177 ruleAware.neutronSecurityRuleDeleted(secRule2);
179 PolicyAssert.assertTenantExists(dataBroker, tenantId);
180 PolicyAssert.assertContractExists(dataBroker, tenantId, secRuleId1);
181 contract = ConfigDataStoreReader.readContract(dataBroker, tenantId, secRuleId1);
182 PolicyAssert.assertContract(contract.get(), secRule1);
183 PolicyAssert.assertContractCount(dataBroker, tenantId, 1);
184 PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId1);
185 epGroup1 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId1);
186 PolicyAssert.assertProviderNamedSelectors(epGroup1.get(), ImmutableSet.of(new ContractId(secRuleId1)));
187 PolicyAssert.assertNoConsumerNamedSelectors(dataBroker, tenantId, secGroupId1);
189 PolicyAssert.assertContractNotExists(dataBroker, tenantId, secRuleId2);
190 PolicyAssert.assertContractCount(dataBroker, tenantId, 1);
191 PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId2);
192 epGroup2 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId2);
193 PolicyAssert.assertNoProviderNamedSelectors(dataBroker, tenantId, secGroupId2);
194 PolicyAssert.assertNoConsumerNamedSelectors(dataBroker, tenantId, secGroupId2);
196 PolicyAssert.assertClassifierInstanceExists(dataBroker, secRule1);
197 PolicyAssert.assertActionInstanceExists(dataBroker, tenantId, MappingUtils.ACTION_ALLOW.getName());
199 ruleAware.neutronSecurityRuleDeleted(secRule1);
201 PolicyAssert.assertContractCount(dataBroker, tenantId, 0);
202 PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId1);
203 PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId2);
204 PolicyAssert.assertNoProviderNamedSelectors(dataBroker, tenantId, secGroupId1);
205 PolicyAssert.assertNoConsumerNamedSelectors(dataBroker, tenantId, secGroupId2);
207 PolicyAssert.assertClassifierInstanceNotExists(dataBroker, secRule1);
208 // TODO: Uncomment this when the life cycle of the Allow ActionInstance will be clarified.
209 // PolicyAssert.assertActionInstanceNotExists(dataBroker, tenantId,
210 // MappingUtils.ACTION_ALLOW.getName());
214 public final void testAddNeutronSecurityRule_rulesWithoutRemote() throws Exception {
215 String tenant = "ad4c6c25-2424-4ad3-97ee-f9691ce03645";
216 String goldSecGrp = "fe40e28f-ad6a-4a2d-b12a-47510876344a";
217 NeutronSecurityRule goldInIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
218 "166aedab-fdf5-4788-9e36-2b00b5f8722f", tenant, NeutronUtils.IPv4, NeutronUtils.INGRESS, goldSecGrp,
220 NeutronSecurityRule goldOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
221 "dabfd4da-af89-45dd-85f8-181768c1b4c9", tenant, NeutronUtils.IPv4, NeutronUtils.EGRESS, goldSecGrp,
223 String serverSecGrp = "71cf4fe5-b146-409e-8151-cd921298ce32";
224 NeutronSecurityRule serverOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
225 "8b9c48d3-44a8-46be-be35-6f3237d98071", tenant, NeutronUtils.IPv4, NeutronUtils.EGRESS, serverSecGrp,
227 NeutronSecurityRule serverInIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
228 "adf7e558-de47-4f9e-a9b8-96e19db5d1ac", tenant, NeutronUtils.IPv4, NeutronUtils.INGRESS, serverSecGrp,
230 DataBroker dataBroker = getDataBroker();
231 SecRuleDao secRuleDao = new SecRuleDao();
232 SecGroupDao secGroupDao = new SecGroupDao();
233 secGroupDao.addSecGroup(NeutronEntityFactory.securityGroup(goldSecGrp, tenant));
234 secGroupDao.addSecGroup(NeutronEntityFactory.securityGroup(serverSecGrp, tenant));
235 NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker, secRuleDao, secGroupDao);
