--- /dev/null
+/*
+ * Copyright (C) 2014 Juniper Networks, Inc.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v1.0 which accompanies this distribution,
+ * and is available at http://www.eclipse.org/legal/epl-v10.html
+ *
+ */
+package org.opendaylight.plugin2oc.neutron;
+
+import java.io.IOException;
+import java.net.HttpURLConnection;
+import java.util.Iterator;
+import java.util.ListIterator;
+import java.util.UUID;
+
+import net.juniper.contrail.api.ApiConnector;
+import net.juniper.contrail.api.types.PolicyEntriesType;
+import net.juniper.contrail.api.types.PolicyEntriesType.PolicyRuleType;
+import net.juniper.contrail.api.types.PolicyEntriesType.PolicyRuleType.AddressType;
+import net.juniper.contrail.api.types.PolicyEntriesType.PolicyRuleType.ActionListType;
+import net.juniper.contrail.api.types.PolicyEntriesType.PolicyRuleType.SequenceType;
+import net.juniper.contrail.api.types.SubnetType;
+import net.juniper.contrail.api.types.SecurityGroup;
+
+import org.opendaylight.controller.networkconfig.neutron.INeutronSecurityRuleAware;
+import org.opendaylight.controller.networkconfig.neutron.NeutronSecurityRule;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Handle requests for Security Group.
+ */
+
+public class SecurityGroupRulesHandler implements INeutronSecurityRuleAware {
+ /**
+ * Logger instance.
+ */
+ static final Logger LOGGER = LoggerFactory.getLogger(SecurityGroupRulesHandler.class);
+ static ApiConnector apiConnector;
+
+ /**
+ * Invoked when a security group rules creation is requested to check if the
+ * specified security group rules can be created and then creates the
+ * security group rule
+ *
+ * @param securityRule
+ * An instance of proposed new Neutron SecurityGroupRules object.
+ *
+ * @return A HTTP status code to the creation request.
+ */
+ @Override
+ public int canCreateNeutronSecurityRule(NeutronSecurityRule securityRule) {
+ SecurityGroup virtualSecurityGroup;
+ apiConnector = Activator.apiConnector;
+ if (securityRule == null) {
+ LOGGER.error("SecurityGroupRule object can't be null..");
+ return HttpURLConnection.HTTP_BAD_REQUEST;
+ }
+ if(securityRule.getSecurityRuleUUID() == null || securityRule.getSecurityRuleUUID() == "")
+ {
+ LOGGER.error("SecurityGroup Rule UUID can't be null/empty...");
+ return HttpURLConnection.HTTP_BAD_REQUEST;
+ }
+ else
+ {
+ String secGroupRulesUUID = securityRule.getSecurityRuleUUID();
+ if (!(securityRule.getSecurityRuleUUID().contains("-"))) {
+ secGroupRulesUUID = Utils.uuidFormater(securityRule.getSecurityRuleUUID());
+ }
+ boolean isSecGroupRulesUUID = Utils.isValidHexNumber(secGroupRulesUUID);
+ if (!isSecGroupRulesUUID) {
+ LOGGER.info("Badly formed Hexadecimal UUID...");
+ return HttpURLConnection.HTTP_BAD_REQUEST;
+ }
+ secGroupRulesUUID = UUID.fromString(secGroupRulesUUID).toString();
+ }
+
+ if (securityRule.getSecurityRuleDirection() == null || securityRule.getSecurityRuleDirection().equals("")) {
+ LOGGER.error("SecurityGroup Rule direction can't be null/empty...");
+ return HttpURLConnection.HTTP_BAD_REQUEST;
+ }
+ if (!(securityRule.getSecurityRuleDirection().equalsIgnoreCase("ingress") || securityRule.getSecurityRuleDirection().equalsIgnoreCase("egress"))) {
+ LOGGER.error("SecurityGroup Rule direction invalid : Valid values are ingress/egress");
+ return HttpURLConnection.HTTP_BAD_REQUEST;
+ }
+ System.out.println("---------->"+securityRule.getSecurityRemoteGroupID()+"---------->"+securityRule.getSecurityRuleDirection()+"---------->"+securityRule.getSecurityRulePortMax()+"---------->"+securityRule.getSecurityRulePortMin());
+ if (securityRule.getSecurityRulePortMin() == null || securityRule.getSecurityRulePortMax() == null) {
+ LOGGER.error("SecurityGroup port min/max range can't be null/empty...");
+ return HttpURLConnection.HTTP_BAD_REQUEST;
+ }
+ if (securityRule.getSecurityRuleProtocol() == null || ("").equals(securityRule.getSecurityRuleProtocol())) {
+ LOGGER.error("Security protocol can't be null/empty...");
+ return HttpURLConnection.HTTP_BAD_REQUEST;
+ }
