Implement security group manager, codec and watcher with unit tests
Change-Id: Ib2201d140b9dcb2eff453f13447113bdba66babd
diff --git a/apps/kubevirt-networking/app/src/test/java/org/onosproject/kubevirtnetworking/codec/KubevirtSecurityGroupCodecTest.java b/apps/kubevirt-networking/app/src/test/java/org/onosproject/kubevirtnetworking/codec/KubevirtSecurityGroupCodecTest.java
new file mode 100644
index 0000000..51bdeb5
--- /dev/null
+++ b/apps/kubevirt-networking/app/src/test/java/org/onosproject/kubevirtnetworking/codec/KubevirtSecurityGroupCodecTest.java
@@ -0,0 +1,173 @@
+/*
+ * Copyright 2021-present Open Networking Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.onosproject.kubevirtnetworking.codec;
+
+import com.fasterxml.jackson.databind.JsonNode;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.node.ObjectNode;
+import com.google.common.collect.ImmutableSet;
+import org.hamcrest.MatcherAssert;
+import org.junit.Before;
+import org.junit.Test;
+import org.onlab.packet.IpPrefix;
+import org.onosproject.codec.CodecContext;
+import org.onosproject.codec.JsonCodec;
+import org.onosproject.codec.impl.CodecManager;
+import org.onosproject.core.CoreService;
+import org.onosproject.kubevirtnetworking.api.DefaultKubevirtSecurityGroup;
+import org.onosproject.kubevirtnetworking.api.DefaultKubevirtSecurityGroupRule;
+import org.onosproject.kubevirtnetworking.api.KubevirtSecurityGroup;
+import org.onosproject.kubevirtnetworking.api.KubevirtSecurityGroupRule;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.HashMap;
+import java.util.Map;
+
+import static junit.framework.TestCase.assertEquals;
+import static org.easymock.EasyMock.createMock;
+import static org.easymock.EasyMock.expect;
+import static org.easymock.EasyMock.replay;
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.hamcrest.Matchers.notNullValue;
+import static org.onosproject.kubevirtnetworking.codec.KubevirtSecurityGroupJsonMatcher.matchesKubevirtSecurityGroup;
+import static org.onosproject.net.NetTestTools.APP_ID;
+
+/**
+ * Unit tests for KubevirtSecurityGroup codec.
+ */
+public final class KubevirtSecurityGroupCodecTest {
+
+ MockCodecContext context;
+
+ JsonCodec<KubevirtSecurityGroup> kubevirtSecurityGroupCodec;
+ JsonCodec<KubevirtSecurityGroupRule> kubevirtSecurityGroupRuleCodec;
+
+ final CoreService mockCoreService = createMock(CoreService.class);
+ private static final String REST_APP_ID = "org.onosproject.rest";
+
+ @Before
+ public void setUp() {
+ context = new MockCodecContext();
+ kubevirtSecurityGroupCodec = new KubevirtSecurityGroupCodec();
+ kubevirtSecurityGroupRuleCodec = new KubevirtSecurityGroupRuleCodec();
+
+ assertThat(kubevirtSecurityGroupCodec, notNullValue());
+ assertThat(kubevirtSecurityGroupRuleCodec, notNullValue());
+ expect(mockCoreService.registerApplication(REST_APP_ID))
+ .andReturn(APP_ID).anyTimes();
+ replay(mockCoreService);
+ context.registerService(CoreService.class, mockCoreService);
+ }
+
+ /**
+ * Tests the kubevirt security group encoding.
+ */
+ @Test
+ public void testKubevirtSecurityGroupEncode() {
+ KubevirtSecurityGroupRule rule = DefaultKubevirtSecurityGroupRule.builder()
+ .id("sgr-1")
+ .securityGroupId("sg-1")
+ .direction("ingress")
+ .etherType("IPv4")
+ .portRangeMin(0)
+ .portRangeMax(80)
+ .protocol("tcp")
+ .remoteIpPrefix(IpPrefix.valueOf("0.0.0.0/0"))
+ .remoteGroupId("g-1")
+ .build();
+
+ KubevirtSecurityGroup sg = DefaultKubevirtSecurityGroup.builder()
+ .id("sg-1")
+ .name("sg")
+ .description("example-sg")
+ .rules(ImmutableSet.of(rule))
+ .build();
+
+ ObjectNode sgJson = kubevirtSecurityGroupCodec.encode(sg, context);
+ assertThat(sgJson, matchesKubevirtSecurityGroup(sg));
+ }
+
+ /**
+ * Tests the kubevirt security group decoding.
