From 5c8c884e9b8c41ceac3a3c306604d286bab71e7e Mon Sep 17 00:00:00 2001 From: "Keith Burns (alagalah)" Date: Sat, 7 Nov 2015 06:11:01 -0800 Subject: [PATCH] Adding mgmt traffic to Network Services Change-Id: Ie32822871499a12556094d2abb40007e22171b29 Signed-off-by: Keith Burns (alagalah) --- .../mapper/infrastructure/NetworkService.java | 150 +++++++++++++++++- .../mapper/mapping/NeutronNetworkAware.java | 44 +++-- .../infrastructure/NetworkServiceTest.java | 51 ++++-- 3 files changed, 196 insertions(+), 49 deletions(-) diff --git a/neutron-mapper/src/main/java/org/opendaylight/groupbasedpolicy/neutron/mapper/infrastructure/NetworkService.java b/neutron-mapper/src/main/java/org/opendaylight/groupbasedpolicy/neutron/mapper/infrastructure/NetworkService.java index aaeedab79..b4957749a 100644 --- a/neutron-mapper/src/main/java/org/opendaylight/groupbasedpolicy/neutron/mapper/infrastructure/NetworkService.java +++ b/neutron-mapper/src/main/java/org/opendaylight/groupbasedpolicy/neutron/mapper/infrastructure/NetworkService.java @@ -70,6 +70,9 @@ import com.google.common.collect.ImmutableList; public class NetworkService { + /** + * Unit tests {@link NetworkServiceTest} + */ // ########### DHCP private static final long DHCP_IPV4_SERVER_PORT = 67; private static final long DHCP_IPV4_CLIENT_PORT = 68; @@ -86,6 +89,7 @@ public class NetworkService { private static final SubjectName DHCP_SUBJECT_NAME = new SubjectName("ALLOW_DHCP"); private static final Description DHCP_CONTRACT_DESC = new Description("Allow DHCP communication between client and server."); + /** * Id of {@link #DHCP_CONTRACT} */ @@ -135,6 +139,39 @@ public class NetworkService { */ public static final ConsumerNamedSelector DNS_CONTRACT_CONSUMER_SELECTOR; + // ########### SSH and ICMP management + private static final long SSH_TCP_PORT = 22; + private static final ClassifierName SSH_IPV4_SERVER_TO_CLIENT_NAME = + new ClassifierName("SSH_IPV4_FROM_SERVER_TO_CLIENT"); + private static final ClassifierName SSH_IPV6_SERVER_TO_CLIENT_NAME = + new ClassifierName("SSH_IPV6_FROM_SERVER_TO_CLIENT"); + private static final ClassifierName SSH_IPV4_CLIENT_TO_SERVER_NAME = + new ClassifierName("SSH_IPV4_FROM_CLIENT_TO_SERVER"); + private static final ClassifierName SSH_IPV6_CLIENT_TO_SERVER_NAME = + new ClassifierName("SSH_IPV6_FROM_CLIENT_TO_SERVER"); + private static final ClassifierName ICMP_IPV4_BETWEEN_SERVER_CLIENT_NAME = + new ClassifierName("ICMP_IPV4_BETWEEN_SERVER_CLIENT"); + private static final ClassifierName ICMP_IPV6_BETWEEN_SERVER_CLIENT_NAME = + new ClassifierName("ICMP_IPV6_BETWEEN_SERVER_CLIENT"); + private static final SubjectName MGMT_SUBJECT_NAME = new SubjectName("ALLOW_MGMT"); + private static final Description MGMT_CONTRACT_DESC = + new Description("Allow ICMP and SSH management communication between server and client."); + + /** + * Id of {@link #MGMT_CONTRACT} + */ + public static final ContractId MGMT_CONTRACT_ID = new ContractId("33318d2e-dddd-11e5-885d-feff819cdc9f"); + /** + * Contains rules with action {@link MappingUtils#ACTION_REF_ALLOW} matching ICMP and SSH + * communication + * between Client and Server. + */ + public static final Contract MGMT_CONTRACT; + /** + * {@link ConsumerNamedSelector} pointing to {@link #MGMT_CONTRACT} + */ + public static final ConsumerNamedSelector MGMT_CONTRACT_CONSUMER_SELECTOR; + // ########### NETWORK-SERVICE ENDPOINT-GROUP private static final Name NETWORK_SERVICE_EPG_NAME = new Name("NETWORK_SERVICE"); private static final Description NETWORK_SERVICE_EPG_DESC = new Description("Represents DHCP and DNS servers."); @@ -152,15 +189,18 @@ public class NetworkService { DHCP_CONTRACT_CONSUMER_SELECTOR = createConsumerSelector(DHCP_CONTRACT); DNS_CONTRACT = createContractDns(); DNS_CONTRACT_CONSUMER_SELECTOR = createConsumerSelector(DNS_CONTRACT); + MGMT_CONTRACT = createContractMgmt(); + MGMT_CONTRACT_CONSUMER_SELECTOR = createConsumerSelector(MGMT_CONTRACT); EPG = createNetworkServiceEpg(); } private static EndpointGroup createNetworkServiceEpg() { ProviderNamedSelector dhcpProviderSelector = createProviderSelector(DHCP_CONTRACT); ProviderNamedSelector dnsProviderSelector = createProviderSelector(DNS_CONTRACT); + ProviderNamedSelector mgmtProviderSelector = createProviderSelector(MGMT_CONTRACT); return new EndpointGroupBuilder().setId(EPG_ID) .setName(NETWORK_SERVICE_EPG_NAME) - .setProviderNamedSelector(ImmutableList.of(dhcpProviderSelector, dnsProviderSelector)) + .setProviderNamedSelector(ImmutableList.of(dhcpProviderSelector, dnsProviderSelector, mgmtProviderSelector)) .setIntraGroupPolicy(IntraGroupPolicy.RequireContract) .setDescription(NETWORK_SERVICE_EPG_DESC) .build(); @@ -217,6 +257,28 @@ public class NetworkService { .build(); } + private static Contract createContractMgmt() { + Rule serverClientSshIpv4Rule = createRuleAllow(SSH_IPV4_SERVER_TO_CLIENT_NAME, Direction.Out); + Rule serverClientSshIpv6Rule = createRuleAllow(SSH_IPV6_SERVER_TO_CLIENT_NAME, Direction.Out); + Rule clientServerSshIpv4Rule = createRuleAllow(SSH_IPV4_CLIENT_TO_SERVER_NAME, Direction.In); + Rule clientServerSshIpv6Rule = createRuleAllow(SSH_IPV6_CLIENT_TO_SERVER_NAME, Direction.In); + Rule serverClientIcmpIpv4Rule = createRuleAllow(ICMP_IPV4_BETWEEN_SERVER_CLIENT_NAME, Direction.Out); + Rule serverClientIcmpIpv6Rule = createRuleAllow(ICMP_IPV6_BETWEEN_SERVER_CLIENT_NAME, Direction.Out); + Rule clientServerIcmpIpv4Rule = createRuleAllow(ICMP_IPV4_BETWEEN_SERVER_CLIENT_NAME, Direction.In); + Rule clientServerIcmpIpv6Rule = createRuleAllow(ICMP_IPV6_BETWEEN_SERVER_CLIENT_NAME, Direction.In); + + Subject subject = new SubjectBuilder().setName(MGMT_SUBJECT_NAME) + .setOrder(0) + .setRule(ImmutableList.of(serverClientSshIpv4Rule, serverClientSshIpv6Rule, clientServerSshIpv4Rule, + clientServerSshIpv6Rule, clientServerIcmpIpv4Rule, clientServerIcmpIpv6Rule, + serverClientIcmpIpv4Rule, serverClientIcmpIpv6Rule)) + .build(); + return new ContractBuilder().setId(MGMT_CONTRACT_ID) + .setSubject(ImmutableList.of(subject)) + .setDescription(MGMT_CONTRACT_DESC) + .build(); + } + private static Rule createRuleAllow(ClassifierName classifierName, Direction direction) { ClassifierName name = new ClassifierName(direction.name() + MappingUtils.NAME_DOUBLE_DELIMETER + classifierName.getValue()); @@ -241,8 +303,8 @@ public class NetworkService { public static void writeDhcpClauseWithConsProvEic(TenantId tenantId, @Nullable IpPrefix ipPrefix, WriteTransaction wTx) { Clause clause = createClauseWithConsProvEic(ipPrefix, DHCP_SUBJECT_NAME); - wTx.put(LogicalDatastoreType.CONFIGURATION, - IidFactory.clauseIid(tenantId, DHCP_CONTRACT_ID, clause.getName()), clause, true); + wTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.clauseIid(tenantId, DHCP_CONTRACT_ID, clause.getName()), + clause, true); } /** @@ -256,8 +318,23 @@ public class NetworkService { public static void writeDnsClauseWithConsProvEic(TenantId tenantId, @Nullable IpPrefix ipPrefix, WriteTransaction wTx) { Clause clause = createClauseWithConsProvEic(ipPrefix, DNS_SUBJECT_NAME); - wTx.put(LogicalDatastoreType.CONFIGURATION, - IidFactory.clauseIid(tenantId, DNS_CONTRACT_ID, clause.getName()), clause, true); + wTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.clauseIid(tenantId, DNS_CONTRACT_ID, clause.getName()), + clause, true); + } + + /** + * puts clause with {@link L3EndpointIdentificationConstraints} in {@link ConsumerMatchers} + * and {@link ProviderMatchers}. This clause points to subject in {@link #MGMT_CONTRACT}. + * + * @param tenantId location of {@link #MGMT_CONTRACT} + * @param ipPrefix used in {@link L3EndpointIdentificationConstraints} + * @param wTx transaction where entities are written + */ + public static void writeMgmtClauseWithConsProvEic(TenantId tenantId, @Nullable IpPrefix ipPrefix, + WriteTransaction wTx) { + Clause clause = createClauseWithConsProvEic(ipPrefix, MGMT_SUBJECT_NAME); + wTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.clauseIid(tenantId, MGMT_CONTRACT_ID, clause.getName()), + clause, true); } private static Clause createClauseWithConsProvEic(@Nullable IpPrefix ipPrefix, SubjectName subjectName) { @@ -295,7 +372,7 @@ public class NetworkService { /** * Puts network service entities (classifier-instances, {@link #DHCP_CONTRACT}, - * {@link #DNS_CONTRACT}, and {@link #EPG}) to + * {@link #DNS_CONTRACT}, {@link #MGMT_CONTRACT} and {@link #EPG}) to * {@link LogicalDatastoreType#CONFIGURATION} * * @param tenantId location of network-service entities @@ -311,11 +388,14 @@ public class NetworkService { true); wTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.contractIid(tenantId, DNS_CONTRACT_ID), DNS_CONTRACT, true); + wTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.contractIid(tenantId, MGMT_CONTRACT_ID), MGMT_CONTRACT, + true); wTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.endpointGroupIid(tenantId, EPG_ID), EPG, true); } /** - * @return All classifier-instances used in {@link #DHCP_CONTRACT} and {@link #DNS_CONTRACT} + * @return All classifier-instances used in {@link #DHCP_CONTRACT}, {@link #DNS_CONTRACT} and + * {@link #MGMT_CONTRACT} */ public static Set getAllClassifierInstances() { HashSet cis = new HashSet<>(); @@ -331,6 +411,14 @@ public class NetworkService { cis.add(createDnsTcpIpv4ServerClient()); cis.add(createDnsTcpIpv6ClientServer()); cis.add(createDnsTcpIpv6ServerClient()); + // MGMT + cis.add(createSshTcpIpv4ServerClient()); + cis.add(createSshTcpIpv6ServerClient()); + cis.add(createSshTcpIpv4ClientServer()); + cis.add(createSshTcpIpv6ClientServer()); + cis.add(createIcmpIpv4()); + cis.add(createIcmpIpv6()); + return cis; } @@ -433,6 +521,54 @@ public class NetworkService { .build(); } + // ###################### SSH TCP + private static ClassifierInstance