From e92b370d515d8834f86e203198a9846aa2fd77c4 Mon Sep 17 00:00:00 2001 From: Andrea Turli Date: Mon, 13 Aug 2012 23:12:59 +0200 Subject: [PATCH] added VAppNetworksLiveTest --- .../domain/network/NetworkConnection.java | 10 +- .../v1_5/AbstractVAppApiLiveTest.java | 25 ++ .../v1_5/features/VAppApiLiveTest.java | 84 ++-- .../v1_5/features/VAppNetworksLiveTest.java | 384 ++++++++++++++++++ 4 files changed, 465 insertions(+), 38 deletions(-) create mode 100644 labs/vcloud-director/src/test/java/org/jclouds/vcloud/director/v1_5/features/VAppNetworksLiveTest.java diff --git a/labs/vcloud-director/src/main/java/org/jclouds/vcloud/director/v1_5/domain/network/NetworkConnection.java b/labs/vcloud-director/src/main/java/org/jclouds/vcloud/director/v1_5/domain/network/NetworkConnection.java index 9a30e64d4b..74d7b29ada 100644 --- a/labs/vcloud-director/src/main/java/org/jclouds/vcloud/director/v1_5/domain/network/NetworkConnection.java +++ b/labs/vcloud-director/src/main/java/org/jclouds/vcloud/director/v1_5/domain/network/NetworkConnection.java @@ -73,9 +73,9 @@ public class NetworkConnection { @XmlType @XmlEnum(String.class) public static enum IpAddressAllocationMode { - @XmlEnumValue("pool") POOL("pool"), - @XmlEnumValue("dhcp") DHCP("dhcp"), - @XmlEnumValue("manual") MANUAL("manual"), + @XmlEnumValue("POOL") POOL("pool"), + @XmlEnumValue("DHCP") DHCP("dhcp"), + @XmlEnumValue("MANUAL") MANUAL("manual"), @XmlEnumValue("NONE") NONE("none"), @XmlEnumValue("") UNRECOGNIZED("unrecognized"); @@ -222,8 +222,8 @@ public class NetworkConnection { this.externalIpAddress = externalIpAddress; this.isConnected = connected; this.macAddress = macAddress; - this.ipAddressAllocationMode = checkNotNull(ipAddressAllocationMode, "ipAddressAllocationMode"); - this.network = checkNotNull(network, "network"); + this.ipAddressAllocationMode = ipAddressAllocationMode; + this.network = network; this.needsCustomization = needsCustomization; } diff --git a/labs/vcloud-director/src/test/java/org/jclouds/vcloud/director/v1_5/AbstractVAppApiLiveTest.java b/labs/vcloud-director/src/test/java/org/jclouds/vcloud/director/v1_5/AbstractVAppApiLiveTest.java index ced21c917f..d80d9079c0 100644 --- a/labs/vcloud-director/src/test/java/org/jclouds/vcloud/director/v1_5/AbstractVAppApiLiveTest.java +++ b/labs/vcloud-director/src/test/java/org/jclouds/vcloud/director/v1_5/AbstractVAppApiLiveTest.java @@ -32,6 +32,7 @@ import java.io.IOException; import java.math.BigInteger; import java.net.URI; import java.util.List; +import java.util.Set; import org.jclouds.dmtf.cim.CimBoolean; import org.jclouds.dmtf.cim.CimString; @@ -47,6 +48,8 @@ import org.jclouds.vcloud.director.v1_5.domain.VAppTemplate; import org.jclouds.vcloud.director.v1_5.domain.Vdc; import org.jclouds.vcloud.director.v1_5.domain.Vm; import org.jclouds.vcloud.director.v1_5.domain.dmtf.RasdItem; +import org.jclouds.vcloud.director.v1_5.domain.network.NetworkConnection; +import org.jclouds.vcloud.director.v1_5.domain.network.VAppNetworkConfiguration; import org.jclouds.vcloud.director.v1_5.domain.params.UndeployVAppParams; import org.jclouds.vcloud.director.v1_5.domain.section.GuestCustomizationSection; import org.jclouds.vcloud.director.v1_5.domain.section.NetworkConnectionSection; @@ -372,4 +375,26 @@ public abstract class AbstractVAppApiLiveTest extends BaseVCloudDirectorApiLiveT Throwables.propagate(ioe); } } + + protected VAppNetworkConfiguration getVAppNetworkConfig(VApp vApp) { + Set vAppNetworkConfigs = vAppApi.getNetworkConfigSection(vApp.getHref()).getNetworkConfigs(); + return