+ */
+ @Test
+ public void testKubevirtSecurityGroupDecode() throws IOException {
+ KubevirtSecurityGroup sg = getKubevirtSecurityGroup("KubevirtSecurityGroup.json");
+ KubevirtSecurityGroupRule rule = sg.rules().stream().findAny().orElse(null);
+
+ assertEquals("sg-1", sg.id());
+ assertEquals("sg", sg.name());
+ assertEquals("example-sg", sg.description());
+
+ assertEquals("sgr-1", rule.id());
+ assertEquals("sg-1", rule.securityGroupId());
+ assertEquals("ingress", rule.direction());
+ assertEquals("IPv4", rule.etherType());
+ assertEquals((Integer) 80, rule.portRangeMax());
+ assertEquals((Integer) 0, rule.portRangeMin());
+ assertEquals("tcp", rule.protocol());
+ assertEquals("0.0.0.0/0", rule.remoteIpPrefix().toString());
+ assertEquals("g-1", rule.remoteGroupId());
+ }
+
+ private KubevirtSecurityGroup getKubevirtSecurityGroup(String resourceName) throws IOException {
+ InputStream jsonStream = KubevirtSecurityGroupCodecTest.class.getResourceAsStream(resourceName);
+ JsonNode json = context.mapper().readTree(jsonStream);
+ MatcherAssert.assertThat(json, notNullValue());
+ KubevirtSecurityGroup sg = kubevirtSecurityGroupCodec.decode((ObjectNode) json, context);
+ assertThat(sg, notNullValue());
+ return sg;
+ }
+
+ private class MockCodecContext implements CodecContext {
+
+ private final ObjectMapper mapper = new ObjectMapper();
+ private final CodecManager manager = new CodecManager();
+ private final Map<Class<?>, Object> services = new HashMap<>();
+
+ /**
+ * Constructs a new mock codec context.
+ */
+ public MockCodecContext() {
+ manager.activate();
+ }
+
+ @Override
+ public ObjectMapper mapper() {
+ return mapper;
+ }
+
+ @Override
+ public <T> JsonCodec<T> codec(Class<T> entityClass) {
+ if (entityClass == KubevirtSecurityGroupRule.class) {
+ return (JsonCodec<T>) kubevirtSecurityGroupRuleCodec;
+ }
+
+ return manager.getCodec(entityClass);
+ }
+
+ @Override
+ public <T> T getService(Class<T> serviceClass) {
+ return (T) services.get(serviceClass);
+ }
+
+ // for registering mock services
+ public <T> void registerService(Class<T> serviceClass, T impl) {
+ services.put(serviceClass, impl);
+ }
+ }
+}
diff --git a/apps/kubevirt-networking/app/src/test/java/org/onosproject/kubevirtnetworking/codec/KubevirtSecurityGroupJsonMatcher.java b/apps/kubevirt-networking/app/src/test/java/org/onosproject/kubevirtnetworking/codec/KubevirtSecurityGroupJsonMatcher.java
new file mode 100644
index 0000000..ea04c60
--- /dev/null
+++ b/apps/kubevirt-networking/app/src/test/java/org/onosproject/kubevirtnetworking/codec/KubevirtSecurityGroupJsonMatcher.java
@@ -0,0 +1,114 @@
+/*
+ * Copyright 2021-present Open Networking Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.onosproject.kubevirtnetworking.codec;
+
+import com.fasterxml.jackson.databind.JsonNode;
+import org.hamcrest.Description;
+import org.hamcrest.TypeSafeDiagnosingMatcher;
+import org.onosproject.kubevirtnetworking.api.KubevirtSecurityGroup;
+import org.onosproject.kubevirtnetworking.api.KubevirtSecurityGroupRule;
+
+/**
+ * Hamcrest matcher for security group.
