neutron-mapper/src/main/java/org/opendaylight/groupbasedpolicy/neutron/mapper/infrastructure/NetworkService.java

   1 /*
   2  * Copyright (c) 2014 Cisco Systems, Inc. and others. All rights reserved.
   3  *
   4  * This program and the accompanying materials are made available under the
   5  * terms of the Eclipse Public License v1.0 which accompanies this distribution,
   6  * and is available at http://www.eclipse.org/legal/epl-v10.html
   7  */
   8
   9 package org.opendaylight.groupbasedpolicy.neutron.mapper.infrastructure;
  10
  11 import java.util.ArrayList;
  12 import java.util.HashSet;
  13 import java.util.List;
  14 import java.util.Set;
  15
  16 import javax.annotation.Nullable;
  17
  18 import org.opendaylight.controller.md.sal.binding.api.WriteTransaction;
  19 import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
  20 import org.opendaylight.groupbasedpolicy.api.sf.EtherTypeClassifierDefinition;
  21 import org.opendaylight.groupbasedpolicy.api.sf.IpProtoClassifierDefinition;
  22 import org.opendaylight.groupbasedpolicy.api.sf.L4ClassifierDefinition;
  23 import org.opendaylight.groupbasedpolicy.neutron.mapper.util.MappingUtils;
  24 import org.opendaylight.groupbasedpolicy.neutron.mapper.util.Utils;
  25 import org.opendaylight.groupbasedpolicy.util.IidFactory;
  26 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev100924.IpPrefix;
  27 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ClassifierName;
  28 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ClauseName;
  29 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ContractId;
  30 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.Description;
  31 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.EndpointGroupId;
  32 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.Name;
  33 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ParameterName;
  34 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.RuleName;
  35 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.SelectorName;
  36 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.SubjectName;
  37 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.TenantId;
  38 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.HasDirection.Direction;
  39 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.classifier.refs.ClassifierRef;
  40 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.classifier.refs.ClassifierRefBuilder;
  41 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.endpoint.identification.constraints.EndpointIdentificationConstraintsBuilder;
  42 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.endpoint.identification.constraints.endpoint.identification.constraints.L3EndpointIdentificationConstraints;
  43 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.endpoint.identification.constraints.endpoint.identification.constraints.L3EndpointIdentificationConstraintsBuilder;
  44 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.endpoint.identification.constraints.endpoint.identification.constraints.l3.endpoint.identification.constraints.PrefixConstraintBuilder;
  45 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.subject.feature.instance.ParameterValue;
  46 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.subject.feature.instance.ParameterValueBuilder;
  47 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.Contract;
  48 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.ContractBuilder;
  49 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.EndpointGroup;
  50 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.EndpointGroup.IntraGroupPolicy;
  51 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.EndpointGroupBuilder;
  52 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.contract.Clause;
  53 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.contract.ClauseBuilder;
  54 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.contract.Subject;
  55 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.contract.SubjectBuilder;
  56 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.contract.clause.ConsumerMatchers;
  57 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.contract.clause.ConsumerMatchersBuilder;
  58 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.contract.clause.ProviderMatchers;
  59 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.contract.clause.ProviderMatchersBuilder;
  60 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.contract.subject.Rule;