+ if (!(securityRule.getSecurityRuleProtocol().equalsIgnoreCase("tcp") || securityRule.getSecurityRuleProtocol().equalsIgnoreCase("udp")
+ || securityRule.getSecurityRuleProtocol().equalsIgnoreCase("icmp") || securityRule.getSecurityRuleProtocol().equalsIgnoreCase("any"))) {
+ LOGGER.error("Security protocol invalid : Valid values are tcp,udp,icmp and any");
+ return HttpURLConnection.HTTP_BAD_REQUEST;
+ }
+ if (securityRule.getSecurityRuleProtocol().equalsIgnoreCase("tcp") || securityRule.getSecurityRuleProtocol().equalsIgnoreCase("udp")) {
+ if (securityRule.getSecurityRulePortMin() > securityRule.getSecurityRulePortMax()) {
+ LOGGER.error("SecurityGroup port min range can't be greator than port max range");
+ return HttpURLConnection.HTTP_BAD_REQUEST;
+ }
+ }
+ if (securityRule.getSecurityRuleProtocol().equalsIgnoreCase("icmp")) {
+ if (securityRule.getSecurityRulePortMin() > 255) {
+ LOGGER.error("SecurityGroup ICMP type can't be greator 255");
+ return HttpURLConnection.HTTP_BAD_REQUEST;
+ }
+ }
+ if (securityRule.getSecurityRuleGroupID() == null || securityRule.getSecurityRuleGroupID().equals("")) {
+ LOGGER.error("Security Group ID can't be null/empty...");
+ return HttpURLConnection.HTTP_BAD_REQUEST;
+ }
+ String secGroupRuleUUID = securityRule.getSecurityRuleGroupID();
+ if (!(securityRule.getSecurityRuleGroupID().contains("-"))) {
+ secGroupRuleUUID = Utils.uuidFormater(securityRule.getSecurityRuleGroupID());
+ }
+ boolean isSecGroupRuleUUID = Utils.isValidHexNumber(secGroupRuleUUID);
+ if (!isSecGroupRuleUUID) {
+ LOGGER.info("Badly formed Hexadecimal UUID...");
+ return HttpURLConnection.HTTP_BAD_REQUEST;
+ }
+ secGroupRuleUUID = UUID.fromString(secGroupRuleUUID).toString();
+ try {
+ virtualSecurityGroup = (SecurityGroup) apiConnector.findById(SecurityGroup.class, secGroupRuleUUID);
+ } catch (IOException e) {
+ LOGGER.error("Exception : " + e);
+ return HttpURLConnection.HTTP_INTERNAL_ERROR;
+ }
+ if (virtualSecurityGroup == null) {
+ LOGGER.warn("SecurityGroup does not exists for the specified security group ID");
+ return HttpURLConnection.HTTP_FORBIDDEN;
+ }
+ if (virtualSecurityGroup.getEntries() != null) {
+ if (virtualSecurityGroup.getEntries().getPolicyRule().isEmpty() == false) {
+ ListIterator<PolicyRuleType> i = virtualSecurityGroup.getEntries().getPolicyRule().listIterator();
+ PolicyRuleType policyRule;
+ while (i.hasNext()) {
+ policyRule = (PolicyRuleType) i.next();
+ if (policyRule.getRuleUuid().equalsIgnoreCase(securityRule.getSecurityRuleUUID())) {
+ LOGGER.warn("SecurityGroup rule already exsist for the specified security group");
+ return HttpURLConnection.HTTP_CONFLICT;
+ }
+ }
+ }
+ }
+ if (securityRule.getSecurityRemoteGroupID() == null && securityRule.getSecurityRuleRemoteIpPrefix() == null) {
+ LOGGER.error("Both SecurityGroup remote ID and remote IP prefix can nor be null");
+ return HttpURLConnection.HTTP_BAD_REQUEST;
+
+
+ }
+ if(securityRule.getSecurityRuleRemoteIpPrefix() == null && securityRule.getSecurityRemoteGroupID() != null )
+ {
+ virtualSecurityGroup = null;
+ secGroupRuleUUID = securityRule.getSecurityRemoteGroupID();
+ if (!(securityRule.getSecurityRemoteGroupID().contains("-"))) {
+ secGroupRuleUUID = Utils.uuidFormater(securityRule.getSecurityRemoteGroupID());
+ }
+ isSecGroupRuleUUID = Utils.isValidHexNumber(secGroupRuleUUID);
+ if (!isSecGroupRuleUUID) {
+ LOGGER.info("Badly formed Hexadecimal UUID...");
+ return HttpURLConnection.HTTP_BAD_REQUEST;
+ }
+ secGroupRuleUUID = UUID.fromString(secGroupRuleUUID).toString();
+
+
+ try {
+ virtualSecurityGroup = (SecurityGroup) apiConnector.findById(SecurityGroup.class, secGroupRuleUUID);
+ } catch (IOException e) {
+ LOGGER.error("Exception : " + e);
+ return HttpURLConnection.HTTP_INTERNAL_ERROR;
+ }
+ if (virtualSecurityGroup == null) {
+ LOGGER.warn("SecurityRemoteGroup does not exists for the specified security group ID");
+ return HttpURLConnection.HTTP_FORBIDDEN;
+ }
+
+
+ }
+
+ LOGGER.info("SecurityGroupRules object " + securityRule);
+ return HttpURLConnection.HTTP_OK;
+ }
+
+ /**
+ * Invoked to create the specified Neutron Security Group Rules .
