Code Review / netvirt.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
move vpnservice and cleanup poms
[netvirt.git] / aclservice / impl / src / main / java / org / opendaylight / netvirt / aclservice / listeners / AclEventListener.java
1 /*
2  * Copyright (c) 2016 Ericsson India Global Services Pvt Ltd. and others. All rights reserved.
3  *
4  * This program and the accompanying materials are made available under the
5  * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6  * and is available at http://www.eclipse.org/legal/epl-v10.html
7  */
8 package org.opendaylight.netvirt.aclservice.listeners;
9
10 import com.google.common.collect.ImmutableSet;
11 import java.util.ArrayList;
12 import java.util.Collection;
13 import java.util.HashSet;
14 import java.util.Iterator;
15 import java.util.List;
16 import java.util.Set;
17 import java.util.SortedSet;
18 import javax.annotation.PostConstruct;
19 import javax.inject.Inject;
20 import javax.inject.Singleton;
21 import org.opendaylight.controller.md.sal.binding.api.ClusteredDataTreeChangeListener;
22 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
23 import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
24 import org.opendaylight.genius.datastoreutils.AsyncDataTreeChangeListenerBase;
25 import org.opendaylight.netvirt.aclservice.api.AclInterfaceCache;
26 import org.opendaylight.netvirt.aclservice.api.AclServiceManager;
27 import org.opendaylight.netvirt.aclservice.api.utils.AclInterface;
28 import org.opendaylight.netvirt.aclservice.utils.AclClusterUtil;
29 import org.opendaylight.netvirt.aclservice.utils.AclConstants;
30 import org.opendaylight.netvirt.aclservice.utils.AclDataUtil;
31 import org.opendaylight.netvirt.aclservice.utils.AclServiceUtils;
32 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.AccessLists;
33 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.Acl;
34 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.Ace;
35 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.Uuid;
36 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.DirectionBase;
37 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.DirectionEgress;
38 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.DirectionIngress;
39 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.SecurityRuleAttr;
40 import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
41 import org.slf4j.Logger;
42 import org.slf4j.LoggerFactory;
43
44 @Singleton
45 public class AclEventListener extends AsyncDataTreeChangeListenerBase<Acl, AclEventListener> implements
46         ClusteredDataTreeChangeListener<Acl> {
47
48     private static final Logger LOG = LoggerFactory.getLogger(AclEventListener.class);
49
50     private final AclServiceManager aclServiceManager;
51     private final AclClusterUtil aclClusterUtil;
52     private final DataBroker dataBroker;
53     private final AclDataUtil aclDataUtil;
54     private final AclServiceUtils aclServiceUtils;
55     private final AclInterfaceCache aclInterfaceCache;
56
57     @Inject
58     public AclEventListener(AclServiceManager aclServiceManager, AclClusterUtil aclClusterUtil, DataBroker dataBroker,
59             AclDataUtil aclDataUtil, AclServiceUtils aclServicUtils, AclInterfaceCache aclInterfaceCache) {
60         super(Acl.class, AclEventListener.class);
61         this.aclServiceManager = aclServiceManager;
62         this.aclClusterUtil = aclClusterUtil;
63         this.dataBroker = dataBroker;
64         this.aclDataUtil = aclDataUtil;
65         this.aclServiceUtils = aclServicUtils;
66         this.aclInterfaceCache = aclInterfaceCache;
67     }
68
69     @Override
70     @PostConstruct
71     public void init() {
72         LOG.info("{} start", getClass().getSimpleName());
73         registerListener(LogicalDatastoreType.CONFIGURATION, dataBroker);
74     }
75
76     @Override
77     protected InstanceIdentifier<Acl> getWildCardPath() {