createSshTcpIpv4ClientServer() { + return new ClassifierInstanceBuilder().setName(SSH_IPV4_CLIENT_TO_SERVER_NAME) + .setClassifierDefinitionId(L4Classifier.DEFINITION.getId()) + .setParameterValue( + createParams(EtherTypeClassifier.IPv4_VALUE, IpProtoClassifier.TCP_VALUE, SSH_TCP_PORT, null)) + .build(); + } + + private static ClassifierInstance createSshTcpIpv4ServerClient() { + return new ClassifierInstanceBuilder().setName(SSH_IPV4_SERVER_TO_CLIENT_NAME) + .setClassifierDefinitionId(L4Classifier.DEFINITION.getId()) + .setParameterValue( + createParams(EtherTypeClassifier.IPv4_VALUE, IpProtoClassifier.TCP_VALUE, null, SSH_TCP_PORT)) + .build(); + } + + private static ClassifierInstance createSshTcpIpv6ClientServer() { + return new ClassifierInstanceBuilder().setName(SSH_IPV6_CLIENT_TO_SERVER_NAME) + .setClassifierDefinitionId(L4Classifier.DEFINITION.getId()) + .setParameterValue( + createParams(EtherTypeClassifier.IPv6_VALUE, IpProtoClassifier.TCP_VALUE, SSH_TCP_PORT, null)) + .build(); + } + + private static ClassifierInstance createSshTcpIpv6ServerClient() { + return new ClassifierInstanceBuilder().setName(SSH_IPV6_SERVER_TO_CLIENT_NAME) + .setClassifierDefinitionId(L4Classifier.DEFINITION.getId()) + .setParameterValue( + createParams(EtherTypeClassifier.IPv6_VALUE, IpProtoClassifier.TCP_VALUE, null, SSH_TCP_PORT)) + .build(); + } + + // ###################### ICMP + private static ClassifierInstance createIcmpIpv4() { + return new ClassifierInstanceBuilder().setName(ICMP_IPV4_BETWEEN_SERVER_CLIENT_NAME) + .setClassifierDefinitionId(IpProtoClassifier.DEFINITION.getId()) + .setParameterValue(createParams(EtherTypeClassifier.IPv4_VALUE, IpProtoClassifier.ICMP_VALUE, null, null)) + .build(); + } + + private static ClassifierInstance createIcmpIpv6() { + return new ClassifierInstanceBuilder().setName(ICMP_IPV6_BETWEEN_SERVER_CLIENT_NAME) + .setClassifierDefinitionId(IpProtoClassifier.DEFINITION.getId()) + .setParameterValue(createParams(EtherTypeClassifier.IPv6_VALUE, IpProtoClassifier.ICMP_VALUE, null, null)) + .build(); + } + private static List createParams(long etherType, long proto, @Nullable Long srcPort, @Nullable Long dstPort) { List params = new ArrayList<>(); diff --git a/neutron-mapper/src/main/java/org/opendaylight/groupbasedpolicy/neutron/mapper/mapping/NeutronNetworkAware.java b/neutron-mapper/src/main/java/org/opendaylight/groupbasedpolicy/neutron/mapper/mapping/NeutronNetworkAware.java index 5167289c5..db00f2dbc 100644 --- a/neutron-mapper/src/main/java/org/opendaylight/groupbasedpolicy/neutron/mapper/mapping/NeutronNetworkAware.java +++ b/neutron-mapper/src/main/java/org/opendaylight/groupbasedpolicy/neutron/mapper/mapping/NeutronNetworkAware.java @@ -86,36 +86,28 @@ public class NeutronNetworkAware implements INeutronNetworkAware { name = new Name(network.getNetworkName()); } catch (Exception e) { name = null; - LOG.info("Name of Neutron Network '{}' is ignored.", - network.getNetworkName()); + LOG.info("Name of Neutron Network '{}' is ignored.", network.getNetworkName()); LOG.debug("Name exception", e); } } L3ContextId l3ContextId = new L3ContextId(UUID.randomUUID().toString()); - L3Context l3Context = new L3ContextBuilder().setId(l3ContextId) - .setName(name) - .build(); + L3Context