+ */
+public final class KubevirtSecurityGroupJsonMatcher extends TypeSafeDiagnosingMatcher<JsonNode> {
+
+ private static final String ID = "id";
+ private static final String NAME = "name";
+ private static final String DESCRIPTION = "description";
+ private static final String RULES = "rules";
+
+ private final KubevirtSecurityGroup sg;
+
+ private KubevirtSecurityGroupJsonMatcher(KubevirtSecurityGroup sg) {
+ this.sg = sg;
+ }
+
+ @Override
+ protected boolean matchesSafely(JsonNode jsonNode, Description description) {
+ // check sg ID
+ String jsonId = jsonNode.get(ID).asText();
+ String id = sg.id();
+ if (!jsonId.equals(id)) {
+ description.appendText("ID was " + jsonId);
+ return false;
+ }
+
+ // check sg name
+ String jsonName = jsonNode.get(NAME).asText();
+ String name = sg.name();
+ if (!jsonName.equals(name)) {
+ description.appendText("Name was " + jsonName);
+ return false;
+ }
+
+ // check description
+ JsonNode jsonDescription = jsonNode.get(DESCRIPTION);
+ if (jsonDescription != null) {
+ String myDescription = sg.description();
+ if (!jsonDescription.asText().equals(myDescription)) {
+ description.appendText("Description was " + jsonDescription);
+ return false;
+ }
+ }
+
+ JsonNode jsonSgr = jsonNode.get(RULES);
+ if (jsonSgr != null) {
+ // check size of rule array
+ if (jsonSgr.size() != sg.rules().size()) {
+ description.appendText("Rules was " + jsonSgr.size());
+ return false;
+ }
+
+ // check rules
+ for (KubevirtSecurityGroupRule sgr : sg.rules()) {
+ boolean ruleFound = false;
+ for (int ruleIndex = 0; ruleIndex < jsonSgr.size(); ruleIndex++) {
+ KubevirtSecurityGroupRuleJsonMatcher ruleMatcher =
+ KubevirtSecurityGroupRuleJsonMatcher
+ .matchesKubevirtSecurityGroupRule(sgr);
+ if (ruleMatcher.matches(jsonSgr.get(ruleIndex))) {
+ ruleFound = true;
+ break;
+ }
+ }
+
+ if (!ruleFound) {
+ description.appendText("Rule not found " + sgr.toString());
+ return false;
+ }
+ }
+ }
+
+ return true;
+ }
+
+ @Override
+ public void describeTo(Description description) {
+ description.appendText(sg.toString());
+ }
+
+ /**
+ * Factory to allocate a kubevirt security group matcher.
+ *
+ * @param sg kubevirt security group object we are looking for
+ * @return matcher
+ */
+ public static KubevirtSecurityGroupJsonMatcher
+ matchesKubevirtSecurityGroup(KubevirtSecurityGroup sg) {
+ return new KubevirtSecurityGroupJsonMatcher(sg);
+ }
+}
diff --git a/apps/kubevirt-networking/app/src/test/java/org/onosproject/kubevirtnetworking/codec/KubevirtSecurityGroupRuleJsonMatcher.java b/apps/kubevirt-networking/app/src/test/java/org/onosproject/kubevirtnetworking/codec/KubevirtSecurityGroupRuleJsonMatcher.java
new file mode 100644
index 0000000..81ba374
--- /dev/null
+++ b/apps/kubevirt-networking/app/src/test/java/org/onosproject/kubevirtnetworking/codec/KubevirtSecurityGroupRuleJsonMatcher.java
@@ -0,0 +1,149 @@
+/*
+ * Copyright 2021-present Open Networking Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.onosproject.kubevirtnetworking.codec;
+
+import com.fasterxml.jackson.databind.JsonNode;
+import org.hamcrest.Description;
+import org.hamcrest.TypeSafeDiagnosingMatcher;
+import org.onlab.packet.IpPrefix;
+import org.onosproject.kubevirtnetworking.api.KubevirtSecurityGroupRule;
+
+/**
+ * Hamcrest matcher for kubevirt port.