+ *
+ * @param securityRule
+ * An instance of new NeutronSecurityGroupRule object.
+ */
+ private void createSecurityGroupRules(NeutronSecurityRule securityRule) throws IOException {
+ PolicyEntriesType virtualSecurityGroupRule = null;
+ SecurityGroup virtualSecurityGroup = null;
+
+ String secGroupRuleUUID = securityRule.getSecurityRuleGroupID();
+ if (!(securityRule.getSecurityRuleGroupID().contains("-"))) {
+ secGroupRuleUUID = Utils.uuidFormater(securityRule.getSecurityRuleGroupID());
+ }
+ secGroupRuleUUID = UUID.fromString(secGroupRuleUUID).toString();
+ try {
+ virtualSecurityGroup = (SecurityGroup) apiConnector.findById(SecurityGroup.class, secGroupRuleUUID);
+ } catch (IOException e) {
+ LOGGER.error("Exception : " + e);
+ }
+ virtualSecurityGroupRule = virtualSecurityGroup.getEntries();
+ if (virtualSecurityGroupRule == null) {
+ virtualSecurityGroupRule = new PolicyEntriesType();
+ }
+ virtualSecurityGroupRule = mapSecurityGroupRuleProperties(securityRule, virtualSecurityGroupRule);
+ virtualSecurityGroup.setEntries(virtualSecurityGroupRule);
+ try {
+ if (apiConnector.update(virtualSecurityGroup)) {
+ LOGGER.info("SecurityGroup rule creation success..");
+ } else {
+ LOGGER.warn("SecurityGroup rule creation failed1..");
+ return;
+ }
+ } catch (IOException e) {
+ LOGGER.warn("SecurityGroup rule creation failed2..");
+ return;
+ }
+ LOGGER.info("SecurityGroup : " + virtualSecurityGroup.getName() + " having UUID : " + virtualSecurityGroup.getUuid()
+ + " sucessfully added with Security Group Rule");
+ }
+ /**
+ * Invoked to create a Security Group Rules and take action after the Security
+ * Group Rules has been created.
+ *
+ * @param securityRule
+ * An instance of new {@link NeutronSecurityRule} object.
