private final NeutronSecurityRuleAware secRuleAware;
private final SecGroupDao secGroupDao;
- public NeutronSecurityGroupAware(DataBroker dataProvider, NeutronSecurityRuleAware secRuleAware, SecGroupDao secGroupDao) {
+ public NeutronSecurityGroupAware(DataBroker dataProvider, NeutronSecurityRuleAware secRuleAware,
+ SecGroupDao secGroupDao) {
this.dataProvider = checkNotNull(dataProvider);
this.secRuleAware = checkNotNull(secRuleAware);
this.secGroupDao = checkNotNull(secGroupDao);
try {
providerEpgBuilder.setName(new Name(secGroup.getSecurityGroupName()));
} catch (Exception e) {
- LOG.info("Name '{}' of Neutron Security-group '{}' is ignored.",
- secGroup.getSecurityGroupName(), secGroup.getSecurityGroupUUID());
+ LOG.info("Name '{}' of Neutron Security-group '{}' is ignored.", secGroup.getSecurityGroupName(),
+ secGroup.getSecurityGroupUUID());
LOG.debug("Name exception", e);
}
}
public static void addEpgIfMissing(TenantId tenantId, EndpointGroupId epgId, ReadWriteTransaction rwTx) {
InstanceIdentifier<EndpointGroup> epgIid = IidFactory.endpointGroupIid(tenantId, epgId);
- Optional<EndpointGroup> potentialConsumerEpg =
- DataStoreHelper.readFromDs(LogicalDatastoreType.CONFIGURATION, epgIid, rwTx);
+ Optional<EndpointGroup> potentialConsumerEpg = DataStoreHelper.readFromDs(LogicalDatastoreType.CONFIGURATION,
+ epgIid, rwTx);
if (!potentialConsumerEpg.isPresent()) {
EndpointGroup epg = new EndpointGroupBuilder().setId(epgId)
- .setDescription(new Description(MappingUtils.NEUTRON_GROUP
- + "EPG was created just based on remote group ID from a security rule."))
+ .setDescription(
+ new Description(MappingUtils.NEUTRON_GROUP
+ + "EPG was created just based on remote group ID from a security rule."))
+ .setIntraGroupPolicy(IntraGroupPolicy.RequireContract)
.build();
rwTx.put(LogicalDatastoreType.CONFIGURATION, epgIid, epg);
}
ReadWriteTransaction rwTx = dataProvider.newReadWriteTransaction();
List<NeutronSecurityRule> secRules = secGroup.getSecurityRules();
if (secRules != null) {
- boolean areSecRulesAdded = deleteNeutronSecurityRules(secRules, rwTx);
- if (!areSecRulesAdded) {
+ boolean areSecRulesDeleted = deleteNeutronSecurityRules(secRules, rwTx);
+ if (!areSecRulesDeleted) {
rwTx.cancel();
return;
}
}
+
TenantId tenantId = new TenantId(Utils.normalizeUuid(secGroup.getSecurityGroupTenantID()));
EndpointGroupId epgId = new EndpointGroupId(secGroup.getSecurityGroupUUID());
secGroupDao.removeSecGroup(epgId);
+
Optional<EndpointGroup> potentialEpg = DataStoreHelper.removeIfExists(LogicalDatastoreType.CONFIGURATION,
IidFactory.endpointGroupIid(tenantId, epgId), rwTx);
if (!potentialEpg.isPresent()) {
secRulesWithoutRemote = ImmutableList.copyOf(tmpSecRulesWithoutRemote);
}
}
-
}
EndpointGroupId providerEpgId = SecRuleEntityDecoder.getProviderEpgId(secRule);
secRuleDao.addSecRule(secRule);
- Description contractDescription =
- new Description(CONTRACT_PROVIDER + secGroupDao.getNameOrIdOfSecGroup(providerEpgId));
+ Description contractDescription = new Description(CONTRACT_PROVIDER
+ + secGroupDao.getNameOrIdOfSecGroup(providerEpgId));
SingleRuleContract singleRuleContract = createSingleRuleContract(secRule, contractDescription);
Contract contract = singleRuleContract.getContract();
- rwTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.contractIid(tenantId, contract.getId()), contract,
- true);
+ rwTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.contractIid(tenantId, contract.getId()), contract, true);
SelectorName providerSelector = getSelectorNameWithConsumer(secRule);
writeProviderNamedSelectorToEpg(providerSelector, contract.getId(), new EgKey(tenantId, providerEpgId), rwTx);
ProviderNamedSelector providerNamedSelector = new ProviderNamedSelectorBuilder().setName(providerSelector)
.setContract(ImmutableList.of(contractId))
.build();
- wTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.providerNamedSelectorIid(epgKey.getTenantId(),
- epgKey.getEgId(), providerNamedSelector.getName()), providerNamedSelector, true);
+ wTx.put(LogicalDatastoreType.CONFIGURATION,
+ IidFactory.providerNamedSelectorIid(epgKey.getTenantId(), epgKey.getEgId(),
+ providerNamedSelector.getName()), providerNamedSelector, true);
}
private void writeConsumerNamedSelectorToEpg(SelectorName consumerSelector, ContractId contractId, EgKey epgKey,
ConsumerNamedSelector consumerNamedSelector = new ConsumerNamedSelectorBuilder().setName(consumerSelector)
.setContract(ImmutableList.of(contractId))
.build();
- wTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.consumerNamedSelectorIid(epgKey.getTenantId(),
- epgKey.getEgId(), consumerNamedSelector.getName()), consumerNamedSelector, true);
+ wTx.put(LogicalDatastoreType.CONFIGURATION,
+ IidFactory.consumerNamedSelectorIid(epgKey.getTenantId(), epgKey.getEgId(),
+ consumerNamedSelector.getName()), consumerNamedSelector, true);
}
@VisibleForTesting
void createClassifierInstanceIfNotExists(TenantId tenantId, ClassifierInstance classifierInstance,
WriteTransaction wTx) {
- InstanceIdentifier<ClassifierInstance> classifierInstanceIid =
- IidFactory.classifierInstanceIid(tenantId, classifierInstance.getName());
+ InstanceIdentifier<ClassifierInstance> classifierInstanceIid = IidFactory.classifierInstanceIid(tenantId,
+ classifierInstance.getName());
if (!createdClassifierInstances.contains(classifierInstanceIid)) {
wTx.put(LogicalDatastoreType.CONFIGURATION, classifierInstanceIid, classifierInstance, true);
}
@VisibleForTesting
void createAllowActionInstanceIfNotExists(TenantId tenantId, ReadWriteTransaction rwTx) {
- InstanceIdentifier<ActionInstance> actionInstanceIid =
- IidFactory.actionInstanceIid(tenantId, MappingUtils.ACTION_ALLOW.getName());
+ InstanceIdentifier<ActionInstance> actionInstanceIid = IidFactory.actionInstanceIid(tenantId,
+ MappingUtils.ACTION_ALLOW.getName());
if (!createdActionInstances.contains(actionInstanceIid)) {
rwTx.put(LogicalDatastoreType.CONFIGURATION, actionInstanceIid, MappingUtils.ACTION_ALLOW, true);
}
@Override
public int canUpdateNeutronSecurityRule(NeutronSecurityRule delta, NeutronSecurityRule original) {
- LOG.warn(
- "canUpdateNeutronSecurityRule - Never should be called "
- + "- neutron API does not allow UPDATE on neutron security group rule. \nDelta: {} \nOriginal: {}",
+ LOG.warn("canUpdateNeutronSecurityRule - Never should be called "
+ + "- neutron API does not allow UPDATE on neutron security group rule. \nDelta: {} \nOriginal: {}",
delta, original);
return StatusCode.BAD_REQUEST;
}
@Override
public void neutronSecurityRuleUpdated(NeutronSecurityRule securityRule) {
- LOG.warn(
- "neutronSecurityRuleUpdated - Never should be called "
- + "- neutron API does not allow UPDATE on neutron security group rule. \nSecurity group rule: {}",
+ LOG.warn("neutronSecurityRuleUpdated - Never should be called "
+ + "- neutron API does not allow UPDATE on neutron security group rule. \nSecurity group rule: {}",
securityRule);
}
Set<NeutronSecurityRule> provSecRules = getProvidedSecRulesBetween(provEpgId, consEpgId);
Set<NeutronSecurityRule> consSecRules = getProvidedSecRulesBetween(consEpgId, provEpgId);
for (NeutronSecurityRule provSecRule : provSecRules) {
- if (isProvidersSecRuleSuitableForConsumersSecRulesAndGoodToRemove(provSecRule, consSecRules,
- removedSecRule)) {
+ if (isProvidersSecRuleSuitableForConsumersSecRulesAndGoodToRemove(provSecRule, consSecRules, removedSecRule)) {
SelectorName consumerSelector = getSelectorNameWithProvider(provSecRule);
deleteConsumerNamedSelector(consumerSelector, new EgKey(tenantId, consEpgId), rwTx);
}
return one.getSecurityRuleUUID().equals(two.getSecurityRuleUUID());
}
- private void deleteProviderNamedSelectorFromEpg(SelectorName providerSelector, EgKey epgKey, WriteTransaction wTx) {
- InstanceIdentifier<ProviderNamedSelector> providerSelectorIid =
- IidFactory.providerNamedSelectorIid(epgKey.getTenantId(), epgKey.getEgId(), providerSelector);
- wTx.delete(LogicalDatastoreType.CONFIGURATION, providerSelectorIid);
+ private void deleteProviderNamedSelectorFromEpg(SelectorName providerSelector, EgKey providerEpgKey,
+ ReadWriteTransaction rwTx) {
+ InstanceIdentifier<ProviderNamedSelector> providerSelectorIid = IidFactory.providerNamedSelectorIid(
+ providerEpgKey.getTenantId(), providerEpgKey.getEgId(), providerSelector);
+ DataStoreHelper.removeIfExists(LogicalDatastoreType.CONFIGURATION, providerSelectorIid, rwTx);
}
private void deleteConsumerNamedSelector(SelectorName consumerSelector, EgKey consumerEpgKey,
- WriteTransaction wTx) {
- InstanceIdentifier<ConsumerNamedSelector> consumerSelectorIid = IidFactory
- .consumerNamedSelectorIid(consumerEpgKey.getTenantId(), consumerEpgKey.getEgId(), consumerSelector);
- wTx.delete(LogicalDatastoreType.CONFIGURATION, consumerSelectorIid);
+ ReadWriteTransaction rwTx) {
+ InstanceIdentifier<ConsumerNamedSelector> consumerSelectorIid = IidFactory.consumerNamedSelectorIid(
+ consumerEpgKey.getTenantId(), consumerEpgKey.getEgId(), consumerSelector);
+ DataStoreHelper.removeIfExists(LogicalDatastoreType.CONFIGURATION, consumerSelectorIid, rwTx);
}
private void deleteClassifierInstanceIfNotUsed(TenantId tenantId, ClassifierInstance classifierInstance,
ReadWriteTransaction rwTx) {
- InstanceIdentifier<ClassifierInstance> classifierInstanceIid =
- IidFactory.classifierInstanceIid(tenantId, classifierInstance.getName());
+ InstanceIdentifier<ClassifierInstance> classifierInstanceIid = IidFactory.classifierInstanceIid(tenantId,
+ classifierInstance.getName());
createdClassifierInstances.remove(classifierInstanceIid);
if (!createdClassifierInstances.contains(classifierInstanceIid)) {
DataStoreHelper.removeIfExists(LogicalDatastoreType.CONFIGURATION, classifierInstanceIid, rwTx);
@VisibleForTesting
void deleteAllowActionInstanceIfNotUsed(TenantId tenantId, ReadWriteTransaction rwTx) {
- InstanceIdentifier<ActionInstance> actionInstanceIid =
- IidFactory.actionInstanceIid(tenantId, MappingUtils.ACTION_ALLOW.getName());
+ InstanceIdentifier<ActionInstance> actionInstanceIid = IidFactory.actionInstanceIid(tenantId,
+ MappingUtils.ACTION_ALLOW.getName());
createdActionInstances.remove(actionInstanceIid);
if (!createdActionInstances.contains(actionInstanceIid)) {
DataStoreHelper.removeIfExists(LogicalDatastoreType.CONFIGURATION, actionInstanceIid, rwTx);
@VisibleForTesting
static boolean isOneGroupIdWithinTwoRemoteGroupId(NeutronSecurityRule one, NeutronSecurityRule two) {
- return (Strings.isNullOrEmpty(two.getSecurityRemoteGroupID())
- || two.getSecurityRemoteGroupID().equals(one.getSecurityRuleGroupID()));
+ return (Strings.isNullOrEmpty(two.getSecurityRemoteGroupID()) || two.getSecurityRemoteGroupID().equals(
+ one.getSecurityRuleGroupID()));
}
}
--- /dev/null
+package org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.group;
+
+import static org.junit.Assert.fail;
+
+import org.junit.Test;
+import org.opendaylight.controller.md.sal.binding.api.DataBroker;
+import org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.rule.NeutronSecurityRuleAware;
+import org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.rule.SecRuleDao;
+import org.opendaylight.groupbasedpolicy.neutron.mapper.test.ConfigDataStoreReader;
+import org.opendaylight.groupbasedpolicy.neutron.mapper.test.GbpDataBrokerTest;
+import org.opendaylight.groupbasedpolicy.neutron.mapper.test.NeutronEntityFactory;
+import org.opendaylight.groupbasedpolicy.neutron.mapper.test.PolicyAssert;
+import org.opendaylight.groupbasedpolicy.neutron.mapper.util.MappingUtils;
+import org.opendaylight.groupbasedpolicy.neutron.mapper.util.NeutronUtils;
+import org.opendaylight.neutron.spi.NeutronSecurityGroup;
+import org.opendaylight.neutron.spi.NeutronSecurityRule;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ContractId;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.Contract;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.EndpointGroup;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.EndpointGroup.IntraGroupPolicy;
+
+import com.google.common.base.Optional;
+import com.google.common.collect.ImmutableList;
+import com.google.common.collect.ImmutableSet;
+
+public class NeutronSecurityGroupAwareDataStoreTest extends GbpDataBrokerTest {
+
+ @Test
+ public void testAddAndDeleteNeutronSecurityGroup_noSecurityRules() throws Exception {
+ DataBroker dataBroker = getDataBroker();
+ SecRuleDao secRuleDao = new SecRuleDao();
+ SecGroupDao secGroupDao = new SecGroupDao();
+ NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker, secRuleDao, secGroupDao);
+ NeutronSecurityGroupAware groupAware = new NeutronSecurityGroupAware(dataBroker, ruleAware, secGroupDao);
+
+ final String tenantId = "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa";
+ final String secGroupId1 = "bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb";
+ final String secGroupId2 = "cccccccc-cccc-cccc-cccc-cccccccccccc";
+
+ NeutronSecurityGroup secGroup1 = NeutronEntityFactory.securityGroup(secGroupId1, tenantId);
+ NeutronSecurityGroup secGroup2 = NeutronEntityFactory.securityGroup(secGroupId2, tenantId);
+
+ groupAware.neutronSecurityGroupCreated(secGroup1);
+
+ PolicyAssert.assertTenantExists(dataBroker, tenantId);
+ PolicyAssert.assertContractCount(dataBroker, tenantId, 0);
+ PolicyAssert.assertEndpointGroupCount(dataBroker, tenantId, 1);
+ PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId1);
+ PolicyAssert.assertNoProviderNamedSelectors(dataBroker, tenantId, secGroupId1);
+ PolicyAssert.assertNoConsumerNamedSelectors(dataBroker, tenantId, secGroupId1);
+ PolicyAssert.assertIntraGroupPolicy(dataBroker, tenantId, secGroupId1, IntraGroupPolicy.RequireContract);
+
+ groupAware.neutronSecurityGroupDeleted(secGroup1);
+
+ PolicyAssert.assertTenantExists(dataBroker, tenantId);
+ PolicyAssert.assertContractCount(dataBroker, tenantId, 0);
+ PolicyAssert.assertEndpointGroupCount(dataBroker, tenantId, 0);
+
+ groupAware.neutronSecurityGroupCreated(secGroup1);
+ groupAware.neutronSecurityGroupCreated(secGroup2);
+
+ PolicyAssert.assertTenantExists(dataBroker, tenantId);
+ PolicyAssert.assertContractCount(dataBroker, tenantId, 0);
+ PolicyAssert.assertEndpointGroupCount(dataBroker, tenantId, 2);
+ PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId1);
+ PolicyAssert.assertNoProviderNamedSelectors(dataBroker, tenantId, secGroupId1);
+ PolicyAssert.assertNoConsumerNamedSelectors(dataBroker, tenantId, secGroupId1);
+ PolicyAssert.assertIntraGroupPolicy(dataBroker, tenantId, secGroupId1, IntraGroupPolicy.RequireContract);
+ PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId2);
+ PolicyAssert.assertNoProviderNamedSelectors(dataBroker, tenantId, secGroupId2);
+ PolicyAssert.assertNoConsumerNamedSelectors(dataBroker, tenantId, secGroupId2);
+ PolicyAssert.assertIntraGroupPolicy(dataBroker, tenantId, secGroupId2, IntraGroupPolicy.RequireContract);
+
+ groupAware.neutronSecurityGroupDeleted(secGroup2);
+
+ PolicyAssert.assertTenantExists(dataBroker, tenantId);
+ PolicyAssert.assertContractCount(dataBroker, tenantId, 0);
+ PolicyAssert.assertEndpointGroupCount(dataBroker, tenantId, 1);
+ PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId1);
+ PolicyAssert.assertNoProviderNamedSelectors(dataBroker, tenantId, secGroupId1);
+ PolicyAssert.assertNoConsumerNamedSelectors(dataBroker, tenantId, secGroupId1);
+
+ groupAware.neutronSecurityGroupDeleted(secGroup1);
+
+ PolicyAssert.assertTenantExists(dataBroker, tenantId);
+ PolicyAssert.assertContractCount(dataBroker, tenantId, 0);
+ PolicyAssert.assertEndpointGroupCount(dataBroker, tenantId, 0);
+ }
+
+ @Test
+ public void testAddAndDeleteNeutronSecurityGroup_withSecurityRules() throws Exception {
+ DataBroker dataBroker = getDataBroker();
+ SecRuleDao secRuleDao = new SecRuleDao();
+ SecGroupDao secGroupDao = new SecGroupDao();
+ NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker, secRuleDao, secGroupDao);
+ NeutronSecurityGroupAware groupAware = new NeutronSecurityGroupAware(dataBroker, ruleAware, secGroupDao);
+
+ final String tenantId = "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa";
+ final String secGroupId1 = "bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb";
+ final String secGroupId2 = "cccccccc-cccc-cccc-cccc-cccccccccccc";
+ final String secRuleId1 = "dddddddd-dddd-dddd-dddd-dddddddddddd";
+ final String secRuleId2 = "eeeeeeee-eeee-eeee-eeee-eeeeeeeeeeee";
+
+ NeutronSecurityRule secRule1 = NeutronEntityFactory.securityRuleWithEtherType(secRuleId1, tenantId,
+ NeutronUtils.IPv4, NeutronUtils.EGRESS, secGroupId1, null);
+
+ NeutronSecurityRule secRule2 = NeutronEntityFactory.securityRuleWithEtherType(secRuleId2, tenantId,
+ NeutronUtils.IPv4, NeutronUtils.INGRESS, secGroupId2, secGroupId1);
+
+ NeutronSecurityGroup secGroup1 = NeutronEntityFactory.securityGroup(secGroupId1, tenantId,
+ ImmutableList.of(secRule1));
+
+ NeutronSecurityGroup secGroup2 = NeutronEntityFactory.securityGroup(secGroupId2, tenantId,
+ ImmutableList.of(secRule2));
+
+ groupAware.neutronSecurityGroupCreated(secGroup1);
+
+ PolicyAssert.assertTenantExists(dataBroker, tenantId);
+ PolicyAssert.assertContractExists(dataBroker, tenantId, secRuleId1);
+ Optional<Contract> contract = ConfigDataStoreReader.readContract(dataBroker, tenantId, secRuleId1);
+ PolicyAssert.assertContract(contract.get(), secRule1);
+ PolicyAssert.assertContractCount(dataBroker, tenantId, 1);
+ PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId1);
+ Optional<EndpointGroup> epGroup1 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId1);
+ PolicyAssert.assertProviderNamedSelectors(epGroup1.get(), ImmutableSet.of(new ContractId(secRuleId1)));
+ PolicyAssert.assertNoConsumerNamedSelectors(dataBroker, tenantId, secGroupId1);
+ PolicyAssert.assertIntraGroupPolicy(dataBroker, tenantId, secGroupId1, IntraGroupPolicy.RequireContract);
+ PolicyAssert.assertEndpointGroupCount(dataBroker, tenantId, 1);
+
+ PolicyAssert.assertClassifierInstanceExists(dataBroker, secRule1);
+ PolicyAssert.assertActionInstanceExists(dataBroker, tenantId, MappingUtils.ACTION_ALLOW.getName());
+
+ groupAware.neutronSecurityGroupDeleted(secGroup1);
+
+ PolicyAssert.assertTenantExists(dataBroker, tenantId);
+ PolicyAssert.assertContractCount(dataBroker, tenantId, 0);
+ PolicyAssert.assertEndpointGroupCount(dataBroker, tenantId, 0);
+
+ PolicyAssert.assertClassifierInstanceNotExists(dataBroker, secRule1);
+ // TODO: Uncomment this when the life cycle of the Allow ActionInstance will be clarified.
+ // PolicyAssert.assertActionInstanceNotExists(dataBroker, tenantId, MappingUtils.ACTION_ALLOW.getName());
+
+ groupAware.neutronSecurityGroupCreated(secGroup1);
+ groupAware.neutronSecurityGroupCreated(secGroup2);
+
+ PolicyAssert.assertTenantExists(dataBroker, tenantId);
+ PolicyAssert.assertContractExists(dataBroker, tenantId, secRuleId1);
+ contract = ConfigDataStoreReader.readContract(dataBroker, tenantId, secRuleId1);
+ PolicyAssert.assertContract(contract.get(), secRule1);
+ contract = ConfigDataStoreReader.readContract(dataBroker, tenantId, secRuleId2);
+ PolicyAssert.assertContract(contract.get(), secRule2);
+ PolicyAssert.assertContractCount(dataBroker, tenantId, 2);
+ PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId1);
+ epGroup1 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId1);
+ PolicyAssert.assertProviderNamedSelectors(epGroup1.get(), ImmutableSet.of(new ContractId(secRuleId1)));
+ PolicyAssert.assertConsumerNamedSelectors(epGroup1.get(), ImmutableSet.of(new ContractId(secRuleId2)));
+ PolicyAssert.assertIntraGroupPolicy(dataBroker, tenantId, secGroupId1, IntraGroupPolicy.RequireContract);
+ PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId2);
+ Optional<EndpointGroup> epGroup2 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId2);
+ PolicyAssert.assertProviderNamedSelectors(epGroup2.get(), ImmutableSet.of(new ContractId(secRuleId2)));
+ PolicyAssert.assertConsumerNamedSelectors(epGroup2.get(), ImmutableSet.of(new ContractId(secRuleId1)));
+ PolicyAssert.assertIntraGroupPolicy(dataBroker, tenantId, secGroupId2, IntraGroupPolicy.RequireContract);
+ PolicyAssert.assertEndpointGroupCount(dataBroker, tenantId, 2);
+ PolicyAssert.assertClassifierInstanceExists(dataBroker, secRule1);
+ PolicyAssert.assertActionInstanceExists(dataBroker, tenantId, MappingUtils.ACTION_ALLOW.getName());
+
+ groupAware.neutronSecurityGroupDeleted(secGroup2);
+
+ PolicyAssert.assertTenantExists(dataBroker, tenantId);
+ PolicyAssert.assertContractExists(dataBroker, tenantId, secRuleId1);
+ contract = ConfigDataStoreReader.readContract(dataBroker, tenantId, secRuleId1);
+ PolicyAssert.assertContract(contract.get(), secRule1);
+ PolicyAssert.assertContractCount(dataBroker, tenantId, 1);
+ PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId1);
+ epGroup1 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId1);
+ PolicyAssert.assertProviderNamedSelectors(epGroup1.get(), ImmutableSet.of(new ContractId(secRuleId1)));
+ PolicyAssert.assertNoConsumerNamedSelectors(dataBroker, tenantId, secGroupId1);
+ PolicyAssert.assertIntraGroupPolicy(dataBroker, tenantId, secGroupId1, IntraGroupPolicy.RequireContract);
+ PolicyAssert.assertEndpointGroupCount(dataBroker, tenantId, 1);
+
+ PolicyAssert.assertClassifierInstanceExists(dataBroker, secRule1);
+ PolicyAssert.assertActionInstanceExists(dataBroker, tenantId, MappingUtils.ACTION_ALLOW.getName());
+
+ groupAware.neutronSecurityGroupDeleted(secGroup1);
+
+ PolicyAssert.assertTenantExists(dataBroker, tenantId);
+ PolicyAssert.assertContractCount(dataBroker, tenantId, 0);
+ PolicyAssert.assertEndpointGroupCount(dataBroker, tenantId, 0);
+
+ PolicyAssert.assertClassifierInstanceNotExists(dataBroker, secRule1);
+ // TODO: Uncomment this when the life cycle of the Allow ActionInstance will be clarified.
+ // PolicyAssert.assertActionInstanceNotExists(dataBroker, tenantId, MappingUtils.ACTION_ALLOW.getName());
+ }
+
+ @Test
+ public void testConstructor_invalidArgument() throws Exception {
+ DataBroker dataBroker = getDataBroker();
+ SecRuleDao secRuleDao = new SecRuleDao();
+ SecGroupDao secGroupDao = new SecGroupDao();
+ NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker, secRuleDao, secGroupDao);
+ assertExceptionInConstructor(null, ruleAware, secGroupDao);
+ assertExceptionInConstructor(dataBroker, null, secGroupDao);
+ assertExceptionInConstructor(dataBroker, ruleAware, null);
+ assertExceptionInConstructor(null, null, null);
+ }
+
+ private void assertExceptionInConstructor(DataBroker dataBroker, NeutronSecurityRuleAware secRuleAware,
+ SecGroupDao secGroupDao) {
+ try {
+ new NeutronSecurityGroupAware(dataBroker, secRuleAware, secGroupDao);
+ fail(NullPointerException.class.getName() + " expected");
+ } catch (NullPointerException ex) {
+ // do nothing
+ }
+ }
+}
--- /dev/null
+package org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.group;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.ExpectedException;
+import org.opendaylight.groupbasedpolicy.neutron.mapper.test.NeutronEntityFactory;
+import org.opendaylight.neutron.spi.NeutronSecurityGroup;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.EndpointGroupId;
+
+public class SecGroupDaoTest {
+
+ @Rule
+ public ExpectedException thrown = ExpectedException.none();
+
+ private SecGroupDao secGroupDao;
+
+ @Before
+ public void setUp() throws Exception {
+ secGroupDao = new SecGroupDao();
+ }
+
+ @Test
+ public void testAddAndRemoveSecGroup() {
+ NeutronSecurityGroup secGroup1 = NeutronEntityFactory.securityGroup("bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb",
+ "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa");
+ NeutronSecurityGroup secGroup2 = NeutronEntityFactory.securityGroup("cccccccc-cccc-cccc-cccc-cccccccccccc",
+ "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa");
+
+ // one security group
+ secGroupDao.addSecGroup(secGroup1);
+ EndpointGroupId epGroupId1 = new EndpointGroupId(secGroup1.getSecurityGroupUUID());
+ NeutronSecurityGroup daoSecGroup = secGroupDao.getSecGroupById(epGroupId1);
+ assertNotNull(daoSecGroup);
+ assertEquals(secGroup1, daoSecGroup);
+
+ secGroupDao.removeSecGroup(epGroupId1);
+ assertNull(secGroupDao.getSecGroupById(epGroupId1));
+
+ // two security groups
+ secGroupDao.addSecGroup(secGroup1);
+ secGroupDao.addSecGroup(secGroup2);
+ daoSecGroup = secGroupDao.getSecGroupById(epGroupId1);
+ assertNotNull(daoSecGroup);
+ assertEquals(secGroup1, daoSecGroup);
+ EndpointGroupId epGroupId2 = new EndpointGroupId(secGroup2.getSecurityGroupUUID());
+ daoSecGroup = secGroupDao.getSecGroupById(epGroupId2);
+ assertNotNull(daoSecGroup);
+ assertEquals(secGroup2, daoSecGroup);
+
+ secGroupDao.removeSecGroup(epGroupId2);
+ daoSecGroup = secGroupDao.getSecGroupById(epGroupId1);
+ assertNotNull(daoSecGroup);
+ assertEquals(secGroup1, daoSecGroup);
+ assertNull(secGroupDao.getSecGroupById(epGroupId2));
+
+ secGroupDao.removeSecGroup(epGroupId1);
+ assertNull(secGroupDao.getSecGroupById(epGroupId1));
+ assertNull(secGroupDao.getSecGroupById(epGroupId2));
+ }
+
+ @Test
+ public void testAddSecGroup_replacementOfSecGroup() {
+ NeutronSecurityGroup secGroup = NeutronEntityFactory.securityGroup("bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb",
+ "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa");
+ secGroupDao.addSecGroup(secGroup);
+ EndpointGroupId epGroupId = new EndpointGroupId(secGroup.getSecurityGroupUUID());
+ NeutronSecurityGroup daoSecGroup = secGroupDao.getSecGroupById(epGroupId);
+ assertNotNull(daoSecGroup);
+ assertEquals(secGroup, daoSecGroup);
+
+ // the same security group id but different tenant id
+ secGroup = NeutronEntityFactory.securityGroup("bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb",
+ "cccccccc-cccc-cccc-cccc-cccccccccccc");
+ secGroupDao.addSecGroup(secGroup);
+ daoSecGroup = secGroupDao.getSecGroupById(epGroupId);
+ assertNotNull(daoSecGroup);
+ assertEquals(secGroup, daoSecGroup);
+ }
+
+ @Test
+ public void testAddSecGroup_nullArgument() {
+ thrown.expect(NullPointerException.class);
+ secGroupDao.addSecGroup(null);
+ }
+
+ @Test
+ public void testGetNameOrIdOfSecGroup_nullArgument() {
+ thrown.expect(NullPointerException.class);
+ secGroupDao.getNameOrIdOfSecGroup(null);
+ }
+
+ @Test
+ public void testGetNameOrIdOfSecGroup_unknownEpGroupId() {
+ EndpointGroupId unknownEpGroupId = new EndpointGroupId("bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb");
+ assertEquals("", secGroupDao.getNameOrIdOfSecGroup(unknownEpGroupId));
+ }
+
+ @Test
+ public void testGetNameOrIdOfSecGroup_secGroupNameIsNull() {
+ NeutronSecurityGroup secGroup = NeutronEntityFactory.securityGroupWithName(
+ "bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb", "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa", null);
+ secGroupDao.addSecGroup(secGroup);
+ EndpointGroupId epGroupId = new EndpointGroupId(secGroup.getSecurityGroupUUID());
+ String secGroupNameOrId = secGroupDao.getNameOrIdOfSecGroup(epGroupId);
+ assertNotNull(secGroupNameOrId);
+ assertEquals(epGroupId.getValue(), secGroupNameOrId);
+ }
+
+ @Test
+ public void testGetNameOrIdOfSecGroup_secGroupNameIsEmpty() {
+ NeutronSecurityGroup secGroup = NeutronEntityFactory.securityGroupWithName(
+ "bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb", "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa", "");
+ secGroupDao.addSecGroup(secGroup);
+ EndpointGroupId epGroupId = new EndpointGroupId(secGroup.getSecurityGroupUUID());
+ String secGroupNameOrId = secGroupDao.getNameOrIdOfSecGroup(epGroupId);
+ assertNotNull(secGroupNameOrId);
+ assertEquals(epGroupId.getValue(), secGroupNameOrId);
+ }
+
+ @Test
+ public void testGetNameOrIdOfSecGroup_secGroupNameIsNotEmpty() {
+ NeutronSecurityGroup secGroup = NeutronEntityFactory.securityGroupWithName(
+ "bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb", "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa", "secGroupName");
+ secGroupDao.addSecGroup(secGroup);
+ EndpointGroupId epGroupId = new EndpointGroupId(secGroup.getSecurityGroupUUID());
+ String secGroupNameOrId = secGroupDao.getNameOrIdOfSecGroup(epGroupId);
+ assertNotNull(secGroupNameOrId);
+ assertEquals("secGroupName", secGroupNameOrId);
+ }
+}
package org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.rule;
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertNotNull;
-import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;
-
-import java.util.Collection;
-import java.util.Set;
+import static org.junit.Assert.fail;
import org.junit.Test;
import org.opendaylight.controller.md.sal.binding.api.DataBroker;
import org.opendaylight.controller.md.sal.binding.api.ReadWriteTransaction;
import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
+import org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.group.NeutronSecurityGroupAware;
import org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.group.SecGroupDao;
+import org.opendaylight.groupbasedpolicy.neutron.mapper.test.ConfigDataStoreReader;