236 ReadWriteTransaction rwTx = dataBroker.newReadWriteTransaction();
237 ruleAware.addNeutronSecurityRule(goldInIpv4, rwTx);
238 ruleAware.addNeutronSecurityRule(goldOutIpv4, rwTx);
239 ruleAware.addNeutronSecurityRule(serverOutIpv4, rwTx);
240 ruleAware.addNeutronSecurityRule(serverInIpv4, rwTx);
241 TenantId tenantId = new TenantId(tenant);
242 Optional<Contract> potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
243 IidFactory.contractIid(tenantId, new ContractId(goldInIpv4.getSecurityRuleUUID()))).get();
244 assertTrue(potentialContract.isPresent());
245 Contract contract = potentialContract.get();
246 PolicyAssert.assertContract(contract, goldInIpv4);
247 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
248 IidFactory.contractIid(tenantId, new ContractId(goldOutIpv4.getSecurityRuleUUID()))).get();
249 assertTrue(potentialContract.isPresent());
250 contract = potentialContract.get();
251 PolicyAssert.assertContract(contract, goldOutIpv4);
252 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
253 IidFactory.contractIid(tenantId, new ContractId(serverOutIpv4.getSecurityRuleUUID()))).get();
254 assertTrue(potentialContract.isPresent());
255 contract = potentialContract.get();
256 PolicyAssert.assertContract(contract, serverOutIpv4);
257 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
258 IidFactory.contractIid(tenantId, new ContractId(serverInIpv4.getSecurityRuleUUID()))).get();
259 assertTrue(potentialContract.isPresent());
260 contract = potentialContract.get();
261 PolicyAssert.assertContract(contract, serverInIpv4);
262 Optional<EndpointGroup> potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
263 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(goldSecGrp))).get();
264 assertTrue(potentialEpg.isPresent());
265 EndpointGroup epg = potentialEpg.get();
266 PolicyAssert.assertConsumerNamedSelectors(
268 ImmutableSet.of(new ContractId(goldInIpv4.getSecurityRuleUUID()),
269 new ContractId(goldOutIpv4.getSecurityRuleUUID()),
270 new ContractId(serverOutIpv4.getSecurityRuleUUID()),
271 new ContractId(serverInIpv4.getSecurityRuleUUID())));
272 potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
273 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(serverSecGrp))).get();
274 assertTrue(potentialEpg.isPresent());
275 PolicyAssert.assertConsumerNamedSelectors(
277 ImmutableSet.of(new ContractId(goldInIpv4.getSecurityRuleUUID()),
278 new ContractId(goldOutIpv4.getSecurityRuleUUID()),
279 new ContractId(serverOutIpv4.getSecurityRuleUUID()),
280 new ContractId(serverInIpv4.getSecurityRuleUUID())));
284 public final void testAddNeutronSecurityRule_asymmetricRulesWithoutRemote() throws Exception {
285 String tenant = "ad4c6c25-2424-4ad3-97ee-f9691ce03645";
286 String goldSecGrp = "fe40e28f-ad6a-4a2d-b12a-47510876344a";
287 NeutronSecurityRule goldInIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
288 "166aedab-fdf5-4788-9e36-2b00b5f8722f", tenant, NeutronUtils.IPv4, NeutronUtils.INGRESS, goldSecGrp,
290 NeutronSecurityRule goldOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
291 "dabfd4da-af89-45dd-85f8-181768c1b4c9", tenant, NeutronUtils.IPv4, NeutronUtils.EGRESS, goldSecGrp,
293 String serverSecGrp = "71cf4fe5-b146-409e-8151-cd921298ce32";
294 NeutronSecurityRule serverOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
295 "8b9c48d3-44a8-46be-be35-6f3237d98071", tenant, NeutronUtils.IPv4, NeutronUtils.EGRESS, serverSecGrp,
297 NeutronSecurityRule serverIn80TcpIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
