2 * Copyright (c) 2016 Ericsson India Global Services Pvt Ltd. and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
8 package org.opendaylight.netvirt.aclservice.listeners;
10 import com.google.common.collect.ImmutableSet;
11 import java.util.ArrayList;
12 import java.util.Collection;
13 import java.util.HashSet;
14 import java.util.Iterator;
15 import java.util.List;
17 import java.util.SortedSet;
18 import javax.annotation.PostConstruct;
19 import javax.inject.Inject;
20 import javax.inject.Singleton;
21 import org.opendaylight.controller.md.sal.binding.api.ClusteredDataTreeChangeListener;
22 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
23 import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
24 import org.opendaylight.genius.datastoreutils.AsyncDataTreeChangeListenerBase;
25 import org.opendaylight.netvirt.aclservice.api.AclInterfaceCache;
26 import org.opendaylight.netvirt.aclservice.api.AclServiceManager;
27 import org.opendaylight.netvirt.aclservice.api.utils.AclInterface;
28 import org.opendaylight.netvirt.aclservice.utils.AclClusterUtil;
29 import org.opendaylight.netvirt.aclservice.utils.AclConstants;
30 import org.opendaylight.netvirt.aclservice.utils.AclDataUtil;
31 import org.opendaylight.netvirt.aclservice.utils.AclServiceUtils;
32 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.AccessLists;
33 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.Acl;
34 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.Ace;
35 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.Uuid;
36 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.DirectionBase;
37 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.DirectionEgress;
38 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.DirectionIngress;
39 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.SecurityRuleAttr;
40 import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
41 import org.slf4j.Logger;
42 import org.slf4j.LoggerFactory;
45 public class AclEventListener extends AsyncDataTreeChangeListenerBase<Acl, AclEventListener> implements
46 ClusteredDataTreeChangeListener<Acl> {
48 private static final Logger LOG = LoggerFactory.getLogger(AclEventListener.class);
50 private final AclServiceManager aclServiceManager;
51 private final AclClusterUtil aclClusterUtil;
52 private final DataBroker dataBroker;
53 private final AclDataUtil aclDataUtil;
54 private final AclServiceUtils aclServiceUtils;
55 private final AclInterfaceCache aclInterfaceCache;
58 public AclEventListener(AclServiceManager aclServiceManager, AclClusterUtil aclClusterUtil, DataBroker dataBroker,
59 AclDataUtil aclDataUtil, AclServiceUtils aclServicUtils, AclInterfaceCache aclInterfaceCache) {
60 super(Acl.class, AclEventListener.class);
61 this.aclServiceManager = aclServiceManager;
62 this.aclClusterUtil = aclClusterUtil;
63 this.dataBroker = dataBroker;
64 this.aclDataUtil = aclDataUtil;
65 this.aclServiceUtils = aclServicUtils;
66 this.aclInterfaceCache = aclInterfaceCache;
72 LOG.info("{} start", getClass().getSimpleName());
73 registerListener(LogicalDatastoreType.CONFIGURATION, dataBroker);
77 protected InstanceIdentifier<Acl> getWildCardPath() {
78 return InstanceIdentifier.create(AccessLists.class).child(Acl.class);
82 protected void remove(InstanceIdentifier<Acl> key, Acl acl) {
83 String aclName = acl.getAclName();
84 if (!AclServiceUtils.isOfAclInterest(acl)) {
85 LOG.trace("{} does not have SecurityRuleAttr augmentation", aclName);
89 LOG.trace("On remove event, remove ACL: {}", acl);
90 this.aclDataUtil.removeAcl(aclName);
91 Integer aclTag = this.aclDataUtil.getAclTag(aclName);
93 this.aclDataUtil.removeAclTag(aclName);
94 this.aclServiceUtils.releaseAclTag(aclName);
96 updateRemoteAclCache(acl.getAccessListEntries().getAce(), aclName, AclServiceManager.Action.REMOVE);
100 protected void update(InstanceIdentifier<Acl> key, Acl aclBefore, Acl aclAfter) {
101 if (!AclServiceUtils.isOfAclInterest(aclAfter) && !AclServiceUtils.isOfAclInterest(aclBefore)) {
102 LOG.trace("before {} and after {} does not have SecurityRuleAttr augmentation",
103 aclBefore.getAclName(), aclAfter.getAclName());
106 String aclName = aclAfter.getAclName();
107 Collection<AclInterface> interfacesBefore =
108 ImmutableSet.copyOf(aclDataUtil.getInterfaceList(new Uuid(aclName)));
109 // Find and update added ace rules in acl
110 List<Ace> addedAceRules = getChangedAceList(aclAfter, aclBefore);
112 // Find and update deleted ace rules in acl
113 List<Ace> deletedAceRules = getChangedAceList(aclBefore, aclAfter);
115 if (interfacesBefore != null && aclClusterUtil.isEntityOwner()) {
116 LOG.debug("On update event, remove Ace rules: {} for ACL: {}", deletedAceRules, aclName);
117 updateAceRules(interfacesBefore, aclName, deletedAceRules, AclServiceManager.Action.REMOVE);
119 updateAclCaches(aclBefore, aclAfter, interfacesBefore);
121 if (interfacesBefore != null && aclClusterUtil.isEntityOwner()) {
122 LOG.debug("On update event, add Ace rules: {} for ACL: {}", addedAceRules, aclName);
123 updateAceRules(interfacesBefore, aclName, addedAceRules, AclServiceManager.Action.ADD);
125 aclServiceManager.notifyAcl(aclBefore, aclAfter, interfacesBefore, AclServiceManager.Action.UPDATE);
129 private void updateAceRules(Collection<AclInterface> interfaceList, String aclName, List<Ace> aceList,
130 AclServiceManager.Action action) {
131 if (null != aceList && !aceList.isEmpty()) {
132 LOG.trace("update ace rules - action: {} , ace rules: {}", action.name(), aceList);
133 for (AclInterface port : interfaceList) {
134 for (Ace aceRule : aceList) {
135 aclServiceManager.notifyAce(port, action, aclName, aceRule);
142 protected void add(InstanceIdentifier<Acl> key, Acl acl) {
143 String aclName = acl.getAclName();
144 if (!AclServiceUtils.isOfAclInterest(acl)) {
145 LOG.trace("{} does not have SecurityRuleAttr augmentation", aclName);
149 LOG.trace("On add event, add ACL: {}", acl);
150 this.aclDataUtil.addAcl(acl);
152 Integer aclTag = this.aclServiceUtils.allocateAclTag(aclName);
153 if (aclTag != null && aclTag != AclConstants.INVALID_ACL_TAG) {
154 this.aclDataUtil.addAclTag(aclName, aclTag);
157 updateRemoteAclCache(acl.getAccessListEntries().getAce(), aclName, AclServiceManager.Action.ADD);
161 * Update remote acl cache.