+import org.opendaylight.groupbasedpolicy.neutron.mapper.test.NeutronEntityFactory;
+import org.opendaylight.groupbasedpolicy.neutron.mapper.test.PolicyAssert;
import org.opendaylight.groupbasedpolicy.neutron.mapper.test.GbpDataBrokerTest;
import org.opendaylight.groupbasedpolicy.neutron.mapper.util.MappingUtils;
import org.opendaylight.groupbasedpolicy.neutron.mapper.util.NeutronUtils;
-import org.opendaylight.groupbasedpolicy.neutron.mapper.util.Utils;
import org.opendaylight.groupbasedpolicy.util.IidFactory;
-import org.opendaylight.neutron.spi.NeutronSecurityGroup;
import org.opendaylight.neutron.spi.NeutronSecurityRule;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev100924.IpPrefix;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ContractId;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.EndpointGroupId;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.SubjectName;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.TenantId;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.action.refs.ActionRef;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.classifier.refs.ClassifierRef;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.Tenant;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.Contract;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.EndpointGroup;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.Clause;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.Subject;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.subject.Rule;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.endpoint.group.ConsumerNamedSelector;
import com.google.common.base.Optional;
-import com.google.common.base.Preconditions;
-import com.google.common.base.Strings;
import com.google.common.collect.ImmutableSet;
/**
* END 2 END TESTING - inputs are Neutron entities and expected outputs are GBP entities in
* datastore
*/
+
public class NeutronSecurityRuleAwareDataStoreTest extends GbpDataBrokerTest {
@Test
public final void testAddNeutronSecurityRule_rulesWithRemoteIpPrefix() throws Exception {
String tenant = "ad4c6c25-2424-4ad3-97ee-f9691ce03645";
String goldSecGrp = "fe40e28f-ad6a-4a2d-b12a-47510876344a";
- NeutronSecurityRule goldInIpv4 = createSecRuleWithEtherType("166aedab-fdf5-4788-9e36-2b00b5f8722f", tenant,
- NeutronUtils.IPv4, NeutronUtils.INGRESS, goldSecGrp, null);
- NeutronSecurityRule goldOutIpv4 = createSecRuleWithEtherType("dabfd4da-af89-45dd-85f8-181768c1b4c9", tenant,
- NeutronUtils.IPv4, NeutronUtils.EGRESS, goldSecGrp, null);
+ NeutronSecurityRule goldInIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
+ "166aedab-fdf5-4788-9e36-2b00b5f8722f", tenant, NeutronUtils.IPv4, NeutronUtils.INGRESS, goldSecGrp,
+ null);
+ NeutronSecurityRule goldOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
+ "dabfd4da-af89-45dd-85f8-181768c1b4c9", tenant, NeutronUtils.IPv4, NeutronUtils.EGRESS, goldSecGrp,
+ null);
String serverSecGrp = "71cf4fe5-b146-409e-8151-cd921298ce32";
- NeutronSecurityRule serverIn80Tcp10_1_1_0 = createSecRuleWithEtherType("9dbb533d-d9b2-4dc9-bae7-ee60c8df184d",
- tenant, NeutronUtils.IPv4, NeutronUtils.INGRESS, serverSecGrp, null);
+ NeutronSecurityRule serverIn80Tcp10_1_1_0 = NeutronEntityFactory.securityRuleWithEtherType(
+ "9dbb533d-d9b2-4dc9-bae7-ee60c8df184d", tenant, NeutronUtils.IPv4, NeutronUtils.INGRESS, serverSecGrp,
+ null);
serverIn80Tcp10_1_1_0.setSecurityRuleProtocol(NeutronUtils.TCP);
serverIn80Tcp10_1_1_0.setSecurityRulePortMin(80);
serverIn80Tcp10_1_1_0.setSecurityRulePortMax(80);
serverIn80Tcp10_1_1_0.setSecurityRuleRemoteIpPrefix("10.1.1.0/24");
- NeutronSecurityRule serverInIp20_1_1_0 = createSecRuleWithEtherType("adf7e558-de47-4f9e-a9b8-96e19db5d1ac",
- tenant, NeutronUtils.IPv4, NeutronUtils.INGRESS, serverSecGrp, null);
+ NeutronSecurityRule serverInIp20_1_1_0 = NeutronEntityFactory.securityRuleWithEtherType(
+ "adf7e558-de47-4f9e-a9b8-96e19db5d1ac", tenant, NeutronUtils.IPv4, NeutronUtils.INGRESS, serverSecGrp,
+ null);
serverInIp20_1_1_0.setSecurityRuleRemoteIpPrefix("20.1.1.0/24");
- NeutronSecurityRule serverOutIpv4 = createSecRuleWithEtherType("8b9c48d3-44a8-46be-be35-6f3237d98071", tenant,
- NeutronUtils.IPv4, NeutronUtils.EGRESS, serverSecGrp, null);
+ NeutronSecurityRule serverOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
+ "8b9c48d3-44a8-46be-be35-6f3237d98071", tenant, NeutronUtils.IPv4, NeutronUtils.EGRESS, serverSecGrp,
+ null);
DataBroker dataBroker = getDataBroker();
SecRuleDao secRuleDao = new SecRuleDao();
SecGroupDao secGroupDao = new SecGroupDao();
- secGroupDao.addSecGroup(createSecGroup(goldSecGrp, tenant));
- secGroupDao.addSecGroup(createSecGroup(serverSecGrp, tenant));
+ secGroupDao.addSecGroup(NeutronEntityFactory.securityGroup(goldSecGrp, tenant));
+ secGroupDao.addSecGroup(NeutronEntityFactory.securityGroup(serverSecGrp, tenant));
NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker, secRuleDao, secGroupDao);
ReadWriteTransaction rwTx = dataBroker.newReadWriteTransaction();
ruleAware.addNeutronSecurityRule(goldInIpv4, rwTx);
ruleAware.addNeutronSecurityRule(serverInIp20_1_1_0, rwTx);
ruleAware.addNeutronSecurityRule(serverOutIpv4, rwTx);
TenantId tenantId = new TenantId(tenant);
- Optional<Tenant> potentialTenant =
- rwTx.read(LogicalDatastoreType.CONFIGURATION, IidFactory.tenantIid(tenantId)).get();
+ Optional<Tenant> potentialTenant = rwTx.read(LogicalDatastoreType.CONFIGURATION, IidFactory.tenantIid(tenantId))
+ .get();
assertTrue(potentialTenant.isPresent());
Optional<Contract> potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
- IidFactory.contractIid(tenantId, new ContractId(goldInIpv4.getSecurityRuleUUID())))
- .get();
+ IidFactory.contractIid(tenantId, new ContractId(goldInIpv4.getSecurityRuleUUID()))).get();
assertTrue(potentialContract.isPresent());
Contract contract = potentialContract.get();
- assertContract(contract, goldInIpv4);
+ PolicyAssert.assertContract(contract, goldInIpv4);
potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
- IidFactory.contractIid(tenantId, new ContractId(goldOutIpv4.getSecurityRuleUUID())))
- .get();
+ IidFactory.contractIid(tenantId, new ContractId(goldOutIpv4.getSecurityRuleUUID()))).get();
assertTrue(potentialContract.isPresent());
contract = potentialContract.get();
- assertContract(contract, goldOutIpv4);
+ PolicyAssert.assertContract(contract, goldOutIpv4);
potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
- IidFactory.contractIid(tenantId, new ContractId(serverOutIpv4.getSecurityRuleUUID())))
- .get();
+ IidFactory.contractIid(tenantId, new ContractId(serverOutIpv4.getSecurityRuleUUID()))).get();
assertTrue(potentialContract.isPresent());
contract = potentialContract.get();
- assertContract(contract, serverOutIpv4);
- potentialContract = rwTx
- .read(LogicalDatastoreType.CONFIGURATION,
- IidFactory.contractIid(tenantId, new ContractId(serverIn80Tcp10_1_1_0.getSecurityRuleUUID())))
- .get();
+ PolicyAssert.assertContract(contract, serverOutIpv4);
+ potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
+ IidFactory.contractIid(tenantId, new ContractId(serverIn80Tcp10_1_1_0.getSecurityRuleUUID()))).get();
assertTrue(potentialContract.isPresent());
contract = potentialContract.get();
- assertContractWithEic(contract, serverIn80Tcp10_1_1_0);
+ PolicyAssert.assertContractWithEic(contract, serverIn80Tcp10_1_1_0);
potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
- IidFactory.contractIid(tenantId, new ContractId(serverInIp20_1_1_0.getSecurityRuleUUID())))
- .get();
+ IidFactory.contractIid(tenantId, new ContractId(serverInIp20_1_1_0.getSecurityRuleUUID()))).get();
assertTrue(potentialContract.isPresent());
contract = potentialContract.get();
- assertContractWithEic(contract, serverInIp20_1_1_0);
+ PolicyAssert.assertContractWithEic(contract, serverInIp20_1_1_0);
Optional<EndpointGroup> potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
- IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(goldSecGrp)))
- .get();
+ IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(goldSecGrp))).get();
assertTrue(potentialEpg.isPresent());
EndpointGroup epg = potentialEpg.get();
- assertConsumerNamedSelectors(epg,
+ PolicyAssert.assertConsumerNamedSelectors(
+ epg,
ImmutableSet.of(new ContractId(goldInIpv4.getSecurityRuleUUID()),
new ContractId(goldOutIpv4.getSecurityRuleUUID()),
new ContractId(serverIn80Tcp10_1_1_0.getSecurityRuleUUID()),
new ContractId(serverInIp20_1_1_0.getSecurityRuleUUID()),
new ContractId(serverOutIpv4.getSecurityRuleUUID())));
potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
- IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(serverSecGrp)))
- .get();
+ IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(serverSecGrp))).get();
assertTrue(potentialEpg.isPresent());
epg = potentialEpg.get();
- assertConsumerNamedSelectors(epg,
- ImmutableSet.of(new ContractId(serverIn80Tcp10_1_1_0.getSecurityRuleUUID()),
- new ContractId(serverInIp20_1_1_0.getSecurityRuleUUID()),
- new ContractId(goldInIpv4.getSecurityRuleUUID())));
+ PolicyAssert.assertConsumerNamedSelectors(epg, ImmutableSet.of(
+ new ContractId(serverIn80Tcp10_1_1_0.getSecurityRuleUUID()),
+ new ContractId(serverInIp20_1_1_0.getSecurityRuleUUID()),
+ new ContractId(goldInIpv4.getSecurityRuleUUID())));
+ }
+
+ @Test
+ public final void testAddAndDeleteNeutronSecurityRule() throws Exception {
+ DataBroker dataBroker = getDataBroker();
+ SecRuleDao secRuleDao = new SecRuleDao();
+ SecGroupDao secGroupDao = new SecGroupDao();
+ NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker, secRuleDao, secGroupDao);
+
+ final String tenantId = "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa";
+ final String secGroupId1 = "bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb";
+ final String secGroupId2 = "cccccccc-cccc-cccc-cccc-cccccccccccc";
+ final String secRuleId1 = "dddddddd-dddd-dddd-dddd-dddddddddddd";
+ final String secRuleId2 = "eeeeeeee-eeee-eeee-eeee-eeeeeeeeeeee";
+
+ NeutronSecurityRule secRule1 = NeutronEntityFactory.securityRuleWithEtherType(secRuleId1, tenantId,
+ NeutronUtils.IPv4, NeutronUtils.EGRESS, secGroupId1, secGroupId2);
+ NeutronSecurityRule secRule2 = NeutronEntityFactory.securityRuleWithEtherType(secRuleId2, tenantId,
+ NeutronUtils.IPv4, NeutronUtils.INGRESS, secGroupId2, secGroupId1);
+
+ ruleAware.neutronSecurityRuleCreated(secRule1);
+
+ PolicyAssert.assertTenantExists(dataBroker, tenantId);
+ PolicyAssert.assertContractExists(dataBroker, tenantId, secRuleId1);
+ Optional<Contract> contract = ConfigDataStoreReader.readContract(dataBroker, tenantId, secRuleId1);
+ PolicyAssert.assertContract(contract.get(), secRule1);
+ PolicyAssert.assertContractCount(dataBroker, tenantId, 1);
+ PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId1);
+ Optional<EndpointGroup> epGroup1 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId1);
+ PolicyAssert.assertProviderNamedSelectors(epGroup1.get(), ImmutableSet.of(new ContractId(secRuleId1)));
+ PolicyAssert.assertNoConsumerNamedSelectors(dataBroker, tenantId, secGroupId1);
+
+ PolicyAssert.assertClassifierInstanceExists(dataBroker, secRule1);
+ PolicyAssert.assertActionInstanceExists(dataBroker, tenantId, MappingUtils.ACTION_ALLOW.getName());
+
+ ruleAware.neutronSecurityRuleCreated(secRule2);
+
+ PolicyAssert.assertTenantExists(dataBroker, tenantId);
+ PolicyAssert.assertContractExists(dataBroker, tenantId, secRuleId1);
+ contract = ConfigDataStoreReader.readContract(dataBroker, tenantId, secRuleId1);
+ PolicyAssert.assertContract(contract.get(), secRule1);
+ PolicyAssert.assertContractCount(dataBroker, tenantId, 2);
+ PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId1);
+ epGroup1 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId1);
+ PolicyAssert.assertProviderNamedSelectors(epGroup1.get(), ImmutableSet.of(new ContractId(secRuleId1)));
+ PolicyAssert.assertConsumerNamedSelectors(epGroup1.get(), ImmutableSet.of(new ContractId(secRuleId2)));
+
+ PolicyAssert.assertContractExists(dataBroker, tenantId, secRuleId2);
+ contract = ConfigDataStoreReader.readContract(dataBroker, tenantId, secRuleId2);
+ PolicyAssert.assertContract(contract.get(), secRule2);
+ PolicyAssert.assertContractCount(dataBroker, tenantId, 2);
+ PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId2);
+ Optional<EndpointGroup> epGroup2 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId2);
+ PolicyAssert.assertProviderNamedSelectors(epGroup2.get(), ImmutableSet.of(new ContractId(secRuleId2)));
+ PolicyAssert.assertConsumerNamedSelectors(epGroup2.get(), ImmutableSet.of(new ContractId(secRuleId1)));
+
+ ruleAware.neutronSecurityRuleDeleted(secRule2);
+
+ PolicyAssert.assertTenantExists(dataBroker, tenantId);
+ PolicyAssert.assertContractExists(dataBroker, tenantId, secRuleId1);
+ contract = ConfigDataStoreReader.readContract(dataBroker, tenantId, secRuleId1);
+ PolicyAssert.assertContract(contract.get(), secRule1);
+ PolicyAssert.assertContractCount(dataBroker, tenantId, 1);
+ PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId1);
+ epGroup1 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId1);
+ PolicyAssert.assertProviderNamedSelectors(epGroup1.get(), ImmutableSet.of(new ContractId(secRuleId1)));
+ PolicyAssert.assertNoConsumerNamedSelectors(dataBroker, tenantId, secGroupId1);
+
+ PolicyAssert.assertContractNotExists(dataBroker, tenantId, secRuleId2);
+ PolicyAssert.assertContractCount(dataBroker, tenantId, 1);
+ PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId2);
+ epGroup2 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId2);
+ PolicyAssert.assertNoProviderNamedSelectors(dataBroker, tenantId, secGroupId2);
+ PolicyAssert.assertNoConsumerNamedSelectors(dataBroker, tenantId, secGroupId2);
+
+ PolicyAssert.assertClassifierInstanceExists(dataBroker, secRule1);
+ PolicyAssert.assertActionInstanceExists(dataBroker, tenantId, MappingUtils.ACTION_ALLOW.getName());
+
+ ruleAware.neutronSecurityRuleDeleted(secRule1);
+
+ PolicyAssert.assertContractCount(dataBroker, tenantId, 0);
+ PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId1);
+ PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId2);
+ PolicyAssert.assertNoProviderNamedSelectors(dataBroker, tenantId, secGroupId1);
+ PolicyAssert.assertNoConsumerNamedSelectors(dataBroker, tenantId, secGroupId2);
+
+ PolicyAssert.assertClassifierInstanceNotExists(dataBroker, secRule1);
+ // TODO: Uncomment this when the life cycle of the Allow ActionInstance will be clarified.