+ */
+ @Override
+ public void neutronSecurityRuleCreated(NeutronSecurityRule securityRule) {
+ apiConnector = Activator.apiConnector;
+ try {
+ createSecurityGroupRules(securityRule);
+ } catch (IOException e) {
+ LOGGER.error("Exception : " + e);
+ }
+ SecurityGroup virtualSecurityGroup = null;
+ String secGroupRuleUUID = securityRule.getSecurityRuleGroupID();
+ if (!(securityRule.getSecurityRuleGroupID().contains("-"))) {
+ secGroupRuleUUID = Utils.uuidFormater(securityRule.getSecurityRuleGroupID());
+ }
+ secGroupRuleUUID = UUID.fromString(secGroupRuleUUID).toString();
+ try {
+ virtualSecurityGroup = (SecurityGroup) apiConnector.findById(SecurityGroup.class, secGroupRuleUUID);
+ } catch (IOException e) {
+ LOGGER.error("Exception : " + e);
+ }
+ if (virtualSecurityGroup.getEntries() != null) {
+ if (virtualSecurityGroup.getEntries().getPolicyRule().isEmpty() == false) {
+ Iterator<PolicyRuleType> i = virtualSecurityGroup.getEntries().getPolicyRule().iterator();
+ PolicyRuleType policyRule;
+ while (i.hasNext()) {
+ policyRule = (PolicyRuleType) i.next();
+ if (policyRule.getRuleUuid().equalsIgnoreCase(securityRule.getSecurityRuleUUID())) {
+ LOGGER.info("SecurityGroup rule creation for the specified security group is verfied");
+ }
+ }
+ }
+ }
+ }
+
+ @Override
+ public int canUpdateNeutronSecurityRule(NeutronSecurityRule delta, NeutronSecurityRule original) {
+ // TODO Auto-generated method stub - Nothing to update
+ return 0;
+ }
+
+ @Override
+ public void neutronSecurityRuleUpdated(NeutronSecurityRule securityRule) {
+ // TODO Auto-generated method stub - Nothing to update
+
+ }
+ /**
+ * Invoked when a security group Rule deletion is requested to indicate if the
+ * specified neutron security group rule can be deleted.
+ *
+ * @param securityRule
+ * An instance of the {@link NeutronSecurityRule} object to be
+ * deleted.
+ *
+ * @return A HTTP status code to the deletion request.
+ */
+ @Override
+ public int canDeleteNeutronSecurityRule(NeutronSecurityRule securityRule) {
+ apiConnector = Activator.apiConnector;
+ SecurityGroup virtualSecurityGroup = null;
+ String secGroupRuleUUID = securityRule.getSecurityRuleGroupID();
+ if (!(securityRule.getSecurityRuleGroupID().contains("-"))) {
+ secGroupRuleUUID = Utils.uuidFormater(securityRule.getSecurityRuleGroupID());
+ }
+ secGroupRuleUUID = UUID.fromString(secGroupRuleUUID).toString();
+
+ String secRuleUUID = securityRule.getSecurityRuleUUID();
+ if (!(securityRule.getSecurityRuleUUID().contains("-"))) {
+ secRuleUUID = Utils.uuidFormater(securityRule.getSecurityRuleUUID());
+ }
+ secRuleUUID = UUID.fromString(secRuleUUID).toString();
+
+
+ try {
+ virtualSecurityGroup = (SecurityGroup) apiConnector.findById(SecurityGroup.class, secGroupRuleUUID);
+ } catch (IOException e) {
+ LOGGER.error("Exception : " + e);
+ return HttpURLConnection.HTTP_INTERNAL_ERROR;
+ }
+ if (virtualSecurityGroup == null) {
+ LOGGER.warn("SecurityGroup does not exists for the specified security group ID");
+ return HttpURLConnection.HTTP_FORBIDDEN;
+ }
+ boolean flag = false;
+ if (virtualSecurityGroup.getEntries() != null) {
+ if (virtualSecurityGroup.getEntries().getPolicyRule().isEmpty() == false) {
+ ListIterator<PolicyRuleType> i = virtualSecurityGroup.getEntries().getPolicyRule().listIterator();
+ PolicyRuleType policyRule;
+ while (i.hasNext()) {
+ policyRule = (PolicyRuleType) i.next();
+ if (policyRule.getRuleUuid().equalsIgnoreCase(secRuleUUID)) {
+ LOGGER.info("SecurityGroup rule can be deleted...");
+ flag = true;
+ }
+ }
+ }
+ }
+ if (flag == false) {
+ LOGGER.warn("SecurityGroup rule does not exist for the specified UUID..");
+ return HttpURLConnection.HTTP_NOT_FOUND;
+ }
+ return HttpURLConnection.HTTP_NO_CONTENT;
+ }
+
+ /**
+ * Invoked to delete a {@link NeutronSecurityRule} and take action after
+ * the {@link NeutronSecurityRule} has been deleted.
+ *
+ * @param securityRule
+ * An instance of deleted {@link NeutronSecurityRule} object.