l3Context = new L3ContextBuilder().setId(l3ContextId).setName(name).build(); rwTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.l3ContextIid(tenantId, l3ContextId), l3Context, true); L2BridgeDomainId l2BdId = new L2BridgeDomainId(UUID.randomUUID().toString()); - L2BridgeDomain l2Bd = new L2BridgeDomainBuilder().setId(l2BdId) - .setParent(l3ContextId) - .setName(name) - .build(); + L2BridgeDomain l2Bd = new L2BridgeDomainBuilder().setId(l2BdId).setParent(l3ContextId).setName(name).build(); rwTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.l2BridgeDomainIid(tenantId, l2BdId), l2Bd, true); - L2FloodDomain l2Fd = new L2FloodDomainBuilder().setId(l2FdId) - .setParent(l2BdId) - .setName(name) - .build(); + L2FloodDomain l2Fd = new L2FloodDomainBuilder().setId(l2FdId).setParent(l2BdId).setName(name).build(); rwTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.l2FloodDomainIid(tenantId, l2FdId), l2Fd, true); NetworkMapping networkMapping = new NetworkMappingBuilder().setNetworkId(l2FdId) .setL2BridgeDomainId(l2BdId) .setL3ContextId(l3ContextId) .build(); - rwTx.put(LogicalDatastoreType.OPERATIONAL, NeutronMapperIidFactory.networkMappingIid(l2FdId), networkMapping, true); + rwTx.put(LogicalDatastoreType.OPERATIONAL, NeutronMapperIidFactory.networkMappingIid(l2FdId), networkMapping, + true); if (!tenantsWithRouterAndNetworkSeviceEntities.contains(tenantId)) { tenantsWithRouterAndNetworkSeviceEntities.add(tenantId); @@ -124,10 +116,12 @@ public class NeutronNetworkAware implements INeutronNetworkAware { NetworkService.writeNetworkServiceEntitiesToTenant(tenantId, rwTx); NetworkService.writeDhcpClauseWithConsProvEic(tenantId, null, rwTx); NetworkService.writeDnsClauseWithConsProvEic(tenantId, null, rwTx); + NetworkService.writeMgmtClauseWithConsProvEic(tenantId, null, rwTx); NetworkClient.writeNetworkClientEntitiesToTenant(tenantId, rwTx); NetworkClient.writeConsumerNamedSelector(tenantId, Router.CONTRACT_CONSUMER_SELECTOR, rwTx); NetworkClient.writeConsumerNamedSelector(tenantId, NetworkService.DHCP_CONTRACT_CONSUMER_SELECTOR, rwTx); NetworkClient.writeConsumerNamedSelector(tenantId, NetworkService.DNS_CONTRACT_CONSUMER_SELECTOR, rwTx); + NetworkClient.writeConsumerNamedSelector(tenantId, NetworkService.MGMT_CONTRACT_CONSUMER_SELECTOR, rwTx); } if (network.getRouterExternal() != null && network.getRouterExternal() == true) { addEpgExternalIfMissing(tenantId, rwTx); @@ -137,14 +131,15 @@ public class NeutronNetworkAware implements INeutronNetworkAware { } private void addExternalNetworkIfMissing(L2FloodDomainId l2FdId, ReadWriteTransaction rwTx) { - InstanceIdentifier iid = NeutronGbpIidFactory.externalNetworkByL2FloodDomain(l2FdId); - Optional externalPresent = DataStoreHelper.readFromDs(LogicalDatastoreType.CONFIGURATION, - iid, rwTx); + InstanceIdentifier iid = + NeutronGbpIidFactory.externalNetworkByL2FloodDomain(l2FdId); + Optional externalPresent = + DataStoreHelper.readFromDs(LogicalDatastoreType.CONFIGURATION, iid, rwTx); if (!externalPresent.isPresent()) { - ExternalNetworkByL2FloodDomainBuilder builder = new ExternalNetworkByL2FloodDomainBuilder() - .setL2FloodDomainId(l2FdId); - rwTx.put(LogicalDatastoreType.OPERATIONAL, - NeutronGbpIidFactory.externalNetworkByL2FloodDomain(l2FdId), builder.build(), true); + ExternalNetworkByL2FloodDomainBuilder