+ // PolicyAssert.assertActionInstanceNotExists(dataBroker, tenantId,
+ // MappingUtils.ACTION_ALLOW.getName());
}
@Test
public final void testAddNeutronSecurityRule_rulesWithoutRemote() throws Exception {
String tenant = "ad4c6c25-2424-4ad3-97ee-f9691ce03645";
String goldSecGrp = "fe40e28f-ad6a-4a2d-b12a-47510876344a";
- NeutronSecurityRule goldInIpv4 = createSecRuleWithEtherType("166aedab-fdf5-4788-9e36-2b00b5f8722f", tenant,
- NeutronUtils.IPv4, NeutronUtils.INGRESS, goldSecGrp, null);
- NeutronSecurityRule goldOutIpv4 = createSecRuleWithEtherType("dabfd4da-af89-45dd-85f8-181768c1b4c9", tenant,
- NeutronUtils.IPv4, NeutronUtils.EGRESS, goldSecGrp, null);
+ NeutronSecurityRule goldInIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
+ "166aedab-fdf5-4788-9e36-2b00b5f8722f", tenant, NeutronUtils.IPv4, NeutronUtils.INGRESS, goldSecGrp,
+ null);
+ NeutronSecurityRule goldOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
+ "dabfd4da-af89-45dd-85f8-181768c1b4c9", tenant, NeutronUtils.IPv4, NeutronUtils.EGRESS, goldSecGrp,
+ null);
String serverSecGrp = "71cf4fe5-b146-409e-8151-cd921298ce32";
- NeutronSecurityRule serverOutIpv4 = createSecRuleWithEtherType("8b9c48d3-44a8-46be-be35-6f3237d98071", tenant,
- NeutronUtils.IPv4, NeutronUtils.EGRESS, serverSecGrp, null);
- NeutronSecurityRule serverInIpv4 = createSecRuleWithEtherType("adf7e558-de47-4f9e-a9b8-96e19db5d1ac", tenant,
- NeutronUtils.IPv4, NeutronUtils.INGRESS, serverSecGrp, null);
+ NeutronSecurityRule serverOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
+ "8b9c48d3-44a8-46be-be35-6f3237d98071", tenant, NeutronUtils.IPv4, NeutronUtils.EGRESS, serverSecGrp,
+ null);
+ NeutronSecurityRule serverInIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
+ "adf7e558-de47-4f9e-a9b8-96e19db5d1ac", tenant, NeutronUtils.IPv4, NeutronUtils.INGRESS, serverSecGrp,
+ null);
DataBroker dataBroker = getDataBroker();
SecRuleDao secRuleDao = new SecRuleDao();
SecGroupDao secGroupDao = new SecGroupDao();
- secGroupDao.addSecGroup(createSecGroup(goldSecGrp, tenant));
- secGroupDao.addSecGroup(createSecGroup(serverSecGrp, tenant));
+ secGroupDao.addSecGroup(NeutronEntityFactory.securityGroup(goldSecGrp, tenant));
+ secGroupDao.addSecGroup(NeutronEntityFactory.securityGroup(serverSecGrp, tenant));
NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker, secRuleDao, secGroupDao);
ReadWriteTransaction rwTx = dataBroker.newReadWriteTransaction();
ruleAware.addNeutronSecurityRule(goldInIpv4, rwTx);
ruleAware.addNeutronSecurityRule(serverInIpv4, rwTx);
TenantId tenantId = new TenantId(tenant);
Optional<Contract> potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
- IidFactory.contractIid(tenantId, new ContractId(goldInIpv4.getSecurityRuleUUID())))
- .get();
+ IidFactory.contractIid(tenantId, new ContractId(goldInIpv4.getSecurityRuleUUID()))).get();
assertTrue(potentialContract.isPresent());
Contract contract = potentialContract.get();
- assertContract(contract, goldInIpv4);
+ PolicyAssert.assertContract(contract, goldInIpv4);
potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
- IidFactory.contractIid(tenantId, new ContractId(goldOutIpv4.getSecurityRuleUUID())))
- .get();
+ IidFactory.contractIid(tenantId, new ContractId(goldOutIpv4.getSecurityRuleUUID()))).get();
assertTrue(potentialContract.isPresent());
contract = potentialContract.get();
- assertContract(contract, goldOutIpv4);
+ PolicyAssert.assertContract(contract, goldOutIpv4);
potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
- IidFactory.contractIid(tenantId, new ContractId(serverOutIpv4.getSecurityRuleUUID())))
- .get();
+ IidFactory.contractIid(tenantId, new ContractId(serverOutIpv4.getSecurityRuleUUID()))).get();
assertTrue(potentialContract.isPresent());
contract = potentialContract.get();
- assertContract(contract, serverOutIpv4);
+ PolicyAssert.assertContract(contract, serverOutIpv4);
potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
- IidFactory.contractIid(tenantId, new ContractId(serverInIpv4.getSecurityRuleUUID())))
- .get();
+ IidFactory.contractIid(tenantId, new ContractId(serverInIpv4.getSecurityRuleUUID()))).get();
assertTrue(potentialContract.isPresent());
contract = potentialContract.get();
- assertContract(contract, serverInIpv4);
+ PolicyAssert.assertContract(contract, serverInIpv4);
Optional<EndpointGroup> potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
- IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(goldSecGrp)))
- .get();
+ IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(goldSecGrp))).get();
assertTrue(potentialEpg.isPresent());
EndpointGroup epg = potentialEpg.get();
- assertConsumerNamedSelectors(epg, ImmutableSet.of(new ContractId(goldInIpv4.getSecurityRuleUUID()),
- new ContractId(goldOutIpv4.getSecurityRuleUUID()), new ContractId(serverOutIpv4.getSecurityRuleUUID()),
- new ContractId(serverInIpv4.getSecurityRuleUUID())));
+ PolicyAssert.assertConsumerNamedSelectors(
+ epg,
+ ImmutableSet.of(new ContractId(goldInIpv4.getSecurityRuleUUID()),
+ new ContractId(goldOutIpv4.getSecurityRuleUUID()),
+ new ContractId(serverOutIpv4.getSecurityRuleUUID()),
+ new ContractId(serverInIpv4.getSecurityRuleUUID())));
potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
- IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(serverSecGrp)))
- .get();
+ IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(serverSecGrp))).get();
assertTrue(potentialEpg.isPresent());
- assertConsumerNamedSelectors(epg, ImmutableSet.of(new ContractId(goldInIpv4.getSecurityRuleUUID()),
- new ContractId(goldOutIpv4.getSecurityRuleUUID()), new ContractId(serverOutIpv4.getSecurityRuleUUID()),
- new ContractId(serverInIpv4.getSecurityRuleUUID())));
+ PolicyAssert.assertConsumerNamedSelectors(
+ epg,
+ ImmutableSet.of(new ContractId(goldInIpv4.getSecurityRuleUUID()),
+ new ContractId(goldOutIpv4.getSecurityRuleUUID()),
+ new ContractId(serverOutIpv4.getSecurityRuleUUID()),
+ new ContractId(serverInIpv4.getSecurityRuleUUID())));
}
@Test
public final void testAddNeutronSecurityRule_asymmetricRulesWithoutRemote() throws Exception {
String tenant = "ad4c6c25-2424-4ad3-97ee-f9691ce03645";
String goldSecGrp = "fe40e28f-ad6a-4a2d-b12a-47510876344a";
- NeutronSecurityRule goldInIpv4 = createSecRuleWithEtherType("166aedab-fdf5-4788-9e36-2b00b5f8722f", tenant,
- NeutronUtils.IPv4, NeutronUtils.INGRESS, goldSecGrp, null);
- NeutronSecurityRule goldOutIpv4 = createSecRuleWithEtherType("dabfd4da-af89-45dd-85f8-181768c1b4c9", tenant,
- NeutronUtils.IPv4, NeutronUtils.EGRESS, goldSecGrp, null);
+ NeutronSecurityRule goldInIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
+ "166aedab-fdf5-4788-9e36-2b00b5f8722f", tenant, NeutronUtils.IPv4, NeutronUtils.INGRESS, goldSecGrp,
+ null);
+ NeutronSecurityRule goldOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
+ "dabfd4da-af89-45dd-85f8-181768c1b4c9", tenant, NeutronUtils.IPv4, NeutronUtils.EGRESS, goldSecGrp,
+ null);
String serverSecGrp = "71cf4fe5-b146-409e-8151-cd921298ce32";
- NeutronSecurityRule serverOutIpv4 = createSecRuleWithEtherType("8b9c48d3-44a8-46be-be35-6f3237d98071", tenant,
- NeutronUtils.IPv4, NeutronUtils.EGRESS, serverSecGrp, null);
- NeutronSecurityRule serverIn80TcpIpv4 = createSecRuleWithEtherType("adf7e558-de47-4f9e-a9b8-96e19db5d1ac",
- tenant, NeutronUtils.IPv4, NeutronUtils.INGRESS, serverSecGrp, null);
+ NeutronSecurityRule serverOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
+ "8b9c48d3-44a8-46be-be35-6f3237d98071", tenant, NeutronUtils.IPv4, NeutronUtils.EGRESS, serverSecGrp,
+ null);
+ NeutronSecurityRule serverIn80TcpIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
+ "adf7e558-de47-4f9e-a9b8-96e19db5d1ac", tenant, NeutronUtils.IPv4, NeutronUtils.INGRESS, serverSecGrp,
+ null);
serverIn80TcpIpv4.setSecurityRuleProtocol(NeutronUtils.TCP);
serverIn80TcpIpv4.setSecurityRulePortMin(80);
serverIn80TcpIpv4.setSecurityRulePortMax(80);
DataBroker dataBroker = getDataBroker();
SecRuleDao secRuleDao = new SecRuleDao();
SecGroupDao secGroupDao = new SecGroupDao();
- secGroupDao.addSecGroup(createSecGroup(goldSecGrp, tenant));
- secGroupDao.addSecGroup(createSecGroup(serverSecGrp, tenant));
+ secGroupDao.addSecGroup(NeutronEntityFactory.securityGroup(goldSecGrp, tenant));
+ secGroupDao.addSecGroup(NeutronEntityFactory.securityGroup(serverSecGrp, tenant));
NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker, secRuleDao, secGroupDao);
ReadWriteTransaction rwTx = dataBroker.newReadWriteTransaction();
ruleAware.addNeutronSecurityRule(goldInIpv4, rwTx);
ruleAware.addNeutronSecurityRule(serverIn80TcpIpv4, rwTx);
TenantId tenantId = new TenantId(tenant);
Optional<Contract> potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
- IidFactory.contractIid(tenantId, new ContractId(goldInIpv4.getSecurityRuleUUID())))
- .get();
+ IidFactory.contractIid(tenantId, new ContractId(goldInIpv4.getSecurityRuleUUID()))).get();
assertTrue(potentialContract.isPresent());
Contract contract = potentialContract.get();
- assertContract(contract, goldInIpv4);
+ PolicyAssert.assertContract(contract, goldInIpv4);
potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
- IidFactory.contractIid(tenantId, new ContractId(goldOutIpv4.getSecurityRuleUUID())))
- .get();
+ IidFactory.contractIid(tenantId, new ContractId(goldOutIpv4.getSecurityRuleUUID()))).get();
assertTrue(potentialContract.isPresent());
contract = potentialContract.get();
- assertContract(contract, goldOutIpv4);
+ PolicyAssert.assertContract(contract, goldOutIpv4);
potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
- IidFactory.contractIid(tenantId, new ContractId(serverOutIpv4.getSecurityRuleUUID())))
- .get();
+ IidFactory.contractIid(tenantId, new ContractId(serverOutIpv4.getSecurityRuleUUID()))).get();
assertTrue(potentialContract.isPresent());
contract = potentialContract.get();
- assertContract(contract, serverOutIpv4);
+ PolicyAssert.assertContract(contract, serverOutIpv4);
potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
- IidFactory.contractIid(tenantId, new ContractId(serverIn80TcpIpv4.getSecurityRuleUUID())))
- .get();
+ IidFactory.contractIid(tenantId, new ContractId(serverIn80TcpIpv4.getSecurityRuleUUID()))).get();
assertTrue(potentialContract.isPresent());
contract = potentialContract.get();
- assertContract(contract, serverIn80TcpIpv4);
+ PolicyAssert.assertContract(contract, serverIn80TcpIpv4);
Optional<EndpointGroup> potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
- IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(goldSecGrp)))
- .get();
+ IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(goldSecGrp))).get();
assertTrue(potentialEpg.isPresent());
EndpointGroup epg = potentialEpg.get();
- assertConsumerNamedSelectors(epg, ImmutableSet.of(new ContractId(goldInIpv4.getSecurityRuleUUID()),
- new ContractId(goldOutIpv4.getSecurityRuleUUID()), new ContractId(serverOutIpv4.getSecurityRuleUUID()),
- new ContractId(serverIn80TcpIpv4.getSecurityRuleUUID())));
+ PolicyAssert.assertConsumerNamedSelectors(
+ epg,
+ ImmutableSet.of(new ContractId(goldInIpv4.getSecurityRuleUUID()),
+ new ContractId(goldOutIpv4.getSecurityRuleUUID()),
+ new ContractId(serverOutIpv4.getSecurityRuleUUID()),
+ new ContractId(serverIn80TcpIpv4.getSecurityRuleUUID())));
potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
- IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(serverSecGrp)))
- .get();
+ IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(serverSecGrp))).get();
assertTrue(potentialEpg.isPresent());
epg = potentialEpg.get();
- assertConsumerNamedSelectors(epg, ImmutableSet.of(new ContractId(goldInIpv4.getSecurityRuleUUID()),
- new ContractId(serverIn80TcpIpv4.getSecurityRuleUUID())));
+ PolicyAssert.assertConsumerNamedSelectors(
+ epg,
+ ImmutableSet.of(new ContractId(goldInIpv4.getSecurityRuleUUID()),
+ new ContractId(serverIn80TcpIpv4.getSecurityRuleUUID())));
}
@Test
public final void testAddNeutronSecurityRule_defaultSecGrp() throws Exception {
String tenant = "111aaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa";
String defaultSecGrp = "111fffff-ffff-ffff-ffff-ffffffffffff";
- NeutronSecurityRule defaultInIpv4Default = createSecRuleWithEtherType("111ccccc-111c-cccc-cccc-cccccccccccc",
- tenant, NeutronUtils.IPv4, NeutronUtils.INGRESS, defaultSecGrp, defaultSecGrp);
- NeutronSecurityRule defaultInIpv6Default = createSecRuleWithEtherType("222ccccc-111c-cccc-cccc-cccccccccccc",
- tenant, NeutronUtils.IPv6, NeutronUtils.INGRESS, defaultSecGrp, defaultSecGrp);
- NeutronSecurityRule defaultOutIpv4 = createSecRuleWithEtherType("333ccccc-111c-cccc-cccc-cccccccccccc", tenant,
- NeutronUtils.IPv4, NeutronUtils.EGRESS, defaultSecGrp, null);
- NeutronSecurityRule defaultOutIpv6 = createSecRuleWithEtherType("444ccccc-111c-cccc-cccc-cccccccccccc", tenant,
- NeutronUtils.IPv6, NeutronUtils.EGRESS, defaultSecGrp, null);
+ NeutronSecurityRule defaultInIpv4Default = NeutronEntityFactory.securityRuleWithEtherType(
+ "111ccccc-111c-cccc-cccc-cccccccccccc", tenant, NeutronUtils.IPv4, NeutronUtils.INGRESS, defaultSecGrp,
+ defaultSecGrp);
+ NeutronSecurityRule defaultInIpv6Default = NeutronEntityFactory.securityRuleWithEtherType(
+ "222ccccc-111c-cccc-cccc-cccccccccccc", tenant, NeutronUtils.IPv6, NeutronUtils.INGRESS, defaultSecGrp,
+ defaultSecGrp);
+ NeutronSecurityRule defaultOutIpv4 = NeutronEntityFactory.securityRuleWithEtherType(
+ "333ccccc-111c-cccc-cccc-cccccccccccc", tenant, NeutronUtils.IPv4, NeutronUtils.EGRESS, defaultSecGrp,
+ null);
+ NeutronSecurityRule defaultOutIpv6 = NeutronEntityFactory.securityRuleWithEtherType(
+ "444ccccc-111c-cccc-cccc-cccccccccccc", tenant, NeutronUtils.IPv6, NeutronUtils.EGRESS, defaultSecGrp,
+ null);
DataBroker dataBroker = getDataBroker();