Iterables.tryFind(vAppNetworkConfigs, Predicates.notNull()).orNull(); + } + + protected boolean vAppHasNetworkConfigured(VApp vApp) { + return getVAppNetworkConfig(vApp) != null; + } + + protected boolean vmHasNetworkConnectionConfigured(Vm vm) { + return listNetworkConnections(vm).size() > 0; + } + + protected Set listNetworkConnections(Vm vm) { + return vmApi.getNetworkConnectionSection(vm.getHref()).getNetworkConnections(); + } + + protected Set listVappNetworkConfigurations(VApp vApp) { + Set vAppNetworkConfigs = vAppApi.getNetworkConfigSection(vApp.getHref()).getNetworkConfigs(); + return vAppNetworkConfigs; + } } diff --git a/labs/vcloud-director/src/test/java/org/jclouds/vcloud/director/v1_5/features/VAppApiLiveTest.java b/labs/vcloud-director/src/test/java/org/jclouds/vcloud/director/v1_5/features/VAppApiLiveTest.java index c175463b65..3d31a13046 100644 --- a/labs/vcloud-director/src/test/java/org/jclouds/vcloud/director/v1_5/features/VAppApiLiveTest.java +++ b/labs/vcloud-director/src/test/java/org/jclouds/vcloud/director/v1_5/features/VAppApiLiveTest.java @@ -80,6 +80,7 @@ import org.jclouds.vcloud.director.v1_5.domain.VAppTemplate; import org.jclouds.vcloud.director.v1_5.domain.Vm; import org.jclouds.vcloud.director.v1_5.domain.network.NetworkAssignment; import org.jclouds.vcloud.director.v1_5.domain.network.NetworkConnection; +import org.jclouds.vcloud.director.v1_5.domain.network.NetworkConnection.IpAddressAllocationMode; import org.jclouds.vcloud.director.v1_5.domain.network.VAppNetworkConfiguration; import org.jclouds.vcloud.director.v1_5.domain.params.ComposeVAppParams; import org.jclouds.vcloud.director.v1_5.domain.params.ControlAccessParams; @@ -612,7 +613,8 @@ public class VAppApiLiveTest extends AbstractVAppApiLiveTest { public void testModifyNetworkConfigSection() { // Copy existing section and update fields NetworkConfigSection oldSection = vAppApi.getNetworkConfigSection(vApp.getHref()); - NetworkConfigSection newSection = oldSection.toBuilder() + VAppNetworkConfiguration networkConfig = VAppNetworkConfiguration.builder().build(); + NetworkConfigSection newSection = oldSection.toBuilder().networkConfigs(ImmutableSet.of(networkConfig)) .build(); // The method under test @@ -848,27 +850,55 @@ public class VAppApiLiveTest extends AbstractVAppApiLiveTest { InstantiationParams vmInstantiationParams = null; + Set networkAssignments = Sets.newLinkedHashSet(); + // if the vm contains a network connection and the vApp does not contain any configured network - if (vmHasNetworkConnectionConfigured(vm) && vAppHasNetworkConfigured(vApp)) { - // creating empty network connection section for the vm. - NetworkConnectionSection networkConnectionSection = NetworkConnectionSection.builder() - .info("Empty network configuration parameters") - .build(); - - // adding the network connection section to the instantiation params of the vapp. - vmInstantiationParams = InstantiationParams.builder().sections(ImmutableSet.of(networkConnectionSection)).build(); + if (vmHasNetworkConnectionConfigured(vm)) { + if (!vAppHasNetworkConfigured(vApp)) { + // create a new network connection section for the vm. + NetworkConnectionSection networkConnectionSection = NetworkConnectionSection.builder() + .info("Empty network configuration parameters").build(); + // adding the network connection section to the instantiation params of the vapp. + vmInstantiationParams = InstantiationParams.builder().sections(ImmutableSet.of(networkConnectionSection)) + .build(); + } + + // if the vm already contains a network connection section and if the vapp contains