298 "adf7e558-de47-4f9e-a9b8-96e19db5d1ac", tenant, NeutronUtils.IPv4, NeutronUtils.INGRESS, serverSecGrp,
300 serverIn80TcpIpv4.setSecurityRuleProtocol(NeutronUtils.TCP);
301 serverIn80TcpIpv4.setSecurityRulePortMin(80);
302 serverIn80TcpIpv4.setSecurityRulePortMax(80);
303 DataBroker dataBroker = getDataBroker();
304 SecRuleDao secRuleDao = new SecRuleDao();
305 SecGroupDao secGroupDao = new SecGroupDao();
306 secGroupDao.addSecGroup(NeutronEntityFactory.securityGroup(goldSecGrp, tenant));
307 secGroupDao.addSecGroup(NeutronEntityFactory.securityGroup(serverSecGrp, tenant));
308 NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker, secRuleDao, secGroupDao);
309 ReadWriteTransaction rwTx = dataBroker.newReadWriteTransaction();
310 ruleAware.addNeutronSecurityRule(goldInIpv4, rwTx);
311 ruleAware.addNeutronSecurityRule(goldOutIpv4, rwTx);
312 ruleAware.addNeutronSecurityRule(serverOutIpv4, rwTx);
313 ruleAware.addNeutronSecurityRule(serverIn80TcpIpv4, rwTx);
314 TenantId tenantId = new TenantId(tenant);
315 Optional<Contract> potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
316 IidFactory.contractIid(tenantId, new ContractId(goldInIpv4.getSecurityRuleUUID()))).get();
317 assertTrue(potentialContract.isPresent());
318 Contract contract = potentialContract.get();
319 PolicyAssert.assertContract(contract, goldInIpv4);
320 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
321 IidFactory.contractIid(tenantId, new ContractId(goldOutIpv4.getSecurityRuleUUID()))).get();
322 assertTrue(potentialContract.isPresent());
323 contract = potentialContract.get();
324 PolicyAssert.assertContract(contract, goldOutIpv4);
325 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
326 IidFactory.contractIid(tenantId, new ContractId(serverOutIpv4.getSecurityRuleUUID()))).get();
327 assertTrue(potentialContract.isPresent());
328 contract = potentialContract.get();
329 PolicyAssert.assertContract(contract, serverOutIpv4);
330 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
331 IidFactory.contractIid(tenantId, new ContractId(serverIn80TcpIpv4.getSecurityRuleUUID()))).get();
332 assertTrue(potentialContract.isPresent());
333 contract = potentialContract.get();
334 PolicyAssert.assertContract(contract, serverIn80TcpIpv4);
335 Optional<EndpointGroup> potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
336 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(goldSecGrp))).get();
337 assertTrue(potentialEpg.isPresent());
338 EndpointGroup epg = potentialEpg.get();
339 PolicyAssert.assertConsumerNamedSelectors(
341 ImmutableSet.of(new ContractId(goldInIpv4.getSecurityRuleUUID()),
342 new ContractId(goldOutIpv4.getSecurityRuleUUID()),
343 new ContractId(serverOutIpv4.getSecurityRuleUUID()),
344 new ContractId(serverIn80TcpIpv4.getSecurityRuleUUID())));
345 potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
346 IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(serverSecGrp))).get();
347 assertTrue(potentialEpg.isPresent());
348 epg = potentialEpg.get();
349 PolicyAssert.assertConsumerNamedSelectors(
351 ImmutableSet.of(new ContractId(goldInIpv4.getSecurityRuleUUID()),
352 new ContractId(serverIn80TcpIpv4.getSecurityRuleUUID())));
356 public final void testAddNeutronSecurityRule_defaultSecGrp() throws Exception {
357 String tenant = "111aaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa";
358 String defaultSecGrp = "111fffff-ffff-ffff-ffff-ffffffffffff";