SecRuleDao secRuleDao = new SecRuleDao();
SecGroupDao secGroupDao = new SecGroupDao();
- secGroupDao.addSecGroup(createSecGroup(defaultSecGrp, tenant));
+ secGroupDao.addSecGroup(NeutronEntityFactory.securityGroup(defaultSecGrp, tenant));
NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker, secRuleDao, secGroupDao);
ReadWriteTransaction rwTx = dataBroker.newReadWriteTransaction();
ruleAware.addNeutronSecurityRule(defaultInIpv4Default, rwTx);
ruleAware.addNeutronSecurityRule(defaultOutIpv6, rwTx);
TenantId tenantId = new TenantId(tenant);
Optional<Contract> potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
- IidFactory.contractIid(tenantId, new ContractId(defaultInIpv4Default.getSecurityRuleUUID())))
- .get();
+ IidFactory.contractIid(tenantId, new ContractId(defaultInIpv4Default.getSecurityRuleUUID()))).get();
assertTrue(potentialContract.isPresent());
Contract contract = potentialContract.get();
- assertContract(contract, defaultInIpv4Default);
+ PolicyAssert.assertContract(contract, defaultInIpv4Default);
potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
- IidFactory.contractIid(tenantId, new ContractId(defaultInIpv6Default.getSecurityRuleUUID())))
- .get();
+ IidFactory.contractIid(tenantId, new ContractId(defaultInIpv6Default.getSecurityRuleUUID()))).get();
assertTrue(potentialContract.isPresent());
contract = potentialContract.get();
- assertContract(contract, defaultInIpv6Default);
+ PolicyAssert.assertContract(contract, defaultInIpv6Default);
potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
- IidFactory.contractIid(tenantId, new ContractId(defaultOutIpv4.getSecurityRuleUUID())))
- .get();
+ IidFactory.contractIid(tenantId, new ContractId(defaultOutIpv4.getSecurityRuleUUID()))).get();
assertTrue(potentialContract.isPresent());
contract = potentialContract.get();
- assertContract(contract, defaultOutIpv4);
+ PolicyAssert.assertContract(contract, defaultOutIpv4);
potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
- IidFactory.contractIid(tenantId, new ContractId(defaultOutIpv6.getSecurityRuleUUID())))
- .get();
+ IidFactory.contractIid(tenantId, new ContractId(defaultOutIpv6.getSecurityRuleUUID()))).get();
assertTrue(potentialContract.isPresent());
contract = potentialContract.get();
- assertContract(contract, defaultOutIpv6);
+ PolicyAssert.assertContract(contract, defaultOutIpv6);
}
- private final void assertContractWithEic(Contract contract, NeutronSecurityRule secRule) {
- assertEquals(new ContractId(secRule.getSecurityRuleUUID()), contract.getId());
- assertNull(contract.getQuality());
- assertNull(contract.getTarget());
- assertOneClauseWithEicWithOneSubject(contract, secRule);
- assertOneSubjectWithOneRule(contract, secRule);
- }
-
- private final void assertOneClauseWithEicWithOneSubject(Contract contract, NeutronSecurityRule secRule) {
- Clause clause = assertOneItem(contract.getClause());
- assertNull(clause.getAnyMatchers());
- Preconditions.checkArgument(!Strings.isNullOrEmpty(secRule.getSecurityRuleRemoteIpPrefix()));
- IpPrefix expectedIpPrefix = Utils.createIpPrefix(secRule.getSecurityRuleRemoteIpPrefix());
- assertNotNull(clause.getConsumerMatchers());
- IpPrefix ipPrefix = clause.getConsumerMatchers()
- .getEndpointIdentificationConstraints()
- .getL3EndpointIdentificationConstraints()
- .getPrefixConstraint()
- .get(0)
- .getIpPrefix();
- assertEquals(expectedIpPrefix, ipPrefix);
- SubjectName subjectRef = assertOneItem(clause.getSubjectRefs());
- assertEquals(SecRuleNameDecoder.getSubjectName(secRule), subjectRef);
- }
-
- private final void assertContract(Contract contract, NeutronSecurityRule secRule) {
- assertEquals(new ContractId(secRule.getSecurityRuleUUID()), contract.getId());
- assertNull(contract.getQuality());
- assertNull(contract.getTarget());
- assertOneClauseWithOneSubject(contract, secRule);
- assertOneSubjectWithOneRule(contract, secRule);
- }
-
- private final void assertOneClauseWithOneSubject(Contract contract, NeutronSecurityRule secRule) {
- Clause clause = assertOneItem(contract.getClause());
- assertNull(clause.getAnyMatchers());
- assertNull(clause.getConsumerMatchers());
- assertNull(clause.getProviderMatchers());
- SubjectName subjectRef = assertOneItem(clause.getSubjectRefs());
- assertEquals(SecRuleNameDecoder.getSubjectName(secRule), subjectRef);
- }
-
- private final void assertOneSubjectWithOneRule(Contract contract, NeutronSecurityRule secRule) {
- Subject subject = assertOneItem(contract.getSubject());
- assertEquals(SecRuleNameDecoder.getSubjectName(secRule), subject.getName());
- Rule rule = assertOneItem(subject.getRule());
- assertEquals(SecRuleNameDecoder.getRuleName(secRule), rule.getName());
- ActionRef actionRef = assertOneItem(rule.getActionRef());
- assertEquals(MappingUtils.ACTION_ALLOW.getName(), actionRef.getName());
- ClassifierRef classifierRef = assertOneItem(rule.getClassifierRef());
- assertEquals(SecRuleNameDecoder.getClassifierRefName(secRule), classifierRef.getName());
- assertEquals(SecRuleNameDecoder.getClassifierInstanceName(secRule), classifierRef.getInstanceName());
- assertEquals(SecRuleEntityDecoder.getDirection(secRule), classifierRef.getDirection());
- }
-
- private final <T> T assertOneItem(Collection<T> c) {
- assertNotNull(c);
- assertTrue(c.size() == 1);
- return c.iterator().next();
+ @Test
+ public void testConstructor_invalidArgument() throws Exception {
+ DataBroker dataBroker = getDataBroker();
+ SecRuleDao secRuleDao = new SecRuleDao();
+ SecGroupDao secGroupDao = new SecGroupDao();
+ assertExceptionInConstructor(null, secRuleDao, secGroupDao);
+ assertExceptionInConstructor(dataBroker, null, secGroupDao);
+ assertExceptionInConstructor(dataBroker, secRuleDao, null);
+ assertExceptionInConstructor(null, null, null);
}
- private final void assertConsumerNamedSelectors(EndpointGroup epg, Set<ContractId> expectedContracts) {
- Preconditions.checkNotNull(expectedContracts);
- assertNotNull(epg.getConsumerNamedSelector());
- int numberOfContracts = 0;
- for (ConsumerNamedSelector cns : epg.getConsumerNamedSelector()) {
- assertNotNull(cns.getContract());
- numberOfContracts += cns.getContract().size();
- for (ContractId contractId : cns.getContract()) {
- assertTrue(expectedContracts.contains(contractId));
- }
+ private void assertExceptionInConstructor(DataBroker dataBroker, SecRuleDao secRuleDao, SecGroupDao secGroupDao) {
+ try {
+ new NeutronSecurityRuleAware(dataBroker, secRuleDao, secGroupDao);
+ fail(NullPointerException.class.getName() + " expected");
+ } catch (NullPointerException ex) {
+ // do nothing
}
- assertEquals(expectedContracts.size(), numberOfContracts);
- }
-
- private final NeutronSecurityRule createSecRuleWithEtherType(String id, String tenant, String etherType,
- String direction, String ownerGroupId, String remoteGroupId) {
- NeutronSecurityRule secRule = new NeutronSecurityRule();
- secRule.setSecurityRuleUUID(id);
- secRule.setSecurityRuleTenantID(tenant);
- secRule.setSecurityRuleEthertype(etherType);
- secRule.setSecurityRuleDirection(direction);
- secRule.setSecurityRuleGroupID(ownerGroupId);
- secRule.setSecurityRemoteGroupID(remoteGroupId);
- return secRule;
- }
-
- private final NeutronSecurityGroup createSecGroup(String id, String tenant) {
- NeutronSecurityGroup secGrp = new NeutronSecurityGroup();
- secGrp.setSecurityGroupUUID(id);
- secGrp.setSecurityGroupTenantID(tenant);
- return secGrp;
}
}
--- /dev/null
+package org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.rule;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+
+import java.util.Set;
+
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.ExpectedException;
+import org.opendaylight.groupbasedpolicy.neutron.mapper.test.NeutronEntityFactory;
+import org.opendaylight.neutron.spi.NeutronSecurityRule;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.EndpointGroupId;
+
+public class SecRuleDaoTest {
+
+ @Rule
+ public ExpectedException thrown = ExpectedException.none();
+
+ private SecRuleDao secRuleDao;
+
+ @Before
+ public void setUp() throws Exception {
+ secRuleDao = new SecRuleDao();
+ }
+
+ @Test
+ public void testAddAndRemoveSecRule() {
+ final String xSecGrpId = "cccccccc-cccc-cccc-cccc-cccccccccccc";
+ final String ySecGrpId = "dddddddd-dddd-dddd-dddd-dddddddddddd";
+ final String nullSecGrpId = null;
+
+ EndpointGroupId xEpGrpId = new EndpointGroupId(xSecGrpId);
+ EndpointGroupId yEpGrpId = new EndpointGroupId(ySecGrpId);
+ EndpointGroupId nullEpGrpId = null;
+
+ NeutronSecurityRule secRule1 = NeutronEntityFactory.securityRuleWithGroupIds(
+ "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaa1", "bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb", xSecGrpId, nullSecGrpId);
+
+ NeutronSecurityRule secRule2 = NeutronEntityFactory.securityRuleWithGroupIds(
+ "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaa2", "bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb", xSecGrpId, xSecGrpId);
+
+ NeutronSecurityRule secRule3 = NeutronEntityFactory.securityRuleWithGroupIds(
+ "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaa3", "bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb", xSecGrpId, ySecGrpId);
+
+ NeutronSecurityRule secRule4 = NeutronEntityFactory.securityRuleWithGroupIds(
+ "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaa4", "bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb", ySecGrpId, nullSecGrpId);
+
+ NeutronSecurityRule secRule5 = NeutronEntityFactory.securityRuleWithGroupIds(
+ "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaa5", "bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb", ySecGrpId, ySecGrpId);
+
+ NeutronSecurityRule secRule6 = NeutronEntityFactory.securityRuleWithGroupIds(
+ "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaa6", "bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb", ySecGrpId, xSecGrpId);
+
+ secRuleDao.addSecRule(secRule1);
+ assertSecRulesByOwnerSecGrpId(xEpGrpId, secRule1);
+ assertSecRulesWithoutRemoteSecGrpBySecGrpId(xEpGrpId, secRule1);
+ assertSecRulesBySecGrpIdAndRemoteSecGrpId(xEpGrpId, nullEpGrpId, secRule1);
+ assertAllOwnerSecGrps(xEpGrpId);
+
+ secRuleDao.addSecRule(secRule2);
+ assertSecRulesByOwnerSecGrpId(xEpGrpId, secRule1, secRule2);
+ assertSecRulesWithoutRemoteSecGrpBySecGrpId(xEpGrpId, secRule1);
+ assertSecRulesBySecGrpIdAndRemoteSecGrpId(xEpGrpId, nullEpGrpId, secRule1);
+ assertSecRulesBySecGrpIdAndRemoteSecGrpId(xEpGrpId, xEpGrpId, secRule2);
+ assertAllOwnerSecGrps(xEpGrpId);
+
+ secRuleDao.addSecRule(secRule3);
+ assertSecRulesByOwnerSecGrpId(xEpGrpId, secRule1, secRule2, secRule3);
+ assertSecRulesWithoutRemoteSecGrpBySecGrpId(xEpGrpId, secRule1);
+ assertSecRulesBySecGrpIdAndRemoteSecGrpId(xEpGrpId, nullEpGrpId, secRule1);
+ assertSecRulesBySecGrpIdAndRemoteSecGrpId(xEpGrpId, xEpGrpId, secRule2);
+ assertSecRulesBySecGrpIdAndRemoteSecGrpId(xEpGrpId, yEpGrpId, secRule3);
+ assertAllOwnerSecGrps(xEpGrpId);
+
+ secRuleDao.addSecRule(secRule4);
+ assertSecRulesByOwnerSecGrpId(yEpGrpId, secRule4);
+ assertSecRulesWithoutRemoteSecGrpBySecGrpId(yEpGrpId, secRule4);
+ assertSecRulesBySecGrpIdAndRemoteSecGrpId(yEpGrpId, nullEpGrpId, secRule4);
+ assertAllOwnerSecGrps(xEpGrpId, yEpGrpId);
+
+ secRuleDao.addSecRule(secRule5);
+ assertSecRulesByOwnerSecGrpId(yEpGrpId, secRule4, secRule5);
+ assertSecRulesWithoutRemoteSecGrpBySecGrpId(yEpGrpId, secRule4);
+ assertSecRulesBySecGrpIdAndRemoteSecGrpId(yEpGrpId, nullEpGrpId, secRule4);
+ assertSecRulesBySecGrpIdAndRemoteSecGrpId(yEpGrpId, yEpGrpId, secRule5);
+ assertAllOwnerSecGrps(xEpGrpId, yEpGrpId);
+
+ secRuleDao.addSecRule(secRule6);
+ assertSecRulesByOwnerSecGrpId(yEpGrpId, secRule4, secRule5, secRule6);
+ assertSecRulesWithoutRemoteSecGrpBySecGrpId(yEpGrpId, secRule4);
+ assertSecRulesBySecGrpIdAndRemoteSecGrpId(yEpGrpId, nullEpGrpId, secRule4);
+ assertSecRulesBySecGrpIdAndRemoteSecGrpId(yEpGrpId, yEpGrpId, secRule5);
+ assertSecRulesBySecGrpIdAndRemoteSecGrpId(yEpGrpId, xEpGrpId, secRule6);
+ assertAllOwnerSecGrps(xEpGrpId, yEpGrpId);
+
+ // check once more security rules with owner group id = xSecGrpId
+ assertSecRulesByOwnerSecGrpId(xEpGrpId, secRule1, secRule2, secRule3);
+ assertSecRulesWithoutRemoteSecGrpBySecGrpId(xEpGrpId, secRule1);
+ assertSecRulesBySecGrpIdAndRemoteSecGrpId(xEpGrpId, nullEpGrpId, secRule1);
+ assertSecRulesBySecGrpIdAndRemoteSecGrpId(xEpGrpId, xEpGrpId, secRule2);
+ assertSecRulesBySecGrpIdAndRemoteSecGrpId(xEpGrpId, yEpGrpId, secRule3);
+
+ secRuleDao.removeSecRule(secRule6);
+ assertSecRulesByOwnerSecGrpId(yEpGrpId, secRule4, secRule5);
+ assertSecRulesWithoutRemoteSecGrpBySecGrpId(yEpGrpId, secRule4);
+ assertSecRulesBySecGrpIdAndRemoteSecGrpId(yEpGrpId, nullEpGrpId, secRule4);
+ assertSecRulesBySecGrpIdAndRemoteSecGrpId(yEpGrpId, yEpGrpId, secRule5);
+ assertAllOwnerSecGrps(xEpGrpId, yEpGrpId);
+
+ secRuleDao.removeSecRule(secRule5);
+ assertSecRulesByOwnerSecGrpId(yEpGrpId, secRule4);
+ assertSecRulesWithoutRemoteSecGrpBySecGrpId(yEpGrpId, secRule4);
+ assertSecRulesBySecGrpIdAndRemoteSecGrpId(yEpGrpId, nullEpGrpId, secRule4);
+ assertAllOwnerSecGrps(xEpGrpId, yEpGrpId);
+
+ secRuleDao.removeSecRule(secRule4);
+
+ // check once more security rules with owner group id = xSecGrpId
+ assertSecRulesByOwnerSecGrpId(xEpGrpId, secRule1, secRule2, secRule3);
+ assertSecRulesWithoutRemoteSecGrpBySecGrpId(xEpGrpId, secRule1);
+ assertSecRulesBySecGrpIdAndRemoteSecGrpId(xEpGrpId, nullEpGrpId, secRule1);
+ assertSecRulesBySecGrpIdAndRemoteSecGrpId(xEpGrpId, xEpGrpId, secRule2);
+ assertSecRulesBySecGrpIdAndRemoteSecGrpId(xEpGrpId, yEpGrpId, secRule3);
+
+ secRuleDao.removeSecRule(secRule3);
+ assertSecRulesByOwnerSecGrpId(xEpGrpId, secRule1, secRule2);
+ assertSecRulesWithoutRemoteSecGrpBySecGrpId(xEpGrpId, secRule1);