a + // configured network -> vm could be mapped to that network. + else { + Set vAppNetworkConfigurations = listVappNetworkConfigurations(vApp); + Set listVmNetworkConnections = listNetworkConnections(vm); + for (NetworkConnection networkConnection : listVmNetworkConnections) { + for (VAppNetworkConfiguration vAppNetworkConfiguration : vAppNetworkConfigurations) { + NetworkAssignment networkAssignment = NetworkAssignment.builder() + .innerNetwork(vAppNetworkConfiguration.getNetworkName()) + .containerNetwork(vAppNetworkConfiguration.getNetworkName()).build(); + networkAssignments.add(networkAssignment); + } + } + } } - // if the vm already contains a network connection section and if the vapp contains a configured network -> vm could be mapped to that network. - NetworkAssignment networkAssignment = null; - if (vmHasNetworkConnectionConfigured(vm) && !vAppHasNetworkConfigured(vApp)) { - for (NetworkConnection networkConnection : vmApi.getNetworkConnectionSection(vm.getHref()) - .getNetworkConnections()) { - if (networkConnection.getNetworkConnectionIndex() == vmApi.getNetworkConnectionSection(vm.getHref()) - .getPrimaryNetworkConnectionIndex()) { - networkAssignment = NetworkAssignment.builder().innerNetwork(networkConnection.getNetwork()) - .containerNetwork(getVAppNetworkConfig(vApp).getNetworkName()).build(); - } + // if the vm does not contain any network connection sections and if the + // vapp contains a network configuration. we should add the vm to this + // vapp network + else { + if (vAppHasNetworkConfigured(vApp)) { + + VAppNetworkConfiguration vAppNetworkConfiguration = getVAppNetworkConfig(vApp); + System.out.println(vAppNetworkConfiguration.getNetworkName()); + System.out.println(vAppNetworkConfiguration.getDescription()); + + NetworkConnection networkConnection = NetworkConnection.builder() + .network(vAppNetworkConfiguration.getNetworkName()) + .ipAddressAllocationMode(IpAddressAllocationMode.DHCP).build(); + + NetworkConnectionSection networkConnectionSection = NetworkConnectionSection.builder().info("networkInfo") + .primaryNetworkConnectionIndex(0).networkConnection(networkConnection).build(); + + // adding the network connection section to the instantiation params of the vapp. + vmInstantiationParams = InstantiationParams.builder().sections(ImmutableSet.of(networkConnectionSection)) + .build(); } } @@ -877,27 +907,15 @@ public class VAppApiLiveTest extends AbstractVAppApiLiveTest { .instantiationParams(vmInstantiationParams) .build(); - if (networkAssignment != null) + if (networkAssignments != null) vmItem = SourcedCompositionItemParam.builder().fromSourcedCompositionItemParam(vmItem) - .networkAssignment(ImmutableSet.of(networkAssignment)) + .networkAssignment(networkAssignments) .build(); return RecomposeVAppParams.builder().name(name("recompose-")) // adding the vm item. .sourcedItems(ImmutableList.of(vmItem)).build(); - } - private VAppNetworkConfiguration getVAppNetworkConfig(VApp vApp) { - Set vAppNetworkConfigs = vAppApi.getNetworkConfigSection(vApp.getHref()).getNetworkConfigs(); - return Iterables.tryFind(vAppNetworkConfigs, Predicates.notNull()).orNull(); - } - - private boolean vAppHasNetworkConfigured(VApp vApp) { - return getVAppNetworkConfig(vApp) != null; - } - - private boolean vmHasNetworkConnectionConfigured(Vm vm) { - return vmApi.getNetworkConnectionSection(vm.getHref()).getNetworkConnections().size() > 0; } } diff --git a/labs/vcloud-director/src/test/java/org/jclouds/vcloud/director/v1_5/features/VAppNetworksLiveTest.java