+ */
+ @Override
+ public void neutronSecurityRuleDeleted(NeutronSecurityRule securityRule) {
+ apiConnector = Activator.apiConnector;
+ SecurityGroup virtualSecurityGroup = null;
+ String secGroupRuleUUID = securityRule.getSecurityRuleGroupID();
+ if (!(securityRule.getSecurityRuleGroupID().contains("-"))) {
+ secGroupRuleUUID = Utils.uuidFormater(securityRule.getSecurityRuleGroupID());
+ }
+ secGroupRuleUUID = UUID.fromString(secGroupRuleUUID).toString();
+ try {
+ virtualSecurityGroup = (SecurityGroup) apiConnector.findById(SecurityGroup.class, secGroupRuleUUID);
+ } catch (IOException e) {
+ LOGGER.error("Exception : " + e);
+ }
+ String secRuleUUID = securityRule.getSecurityRuleUUID();
+ if (!(securityRule.getSecurityRuleUUID().contains("-"))) {
+ secRuleUUID = Utils.uuidFormater(securityRule.getSecurityRuleUUID());
+ }
+ secRuleUUID = UUID.fromString(secRuleUUID).toString();
+
+ if (virtualSecurityGroup.getEntries() != null) {
+ if (virtualSecurityGroup.getEntries().getPolicyRule().isEmpty() == false) {
+ ListIterator<PolicyRuleType> i = virtualSecurityGroup.getEntries().getPolicyRule().listIterator();
+ PolicyRuleType policyRule;
+ while (i.hasNext()) {
+ policyRule = (PolicyRuleType) i.next();
+ if (policyRule.getRuleUuid().equalsIgnoreCase(secRuleUUID)) {
+ policyRule.clearDstAddresses();
+ policyRule.clearApplication();
+ policyRule.clearDstPorts();
+ policyRule.clearSrcAddresses();
+ policyRule.clearSrcPorts();
+ i.remove();
+ // virtualSecurityGroupRule.getPolicyRule().remove(policyRule);
+ try {
+ virtualSecurityGroup.setEntries(virtualSecurityGroup.getEntries());
+ if (apiConnector.update(virtualSecurityGroup)) {
+ LOGGER.info("SecurityGroup rule deletion for the specified security group is verfied..");
+ } else {
+ LOGGER.warn("SecurityGroup rule deletion for the specified security group is not verfied..");
+ }
+ } catch (IOException e) {
+ LOGGER.warn("SecurityGroupUpdate deletion failed..");
+ }
+ }
+ }
+ }
+ }
+ }
+
+ /**
+ * Invoked to map the NeutronSecurityRule object properties to the
+ * PolicyEntriesType object.
+ *
+ * @param neutronSecurityGroupRule
+ * An instance of new NeutronSecurityRule object.
+ * @param virtualSecurityGroupRule
+ * An instance of new PolicyEntriesType object.
+ * @return {@link PolicyEntriesType}
+ */
+ private PolicyEntriesType mapSecurityGroupRuleProperties(NeutronSecurityRule neutronSecurityGroupRule, PolicyEntriesType virtualSecurityGroupRule) {
+ String remoteGroupID = neutronSecurityGroupRule.getSecurityRemoteGroupID();
+ String direction = neutronSecurityGroupRule.getSecurityRuleDirection();
+ String uuID = neutronSecurityGroupRule.getSecurityRuleUUID();
+ String groupID = neutronSecurityGroupRule.getSecurityRuleGroupID();
+ int portMax = neutronSecurityGroupRule.getSecurityRulePortMax();
+ int portMin = neutronSecurityGroupRule.getSecurityRulePortMin();
+ String protocol = neutronSecurityGroupRule.getSecurityRuleProtocol();
+ String remoteIpPrefix = neutronSecurityGroupRule.getSecurityRuleRemoteIpPrefix();
+ if (remoteGroupID != null) {
+ if (!(remoteGroupID.contains("-"))) {
+ remoteGroupID = Utils.uuidFormater(remoteGroupID);
+ }
+ remoteGroupID = UUID.fromString(remoteGroupID).toString();
+ }
+ if (uuID != null) {
+ if (!(uuID.contains("-"))) {
+ uuID = Utils.uuidFormater(uuID);
+ }