+ assertSecRulesBySecGrpIdAndRemoteSecGrpId(xEpGrpId, nullEpGrpId, secRule1);
+ assertSecRulesBySecGrpIdAndRemoteSecGrpId(xEpGrpId, xEpGrpId, secRule2);
+ assertAllOwnerSecGrps(xEpGrpId);
+
+ secRuleDao.removeSecRule(secRule2);
+ assertSecRulesByOwnerSecGrpId(xEpGrpId, secRule1);
+ assertSecRulesWithoutRemoteSecGrpBySecGrpId(xEpGrpId, secRule1);
+ assertSecRulesBySecGrpIdAndRemoteSecGrpId(xEpGrpId, nullEpGrpId, secRule1);
+ assertAllOwnerSecGrps(xEpGrpId);
+
+ secRuleDao.removeSecRule(secRule1);
+ assertSecRulesByOwnerSecGrpId(xEpGrpId);
+ assertSecRulesWithoutRemoteSecGrpBySecGrpId(xEpGrpId);
+ assertSecRulesBySecGrpIdAndRemoteSecGrpId(xEpGrpId, nullEpGrpId);
+ assertSecRulesBySecGrpIdAndRemoteSecGrpId(xEpGrpId, xEpGrpId);
+ assertSecRulesBySecGrpIdAndRemoteSecGrpId(xEpGrpId, yEpGrpId);
+ assertSecRulesByOwnerSecGrpId(yEpGrpId);
+ assertSecRulesWithoutRemoteSecGrpBySecGrpId(yEpGrpId);
+ assertSecRulesBySecGrpIdAndRemoteSecGrpId(yEpGrpId, nullEpGrpId);
+ assertSecRulesBySecGrpIdAndRemoteSecGrpId(yEpGrpId, yEpGrpId);
+ assertSecRulesBySecGrpIdAndRemoteSecGrpId(yEpGrpId, xEpGrpId);
+ assertAllOwnerSecGrps();
+ }
+
+ @Test
+ public void testAddSecGroup_nullArgument() {
+ thrown.expect(NullPointerException.class);
+ secRuleDao.addSecRule(null);
+ }
+
+ @Test
+ public void testRemoveNonExistingSecRule() {
+ NeutronSecurityRule secRule = NeutronEntityFactory.securityRuleWithGroupIds(
+ "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa", "bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb",
+ "cccccccc-cccc-cccc-cccc-cccccccccccc", "dddddddd-dddd-dddd-dddd-dddddddddddd");
+ secRuleDao.removeSecRule(secRule);
+ }
+
+ @Test
+ public void testRemoveNonExistingSecRule_remoteSecGroupIdIsNull() {
+ NeutronSecurityRule secRule = NeutronEntityFactory.securityRuleWithGroupIds(
+ "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa", "bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb",
+ "cccccccc-cccc-cccc-cccc-cccccccccccc", null);
+ secRuleDao.removeSecRule(secRule);
+ }
+
+ private static void assertSecRules(Set<NeutronSecurityRule> secRules, NeutronSecurityRule... expectedSecRules) {
+ assertNotNull(secRules);
+ assertEquals(expectedSecRules.length, secRules.size());
+ for (int i = 0; i < expectedSecRules.length; ++i) {
+ assertTrue(secRules.contains(expectedSecRules[i]));
+ }
+ }
+
+ private void assertSecRulesByOwnerSecGrpId(EndpointGroupId ownerEpGrpId, NeutronSecurityRule... expectedSecRules) {
+ Set<NeutronSecurityRule> secRules = secRuleDao.getSecRulesByOwnerSecGrpId(ownerEpGrpId);
+ assertSecRules(secRules, expectedSecRules);
+ }
+
+ private void assertSecRulesBySecGrpIdAndRemoteSecGrpId(EndpointGroupId ownerEpGrpId, EndpointGroupId remoteEpGrpId,
+ NeutronSecurityRule... expectedSecRules) {
+ Set<NeutronSecurityRule> secRules = secRuleDao.getSecRulesBySecGrpIdAndRemoteSecGrpId(ownerEpGrpId,
+ remoteEpGrpId);
+ assertSecRules(secRules, expectedSecRules);
+ }
+
+ private void assertSecRulesWithoutRemoteSecGrpBySecGrpId(EndpointGroupId ownerEpGrpId,
+ NeutronSecurityRule... expectedSecRules) {
+ Set<NeutronSecurityRule> secRules = secRuleDao.getSecRulesWithoutRemoteSecGrpBySecGrpId(ownerEpGrpId);
+ assertSecRules(secRules, expectedSecRules);
+ }
+
+ private void assertAllOwnerSecGrps(EndpointGroupId... expectedEndpointGropuIds) {
+ Set<EndpointGroupId> allOwnerSecGrps = secRuleDao.getAllOwnerSecGrps();
+ assertNotNull(allOwnerSecGrps);
+ assertEquals(expectedEndpointGropuIds.length, allOwnerSecGrps.size());
+ for (int i = 0; i < expectedEndpointGropuIds.length; ++i) {
+ assertTrue(allOwnerSecGrps.contains(expectedEndpointGropuIds[i]));
+ }
+ }
+}
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.clause.ConsumerMatchers;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.subject.feature.instances.ClassifierInstance;
-public class SecRuleDecoderTest {
+public class SecRuleEntityDecoderTest {
@Rule
public ExpectedException thrown = ExpectedException.none();
@Test
public final void testGetTenantId_lowercaseUuidTenantID() {
secRule.setSecurityRuleTenantID("01234567-abcd-ef01-0123-0123456789ab");
- Assert.assertEquals("01234567-abcd-ef01-0123-0123456789ab", SecRuleEntityDecoder.getTenantId(secRule).getValue());
+ Assert.assertEquals("01234567-abcd-ef01-0123-0123456789ab", SecRuleEntityDecoder.getTenantId(secRule)
+ .getValue());
}
@Test
public final void testGetTenantId_uppercaseUuidTenantID() {
secRule.setSecurityRuleTenantID("01234567-ABCD-EF01-0123-0123456789AB");
- Assert.assertEquals("01234567-ABCD-EF01-0123-0123456789AB", SecRuleEntityDecoder.getTenantId(secRule).getValue());
+ Assert.assertEquals("01234567-ABCD-EF01-0123-0123456789AB", SecRuleEntityDecoder.getTenantId(secRule)
+ .getValue());
}
@Test
public final void testGetTenantId_mixUuidTenantID() {
secRule.setSecurityRuleTenantID("01234567-ABCD-ef01-0123-0123456789Ab");
- Assert.assertEquals("01234567-ABCD-ef01-0123-0123456789Ab", SecRuleEntityDecoder.getTenantId(secRule).getValue());
+ Assert.assertEquals("01234567-ABCD-ef01-0123-0123456789Ab", SecRuleEntityDecoder.getTenantId(secRule)
+ .getValue());
}
@Test
public final void testGetTenantId_noSlashLowercaseUuidTenantID() {
secRule.setSecurityRuleTenantID("01234567abcdef0101230123456789ab");
- Assert.assertEquals("01234567-abcd-ef01-0123-0123456789ab", SecRuleEntityDecoder.getTenantId(secRule).getValue());
+ Assert.assertEquals("01234567-abcd-ef01-0123-0123456789ab", SecRuleEntityDecoder.getTenantId(secRule)
+ .getValue());
}
@Test
public final void testGetTenantId_noSlashUppercaseUuidTenantID() {
secRule.setSecurityRuleTenantID("01234567ABCDEF0101230123456789AB");
- Assert.assertEquals("01234567-ABCD-EF01-0123-0123456789AB", SecRuleEntityDecoder.getTenantId(secRule).getValue());
+ Assert.assertEquals("01234567-ABCD-EF01-0123-0123456789AB", SecRuleEntityDecoder.getTenantId(secRule)
+ .getValue());
}
@Test
public final void testGetTenantId_noSlashMixUuidTenantID() {
secRule.setSecurityRuleTenantID("01234567ABCDef0101230123456789Ab");
- Assert.assertEquals("01234567-ABCD-ef01-0123-0123456789Ab", SecRuleEntityDecoder.getTenantId(secRule).getValue());
+ Assert.assertEquals("01234567-ABCD-ef01-0123-0123456789Ab", SecRuleEntityDecoder.getTenantId(secRule)
+ .getValue());
}
@Test
@Test
public final void testGetProviderEpgId_lowercaseUuidGroupID() {
secRule.setSecurityRuleGroupID("01234567-abcd-ef01-0123-0123456789ab");
- Assert.assertEquals("01234567-abcd-ef01-0123-0123456789ab",
- SecRuleEntityDecoder.getProviderEpgId(secRule).getValue());
+ Assert.assertEquals("01234567-abcd-ef01-0123-0123456789ab", SecRuleEntityDecoder.getProviderEpgId(secRule)
+ .getValue());
}
@Test
public final void testGetProviderEpgId_uppercaseUuidGroupID() {
secRule.setSecurityRuleGroupID("01234567-ABCD-EF01-0123-0123456789AB");
- Assert.assertEquals("01234567-ABCD-EF01-0123-0123456789AB",
- SecRuleEntityDecoder.getProviderEpgId(secRule).getValue());
+ Assert.assertEquals("01234567-ABCD-EF01-0123-0123456789AB", SecRuleEntityDecoder.getProviderEpgId(secRule)
+ .getValue());
}
@Test
public final void testGetProviderEpgId_mixUuidGroupID() {
secRule.setSecurityRuleGroupID("01234567-ABCD-ef01-0123-0123456789Ab");
- Assert.assertEquals("01234567-ABCD-ef01-0123-0123456789Ab",
- SecRuleEntityDecoder.getProviderEpgId(secRule).getValue());
+ Assert.assertEquals("01234567-ABCD-ef01-0123-0123456789Ab", SecRuleEntityDecoder.getProviderEpgId(secRule)
+ .getValue());
}
@Test
public final void testGetProviderEpgId_noSlashLowercaseUuidGroupID() {
secRule.setSecurityRuleGroupID("01234567abcdef0101230123456789ab");
- Assert.assertEquals("01234567-abcd-ef01-0123-0123456789ab",
- SecRuleEntityDecoder.getProviderEpgId(secRule).getValue());
+ Assert.assertEquals("01234567-abcd-ef01-0123-0123456789ab", SecRuleEntityDecoder.getProviderEpgId(secRule)
+ .getValue());
}
@Test
public final void testGetProviderEpgId_noSlashUppercaseUuidGroupID() {
secRule.setSecurityRuleGroupID("01234567ABCDEF0101230123456789AB");
- Assert.assertEquals("01234567-ABCD-EF01-0123-0123456789AB",
- SecRuleEntityDecoder.getProviderEpgId(secRule).getValue());
+ Assert.assertEquals("01234567-ABCD-EF01-0123-0123456789AB", SecRuleEntityDecoder.getProviderEpgId(secRule)
+ .getValue());
}
@Test
public final void testGetProviderEpgId_noSlashMixUuidGroupID() {
secRule.setSecurityRuleGroupID("01234567ABCDef0101230123456789Ab");
- Assert.assertEquals("01234567-ABCD-ef01-0123-0123456789Ab",
- SecRuleEntityDecoder.getProviderEpgId(secRule).getValue());
+ Assert.assertEquals("01234567-ABCD-ef01-0123-0123456789Ab", SecRuleEntityDecoder.getProviderEpgId(secRule)
+ .getValue());
}
@Test
@Test
public final void testGetConsumerEpgId_lowercaseUuidRemoteGroupID() {
secRule.setSecurityRemoteGroupID("01234567-abcd-ef01-0123-0123456789ab");
- Assert.assertEquals("01234567-abcd-ef01-0123-0123456789ab",
- SecRuleEntityDecoder.getConsumerEpgId(secRule).getValue());
+ Assert.assertEquals("01234567-abcd-ef01-0123-0123456789ab", SecRuleEntityDecoder.getConsumerEpgId(secRule)
+ .getValue());
}
@Test
public final void testGetConsumerEpgId_uppercaseUuidRemoteGroupID() {
secRule.setSecurityRemoteGroupID("01234567-ABCD-EF01-0123-0123456789AB");
- Assert.assertEquals("01234567-ABCD-EF01-0123-0123456789AB",
- SecRuleEntityDecoder.getConsumerEpgId(secRule).getValue());
+ Assert.assertEquals("01234567-ABCD-EF01-0123-0123456789AB", SecRuleEntityDecoder.getConsumerEpgId(secRule)
+ .getValue());
}
@Test
public final void testGetConsumerEpgId_mixUuidRemoteGroupID() {
secRule.setSecurityRemoteGroupID("01234567-ABCD-ef01-0123-0123456789Ab");
- Assert.assertEquals("01234567-ABCD-ef01-0123-0123456789Ab",
- SecRuleEntityDecoder.getConsumerEpgId(secRule).getValue());
+ Assert.assertEquals("01234567-ABCD-ef01-0123-0123456789Ab", SecRuleEntityDecoder.getConsumerEpgId(secRule)
+ .getValue());
}
@Test
public final void testGetConsumerEpgId_noSlashLowercaseUuidRemoteGroupID() {
secRule.setSecurityRemoteGroupID("01234567abcdef0101230123456789ab");
- Assert.assertEquals("01234567-abcd-ef01-0123-0123456789ab",
- SecRuleEntityDecoder.getConsumerEpgId(secRule).getValue());
+ Assert.assertEquals("01234567-abcd-ef01-0123-0123456789ab", SecRuleEntityDecoder.getConsumerEpgId(secRule)
+ .getValue());
}
@Test
public final void testGetConsumerEpgId_noSlashUppercaseUuidRemoteGroupID() {
secRule.setSecurityRemoteGroupID("01234567ABCDEF0101230123456789AB");
- Assert.assertEquals("01234567-ABCD-EF01-0123-0123456789AB",
- SecRuleEntityDecoder.getConsumerEpgId(secRule).getValue());
+ Assert.assertEquals("01234567-ABCD-EF01-0123-0123456789AB", SecRuleEntityDecoder.getConsumerEpgId(secRule)
+ .getValue());
}
@Test
public final void testGetConsumerEpgId_noSlashMixUuidRemoteGroupID() {
secRule.setSecurityRemoteGroupID("01234567ABCDef0101230123456789Ab");
- Assert.assertEquals("01234567-ABCD-ef01-0123-0123456789Ab",
- SecRuleEntityDecoder.getConsumerEpgId(secRule).getValue());
+ Assert.assertEquals("01234567-ABCD-ef01-0123-0123456789Ab", SecRuleEntityDecoder.getConsumerEpgId(secRule)
+ .getValue());
}
@Test
@Test
public final void testGetContractId_lowercaseUuidID() {
secRule.setSecurityRuleUUID("01234567-abcd-ef01-0123-0123456789ab");
- Assert.assertEquals("01234567-abcd-ef01-0123-0123456789ab", SecRuleEntityDecoder.getContractId(secRule).getValue());
+ Assert.assertEquals("01234567-abcd-ef01-0123-0123456789ab", SecRuleEntityDecoder.getContractId(secRule)
+ .getValue());
}
@Test
public final void testGetContractId_uppercaseUuidID() {
secRule.setSecurityRuleUUID("01234567-ABCD-EF01-0123-0123456789AB");
- Assert.assertEquals("01234567-ABCD-EF01-0123-0123456789AB", SecRuleEntityDecoder.getContractId(secRule).getValue());
+ Assert.assertEquals("01234567-ABCD-EF01-0123-0123456789AB", SecRuleEntityDecoder.getContractId(secRule)
+ .getValue());
}
@Test
public final void testGetContractId_mixUuidID() {
secRule.setSecurityRuleUUID("01234567-ABCD-ef01-0123-0123456789Ab");
- Assert.assertEquals("01234567-ABCD-ef01-0123-0123456789Ab", SecRuleEntityDecoder.getContractId(secRule).getValue());
+ Assert.assertEquals("01234567-ABCD-ef01-0123-0123456789Ab", SecRuleEntityDecoder.getContractId(secRule)
+ .getValue());
}
@Test
public final void testGetContractId_noSlashLowercaseUuidID() {
secRule.setSecurityRuleUUID("01234567abcdef0101230123456789ab");
- Assert.assertEquals("01234567-abcd-ef01-0123-0123456789ab", SecRuleEntityDecoder.getContractId(secRule).getValue());
+ Assert.assertEquals("01234567-abcd-ef01-0123-0123456789ab", SecRuleEntityDecoder.getContractId(secRule)
+ .getValue());
}
@Test
public final void testGetContractId_noSlashUppercaseUuidID() {
secRule.setSecurityRuleUUID("01234567ABCDEF0101230123456789AB");
- Assert.assertEquals("01234567-ABCD-EF01-0123-0123456789AB", SecRuleEntityDecoder.getContractId(secRule).getValue());
+ Assert.assertEquals("01234567-ABCD-EF01-0123-0123456789AB", SecRuleEntityDecoder.getContractId(secRule)
+ .getValue());
}
@Test
public final void testGetContractId_noSlashMixUuidID() {
secRule.setSecurityRuleUUID("01234567ABCDef0101230123456789Ab");
- Assert.assertEquals("01234567-ABCD-ef01-0123-0123456789Ab", SecRuleEntityDecoder.getContractId(secRule).getValue());
+ Assert.assertEquals("01234567-ABCD-ef01-0123-0123456789Ab", SecRuleEntityDecoder.getContractId(secRule)
+ .getValue());
}
@Test
Assert.assertNotNull(consumerMatchers);
Assert.assertNull(consumerMatchers.getConditionMatcher());
Assert.assertNull(consumerMatchers.getGroupIdentificationConstraints());
- EndpointIdentificationConstraints endpointIdentificationConstraints =
- consumerMatchers.getEndpointIdentificationConstraints();
+ EndpointIdentificationConstraints endpointIdentificationConstraints = consumerMatchers.getEndpointIdentificationConstraints();
Assert.assertNotNull(endpointIdentificationConstraints);