builder = + new ExternalNetworkByL2FloodDomainBuilder().setL2FloodDomainId(l2FdId); + rwTx.put(LogicalDatastoreType.OPERATIONAL, NeutronGbpIidFactory.externalNetworkByL2FloodDomain(l2FdId), + builder.build(), true); } } @@ -152,8 +147,7 @@ public class NeutronNetworkAware implements INeutronNetworkAware { Optional potentialEpgExternal = DataStoreHelper.readFromDs(LogicalDatastoreType.CONFIGURATION, IidFactory.endpointGroupIid(tenantId, MappingUtils.EPG_EXTERNAL_ID), rwTx); if (!potentialEpgExternal.isPresent()) { - EndpointGroup epgExternal = new EndpointGroupBuilder() - .setId(MappingUtils.EPG_EXTERNAL_ID) + EndpointGroup epgExternal = new EndpointGroupBuilder().setId(MappingUtils.EPG_EXTERNAL_ID) .setName(new Name("EXTERNAL_group")) .setDescription(new Description(MappingUtils.NEUTRON_EXTERNAL + "epg_external_networks")) .build(); @@ -202,8 +196,8 @@ public class NeutronNetworkAware implements INeutronNetworkAware { TenantId tenantId = new TenantId(Utils.normalizeUuid(network.getTenantID())); L2FloodDomainId l2FdId = new L2FloodDomainId(network.getID()); InstanceIdentifier networkMappingIid = NeutronMapperIidFactory.networkMappingIid(l2FdId); - Optional potentionalNetworkMapping = DataStoreHelper.readFromDs( - LogicalDatastoreType.OPERATIONAL, networkMappingIid, rwTx); + Optional potentionalNetworkMapping = + DataStoreHelper.readFromDs(LogicalDatastoreType.OPERATIONAL, networkMappingIid, rwTx); if (!potentionalNetworkMapping.isPresent()) { LOG.warn("Illegal state - network-mapping {} does not exist.", l2FdId.getValue()); rwTx.cancel(); diff --git a/neutron-mapper/src/test/java/org/opendaylight/groupbasedpolicy/neutron/mapper/infrastructure/NetworkServiceTest.java b/neutron-mapper/src/test/java/org/opendaylight/groupbasedpolicy/neutron/mapper/infrastructure/NetworkServiceTest.java index a7bb536f8..0fcd02762 100644 --- a/neutron-mapper/src/test/java/org/opendaylight/groupbasedpolicy/neutron/mapper/infrastructure/NetworkServiceTest.java +++ b/neutron-mapper/src/test/java/org/opendaylight/groupbasedpolicy/neutron/mapper/infrastructure/NetworkServiceTest.java @@ -5,7 +5,6 @@ import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotNull; import java.util.Set; -import java.util.concurrent.ExecutionException; import org.junit.Test; import org.opendaylight.controller.md.sal.binding.api.DataBroker; @@ -22,14 +21,14 @@ import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev public class NetworkServiceTest extends GbpDataBrokerTest { - //dhcp + // dhcp private static final SubjectName DHCP_SUBJECT_NAME = new SubjectName("ALLOW_DHCP"); private static final String DHCP_IPV4_CLIENT_SERVER_NAME = "DHCP_IPv4_FROM_CLIENT_TO_SERVER"; private static final String DHCP_IPV4_SERVER_CLIENT_NAME = "DHCP_IPv4_FROM_SERVER_TO_CLIENT"; private static final String DHCP_IPV6_CLIENT_SERVER_NAME = "DHCP_IPv6_FROM_CLIENT_TO_SERVER"; private static final String DHCP_IPV6_SERVER_CLIENT_NAME = "DHCP_IPv6_FROM_SERVER_TO_CLIENT"; - //dns + // dns private static final SubjectName DNS_SUBJECT_NAME = new SubjectName("ALLOW_DNS"); private static final String DNS_UDP_IPV4_CLIENT_SERVER_NAME = "DNS_UDP_IPv4_FROM_CLIENT_TO_SERVER"; private