+ uuID = UUID.fromString(uuID).toString();
+ }
+ if (groupID != null) {
+ if (!(groupID.contains("-"))) {
+ groupID = Utils.uuidFormater(groupID);
+ }
+ groupID = UUID.fromString(groupID).toString();
+ }
+ SecurityGroup virtualSecurityGroup = null;
+ String securityGroupQualifiedName = null;
+ PolicyRuleType virtualPolicyRuleType = new PolicyRuleType();
+ ActionListType actionList = null;
+ SubnetType subnet = new SubnetType();
+ AddressType addType = new AddressType();
+ AddressType endPoint = new AddressType();
+ AddressType local = new AddressType();
+ AddressType remote = new AddressType();
+ String[] ipPrefix = null;
+ virtualPolicyRuleType.setProtocol(protocol);
+ virtualPolicyRuleType.setRuleUuid(uuID);
+ if (remoteIpPrefix != null) {
+ if (remoteIpPrefix.contains("/")) {
+ ipPrefix = remoteIpPrefix.split("/");
+ } else {
+ throw new IllegalArgumentException("String " + remoteIpPrefix + " not in correct format..");
+ }
+ if (ipPrefix != null) {
+ subnet.setIpPrefix(ipPrefix[0]);
+ subnet.setIpPrefixLen(Integer.valueOf(ipPrefix[1]));
+ addType.setSubnet(subnet);
+ endPoint = addType;
+ }
+ } else if (remoteGroupID != null) {
+ if (!remoteGroupID.isEmpty()) {
+ try {
+ virtualSecurityGroup = (SecurityGroup) apiConnector.findById(SecurityGroup.class, remoteGroupID);
+ } catch (IOException e) {
+ LOGGER.error("Exception : " + e);
+ }
+
+ Iterator<String> i = virtualSecurityGroup.getQualifiedName().iterator();
+ while (i.hasNext()) {
+ if (securityGroupQualifiedName == null) {
+ securityGroupQualifiedName = (String) i.next();
+ } else {
+ securityGroupQualifiedName = securityGroupQualifiedName + ":" + (String) i.next();
+ }
+ }
+ LOGGER.info("securityGroupQualifiedName " + securityGroupQualifiedName);
+ addType.setSecurityGroup(securityGroupQualifiedName);
+ endPoint = addType;
+ }
+ }
+ if (direction.equals("ingress")) {
+ local = endPoint;
+ remote.setSecurityGroup("local");
+ virtualPolicyRuleType.setDirection(">");
+ } else if (direction.equals("egress")) {
+ remote = endPoint;
+ local.setSecurityGroup("local");
+ virtualPolicyRuleType.setDirection(">");
+ }
+ SequenceType ruleSequence = null;
+ virtualPolicyRuleType.addSrcAddresses(local);
+ virtualPolicyRuleType.addSrcPorts(0, 65535);
+ virtualPolicyRuleType.addDstAddresses(remote);
+ virtualPolicyRuleType.addDstPorts(portMin, portMax);
+ virtualPolicyRuleType.setActionList(actionList);
+ virtualPolicyRuleType.setRuleSequence(ruleSequence);
+ virtualPolicyRuleType.addApplication(null);
+ virtualSecurityGroupRule.addPolicyRule(virtualPolicyRuleType);
+ return virtualSecurityGroupRule;
+ }
+
+}
--- /dev/null
+/*
+ * Copyright (C) 2014 Juniper Networks, Inc.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v1.0 which accompanies this distribution,
+ * and is available at http://www.eclipse.org/legal/epl-v10.html
+ *
+ */
+package org.opendaylight.plugin2oc.neutron;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+import java.io.IOException;
+import java.net.HttpURLConnection;
+
+import net.juniper.contrail.api.ApiConnector;
+import net.juniper.contrail.api.types.SecurityGroup;
+import net.juniper.contrail.api.types.SubnetType;
+
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+import org.opendaylight.controller.networkconfig.neutron.NeutronSecurityRule;
+
+/**
+ * Test Class for SecurityGroupRules.