163 * @param aceList the ace list
164 * @param aclName the acl name
165 * @param action the action
167 private void updateRemoteAclCache(List<Ace> aceList, String aclName, AclServiceManager.Action action) {
168 if (null == aceList) {
171 for (Ace ace : aceList) {
172 SecurityRuleAttr aceAttributes = ace.getAugmentation(SecurityRuleAttr.class);
173 if (AclServiceUtils.doesAceHaveRemoteGroupId(aceAttributes)) {
174 if (action == AclServiceManager.Action.ADD) {
175 aclDataUtil.addRemoteAclId(aceAttributes.getRemoteGroupId(), new Uuid(aclName),
176 aceAttributes.getDirection());
178 aclDataUtil.removeRemoteAclId(aceAttributes.getRemoteGroupId(), new Uuid(aclName),
179 aceAttributes.getDirection());
185 private void updateAclCaches(Acl aclBefore, Acl aclAfter, Collection<AclInterface> aclInterfaces) {
186 String aclName = aclAfter.getAclName();
187 Integer aclTag = this.aclDataUtil.getAclTag(aclName);
188 if (aclTag == null) {
189 aclTag = this.aclServiceUtils.allocateAclTag(aclName);
190 if (aclTag != null && aclTag != AclConstants.INVALID_ACL_TAG) {
191 this.aclDataUtil.addAclTag(aclName, aclTag);
194 this.aclDataUtil.addAcl(aclAfter);
196 updateAclCaches(aclBefore, aclAfter, aclInterfaces, DirectionEgress.class);
197 updateAclCaches(aclBefore, aclAfter, aclInterfaces, DirectionIngress.class);
200 private void updateAclCaches(Acl aclBefore, Acl aclAfter, Collection<AclInterface> aclInterfaces,
201 Class<? extends DirectionBase> direction) {
202 Uuid aclId = new Uuid(aclAfter.getAclName());
203 Set<Uuid> remoteAclsBefore = AclServiceUtils.getRemoteAclIdsByDirection(aclBefore, direction);
204 Set<Uuid> remoteAclsAfter = AclServiceUtils.getRemoteAclIdsByDirection(aclAfter, direction);
206 Set<Uuid> remoteAclsDeleted = new HashSet<>(remoteAclsBefore);
207 remoteAclsDeleted.removeAll(remoteAclsAfter);
208 for (Uuid remoteAcl : remoteAclsDeleted) {
209 aclDataUtil.removeRemoteAclId(remoteAcl, aclId, direction);
212 Set<Uuid> remoteAclsAdded = new HashSet<>(remoteAclsAfter);
213 remoteAclsAdded.removeAll(remoteAclsBefore);
214 for (Uuid remoteAcl : remoteAclsAdded) {
215 aclDataUtil.addRemoteAclId(remoteAcl, aclId, direction);
218 if (remoteAclsDeleted.isEmpty() && remoteAclsAdded.isEmpty()) {
222 if (aclInterfaces != null) {
223 for (AclInterface aclInterface : aclInterfaces) {
224 AclInterface aclInterfaceInCache =
225 aclInterfaceCache.addOrUpdate(aclInterface.getInterfaceId(), (prevAclInterface, builder) -> {
226 SortedSet<Integer> remoteAclTags =
227 aclServiceUtils.getRemoteAclTags(aclInterface.getSecurityGroups(), direction);
228 if (DirectionEgress.class.equals(direction)) {
229 builder.egressRemoteAclTags(remoteAclTags);
231 builder.ingressRemoteAclTags(remoteAclTags);
235 aclDataUtil.addOrUpdateAclInterfaceMap(aclInterface.getSecurityGroups(), aclInterfaceInCache);
241 protected AclEventListener getDataTreeChangeListener() {
245 private List<Ace> getChangedAceList(Acl updatedAcl, Acl currentAcl) {
246 if (updatedAcl == null) {
249 List<Ace> updatedAceList = updatedAcl.getAccessListEntries() == null ? new ArrayList<>()
250 : new ArrayList<>(updatedAcl.getAccessListEntries().getAce());
251 if (currentAcl == null) {
252 return updatedAceList;
254 List<Ace> currentAceList = currentAcl.getAccessListEntries() == null ? new ArrayList<>()
255 : new ArrayList<>(currentAcl.getAccessListEntries().getAce());
256 for (Iterator<Ace> iterator = updatedAceList.iterator(); iterator.hasNext();) {
257 Ace ace1 = iterator.next();
258 for (Ace ace2 : currentAceList) {
259 if (ace1.getRuleName().equals(ace2.getRuleName())) {
264 return updatedAceList;