  61 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.contract.subject.RuleBuilder;
  62 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.endpoint.group.ConsumerNamedSelector;
  63 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.endpoint.group.ConsumerNamedSelectorBuilder;
  64 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.endpoint.group.ProviderNamedSelector;
  65 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.endpoint.group.ProviderNamedSelectorBuilder;
  66 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.subject.feature.instances.ClassifierInstance;
  67 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.subject.feature.instances.ClassifierInstanceBuilder;
  68
  69 import com.google.common.collect.ImmutableList;
  70
  71 public class NetworkService {
  72
  73     /**
  74      * Unit tests {@link NetworkServiceTest}
  75      */
  76     // ########### DHCP
  77     private static final long DHCP_IPV4_SERVER_PORT = 67;
  78     private static final long DHCP_IPV4_CLIENT_PORT = 68;
  79     private static final long DHCP_IPV6_SERVER_PORT = 547;
  80     private static final long DHCP_IPV6_CLIENT_PORT = 546;
  81     private static final ClassifierName DHCP_IPV4_CLIENT_SERVER_NAME =
  82             new ClassifierName("DHCP_IPv4_FROM_CLIENT_TO_SERVER");
  83     private static final ClassifierName DHCP_IPV4_SERVER_CLIENT_NAME =
  84             new ClassifierName("DHCP_IPv4_FROM_SERVER_TO_CLIENT");
  85     private static final ClassifierName DHCP_IPV6_CLIENT_SERVER_NAME =
  86             new ClassifierName("DHCP_IPv6_FROM_CLIENT_TO_SERVER");
  87     private static final ClassifierName DHCP_IPV6_SERVER_CLIENT_NAME =
  88             new ClassifierName("DHCP_IPv6_FROM_SERVER_TO_CLIENT");
  89     private static final SubjectName DHCP_SUBJECT_NAME = new SubjectName("ALLOW_DHCP");
  90     private static final Description DHCP_CONTRACT_DESC =
  91             new Description("Allow DHCP communication between client and server.");
  92
  93     /**
  94      * Id of {@link #DHCP_CONTRACT}
  95      */
  96     public static final ContractId DHCP_CONTRACT_ID = new ContractId("11118d2e-dddd-11e5-885d-feff819cdc9f");
  97     /**
  98      * Contains rules with action {@link MappingUtils#ACTION_REF_ALLOW} matching DHCP communication
  99      * between Client and Server.
 100      */
 101     public static final Contract DHCP_CONTRACT;
 102     /**
 103      * {@link ConsumerNamedSelector} pointing to {@link #DHCP_CONTRACT}
 104      */
 105     public static final ConsumerNamedSelector DHCP_CONTRACT_CONSUMER_SELECTOR;
 106
 107     // ########### DNS
 108     private static final long DNS_SERVER_PORT = 53;
 109     private static final ClassifierName DNS_UDP_IPV4_CLIENT_SERVER_NAME =
 110             new ClassifierName("DNS_UDP_IPv4_FROM_CLIENT_TO_SERVER");
 111     private static final ClassifierName DNS_UDP_IPV4_SERVER_CLIENT_NAME =
 112             new ClassifierName("DNS_UDP_IPv4_FROM_SERVER_TO_CLIENT");
 113     private static final ClassifierName DNS_UDP_IPV6_CLIENT_SERVER_NAME =
 114             new ClassifierName("DNS_UDP_IPv6_FROM_CLIENT_TO_SERVER");
 115     private static final ClassifierName DNS_UDP_IPV6_SERVER_CLIENT_NAME =
 116             new ClassifierName("DNS_UDP_IPv6_FROM_SERVER_TO_CLIENT");
 117     private static final ClassifierName DNS_TCP_IPV4_CLIENT_SERVER_NAME =
 118             new ClassifierName("DNS_TCP_IPv4_FROM_CLIENT_TO_SERVER");
 119     private static final ClassifierName DNS_TCP_IPV4_SERVER_CLIENT_NAME =
 120             new ClassifierName("DNS_TCP_IPv4_FROM_SERVER_TO_CLIENT");
 121     private static final ClassifierName DNS_TCP_IPV6_CLIENT_SERVER_NAME =
 122             new ClassifierName("DNS_TCP_IPv6_FROM_CLIENT_TO_SERVER");
 123     private static final ClassifierName DNS_TCP_IPV6_SERVER_CLIENT_NAME =
 124             new ClassifierName("DNS_TCP_IPv6_FROM_SERVER_TO_CLIENT");
 125     private static final SubjectName DNS_SUBJECT_NAME = new SubjectName("ALLOW_DNS");
 126     private static final Description DNS_CONTRACT_DESC =
 127             new Description("Allow DNS communication between client and server.");
 128     /**
 129      * ID of {@link #DNS_CONTRACT}
 130      */
 131     public static final ContractId DNS_CONTRACT_ID = new ContractId("22218d2e-dddd-11e5-885d-feff819cdc9f");
 132     /**
 133      * Contains rules with action {@link MappingUtils#ACTION_REF_ALLOW} matching DNS communication
 134      * between Client and Server.