+ */
+public class SecurityGroupRulesHandlerTest {
+ SecurityGroupRulesHandler securityRulesHandler;
+ SecurityGroup mockedSecurityGroup = mock(SecurityGroup.class);
+ SecurityGroupRulesHandler mockedSecurityRulesHandler = mock(SecurityGroupRulesHandler.class);
+ ApiConnector mockedApiConnector = mock(ApiConnector.class);
+
+ @Before
+ public void beforeTest() {
+ securityRulesHandler = new SecurityGroupRulesHandler();
+ assertNotNull(mockedApiConnector);
+ assertNotNull(mockedSecurityGroup);
+ assertNotNull(mockedSecurityRulesHandler);
+ }
+
+ @After
+ public void afterTest() {
+ securityRulesHandler = null;
+ Activator.apiConnector = null;
+ }
+
+ /* dummy params for Neutron Rule */
+ public NeutronSecurityRule defaultSecurityRulesObject() {
+ NeutronSecurityRule securityRule = new NeutronSecurityRule();
+ securityRule.setSecurityRuleDirection("ingress");
+ securityRule.setSecurityRuleEthertype("IPV4");
+ securityRule.setSecurityRuleGroupID("85cc3048-abc3-43cc-89b3-377341426ac5");
+ securityRule.setSecurityRemoteGroupID("a7734e61-b545-452d-a3cd-0189cbd9747a");
+ securityRule.setSecurityRuleRemoteIpPrefix(null);
+ securityRule.setSecurityRulePortMax(80);
+ securityRule.setSecurityRulePortMin(80);
+ securityRule.setSecurityRuleProtocol("tcp");
+ securityRule.setSecurityRuleUUID("2bc0accf-312e-429a-956e-e4407625eb62");
+ return securityRule;
+ }
+
+ /* Test method to check if neutron rule is null */
+ @Test
+ public void testCanCreateSecurityRuleNull() {
+ Activator.apiConnector = mockedApiConnector;
+ assertEquals(HttpURLConnection.HTTP_BAD_REQUEST, securityRulesHandler.canCreateNeutronSecurityRule(null));
+ }
+
+ /* Test method to check if neutron rule direction is null */
+ @Test
+ public void testCanCreateSecurityRuleDirectionNull() {
+ Activator.apiConnector = mockedApiConnector;
+ NeutronSecurityRule securityRule = defaultSecurityRulesObject();
+ securityRule.setSecurityRuleDirection(null);
+ assertEquals(HttpURLConnection.HTTP_BAD_REQUEST, securityRulesHandler.canCreateNeutronSecurityRule(securityRule));
+ }
+
+ /* Test method to check if neutron rule direction is invalid */
+ @Test
+ public void testCanCreateSecurityRuleDirectionInValid() {
+ Activator.apiConnector = mockedApiConnector;
+ NeutronSecurityRule securityRule = defaultSecurityRulesObject();
+ securityRule.setSecurityRuleDirection("invalid");
+ assertEquals(HttpURLConnection.HTTP_BAD_REQUEST, securityRulesHandler.canCreateNeutronSecurityRule(securityRule));
+ }
+
+ /* Test method to check if neutron rule protocol is null */
+ @Test
+ public void testCanCreateSecurityRuleProtocolNull() {
+ Activator.apiConnector = mockedApiConnector;
+ NeutronSecurityRule securityRule = defaultSecurityRulesObject();
+ securityRule.setSecurityRuleProtocol(null);
+ assertEquals(HttpURLConnection.HTTP_BAD_REQUEST, securityRulesHandler.canCreateNeutronSecurityRule(securityRule));
+ }
+
+ /* Test method to check if neutron rule protocol is invalid */
+ @Test
+ public void testCanCreateSecurityRuleProtocolInvalid() {
+ Activator.apiConnector = mockedApiConnector;
+ NeutronSecurityRule securityRule = defaultSecurityRulesObject();
+ securityRule.setSecurityRuleProtocol("invalid");
+ assertEquals(HttpURLConnection.HTTP_BAD_REQUEST, securityRulesHandler.canCreateNeutronSecurityRule(securityRule));
+ }
+
+ /* Test method to check if neutron rule start port is null */
+ @Test
+ public void testCanCreateSecurityRuleStartPortNull() {
+ Activator.apiConnector = mockedApiConnector;
+ NeutronSecurityRule securityRule = defaultSecurityRulesObject();
+ securityRule.setSecurityRulePortMax(null);
+ assertEquals(HttpURLConnection.HTTP_BAD_REQUEST, securityRulesHandler.canCreateNeutronSecurityRule(securityRule));
+ }
+
+ /* Test method to check if neutron rule end port is null */
+ @Test
+ public void testCanCreateSecurityRuleEndPortNull() {
+ Activator.apiConnector = mockedApiConnector;
+ NeutronSecurityRule securityRule = defaultSecurityRulesObject();
+ securityRule.setSecurityRulePortMin(null);
+ assertEquals(HttpURLConnection.HTTP_BAD_REQUEST, securityRulesHandler.canCreateNeutronSecurityRule(securityRule));
+ }
+
+ /* Test method to check if neutron rule end port is invalid */