359 NeutronSecurityRule defaultInIpv4Default = NeutronEntityFactory.securityRuleWithEtherType(
360 "111ccccc-111c-cccc-cccc-cccccccccccc", tenant, NeutronUtils.IPv4, NeutronUtils.INGRESS, defaultSecGrp,
362 NeutronSecurityRule defaultInIpv6Default = NeutronEntityFactory.securityRuleWithEtherType(
363 "222ccccc-111c-cccc-cccc-cccccccccccc", tenant, NeutronUtils.IPv6, NeutronUtils.INGRESS, defaultSecGrp,
365 NeutronSecurityRule defaultOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
366 "333ccccc-111c-cccc-cccc-cccccccccccc", tenant, NeutronUtils.IPv4, NeutronUtils.EGRESS, defaultSecGrp,
368 NeutronSecurityRule defaultOutIpv6 = NeutronEntityFactory.securityRuleWithEtherType(
369 "444ccccc-111c-cccc-cccc-cccccccccccc", tenant, NeutronUtils.IPv6, NeutronUtils.EGRESS, defaultSecGrp,
371 DataBroker dataBroker = getDataBroker();
372 SecRuleDao secRuleDao = new SecRuleDao();
373 SecGroupDao secGroupDao = new SecGroupDao();
374 secGroupDao.addSecGroup(NeutronEntityFactory.securityGroup(defaultSecGrp, tenant));
375 NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker, secRuleDao, secGroupDao);
376 ReadWriteTransaction rwTx = dataBroker.newReadWriteTransaction();
377 ruleAware.addNeutronSecurityRule(defaultInIpv4Default, rwTx);
378 ruleAware.addNeutronSecurityRule(defaultInIpv6Default, rwTx);
379 ruleAware.addNeutronSecurityRule(defaultOutIpv4, rwTx);
380 ruleAware.addNeutronSecurityRule(defaultOutIpv6, rwTx);
381 TenantId tenantId = new TenantId(tenant);
382 Optional<Contract> potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
383 IidFactory.contractIid(tenantId, new ContractId(defaultInIpv4Default.getSecurityRuleUUID()))).get();
384 assertTrue(potentialContract.isPresent());
385 Contract contract = potentialContract.get();
386 PolicyAssert.assertContract(contract, defaultInIpv4Default);
387 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
388 IidFactory.contractIid(tenantId, new ContractId(defaultInIpv6Default.getSecurityRuleUUID()))).get();
389 assertTrue(potentialContract.isPresent());
390 contract = potentialContract.get();
391 PolicyAssert.assertContract(contract, defaultInIpv6Default);
392 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
393 IidFactory.contractIid(tenantId, new ContractId(defaultOutIpv4.getSecurityRuleUUID()))).get();
394 assertTrue(potentialContract.isPresent());
395 contract = potentialContract.get();
396 PolicyAssert.assertContract(contract, defaultOutIpv4);
397 potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
398 IidFactory.contractIid(tenantId, new ContractId(defaultOutIpv6.getSecurityRuleUUID()))).get();
399 assertTrue(potentialContract.isPresent());
400 contract = potentialContract.get();
401 PolicyAssert.assertContract(contract, defaultOutIpv6);
405 public void testConstructor_invalidArgument() throws Exception {
406 DataBroker dataBroker = getDataBroker();
407 SecRuleDao secRuleDao = new SecRuleDao();
408 SecGroupDao secGroupDao = new SecGroupDao();
409 assertExceptionInConstructor(null, secRuleDao, secGroupDao);
410 assertExceptionInConstructor(dataBroker, null, secGroupDao);
411 assertExceptionInConstructor(dataBroker, secRuleDao, null);
412 assertExceptionInConstructor(null, null, null);
415 private void assertExceptionInConstructor(DataBroker dataBroker, SecRuleDao secRuleDao, SecGroupDao secGroupDao) {
417 new NeutronSecurityRuleAware(dataBroker, secRuleDao, secGroupDao);
418 fail(NullPointerException.class.getName() + " expected");
419 } catch (NullPointerException ex) {