78         return InstanceIdentifier.create(AccessLists.class).child(Acl.class);
79     }
80
81     @Override
82     protected void remove(InstanceIdentifier<Acl> key, Acl acl) {
83         String aclName = acl.getAclName();
84         if (!AclServiceUtils.isOfAclInterest(acl)) {
85             LOG.trace("{} does not have SecurityRuleAttr augmentation", aclName);
86             return;
87         }
88
89         LOG.trace("On remove event, remove ACL: {}", acl);
90         this.aclDataUtil.removeAcl(aclName);
91         Integer aclTag = this.aclDataUtil.getAclTag(aclName);
92         if (aclTag != null) {
93             this.aclDataUtil.removeAclTag(aclName);
94             this.aclServiceUtils.releaseAclTag(aclName);
95         }
96         updateRemoteAclCache(acl.getAccessListEntries().getAce(), aclName, AclServiceManager.Action.REMOVE);
97     }
98
99     @Override
100     protected void update(InstanceIdentifier<Acl> key, Acl aclBefore, Acl aclAfter) {
101         if (!AclServiceUtils.isOfAclInterest(aclAfter) && !AclServiceUtils.isOfAclInterest(aclBefore)) {
102             LOG.trace("before {} and after {} does not have SecurityRuleAttr augmentation",
103                     aclBefore.getAclName(), aclAfter.getAclName());
104             return;
105         }
106         String aclName = aclAfter.getAclName();
107         Collection<AclInterface> interfacesBefore =
108                 ImmutableSet.copyOf(aclDataUtil.getInterfaceList(new Uuid(aclName)));
109         // Find and update added ace rules in acl
110         List<Ace> addedAceRules = getChangedAceList(aclAfter, aclBefore);
111
112         // Find and update deleted ace rules in acl
113         List<Ace> deletedAceRules = getChangedAceList(aclBefore, aclAfter);
114
115         if (interfacesBefore != null && aclClusterUtil.isEntityOwner()) {
116             LOG.debug("On update event, remove Ace rules: {} for ACL: {}", deletedAceRules, aclName);
117             updateAceRules(interfacesBefore, aclName, deletedAceRules, AclServiceManager.Action.REMOVE);
118         }
119         updateAclCaches(aclBefore, aclAfter, interfacesBefore);
120
121         if (interfacesBefore != null && aclClusterUtil.isEntityOwner()) {
122             LOG.debug("On update event, add Ace rules: {} for ACL: {}", addedAceRules, aclName);
123             updateAceRules(interfacesBefore, aclName, addedAceRules, AclServiceManager.Action.ADD);
124
125             aclServiceManager.notifyAcl(aclBefore, aclAfter, interfacesBefore, AclServiceManager.Action.UPDATE);
126         }
127     }
128
129     private void updateAceRules(Collection<AclInterface> interfaceList, String aclName, List<Ace> aceList,
130             AclServiceManager.Action action) {
131         if (null != aceList && !aceList.isEmpty()) {
132             LOG.trace("update ace rules - action: {} , ace rules: {}", action.name(), aceList);
133             for (AclInterface port : interfaceList) {
134                 for (Ace aceRule : aceList) {
135                     aclServiceManager.notifyAce(port, action, aclName, aceRule);
136                 }
137             }
138         }
139     }
140
141     @Override
142     protected void add(InstanceIdentifier<Acl> key, Acl acl) {
143         String aclName = acl.getAclName();
144         if (!AclServiceUtils.isOfAclInterest(acl)) {
145             LOG.trace("{} does not have SecurityRuleAttr augmentation", aclName);
146             return;
147         }
148
149         LOG.trace("On add event, add ACL: {}", acl);
150         this.aclDataUtil.addAcl(acl);
151
152         Integer aclTag = this.aclServiceUtils.allocateAclTag(aclName);
153         if (aclTag != null && aclTag != AclConstants.INVALID_ACL_TAG) {
154             this.aclDataUtil.addAclTag(aclName, aclTag);
155         }
156
157         updateRemoteAclCache(acl.getAccessListEntries().getAce(), aclName, AclServiceManager.Action.ADD);
158     }
159
160     /**
161      * Update remote acl cache.