 135      */
 136     public static final Contract DNS_CONTRACT;
 137     /**
 138      * {@link ConsumerNamedSelector} pointing to {@link #DNS_CONTRACT}
 139      */
 140     public static final ConsumerNamedSelector DNS_CONTRACT_CONSUMER_SELECTOR;
 141
 142     // ########### SSH and ICMP management
 143     private static final long SSH_TCP_PORT = 22;
 144     private static final ClassifierName SSH_IPV4_SERVER_TO_CLIENT_NAME =
 145             new ClassifierName("SSH_IPV4_FROM_SERVER_TO_CLIENT");
 146     private static final ClassifierName SSH_IPV6_SERVER_TO_CLIENT_NAME =
 147             new ClassifierName("SSH_IPV6_FROM_SERVER_TO_CLIENT");
 148     private static final ClassifierName SSH_IPV4_CLIENT_TO_SERVER_NAME =
 149             new ClassifierName("SSH_IPV4_FROM_CLIENT_TO_SERVER");
 150     private static final ClassifierName SSH_IPV6_CLIENT_TO_SERVER_NAME =
 151             new ClassifierName("SSH_IPV6_FROM_CLIENT_TO_SERVER");
 152     private static final ClassifierName ICMP_IPV4_BETWEEN_SERVER_CLIENT_NAME =
 153             new ClassifierName("ICMP_IPV4_BETWEEN_SERVER_CLIENT");
 154     private static final ClassifierName ICMP_IPV6_BETWEEN_SERVER_CLIENT_NAME =
 155             new ClassifierName("ICMP_IPV6_BETWEEN_SERVER_CLIENT");
 156     private static final SubjectName MGMT_SUBJECT_NAME = new SubjectName("ALLOW_MGMT");
 157     private static final Description MGMT_CONTRACT_DESC =
 158             new Description("Allow ICMP and SSH management communication between server and client.");
 159
 160     /**
 161      * Id of {@link #MGMT_CONTRACT}
 162      */
 163     public static final ContractId MGMT_CONTRACT_ID = new ContractId("33318d2e-dddd-11e5-885d-feff819cdc9f");
 164     /**
 165      * Contains rules with action {@link MappingUtils#ACTION_REF_ALLOW} matching ICMP and SSH
 166      * communication
 167      * between Client and Server.
 168      */
 169     public static final Contract MGMT_CONTRACT;
 170     /**
 171      * {@link ConsumerNamedSelector} pointing to {@link #MGMT_CONTRACT}
 172      */
 173     public static final ConsumerNamedSelector MGMT_CONTRACT_CONSUMER_SELECTOR;
 174
 175     // ########### NETWORK-SERVICE ENDPOINT-GROUP
 176     private static final Name NETWORK_SERVICE_EPG_NAME = new Name("NETWORK_SERVICE");
 177     private static final Description NETWORK_SERVICE_EPG_DESC = new Description("Represents DHCP and DNS servers.");
 178     /**
 179      * ID of {@link #EPG}
 180      */
 181     public static final EndpointGroupId EPG_ID = new EndpointGroupId("ddd6cfe6-dfe5-11e4-8a00-1681e6b88ec1");
 182     /**
 183      * Network-service endpoint-group providing {@link #DHCP_CONTRACT} and {@link #DNS_CONTRACT}
 184      */
 185     public static final EndpointGroup EPG;
 186
 187     static {
 188         DHCP_CONTRACT = createContractDhcp();
 189         DHCP_CONTRACT_CONSUMER_SELECTOR = createConsumerSelector(DHCP_CONTRACT);
 190         DNS_CONTRACT = createContractDns();
 191         DNS_CONTRACT_CONSUMER_SELECTOR = createConsumerSelector(DNS_CONTRACT);
 192         MGMT_CONTRACT = createContractMgmt();
 193         MGMT_CONTRACT_CONSUMER_SELECTOR = createConsumerSelector(MGMT_CONTRACT);
 194         EPG = createNetworkServiceEpg();
 195     }
 196
 197     private static EndpointGroup createNetworkServiceEpg() {
 198         ProviderNamedSelector dhcpProviderSelector = createProviderSelector(DHCP_CONTRACT);
 199         ProviderNamedSelector dnsProviderSelector = createProviderSelector(DNS_CONTRACT);
 200         ProviderNamedSelector mgmtProviderSelector = createProviderSelector(MGMT_CONTRACT);
 201         return new EndpointGroupBuilder().setId(EPG_ID)
 202             .setName(NETWORK_SERVICE_EPG_NAME)