+ @Test
+ public void testCanCreateSecurityRulePortInValid() {
+ Activator.apiConnector = mockedApiConnector;
+ NeutronSecurityRule securityRule = defaultSecurityRulesObject();
+ securityRule.setSecurityRuleProtocol("tcp");
+ securityRule.setSecurityRulePortMax(20);
+ securityRule.setSecurityRulePortMin(30);
+ assertEquals(HttpURLConnection.HTTP_BAD_REQUEST, securityRulesHandler.canCreateNeutronSecurityRule(securityRule));
+ }
+
+ /* Test method to check if neutron rule ICMP Type invalid */
+ @Test
+ public void testCanCreateSecurityRuleICMPTypeInValid() {
+ Activator.apiConnector = mockedApiConnector;
+ NeutronSecurityRule securityRule = defaultSecurityRulesObject();
+ securityRule.setSecurityRuleProtocol("icmp");
+ securityRule.setSecurityRulePortMin(256);
+ assertEquals(HttpURLConnection.HTTP_BAD_REQUEST, securityRulesHandler.canCreateNeutronSecurityRule(securityRule));
+ }
+
+ /* Test method to check if neutron rule SecurityRuleGroup ID is null */
+ @Test
+ public void testCanCreateSecurityRuleGroupIDNull() {
+ Activator.apiConnector = mockedApiConnector;
+ NeutronSecurityRule securityRule = defaultSecurityRulesObject();
+ securityRule.setSecurityRuleGroupID(null);
+ assertEquals(HttpURLConnection.HTTP_BAD_REQUEST, securityRulesHandler.canCreateNeutronSecurityRule(securityRule));
+ }
+
+ /* Test method to check if neutron security group ID does not exist */
+ @Test
+ public void testCanCreateSecurityRuleGroupIDNotExsist() throws IOException {
+ Activator.apiConnector = mockedApiConnector;
+ NeutronSecurityRule securityRule = defaultSecurityRulesObject();
+ when(mockedApiConnector.findById(SecurityGroup.class, securityRule.getSecurityRuleGroupID())).thenReturn(null);
+ assertEquals(HttpURLConnection.HTTP_FORBIDDEN, securityRulesHandler.canCreateNeutronSecurityRule(securityRule));
+ }
+
+ /* Test method to check if neutron SecurityRuleCIDR Remote ID does not exist*/
+ @Test
+ public void testCanCreateSecurityRuleCIDR_RemoteIDNotExsist() throws IOException {
+ Activator.apiConnector = mockedApiConnector;
+ NeutronSecurityRule securityRule = defaultSecurityRulesObject();
+ when(mockedApiConnector.findById(SecurityGroup.class, securityRule.getSecurityRuleGroupID())).thenReturn(mockedSecurityGroup);
+ securityRule.setSecurityRemoteGroupID(null);
+ securityRule.setSecurityRuleRemoteIpPrefix(null);
+ assertEquals(HttpURLConnection.HTTP_BAD_REQUEST, securityRulesHandler.canCreateNeutronSecurityRule(securityRule));
+ }
+
+ /* Test method to check if neutron security group return status 200 OK*/
+ @Test
+ public void testCanCreateSecurityRuleOK() throws IOException {
+ Activator.apiConnector = mockedApiConnector;
+ NeutronSecurityRule securityRule = defaultSecurityRulesObject();
+ securityRule.setSecurityRuleRemoteIpPrefix("192.168.0.0/24");
+ securityRule.setSecurityRemoteGroupID(null);
+ when(mockedApiConnector.findById(SecurityGroup.class, securityRule.getSecurityRuleGroupID())).thenReturn(mockedSecurityGroup);
+ assertEquals(HttpURLConnection.HTTP_OK, securityRulesHandler.canCreateNeutronSecurityRule(securityRule));
+ }
+
+ /* Test method to check if neutron security group ID does not exist */
+ @Test
+ public void testCanDeleteSecurityRuleGroupIDNotExist() throws IOException {
+ Activator.apiConnector = mockedApiConnector;
+ NeutronSecurityRule securityRule = defaultSecurityRulesObject();
+ when(mockedApiConnector.findById(SecurityGroup.class, securityRule.getSecurityRuleGroupID())).thenReturn(null);
+ assertEquals(HttpURLConnection.HTTP_FORBIDDEN, securityRulesHandler.canDeleteNeutronSecurityRule(securityRule));
+ }
+
+ /* Test method to check if neutron SecurityGroup rule does not exist for the specified UUID. */
+ @Test
+ public void testCanDeleteSecurityRule() throws IOException {
+ Activator.apiConnector = mockedApiConnector;
+ NeutronSecurityRule securityRule = defaultSecurityRulesObject();
+ when(mockedApiConnector.findById(SecurityGroup.class, securityRule.getSecurityRuleGroupID())).thenReturn(mockedSecurityGroup);
+ assertEquals(HttpURLConnection.HTTP_NOT_FOUND, securityRulesHandler.canDeleteNeutronSecurityRule(securityRule));
+ }
+
+}
\ No newline at end of file