162      *
163      * @param aceList the ace list
164      * @param aclName the acl name
165      * @param action the action
166      */
167     private void updateRemoteAclCache(List<Ace> aceList, String aclName, AclServiceManager.Action action) {
168         if (null == aceList) {
169             return;
170         }
171         for (Ace ace : aceList) {
172             SecurityRuleAttr aceAttributes = ace.getAugmentation(SecurityRuleAttr.class);
173             if (AclServiceUtils.doesAceHaveRemoteGroupId(aceAttributes)) {
174                 if (action == AclServiceManager.Action.ADD) {
175                     aclDataUtil.addRemoteAclId(aceAttributes.getRemoteGroupId(), new Uuid(aclName),
176                             aceAttributes.getDirection());
177                 } else {
178                     aclDataUtil.removeRemoteAclId(aceAttributes.getRemoteGroupId(), new Uuid(aclName),
179                             aceAttributes.getDirection());
180                 }
181             }
182         }
183     }
184
185     private void updateAclCaches(Acl aclBefore, Acl aclAfter, Collection<AclInterface> aclInterfaces) {
186         String aclName = aclAfter.getAclName();
187         Integer aclTag = this.aclDataUtil.getAclTag(aclName);
188         if (aclTag == null) {
189             aclTag = this.aclServiceUtils.allocateAclTag(aclName);
190             if (aclTag != null && aclTag != AclConstants.INVALID_ACL_TAG) {
191                 this.aclDataUtil.addAclTag(aclName, aclTag);
192             }
193         }
194         this.aclDataUtil.addAcl(aclAfter);
195
196         updateAclCaches(aclBefore, aclAfter, aclInterfaces, DirectionEgress.class);
197         updateAclCaches(aclBefore, aclAfter, aclInterfaces, DirectionIngress.class);
198     }
199
200     private void updateAclCaches(Acl aclBefore, Acl aclAfter, Collection<AclInterface> aclInterfaces,
201             Class<? extends DirectionBase> direction) {
202         Uuid aclId = new Uuid(aclAfter.getAclName());
203         Set<Uuid> remoteAclsBefore = AclServiceUtils.getRemoteAclIdsByDirection(aclBefore, direction);
204         Set<Uuid> remoteAclsAfter = AclServiceUtils.getRemoteAclIdsByDirection(aclAfter, direction);
205
206         Set<Uuid> remoteAclsDeleted = new HashSet<>(remoteAclsBefore);
207         remoteAclsDeleted.removeAll(remoteAclsAfter);
208         for (Uuid remoteAcl : remoteAclsDeleted) {
209             aclDataUtil.removeRemoteAclId(remoteAcl, aclId, direction);
210         }
211
212         Set<Uuid> remoteAclsAdded = new HashSet<>(remoteAclsAfter);
213         remoteAclsAdded.removeAll(remoteAclsBefore);
214         for (Uuid remoteAcl : remoteAclsAdded) {
215             aclDataUtil.addRemoteAclId(remoteAcl, aclId, direction);
216         }
217
218         if (remoteAclsDeleted.isEmpty() && remoteAclsAdded.isEmpty()) {
219             return;
220         }
221
222         if (aclInterfaces != null) {
223             for (AclInterface aclInterface : aclInterfaces) {
224                 AclInterface aclInterfaceInCache =
225                         aclInterfaceCache.addOrUpdate(aclInterface.getInterfaceId(), (prevAclInterface, builder) -> {
226                             SortedSet<Integer> remoteAclTags =
227                                     aclServiceUtils.getRemoteAclTags(aclInterface.getSecurityGroups(), direction);
228                             if (DirectionEgress.class.equals(direction)) {
229                                 builder.egressRemoteAclTags(remoteAclTags);
230                             } else {
231                                 builder.ingressRemoteAclTags(remoteAclTags);
232                             }
233                         });
234
235                 aclDataUtil.addOrUpdateAclInterfaceMap(aclInterface.getSecurityGroups(), aclInterfaceInCache);
236             }
237         }
238     }
239
240     @Override
241     protected AclEventListener getDataTreeChangeListener() {
242         return this;
243     }
244
245     private List<Ace> getChangedAceList(Acl updatedAcl, Acl currentAcl) {
246         if (updatedAcl == null) {
247             return null;
248         }
249         List<Ace> updatedAceList = updatedAcl.getAccessListEntries() == null ? new ArrayList<>()
250                 : new ArrayList<>(updatedAcl.getAccessListEntries().getAce());
251         if (currentAcl == null) {
252             return updatedAceList;
253         }
254         List<Ace> currentAceList = currentAcl.getAccessListEntries() == null ? new ArrayList<>()
255                 : new ArrayList<>(currentAcl.getAccessListEntries().getAce());
256         for (Iterator<Ace> iterator = updatedAceList.iterator(); iterator.hasNext();) {
257             Ace ace1 = iterator.next();
258             for (Ace ace2 : currentAceList) {
259                 if (ace1.getRuleName().equals(ace2.getRuleName())) {
260                     iterator.remove();
261                 }
262             }
263         }
264         return updatedAceList;
265     }
266 }
NetVirt - Archived