b/labs/vcloud-director/src/test/java/org/jclouds/vcloud/director/v1_5/features/VAppNetworksLiveTest.java new file mode 100644 index 0000000000..8df1e590e7 --- /dev/null +++ b/labs/vcloud-director/src/test/java/org/jclouds/vcloud/director/v1_5/features/VAppNetworksLiveTest.java @@ -0,0 +1,384 @@ +/* + * Licensed to jclouds, Inc. (jclouds) under one or more + * contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. jclouds licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.jclouds.vcloud.director.v1_5.features; + +import static org.jclouds.vcloud.director.v1_5.VCloudDirectorLiveTestConstants.ENTITY_NON_NULL; +import static org.jclouds.vcloud.director.v1_5.VCloudDirectorLiveTestConstants.TASK_COMPLETE_TIMELY; +import static org.jclouds.vcloud.director.v1_5.domain.Checks.checkNetworkConfigSection; +import static org.testng.Assert.assertNotNull; +import static org.testng.Assert.assertTrue; +import static org.testng.Assert.fail; + +import java.net.URI; +import java.util.List; +import java.util.Map; +import java.util.Set; + +import org.jclouds.vcloud.director.v1_5.AbstractVAppApiLiveTest; +import org.jclouds.vcloud.director.v1_5.domain.Reference; +import org.jclouds.vcloud.director.v1_5.domain.Task; +import org.jclouds.vcloud.director.v1_5.domain.Vdc; +import org.jclouds.vcloud.director.v1_5.domain.Vm; +import org.jclouds.vcloud.director.v1_5.domain.network.FirewallRule; +import org.jclouds.vcloud.director.v1_5.domain.network.FirewallRuleProtocols; +import org.jclouds.vcloud.director.v1_5.domain.network.FirewallService; +import org.jclouds.vcloud.director.v1_5.domain.network.IpRange; +import org.jclouds.vcloud.director.v1_5.domain.network.IpRanges; +import org.jclouds.vcloud.director.v1_5.domain.network.IpScope; +import org.jclouds.vcloud.director.v1_5.domain.network.NatService; +import org.jclouds.vcloud.director.v1_5.domain.network.Network.FenceMode; +import org.jclouds.vcloud.director.v1_5.domain.network.NetworkConfiguration; +import org.jclouds.vcloud.director.v1_5.domain.network.NetworkConnection; +import org.jclouds.vcloud.director.v1_5.domain.network.NetworkConnection.IpAddressAllocationMode; +import org.jclouds.vcloud.director.v1_5.domain.network.NetworkFeatures; +import org.jclouds.vcloud.director.v1_5.domain.network.NetworkServiceType; +import org.jclouds.vcloud.director.v1_5.domain.network.VAppNetworkConfiguration; +import org.jclouds.vcloud.director.v1_5.domain.section.NetworkConfigSection; +import org.jclouds.vcloud.director.v1_5.domain.section.NetworkConnectionSection; +import org.testng.annotations.AfterClass; +import org.testng.annotations.AfterMethod; +import org.testng.annotations.BeforeClass; +import org.testng.annotations.Test; + +import com.google.common.base.Joiner; +import com.google.common.base.Optional; +import com.google.common.base.Predicate; +import com.google.common.collect.ImmutableList; +import com.google.common.collect.ImmutableSet; +import com.google.common.collect.Iterables; +import com.google.common.collect.Maps; +import com.google.common.collect.Sets; + +/** + * Tests the request/response behavior of {@link VAppTemplateApi} + * + * NOTE The environment MUST have at least one template configured + * + * @author Andrea Turli + */ +@Test(groups = { "live", "user" }, singleThreaded = true, testName = "VAppNetworksLiveTest") +public class VAppNetworksLiveTest extends AbstractVAppApiLiveTest { + + private static final String HTTP_SECURITY_GROUP = "http"; + private static final String DEFAULT_SECURITY_GROUP = "default"; + private String key; + private Reference parentNetworkRef; + private Map securityGroupToNetworkConfig; + private