- L3EndpointIdentificationConstraints l3EndpointIdentificationConstraints =
- endpointIdentificationConstraints.getL3EndpointIdentificationConstraints();
+ L3EndpointIdentificationConstraints l3EndpointIdentificationConstraints = endpointIdentificationConstraints.getL3EndpointIdentificationConstraints();
Assert.assertNotNull(l3EndpointIdentificationConstraints);
List<PrefixConstraint> prefixConstraints = l3EndpointIdentificationConstraints.getPrefixConstraint();
Assert.assertNotNull(prefixConstraints);
thrown.expect(IllegalArgumentException.class);
SecRuleEntityDecoder.getProtocol(secRule);
}
-
}
--- /dev/null
+package org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.rule;
+
+import static org.junit.Assert.assertEquals;
+
+import org.junit.Before;
+import org.junit.Test;
+
+import org.opendaylight.groupbasedpolicy.neutron.mapper.util.MappingUtils;
+import org.opendaylight.groupbasedpolicy.neutron.mapper.util.NeutronUtils;
+import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.sf.EtherTypeClassifier;
+import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.sf.IpProtoClassifier;
+import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.sf.L4Classifier;
+import org.opendaylight.neutron.spi.NeutronSecurityRule;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ClassifierName;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ClauseName;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.HasDirection.Direction;
+
+public class SecRuleNameDecoderTest {
+
+ private NeutronSecurityRule secRule;
+
+ @Before
+ public void setUp() throws Exception {
+ secRule = new NeutronSecurityRule();
+ }
+
+ @Test
+ public final void testGetClassifierRefName() {
+ secRule.setSecurityRuleDirection(NeutronUtils.INGRESS);
+ secRule.setSecurityRuleEthertype(NeutronUtils.IPv4);
+ ClassifierName clsfInstanceName = SecRuleNameDecoder.getClassifierInstanceName(secRule);
+ String crName = new StringBuilder().append(Direction.In.name())
+ .append(MappingUtils.NAME_DOUBLE_DELIMETER)
+ .append(clsfInstanceName.getValue())
+ .toString();
+ ClassifierName expectedClsfRefName = new ClassifierName(crName);
+ assertEquals(expectedClsfRefName, SecRuleNameDecoder.getClassifierRefName(secRule));
+ }
+
+ @Test
+ public final void testGetClassifierInstanceName() {
+ secRule.setSecurityRuleDirection(NeutronUtils.INGRESS);
+ secRule.setSecurityRuleEthertype(NeutronUtils.IPv4);
+ secRule.setSecurityRuleProtocol(NeutronUtils.TCP);
+ secRule.setSecurityRulePortMin(8010);
+ secRule.setSecurityRulePortMax(8020);
+ StringBuilder frmtBuilder = new StringBuilder();
+ frmtBuilder.append(L4Classifier.DEFINITION.getName().getValue())
+ .append(MappingUtils.NAME_DELIMETER)
+ .append(L4Classifier.DST_PORT_RANGE_PARAM)
+ .append(SecRuleNameDecoder.MIN_PORT)
+ .append(MappingUtils.NAME_VALUE_DELIMETER)
+ .append("%d")
+ .append(SecRuleNameDecoder.MAX_PORT)
+ .append(MappingUtils.NAME_VALUE_DELIMETER)
+ .append("%d")
+ .append(MappingUtils.NAME_DOUBLE_DELIMETER)
+ .append(IpProtoClassifier.DEFINITION.getName().getValue())
+ .append(MappingUtils.NAME_VALUE_DELIMETER)
+ .append("%s")
+ .append(MappingUtils.NAME_DOUBLE_DELIMETER)
+ .append(EtherTypeClassifier.DEFINITION.getName().getValue())
+ .append(MappingUtils.NAME_VALUE_DELIMETER)
+ .append("%s");
+ String frmtClsfName = String.format(frmtBuilder.toString(), 8010, 8020, secRule.getSecurityRuleProtocol(),
+ secRule.getSecurityRuleEthertype());
+ ClassifierName expectedClsfInstanceName = new ClassifierName(frmtClsfName);
+ assertEquals(expectedClsfInstanceName, SecRuleNameDecoder.getClassifierInstanceName(secRule));
+ }
+
+ @Test
+ public final void testGetClauseName_noRemoteIpPrefix() {
+ secRule.setSecurityRuleDirection(NeutronUtils.INGRESS);
+ secRule.setSecurityRuleEthertype(NeutronUtils.IPv4);
+ ClauseName expectedClauseName = new ClauseName(SecRuleNameDecoder.getSubjectName(secRule));
+ assertEquals(expectedClauseName, SecRuleNameDecoder.getClauseName(secRule));
+ }
+
+ @Test
+ public final void testGetClauseName_remoteIpPrefix() {
+ secRule.setSecurityRuleDirection(NeutronUtils.INGRESS);
+ secRule.setSecurityRuleEthertype(NeutronUtils.IPv4);
+ secRule.setSecurityRuleRemoteIpPrefix("10.0.0.0/8");
+ ClauseName expectedClauseName = new ClauseName(SecRuleNameDecoder.getSubjectName(secRule).getValue()
+ + MappingUtils.NAME_DOUBLE_DELIMETER + "10.0.0.0_8");
+ assertEquals(expectedClauseName, SecRuleNameDecoder.getClauseName(secRule));
+ }
+}
--- /dev/null
+package org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.rule;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+
+import org.junit.Test;
+
+import org.opendaylight.groupbasedpolicy.neutron.mapper.test.NeutronEntityFactory;
+import org.opendaylight.groupbasedpolicy.neutron.mapper.test.PolicyAssert;
+import org.opendaylight.groupbasedpolicy.neutron.mapper.util.NeutronUtils;
+import org.opendaylight.neutron.spi.NeutronSecurityRule;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.classifier.refs.ClassifierRef;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.subject.feature.instances.ClassifierInstance;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.subject.Rule;
+
+public class SingleClassifierRuleTest {
+
+ @Test
+ public void testConstructorAndGetters() {
+ NeutronSecurityRule secRule = NeutronEntityFactory.securityRuleWithoutGroupIds(
+ "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa", "bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb", NeutronUtils.IPv4,
+ NeutronUtils.INGRESS, NeutronUtils.TCP, 8010, 8020);
+ final int ruleOrder = 1;
+ SingleClassifierRule singleClsfRule = new SingleClassifierRule(secRule, ruleOrder);
+
+ ClassifierInstance clsfInstance = singleClsfRule.getClassifierInstance();
+ assertNotNull(clsfInstance);
+ assertEquals(clsfInstance, SecRuleEntityDecoder.getClassifierInstance(secRule));
+
+ ClassifierRef clsfRef = singleClsfRule.getClassifierRef();
+ assertNotNull(clsfRef);
+ assertEquals(clsfRef, SecRuleEntityDecoder.getClassifierRef(secRule));
+
+ Rule rule = singleClsfRule.getRule();
+ assertNotNull(rule);
+ PolicyAssert.assertRule(rule, secRule, ruleOrder);
+ }
+}
--- /dev/null
+package org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.rule;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+
+import org.junit.Test;
+import org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.rule.SingleRuleContract;
+import org.opendaylight.groupbasedpolicy.neutron.mapper.test.NeutronEntityFactory;
+import org.opendaylight.groupbasedpolicy.neutron.mapper.test.PolicyAssert;
+import org.opendaylight.groupbasedpolicy.neutron.mapper.util.NeutronUtils;
+import org.opendaylight.neutron.spi.NeutronSecurityRule;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.Description;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.classifier.refs.ClassifierRef;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.Contract;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.Clause;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.Subject;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.subject.Rule;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.subject.feature.instances.ClassifierInstance;
+
+public class SingleRuleContractTest {
+
+ @Test
+ public void testConstructorAndGetters() {
+ NeutronSecurityRule secRule = NeutronEntityFactory.securityRuleWithoutGroupIds(
+ "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa", "bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb", NeutronUtils.IPv4,
+ NeutronUtils.INGRESS, NeutronUtils.TCP, 8010, 8020);
+ int subjectAndRuleOrder = 1;
+ SingleRuleContract singleRuleContract = new SingleRuleContract(secRule, subjectAndRuleOrder, new Description(
+ "contractDescription"));
+
+ SingleClassifierRule singleClsfRule = singleRuleContract.getSingleClassifierRule();
+ assertNotNull(singleClsfRule);
+
+ ClassifierInstance clsfInstance = singleClsfRule.getClassifierInstance();
+ assertNotNull(clsfInstance);
+ assertEquals(clsfInstance, SecRuleEntityDecoder.getClassifierInstance(secRule));
+
+ ClassifierRef clsfRef = singleClsfRule.getClassifierRef();
+ assertNotNull(clsfRef);
+ assertEquals(clsfRef, SecRuleEntityDecoder.getClassifierRef(secRule));
+
+ Rule rule = singleClsfRule.getRule();
+ assertNotNull(rule);
+ PolicyAssert.assertRule(rule, secRule, subjectAndRuleOrder);
+
+ assertEquals(rule, singleRuleContract.getRule());
+
+ Subject subject = singleRuleContract.getSubject();
+ assertNotNull(subject);
+ PolicyAssert.assertSubjectWithOneRule(subject, secRule);
+
+ Clause clause = singleRuleContract.getClause();
+ assertNotNull(clause);
+ PolicyAssert.assertClauseWithOneSubject(clause, secRule);
+
+ Contract contract = singleRuleContract.getContract();
+ assertNotNull(contract);
+ PolicyAssert.assertContract(contract, secRule);
+ }
+}
--- /dev/null
+package org.opendaylight.groupbasedpolicy.neutron.mapper.test;
+
+import org.opendaylight.controller.md.sal.binding.api.DataBroker;
+import org.opendaylight.controller.md.sal.binding.api.ReadOnlyTransaction;
+import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
+import org.opendaylight.groupbasedpolicy.util.DataStoreHelper;
+import org.opendaylight.groupbasedpolicy.util.IidFactory;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ActionName;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ClassifierName;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ContractId;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.EndpointGroupId;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.TenantId;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.Tenant;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.Contract;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.EndpointGroup;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.subject.feature.instances.ActionInstance;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.subject.feature.instances.ClassifierInstance;
+import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
+
+import com.google.common.base.Optional;
+
+public final class ConfigDataStoreReader {
+
+ private ConfigDataStoreReader() {
+ throw new UnsupportedOperationException("Cannot create an instance");
+ }
+
+ public static Optional<Tenant> readTenant(DataBroker dataBroker, String tenantId) throws Exception {
+ try (ReadOnlyTransaction rTx = dataBroker.newReadOnlyTransaction()) {
+ return DataStoreHelper.readFromDs(LogicalDatastoreType.CONFIGURATION,
+ IidFactory.tenantIid(new TenantId(tenantId)), rTx);
+ }
+ }
+
+ public static Optional<Contract> readContract(DataBroker dataBroker, String tenantId, String contractId)
+ throws Exception {
+ try (ReadOnlyTransaction rTx = dataBroker.newReadOnlyTransaction()) {
+ return DataStoreHelper.readFromDs(LogicalDatastoreType.CONFIGURATION,
+ IidFactory.contractIid(new TenantId(tenantId), new ContractId(contractId)), rTx);
+ }
+ }
+
+ public static Optional<EndpointGroup> readEndpointGroup(DataBroker dataBroker, String tenantId,
+ String endpointGroupId) throws Exception {
+ try (ReadOnlyTransaction rTx = dataBroker.newReadOnlyTransaction()) {
+ return DataStoreHelper.readFromDs(LogicalDatastoreType.CONFIGURATION,
+ IidFactory.endpointGroupIid(new TenantId(tenantId), new EndpointGroupId(endpointGroupId)), rTx);
+ }
+ }
+
+ public static Optional<ClassifierInstance> readClassifierInstance(DataBroker dataBroker, String tenantId,
+ ClassifierName classifierName) throws Exception {
+ InstanceIdentifier<ClassifierInstance> clsfInstanceIid = IidFactory.classifierInstanceIid(
+ new TenantId(tenantId), classifierName);
+ try (ReadOnlyTransaction rTx = dataBroker.newReadOnlyTransaction()) {
+ return DataStoreHelper.readFromDs(LogicalDatastoreType.CONFIGURATION, clsfInstanceIid, rTx);
+ }
+ }
+
+ public static Optional<ActionInstance> readActionInstance(DataBroker dataBroker, String tenantId,
+ ActionName actionName) throws Exception {
+ InstanceIdentifier<ActionInstance> actionIid = IidFactory.actionInstanceIid(new TenantId(tenantId), actionName);
+ try (ReadOnlyTransaction rTx = dataBroker.newReadOnlyTransaction()) {
+ return DataStoreHelper.readFromDs(LogicalDatastoreType.CONFIGURATION, actionIid, rTx);
+ }
+ }
+}
--- /dev/null
+package org.opendaylight.groupbasedpolicy.neutron.mapper.test;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.opendaylight.neutron.spi.NeutronSecurityGroup;
+import org.opendaylight.neutron.spi.NeutronSecurityRule;
+
+public final class NeutronEntityFactory {
+
+ private NeutronEntityFactory() {
+ throw new UnsupportedOperationException("Cannot create an instance");
+ }
+
+ public static NeutronSecurityGroup securityGroup(String id, String tenantId) {
+ NeutronSecurityGroup secGrp = new NeutronSecurityGroup();
+ secGrp.setSecurityGroupUUID(id);
+ secGrp.setSecurityGroupTenantID(tenantId);
+ secGrp.setSecurityRules(new ArrayList<NeutronSecurityRule>());
+ return secGrp;
+ }
+
+ public static NeutronSecurityGroup securityGroupWithName(String id, String tenantId, String name) {
+ NeutronSecurityGroup secGrp = new NeutronSecurityGroup();
+ secGrp.setSecurityGroupUUID(id);
+ secGrp.setSecurityGroupTenantID(tenantId);
+ secGrp.setSecurityGroupName(name);
+ return secGrp;
+ }
+
+ public static NeutronSecurityGroup securityGroup(String id, String tenantId, List<NeutronSecurityRule> secRules) {
+ NeutronSecurityGroup secGrp = new NeutronSecurityGroup();
+ secGrp.setSecurityGroupUUID(id);
+ secGrp.setSecurityGroupTenantID(tenantId);
+ secGrp.setSecurityRules(secRules);
+ return secGrp;
+ }
+
+ public static NeutronSecurityRule securityRuleWithGroupIds(String id, String tenant, String ownerGroupId,
+ String remoteGroupId) {
+ NeutronSecurityRule secRule = new NeutronSecurityRule();
+ secRule.setSecurityRuleUUID(id);
+ secRule.setSecurityRuleTenantID(tenant);