static final String DNS_UDP_IPV4_SERVER_CLIENT_NAME = "DNS_UDP_IPv4_FROM_SERVER_TO_CLIENT"; @@ -40,6 +39,15 @@ public class NetworkServiceTest extends GbpDataBrokerTest { private static final String DNS_TCP_IPV6_CLIENT_SERVER_NAME = "DNS_TCP_IPv6_FROM_CLIENT_TO_SERVER"; private static final String DNS_TCP_IPV6_SERVER_CLIENT_NAME = "DNS_TCP_IPv6_FROM_SERVER_TO_CLIENT"; + // mgmt + private static final SubjectName MGMT_SUBJECT_NAME = new SubjectName("ALLOW_MGMT"); + private static final String SSH_IPV4_SERVER_TO_CLIENT_NAME = "SSH_IPV4_FROM_SERVER_TO_CLIENT"; + private static final String SSH_IPV6_SERVER_TO_CLIENT_NAME = "SSH_IPV6_FROM_SERVER_TO_CLIENT"; + private static final String SSH_IPV4_CLIENT_TO_SERVER_NAME = "SSH_IPV4_FROM_CLIENT_TO_SERVER"; + private static final String SSH_IPV6_CLIENT_TO_SERVER_NAME = "SSH_IPV6_FROM_CLIENT_TO_SERVER"; + private static final String ICMP_IPV4_BETWEEN_SERVER_CLIENT_NAME = "ICMP_IPV4_BETWEEN_SERVER_CLIENT"; + private static final String ICMP_IPV6_BETWEEN_SERVER_CLIENT_NAME = "ICMP_IPV6_BETWEEN_SERVER_CLIENT"; + private final String tenantId = "00000000-0000-0000-0000-000000000001"; private final IpPrefix ipv4Prefix = new IpPrefix(new Ipv4Prefix("170.0.0.1/8")); private final IpPrefix ipv6Prefix = new IpPrefix(new Ipv6Prefix("2001:0db8:85a3:0000:0000:8a2e:0370:7334/128")); @@ -57,7 +65,7 @@ public class NetworkServiceTest extends GbpDataBrokerTest { NetworkService.writeDhcpClauseWithConsProvEic(new TenantId(tenantId), ipv4Prefix, rwTx); rwTx.submit().get(); - //expected clause name + // expected clause name String clauseNameIpV4 = DHCP_SUBJECT_NAME.getValue() + MappingUtils.NAME_DOUBLE_DELIMETER + ipv4Prefix.getIpv4Prefix().getValue(); clauseNameIpV4 = clauseNameIpV4.replace('/', '_'); @@ -73,7 +81,7 @@ public class NetworkServiceTest extends GbpDataBrokerTest { NetworkService.writeDhcpClauseWithConsProvEic(new TenantId(tenantId), ipv6Prefix, rwTx); rwTx.submit().get(); - //expected clause name + // expected clause name String clauseNameIpV6 = DHCP_SUBJECT_NAME.getValue() + MappingUtils.NAME_DOUBLE_DELIMETER + ipv6Prefix.getIpv6Prefix().getValue(); clauseNameIpV6 = clauseNameIpV6.replace('/', '_').replace(':', '.'); @@ -84,14 +92,15 @@ public class NetworkServiceTest extends GbpDataBrokerTest { @Test public void testWriteDnsClauseWithConsProvEicIpv4() throws Exception { - //ipv4 + // ipv4 DataBroker dataBroker = getDataBroker(); ReadWriteTransaction rwTx = dataBroker.newReadWriteTransaction(); NetworkService.writeDnsClauseWithConsProvEic(new TenantId(tenantId), ipv4Prefix, rwTx); rwTx.submit().get(); - //expected clause name - String clauseNameIpV4 = DNS_SUBJECT_NAME.getValue() + MappingUtils.NAME_DOUBLE_DELIMETER + ipv4Prefix.getIpv4Prefix().getValue(); + // expected clause name + String clauseNameIpV4 = DNS_SUBJECT_NAME.getValue() + MappingUtils.NAME_DOUBLE_DELIMETER + + ipv4Prefix.getIpv4Prefix().getValue(); clauseNameIpV4 = clauseNameIpV4.replace('/', '_'); PolicyAssert.assertClauseExists(dataBroker, tenantId, NetworkService.DNS_CONTRACT_ID.getValue(), @@ -100,14 +109,15 @@ public class NetworkServiceTest extends GbpDataBrokerTest { @Test public void testWriteDnsClauseWithConsProvEicIpv6() throws Exception { - //ipv6 + // ipv6 DataBroker dataBroker = getDataBroker(); ReadWriteTransaction rwTx = dataBroker.newReadWriteTransaction(); NetworkService.writeDnsClauseWithConsProvEic(new TenantId(tenantId), ipv6Prefix, rwTx); rwTx.submit().get(); - //expected clause name - String clauseNameIpV6 = DNS_SUBJECT_NAME.getValue() + MappingUtils.NAME_DOUBLE_DELIMETER + ipv6Prefix.getIpv6Prefix().getValue(); + // expected clause name + String clauseNameIpV6 = DNS_SUBJECT_NAME.getValue() + MappingUtils.NAME_DOUBLE_DELIMETER + + ipv6Prefix.getIpv6Prefix().getValue(); clauseNameIpV6 = clauseNameIpV6.replace('/', '_').replace(':', '.'); PolicyAssert.assertClauseExists(dataBroker, tenantId, NetworkService.DNS_CONTRACT_ID.getValue(), @@ -116,13 +126,13 @@ public class NetworkServiceTest extends GbpDataBrokerTest { @Test public void testWriteNetworkServiceEntitiesToTenant() throws Exception { - //write everything + // write everything DataBroker dataBroker = getDataBroker(); ReadWriteTransaction rwTx = dataBroker.newReadWriteTransaction(); NetworkService.writeNetworkServiceEntitiesToTenant(new TenantId(tenantId), rwTx); rwTx.submit().get(); - //read classifier instances + // read classifier instances PolicyAssert.assertClassifierInstanceExists(dataBroker, tenantId, DHCP_IPV4_CLIENT_SERVER_NAME); PolicyAssert.assertClassifierInstanceExists(dataBroker, tenantId, DHCP_IPV4_SERVER_CLIENT_NAME); PolicyAssert.assertClassifierInstanceExists(dataBroker, tenantId, DHCP_IPV6_CLIENT_SERVER_NAME); @@ -135,12 +145,19 @@ public class NetworkServiceTest extends GbpDataBrokerTest { PolicyAssert.assertClassifierInstanceExists(dataBroker, tenantId, DNS_TCP_IPV4_SERVER_CLIENT_NAME); PolicyAssert.assertClassifierInstanceExists(dataBroker, tenantId, DNS_TCP_IPV6_CLIENT_SERVER_NAME); PolicyAssert.assertClassifierInstanceExists(dataBroker, tenantId, DNS_TCP_IPV6_SERVER_CLIENT_NAME); - - //read contracts + PolicyAssert.assertClassifierInstanceExists(dataBroker, tenantId, SSH_IPV4_SERVER_TO_CLIENT_NAME); + PolicyAssert.assertClassifierInstanceExists(dataBroker, tenantId, SSH_IPV6_SERVER_TO_CLIENT_NAME); + PolicyAssert.assertClassifierInstanceExists(dataBroker, tenantId, SSH_IPV4_CLIENT_TO_SERVER_NAME); + PolicyAssert.assertClassifierInstanceExists(dataBroker, tenantId, SSH_IPV6_CLIENT_TO_SERVER_NAME); + PolicyAssert.assertClassifierInstanceExists(dataBroker, tenantId, ICMP_IPV4_BETWEEN_SERVER_CLIENT_NAME); + PolicyAssert.assertClassifierInstanceExists(dataBroker, tenantId, ICMP_IPV6_BETWEEN_SERVER_CLIENT_NAME); + + // read contracts PolicyAssert.assertContractExists(dataBroker, tenantId, NetworkService.DHCP_CONTRACT_ID.getValue()); PolicyAssert.assertContractExists(dataBroker, tenantId, NetworkService.DNS_CONTRACT_ID.getValue()); + PolicyAssert.assertContractExists(dataBroker, tenantId, NetworkService.MGMT_CONTRACT_ID.getValue()); - //read group id + // read group id PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, NetworkService.EPG_ID.getValue()); } @@ -149,7 +166,7 @@ public class NetworkServiceTest extends GbpDataBrokerTest { Set classifierInstances = NetworkService.getAllClassifierInstances(); assertNotNull(classifierInstances); assertFalse(classifierInstances.isEmpty()); - assertEquals(classifierInstances.size(), 12); + assertEquals(classifierInstances.size(), 18); } } -- 2.36.6