String orgNetworkName; + + @AfterClass(alwaysRun = true, dependsOnMethods = { "cleanUpEnvironment" }) + protected void tidyUp() { + if (key != null) { + try { + Task delete = vAppTemplateApi.getMetadataApi().deleteMetadataEntry(vAppTemplateURI, key); + taskDoneEventually(delete); + } catch (Exception e) { + logger.warn(e, "Error when deleting metadata entry '%s'", key); + } + } + } + + @BeforeClass + void setUp() { + parentNetworkRef = lookUpNewtorkInVdc(networkURI); + securityGroupToNetworkConfig = createSecurityGroupToNetworkConfiguration(parentNetworkRef); + orgNetworkName = parentNetworkRef.getName(); + } + + @AfterMethod + void cleanUpVmNetworks() { + disconnectVmFromVAppNetwork(vm); + } + + @Test(description = "Create a vApp Network based on an org network with `default` firewall rules applied") + public void testCreateVAppNetworkWithDefaultSecurityGroup() { + ImmutableList securityGroups = ImmutableList.of(DEFAULT_SECURITY_GROUP); + createVAppNetworkWithSecurityGroupOnVApp(securityGroups, vAppURI); + + // Retrieve the modified section + NetworkConfigSection modified = vAppApi.getNetworkConfigSection(vAppURI); + + // Check the retrieved object is well formed + checkNetworkConfigSection(modified); + + /* + * TODO + * powerOn machine, ssh to it, run sshd on a port, trying to connect + * `which sshd` -p 22 + * + */ + } + + @Test(description = "Create a vApp Network based on an org network with `http` firewall rules applied") + public void testCreateVAppNetworkWithHttpSecurityGroup() { + ImmutableList securityGroups = ImmutableList.of(HTTP_SECURITY_GROUP); + createVAppNetworkWithSecurityGroupOnVApp(securityGroups, vAppURI); + + // Retrieve the modified section + NetworkConfigSection modified = vAppApi.getNetworkConfigSection(vAppURI); + + // Check the retrieved object is well formed + checkNetworkConfigSection(modified); + + /* + * TODO + * powerOn machine, ssh to it, run sshd on a port, trying to connect + * `which sshd` -p 22 + * + */ + } + + @Test(description = "Create a vApp Network based on an org network with both `defautl` and `http` firewall rules applied") + public void testCreateVAppNetworkWithDefaultAndHttpSecurityGroup() { + ImmutableList securityGroups = ImmutableList.of(DEFAULT_SECURITY_GROUP, HTTP_SECURITY_GROUP); + createVAppNetworkWithSecurityGroupOnVApp(securityGroups, vAppURI); + + // Retrieve the modified section + NetworkConfigSection modified = vAppApi.getNetworkConfigSection(vAppURI); + + // Check the retrieved object is well formed + checkNetworkConfigSection(modified); + + /* + * TODO + * powerOn machine, ssh to it, run sshd on a port, trying to connect + * `which sshd` -p 22 + * + */ + } + + private void createVAppNetworkWithSecurityGroupOnVApp(ImmutableList securityGroups, URI vAppURI) { + String newVAppNetworkName = generateVAppNetworkName(orgNetworkName, securityGroups); + // Create a vAppNetwork with firewall rules + NetworkConfigSection newSection = generateNetworkConfigSection(securityGroups, newVAppNetworkName); + Task modifyNetworkConfigSection = vAppApi.modifyNetworkConfigSection(vAppURI, newSection); + assertTrue(retryTaskSuccess.apply(modifyNetworkConfigSection), String.format(TASK_COMPLETE_TIMELY, "modifyNetworkConfigSection")); + attachVmToVAppNetwork(vm, newVAppNetworkName); + } + + private NetworkConfigSection generateNetworkConfigSection(List securityGroups, String newVAppNetworkName) { + + Set firewallRules = Sets.newLinkedHashSet(); + for (String securityGroup : securityGroups) { + Set securityGroupFirewallRules = retrieveAllFirewallRules(securityGroupToNetworkConfig.get(securityGroup).getNetworkFeatures()); + firewallRules.addAll(securityGroupFirewallRules); + } + + FirewallService firewallService = createFirewallService(firewallRules); + NatService natService = createNatService(); + IpScope ipScope = createNewIpScope(); + NetworkConfiguration newConfiguration = NetworkConfiguration.builder() + .ipScope(ipScope) + .parentNetwork(parentNetworkRef) + .fenceMode(FenceMode.NAT_ROUTED) + .retainNetInfoAcrossDeployments(false) + .features(createNetworkFeatures(ImmutableSet.of(firewallService, natService))) + .build(); + + VAppNetworkConfiguration newVAppNetworkConfiguration = VAppNetworkConfiguration.builder().networkName(newVAppNetworkName).configuration(newConfiguration).build(); + return NetworkConfigSection.builder() + .info("modified") + .networkConfigs(ImmutableSet.of(newVAppNetworkConfiguration)) + .build(); + } + + private void attachVmToVAppNetwork(Vm vm, String vAppNetworkName) { + Set networkConnections = vmApi.getNetworkConnectionSection(vm.getHref()) + .getNetworkConnections(); + + NetworkConnectionSection section = NetworkConnectionSection.builder() + .info("info") + .primaryNetworkConnectionIndex(0) + .build(); + + for (NetworkConnection networkConnection : networkConnections) { + NetworkConnection newNetworkConnection = networkConnection.toBuilder() + .network(vAppNetworkName) + .isConnected(true) + .networkConnectionIndex(0) + .ipAddressAllocationMode(IpAddressAllocationMode.POOL) + .build(); + + section = section.toBuilder().networkConnection(newNetworkConnection).build(); + } + Task configureNetwork = vmApi.modifyNetworkConnectionSection(vm.getHref(), section); + assertTaskSucceedsLong(configureNetwork); + } + + private IpScope createNewIpScope() { + IpRange newIpRange = createIpRange(); + IpRanges newIpRanges = IpRanges.builder() + .ipRange(newIpRange) + .build(); + return IpScope.builder() + .isInherited(false) + .gateway("192.168.2.1") + .netmask("255.255.0.0") + .ipRanges(newIpRanges).build(); + } + + private IpRange createIpRange() { + IpRange newIpRange = IpRange.builder() + .startAddress("192.168.2.100") + .endAddress("192.168.2.199") + .build(); + return newIpRange; + } + + private Reference lookUpNewtorkInVdc(final URI networkURI) { + Vdc vdc = context.getApi().getVdcApi().getVdc(vdcURI); + assertNotNull(vdc, String.format(ENTITY_NON_NULL, VDC)); + + Set networks = vdc.getAvailableNetworks(); + + // Look up the network in the Vdc with the id configured for the tests + Optional parentNetwork = Iterables.tryFind(networks, new Predicate() { + @Override + public boolean apply(Reference reference) { + return reference.getHref().equals(networkURI); + } + }); + if (!parentNetwork.isPresent()) { + fail(String.format("Could not find network %s in vdc", networkURI.toASCIIString())); + } + return parentNetwork.get(); + } + + private Set retrieveAllFirewallRules(NetworkFeatures networkFeatures) { + Set firewallRules = Sets.newLinkedHashSet(); + for (NetworkServiceType networkServiceType : networkFeatures.getNetworkServices()) { + if (networkServiceType instanceof FirewallService) { + firewallRules.addAll(((FirewallService) networkServiceType).getFirewallRules()); + } + } + return firewallRules; + } + + private NetworkFeatures createNetworkFeatures(Set> networkServices) { + NetworkFeatures networkFeatures = NetworkFeatures.builder() + .services(networkServices) + .build(); + return networkFeatures; + } + + + private Set createDefaultFirewallRules() { + FirewallRuleProtocols protocols = FirewallRuleProtocols.builder() + .any(true) + .build(); + FirewallRule egressAll = createFirewallRule(FirewallRuleProtocols.builder().tcp(true).build(), "allow ssh ingoing traffic", -1, 22, "in"); + FirewallRule sshIngoing = createFirewallRule(protocols, "allow all outgoing traffic", -1, -1, "out"); + return ImmutableSet.of(egressAll, sshIngoing); + } + + private Set createHttpIngoingFirewallRule() { + FirewallRuleProtocols protocols = FirewallRuleProtocols.builder().tcp(true).build(); + FirewallRule httpIngoing = createFirewallRule(protocols , "allow http ingoing traffic", 80, 80, "in"); + FirewallRule httpsIngoing = createFirewallRule(protocols , "allow https ingoing traffic", 443, 443, "in"); + return ImmutableSet.of(httpIngoing, httpsIngoing); + } + + private FirewallRule createFirewallRule(FirewallRuleProtocols protocols, String description, int sourcePort, int outPort, String direction) { + return FirewallRule.builder() + .isEnabled(true) + .description(description) + .policy("allow") + .protocols(protocols) + .port(outPort) + .destinationIp("Any") + .sourcePort(sourcePort) + .sourceIp("Any") + .direction(direction) + .enableLogging(false) + .build(); + } + + private FirewallService createFirewallService(Set firewallRules) { + FirewallService firewallService = FirewallService.builder() + .enabled(true) + .defaultAction("drop") + .logDefaultAction(false) + .firewallRules(firewallRules) + .build(); + return firewallService; + } + + private NatService createNatService() { + NatService natService = NatService.builder() + .enabled(true) + .natType("ipTranslation") + .policy("allowTraffic") + .build(); + return natService; + } + + private Map createSecurityGroupToNetworkConfiguration(Reference parentNetworkRef) { + Set defaultFirewallRules = createDefaultFirewallRules(); + Set httpFirewallRules = createHttpIngoingFirewallRule(); + + Map securityGroupToNetworkConfigurations = Maps.newHashMap(); + securityGroupToNetworkConfigurations.put(DEFAULT_SECURITY_GROUP, createNetworkConfiguration(parentNetworkRef, defaultFirewallRules)); + securityGroupToNetworkConfigurations.put(HTTP_SECURITY_GROUP, createNetworkConfiguration(parentNetworkRef, httpFirewallRules)); + + return securityGroupToNetworkConfigurations; + } + + private NetworkConfiguration createNetworkConfiguration(Reference parentNetworkRef, Set newFirewallRules) { + FirewallService firewallService = createFirewallService(newFirewallRules); + + IpScope ipScope = createNewIpScope(); + + NetworkConfiguration newConfiguration = NetworkConfiguration.builder() + .ipScope(ipScope) + .parentNetwork(parentNetworkRef) + .fenceMode(FenceMode.NAT_ROUTED) + .retainNetInfoAcrossDeployments(false) + .features(createNetworkFeatures(ImmutableSet.of(firewallService))) + .build(); + return newConfiguration; + } + + private static String generateVAppNetworkName(String orgNetworkName, List securityGroupNames) { + return orgNetworkName + "-" + Joiner.on("+").join(securityGroupNames); + } + + private void disconnectVmFromVAppNetwork(Vm vm) { + + Set networkConnections = vmApi.getNetworkConnectionSection(vm.getHref()) + .getNetworkConnections(); + + NetworkConnectionSection section = NetworkConnectionSection.builder() + .info("info") + .primaryNetworkConnectionIndex(0) + .build(); + + for (NetworkConnection networkConnection : networkConnections) { + section = section + .toBuilder() + .networkConnection(networkConnection.toBuilder() + .network("none") + .ipAddressAllocationMode(IpAddressAllocationMode.NONE) + .build()) + .build(); + } + Task cleanUpNetworks = vmApi.modifyNetworkConnectionSection(vm.getHref(), section); + assertTaskSucceedsLong(cleanUpNetworks); + } + +}