 203             .setProviderNamedSelector(ImmutableList.of(dhcpProviderSelector, dnsProviderSelector, mgmtProviderSelector))
 204             .setIntraGroupPolicy(IntraGroupPolicy.RequireContract)
 205             .setDescription(NETWORK_SERVICE_EPG_DESC)
 206             .build();
 207     }
 208
 209     private static ProviderNamedSelector createProviderSelector(Contract contract) {
 210         SelectorName selectorName = new SelectorName(contract.getSubject().get(0).getName().getValue());
 211         return new ProviderNamedSelectorBuilder().setName(selectorName)
 212             .setContract(ImmutableList.of(contract.getId()))
 213             .build();
 214     }
 215
 216     private static ConsumerNamedSelector createConsumerSelector(Contract contract) {
 217         SelectorName selectorName = new SelectorName(contract.getSubject().get(0).getName().getValue());
 218         return new ConsumerNamedSelectorBuilder().setName(selectorName)
 219             .setContract(ImmutableList.of(contract.getId()))
 220             .build();
 221     }
 222
 223     private static Contract createContractDhcp() {
 224         Rule clientServerIpv4Rule = createRuleAllow(DHCP_IPV4_CLIENT_SERVER_NAME, Direction.In);
 225         Rule serverClientIpv4Rule = createRuleAllow(DHCP_IPV4_SERVER_CLIENT_NAME, Direction.Out);
 226         Rule clientServerIpv6Rule = createRuleAllow(DHCP_IPV6_CLIENT_SERVER_NAME, Direction.In);
 227         Rule serverClientIpv6Rule = createRuleAllow(DHCP_IPV6_SERVER_CLIENT_NAME, Direction.Out);
 228         Subject subject = new SubjectBuilder().setName(DHCP_SUBJECT_NAME)
 229             .setOrder(0)
 230             .setRule(ImmutableList.of(clientServerIpv4Rule, serverClientIpv4Rule, clientServerIpv6Rule,
 231                     serverClientIpv6Rule))
 232             .build();
 233         return new ContractBuilder().setId(DHCP_CONTRACT_ID)
 234             .setSubject(ImmutableList.of(subject))
 235             .setDescription(DHCP_CONTRACT_DESC)
 236             .build();
 237     }
 238
 239     private static Contract createContractDns() {
 240         Rule clientServerUdpIpv4Rule = createRuleAllow(DNS_UDP_IPV4_CLIENT_SERVER_NAME, Direction.In);
 241         Rule serverClientUdpIpv4Rule = createRuleAllow(DNS_UDP_IPV4_SERVER_CLIENT_NAME, Direction.Out);
 242         Rule clientServerUdpIpv6Rule = createRuleAllow(DNS_UDP_IPV6_CLIENT_SERVER_NAME, Direction.In);
 243         Rule serverClientUdpIpv6Rule = createRuleAllow(DNS_UDP_IPV6_SERVER_CLIENT_NAME, Direction.Out);
 244         Rule clientServerTcpIpv4Rule = createRuleAllow(DNS_TCP_IPV4_CLIENT_SERVER_NAME, Direction.In);
 245         Rule serverClientTcpIpv4Rule = createRuleAllow(DNS_TCP_IPV4_SERVER_CLIENT_NAME, Direction.Out);
 246         Rule clientServerTcpIpv6Rule = createRuleAllow(DNS_TCP_IPV6_CLIENT_SERVER_NAME, Direction.In);
 247         Rule serverClientTcpIpv6Rule = createRuleAllow(DNS_TCP_IPV6_SERVER_CLIENT_NAME, Direction.Out);
 248         Subject subject = new SubjectBuilder().setName(DNS_SUBJECT_NAME)
 249             .setOrder(0)
 250             .setRule(ImmutableList.of(clientServerUdpIpv4Rule, serverClientUdpIpv4Rule, clientServerUdpIpv6Rule,
 251                     serverClientUdpIpv6Rule, clientServerTcpIpv4Rule, serverClientTcpIpv4Rule, clientServerTcpIpv6Rule,
 252                     serverClientTcpIpv6Rule))
 253             .build();
 254         return new ContractBuilder().setId(DNS_CONTRACT_ID)
 255             .setSubject(ImmutableList.of(subject))
 256             .setDescription(DNS_CONTRACT_DESC)
 257             .build();
 258     }
 259
 260     private static Contract createContractMgmt() {