+ */
+public final class KubevirtSecurityGroupRuleJsonMatcher extends TypeSafeDiagnosingMatcher<JsonNode> {
+
+ private final KubevirtSecurityGroupRule rule;
+
+ private static final String ID = "id";
+ private static final String SECURITY_GROUP_ID = "securityGroupId";
+ private static final String DIRECTION = "direction";
+ private static final String ETHER_TYPE = "etherType";
+ private static final String PORT_RANGE_MAX = "portRangeMax";
+ private static final String PORT_RANGE_MIN = "portRangeMin";
+ private static final String PROTOCOL = "protocol";
+ private static final String REMOTE_IP_PREFIX = "remoteIpPrefix";
+ private static final String REMOTE_GROUP_ID = "remoteGroupId";
+
+ private KubevirtSecurityGroupRuleJsonMatcher(KubevirtSecurityGroupRule rule) {
+ this.rule = rule;
+ }
+
+ @Override
+ protected boolean matchesSafely(JsonNode jsonNode, Description description) {
+ // check rule ID
+ String jsonId = jsonNode.get(ID).asText();
+ String id = rule.id();
+ if (!jsonId.equals(id)) {
+ description.appendText("Rule ID was " + jsonId);
+ return false;
+ }
+
+ // check security group ID
+ String jsonSecurityGroupId = jsonNode.get(SECURITY_GROUP_ID).asText();
+ String securityGroupId = rule.securityGroupId();
+ if (!jsonSecurityGroupId.equals(securityGroupId)) {
+ description.appendText("Security group ID was " + jsonSecurityGroupId);
+ return false;
+ }
+
+ // check direction
+ String jsonDirection = jsonNode.get(DIRECTION).asText();
+ String direction = rule.direction();
+ if (!jsonDirection.equals(direction)) {
+ description.appendText("Direction was " + jsonDirection);
+ return false;
+ }
+
+ // check ether type
+ JsonNode jsonEtherType = jsonNode.get(ETHER_TYPE);
+ if (jsonEtherType != null) {
+ String etherType = rule.etherType();
+ if (!jsonEtherType.asText().equals(etherType)) {
+ description.appendText("EtherType was " + jsonEtherType);
+ return false;
+ }
+ }
+
+ // check port range max
+ JsonNode jsonPortRangeMax = jsonNode.get(PORT_RANGE_MAX);
+ if (jsonPortRangeMax != null) {
+ int portRangeMax = rule.portRangeMax();
+ if (portRangeMax != jsonPortRangeMax.asInt()) {
+ description.appendText("PortRangeMax was " + jsonPortRangeMax);
+ return false;
+ }
+ }
+
+ // check port range min
+ JsonNode jsonPortRangeMin = jsonNode.get(PORT_RANGE_MIN);
+ if (jsonPortRangeMin != null) {
+ int portRangeMin = rule.portRangeMin();
+ if (portRangeMin != jsonPortRangeMin.asInt()) {
+ description.appendText("PortRangeMin was " + jsonPortRangeMin);
+ return false;
+ }
+ }
+
+ // check protocol
+ JsonNode jsonProtocol = jsonNode.get(PROTOCOL);
+ if (jsonProtocol != null) {
+ String protocol = rule.protocol();
+ if (!jsonProtocol.asText().equals(protocol)) {
+ description.appendText("Protocol was " + jsonProtocol);
+ return false;
+ }
+ }
+
+ // check remote IP prefix
+ JsonNode jsonRemoteIpPrefix = jsonNode.get(REMOTE_IP_PREFIX);
+ if (jsonRemoteIpPrefix != null) {
+ IpPrefix remoteIpPrefix = rule.remoteIpPrefix();
+ if (!jsonRemoteIpPrefix.asText().equals(remoteIpPrefix.toString())) {
+ description.appendText("Remote IP prefix was " + jsonRemoteIpPrefix);
+ return false;
+ }
+ }
+
+ // check remote group ID
+ JsonNode jsonRemoteGroupId = jsonNode.get(REMOTE_GROUP_ID);
+ if (jsonRemoteGroupId != null) {
+ String remoteGroupId = rule.remoteGroupId();
+ if (!jsonRemoteGroupId.asText().equals(remoteGroupId)) {
+ description.appendText("Remote group ID was " + jsonRemoteGroupId);
+ return false;
+ }
+ }
+
+ return true;
+ }
+
+ @Override
+ public void describeTo(Description description) {
+ description.appendText(rule.toString());
+ }
+
+ /**
+ * Factory to allocate an kubevirt security group rule matcher.
+ *
+ * @param rule kubevirt security group rule object we are looking for
+ * @return matcher
+ */
+ public static KubevirtSecurityGroupRuleJsonMatcher
+ matchesKubevirtSecurityGroupRule(KubevirtSecurityGroupRule rule) {
+ return new KubevirtSecurityGroupRuleJsonMatcher(rule);
+ }
+}