+ secRule.setSecurityRuleGroupID(ownerGroupId);
+ secRule.setSecurityRemoteGroupID(remoteGroupId);
+ return secRule;
+ }
+
+ public static NeutronSecurityRule securityRuleWithoutGroupIds(String id, String tenant, String etherType,
+ String direction, String protocol, int portMin, int portMax) {
+ NeutronSecurityRule secRule = new NeutronSecurityRule();
+ secRule.setSecurityRuleUUID(id);
+ secRule.setSecurityRuleTenantID(tenant);
+ secRule.setSecurityRuleEthertype(etherType);
+ secRule.setSecurityRuleDirection(direction);
+ secRule.setSecurityRuleProtocol(protocol);
+ secRule.setSecurityRulePortMin(portMin);
+ secRule.setSecurityRulePortMax(portMax);
+ return secRule;
+ }
+
+ public static NeutronSecurityRule securityRuleWithEtherType(String id, String tenant, String etherType,
+ String direction, String ownerGroupId, String remoteGroupId) {
+ NeutronSecurityRule secRule = new NeutronSecurityRule();
+ secRule.setSecurityRuleUUID(id);
+ secRule.setSecurityRuleTenantID(tenant);
+ secRule.setSecurityRuleEthertype(etherType);
+ secRule.setSecurityRuleDirection(direction);
+ secRule.setSecurityRuleGroupID(ownerGroupId);
+ secRule.setSecurityRemoteGroupID(remoteGroupId);
+ return secRule;
+ }
+}
--- /dev/null
+package org.opendaylight.groupbasedpolicy.neutron.mapper.test;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
+
+import java.util.Collection;
+import java.util.List;
+import java.util.Set;
+
+import org.opendaylight.controller.md.sal.binding.api.DataBroker;
+import org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.rule.SecRuleEntityDecoder;
+import org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.rule.SecRuleNameDecoder;
+import org.opendaylight.groupbasedpolicy.neutron.mapper.util.MappingUtils;
+import org.opendaylight.groupbasedpolicy.neutron.mapper.util.Utils;
+import org.opendaylight.neutron.spi.NeutronSecurityRule;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev100924.IpPrefix;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ActionName;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ContractId;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.Description;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.SubjectName;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.action.refs.ActionRef;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.classifier.refs.ClassifierRef;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.Tenant;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.Contract;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.EndpointGroup;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.EndpointGroup.IntraGroupPolicy;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.Clause;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.Subject;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.subject.Rule;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.endpoint.group.ConsumerNamedSelector;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.endpoint.group.ProviderNamedSelector;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.subject.feature.instances.ActionInstance;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.subject.feature.instances.ClassifierInstance;
+
+import com.google.common.base.Optional;
+import com.google.common.base.Preconditions;
+import com.google.common.base.Strings;
+
+public final class PolicyAssert {
+
+ private PolicyAssert() {
+ throw new UnsupportedOperationException("Cannot create an instance");
+ }
+
+ // asserts for tenant
+
+ public static void assertTenantExists(DataBroker dataBroker, String tenantId) throws Exception {
+ Optional<Tenant> tenant = ConfigDataStoreReader.readTenant(dataBroker, tenantId);
+ assertTrue(tenant.isPresent());
+ }
+
+ public static void assertTenantNotExists(DataBroker dataBroker, String tenantId) throws Exception {
+ Optional<Tenant> tenant = ConfigDataStoreReader.readTenant(dataBroker, tenantId);
+ assertFalse(tenant.isPresent());
+ }
+
+ // asserts for contract
+
+ public static void assertContractExists(DataBroker dataBroker, String tenantId, String contractId) throws Exception {
+ Optional<Contract> contract = ConfigDataStoreReader.readContract(dataBroker, tenantId, contractId);
+ assertTrue(contract.isPresent());
+ }
+
+ public static void assertContractNotExists(DataBroker dataBroker, String tenantId, String contractId)
+ throws Exception {
+ Optional<Contract> contract = ConfigDataStoreReader.readContract(dataBroker, tenantId, contractId);
+ assertFalse(contract.isPresent());
+ }
+
+ public static void assertContractCount(DataBroker dataBroker, String tenantId, int expectedCount) throws Exception {
+ Optional<Tenant> tenant = ConfigDataStoreReader.readTenant(dataBroker, tenantId);
+ assertTrue(tenant.isPresent());
+ List<Contract> contracts = tenant.get().getContract();
+ if (contracts != null) {
+ assertEquals(expectedCount, tenant.get().getContract().size());
+ } else {
+ assertEquals(expectedCount, 0);
+ }
+ }
+
+ public static void assertContractWithEic(Contract contract, NeutronSecurityRule secRule) {
+ assertEquals(new ContractId(secRule.getSecurityRuleUUID()), contract.getId());
+ assertNull(contract.getQuality());
+ assertNull(contract.getTarget());
+ assertOneClauseWithEicWithOneSubject(contract, secRule);
+ PolicyAssert.assertOneSubjectWithOneRule(contract, secRule);
+ }
+
+ private static void assertOneClauseWithEicWithOneSubject(Contract contract, NeutronSecurityRule secRule) {
+ Clause clause = assertOneItem(contract.getClause());
+ assertNull(clause.getAnyMatchers());
+ Preconditions.checkArgument(!Strings.isNullOrEmpty(secRule.getSecurityRuleRemoteIpPrefix()));
+ IpPrefix expectedIpPrefix = Utils.createIpPrefix(secRule.getSecurityRuleRemoteIpPrefix());
+ assertNotNull(clause.getConsumerMatchers());
+ IpPrefix ipPrefix = clause.getConsumerMatchers()
+ .getEndpointIdentificationConstraints()
+ .getL3EndpointIdentificationConstraints()
+ .getPrefixConstraint()
+ .get(0)
+ .getIpPrefix();
+ assertEquals(expectedIpPrefix, ipPrefix);
+ SubjectName subjectRef = assertOneItem(clause.getSubjectRefs());
+ assertEquals(SecRuleNameDecoder.getSubjectName(secRule), subjectRef);
+ }
+
+ public static void assertContract(Contract contract, NeutronSecurityRule secRule) {
+ assertEquals(new ContractId(secRule.getSecurityRuleUUID()), contract.getId());
+ assertNull(contract.getQuality());
+ assertNull(contract.getTarget());
+ assertOneClauseWithOneSubject(contract, secRule);
+ assertOneSubjectWithOneRule(contract, secRule);
+ }
+
+ private static void assertOneClauseWithOneSubject(Contract contract, NeutronSecurityRule secRule) {
+ Clause clause = assertOneItem(contract.getClause());
+ assertClauseWithOneSubject(clause, secRule);
+ }
+
+ private static void assertOneSubjectWithOneRule(Contract contract, NeutronSecurityRule secRule) {
+ Subject subject = assertOneItem(contract.getSubject());
+ assertSubjectWithOneRule(subject, secRule);
+ }
+
+ public static void assertContract(Contract contract, NeutronSecurityRule secRule, Description contractDescription) {
+ assertContract(contract, secRule);
+ assertEquals(contractDescription, contract.getDescription());
+ }
+
+ // asserts for endpoint group
+
+ public static void assertEndpointGroupExists(DataBroker dataBroker, String tenantId, String endpointGroupId)
+ throws Exception {
+ Optional<EndpointGroup> epg = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, endpointGroupId);
+ assertTrue(epg.isPresent());
+ }
+
+ public static void assertEndpointGroupNotExists(DataBroker dataBroker, String tenantId, String endpointGroupId)
+ throws Exception {
+ Optional<EndpointGroup> epg = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, endpointGroupId);
+ assertFalse(epg.isPresent());
+ }
+
+ public static void assertEndpointGroupCount(DataBroker dataBroker, String tenantId, int expectedCount)
+ throws Exception {
+ Optional<Tenant> tenant = ConfigDataStoreReader.readTenant(dataBroker, tenantId);
+ assertTrue(tenant.isPresent());
+ List<EndpointGroup> endpointGroups = tenant.get().getEndpointGroup();
+ if (endpointGroups != null) {
+ assertEquals(expectedCount, endpointGroups.size());
+ } else {
+ assertEquals(expectedCount, 0);
+ }
+ }
+
+ public static void assertIntraGroupPolicy(DataBroker dataBroker, String tenantId, String endpointGroupId,
+ IntraGroupPolicy intraGroupPolicy) throws Exception {
+ Optional<EndpointGroup> epg = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, endpointGroupId);
+ assertTrue(epg.isPresent());
+ assertEquals(intraGroupPolicy, epg.get().getIntraGroupPolicy());
+ }
+
+ // asserts for enpoint group selectors
+
+ public static void assertNoProviderNamedSelectors(DataBroker dataBroker, String tenantId, String secGroupId)
+ throws Exception {
+ Optional<EndpointGroup> epg = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId);
+ assertTrue(epg.isPresent());
+ List<ProviderNamedSelector> selectors = epg.get().getProviderNamedSelector();
+ assertTrue(selectors == null || selectors.isEmpty());
+ }
+
+ public static void assertNoConsumerNamedSelectors(DataBroker dataBroker, String tenantId, String secGroupId)
+ throws Exception {
+ Optional<EndpointGroup> epg = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId);
+ assertTrue(epg.isPresent());
+ List<ConsumerNamedSelector> selectors = epg.get().getConsumerNamedSelector();
+ assertTrue(selectors == null || selectors.isEmpty());
+ }
+
+ public static void assertProviderNamedSelectors(EndpointGroup epg, Set<ContractId> expectedContracts) {
+ Preconditions.checkNotNull(expectedContracts);
+ assertNotNull(epg.getProviderNamedSelector());
+ int numberOfContracts = 0;
+ for (ProviderNamedSelector pns : epg.getProviderNamedSelector()) {
+ assertNotNull(pns.getContract());
+ numberOfContracts += pns.getContract().size();
+ for (ContractId contractId : pns.getContract()) {
+ assertTrue(expectedContracts.contains(contractId));
+ }
+ }
+ assertEquals(expectedContracts.size(), numberOfContracts);
+ }
+
+ public static void assertConsumerNamedSelectors(EndpointGroup epg, Set<ContractId> expectedContracts) {
+ Preconditions.checkNotNull(expectedContracts);
+ assertNotNull(epg.getConsumerNamedSelector());
+ int numberOfContracts = 0;
+ for (ConsumerNamedSelector cns : epg.getConsumerNamedSelector()) {
+ assertNotNull(cns.getContract());
+ numberOfContracts += cns.getContract().size();
+ for (ContractId contractId : cns.getContract()) {
+ assertTrue(expectedContracts.contains(contractId));
+ }
+ }
+ assertEquals(expectedContracts.size(), numberOfContracts);
+ }
+
+ // asserts for classifier
+
+ public static void assertClassifierInstanceExists(DataBroker dataBroker, NeutronSecurityRule secRule)
+ throws Exception {
+ ClassifierInstance clsfInstance = SecRuleEntityDecoder.getClassifierInstance(secRule);
+ Optional<ClassifierInstance> readClsfInstance = ConfigDataStoreReader.readClassifierInstance(dataBroker,
+ secRule.getSecurityRuleTenantID(), clsfInstance.getName());
+ assertTrue(readClsfInstance.isPresent());
+ }
+
+ public static void assertClassifierInstanceNotExists(DataBroker dataBroker, NeutronSecurityRule secRule)
+ throws Exception {
+ ClassifierInstance clsfInstance = SecRuleEntityDecoder.getClassifierInstance(secRule);
+ Optional<ClassifierInstance> readClsfInstance = ConfigDataStoreReader.readClassifierInstance(dataBroker,
+ secRule.getSecurityRuleTenantID(), clsfInstance.getName());
+ assertFalse(readClsfInstance.isPresent());
+ }
+
+ // asserts for action
+
+ public static void assertActionInstanceExists(DataBroker dataBroker, String tenantId, ActionName actionName)
+ throws Exception {
+ Optional<ActionInstance> actionInstance = ConfigDataStoreReader.readActionInstance(dataBroker, tenantId,
+ actionName);
+ assertTrue(actionInstance.isPresent());
+ }
+
+ public static void assertActionInstanceNotExists(DataBroker dataBroker, String tenantId, ActionName actionName)
+ throws Exception {
+ Optional<ActionInstance> actionInstance = ConfigDataStoreReader.readActionInstance(dataBroker, tenantId,
+ actionName);
+ assertFalse(actionInstance.isPresent());
+ }
+
+ // asserts for clause
+
+ public static void assertClauseWithOneSubject(Clause clause, NeutronSecurityRule secRule) {
+ assertNull(clause.getAnyMatchers());
+ assertNull(clause.getConsumerMatchers());
+ assertNull(clause.getProviderMatchers());
+ SubjectName subjectRef = assertOneItem(clause.getSubjectRefs());
+ assertEquals(SecRuleNameDecoder.getSubjectName(secRule), subjectRef);
+ }
+
+ // asserts for subject
+
+ public static void assertSubjectWithOneRule(Subject subject, NeutronSecurityRule secRule) {
+ assertEquals(SecRuleNameDecoder.getSubjectName(secRule), subject.getName());
+ Rule rule = assertOneItem(subject.getRule());
+ assertRule(rule, secRule);
+ }
+
+ // asserts for rule
+
+ public static void assertRule(Rule rule, NeutronSecurityRule secRule) {
+ assertEquals(SecRuleNameDecoder.getRuleName(secRule), rule.getName());
+ ActionRef actionRef = assertOneItem(rule.getActionRef());
+ assertEquals(MappingUtils.ACTION_ALLOW.getName(), actionRef.getName());
+ ClassifierRef classifierRef = assertOneItem(rule.getClassifierRef());
+ assertEquals(SecRuleNameDecoder.getClassifierRefName(secRule), classifierRef.getName());
+ assertEquals(SecRuleNameDecoder.getClassifierInstanceName(secRule), classifierRef.getInstanceName());
+ assertEquals(SecRuleEntityDecoder.getDirection(secRule), classifierRef.getDirection());
+ }
+
+ public static void assertRule(Rule rule, NeutronSecurityRule secRule, int order) {
+ assertRule(rule, secRule);
+ assertEquals(order, rule.getOrder().intValue());
+ }
+
+ private static final <T> T assertOneItem(Collection<T> c) {
+ assertNotNull(c);
+ assertTrue(c.size() == 1);
+ return c.iterator().next();
+ }
+}