 261         Rule serverClientSshIpv4Rule = createRuleAllow(SSH_IPV4_SERVER_TO_CLIENT_NAME, Direction.Out);
 262         Rule serverClientSshIpv6Rule = createRuleAllow(SSH_IPV6_SERVER_TO_CLIENT_NAME, Direction.Out);
 263         Rule clientServerSshIpv4Rule = createRuleAllow(SSH_IPV4_CLIENT_TO_SERVER_NAME, Direction.In);
 264         Rule clientServerSshIpv6Rule = createRuleAllow(SSH_IPV6_CLIENT_TO_SERVER_NAME, Direction.In);
 265         Rule serverClientIcmpIpv4Rule = createRuleAllow(ICMP_IPV4_BETWEEN_SERVER_CLIENT_NAME, Direction.Out);
 266         Rule serverClientIcmpIpv6Rule = createRuleAllow(ICMP_IPV6_BETWEEN_SERVER_CLIENT_NAME, Direction.Out);
 267         Rule clientServerIcmpIpv4Rule = createRuleAllow(ICMP_IPV4_BETWEEN_SERVER_CLIENT_NAME, Direction.In);
 268         Rule clientServerIcmpIpv6Rule = createRuleAllow(ICMP_IPV6_BETWEEN_SERVER_CLIENT_NAME, Direction.In);
 269
 270         Subject subject = new SubjectBuilder().setName(MGMT_SUBJECT_NAME)
 271             .setOrder(0)
 272             .setRule(ImmutableList.of(serverClientSshIpv4Rule, serverClientSshIpv6Rule, clientServerSshIpv4Rule,
 273                     clientServerSshIpv6Rule, clientServerIcmpIpv4Rule, clientServerIcmpIpv6Rule,
 274                     serverClientIcmpIpv4Rule, serverClientIcmpIpv6Rule))
 275             .build();
 276         return new ContractBuilder().setId(MGMT_CONTRACT_ID)
 277             .setSubject(ImmutableList.of(subject))
 278             .setDescription(MGMT_CONTRACT_DESC)
 279             .build();
 280     }
 281
 282     private static Rule createRuleAllow(ClassifierName classifierName, Direction direction) {
 283         ClassifierName name =
 284                 new ClassifierName(direction.name() + MappingUtils.NAME_DOUBLE_DELIMETER + classifierName.getValue());
 285         ClassifierRef classifierRef = new ClassifierRefBuilder().setName(name)
 286             .setInstanceName(classifierName)
 287             .setDirection(direction)
 288             .build();
 289         return new RuleBuilder().setName(new RuleName(name))
 290             .setActionRef(MappingUtils.ACTION_REF_ALLOW)
 291             .setClassifierRef(ImmutableList.of(classifierRef))
 292             .build();
 293     }
 294
 295     /**
 296      * puts clause with {@link L3EndpointIdentificationConstraints} in {@link ConsumerMatchers}
 297      * and {@link ProviderMatchers}. This clause points to subject in {@link #DHCP_CONTRACT}.
 298      *
 299      * @param tenantId location of {@link #DHCP_CONTRACT}
 300      * @param ipPrefix used in {@link L3EndpointIdentificationConstraints}
 301      * @param wTx transaction where entities are written
 302      */
 303     public static void writeDhcpClauseWithConsProvEic(TenantId tenantId, @Nullable IpPrefix ipPrefix,
 304             WriteTransaction wTx) {
 305         Clause clause = createClauseWithConsProvEic(ipPrefix, DHCP_SUBJECT_NAME);
 306         wTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.clauseIid(tenantId, DHCP_CONTRACT_ID, clause.getName()),
 307                 clause, true);
 308     }
 309
 310     /**
 311      * puts clause with {@link L3EndpointIdentificationConstraints} in {@link ConsumerMatchers}
 312      * and {@link ProviderMatchers}. This clause points to subject in {@link #DNS_CONTRACT}.
 313      *
 314      * @param tenantId location of {@link #DNS_CONTRACT}
 315      * @param ipPrefix used in {@link L3EndpointIdentificationConstraints}
 316      * @param wTx transaction where entities are written
 317      */
 318     public static void writeDnsClauseWithConsProvEic(TenantId tenantId, @Nullable IpPrefix ipPrefix,
 319             WriteTransaction wTx) {
 320         Clause clause = createClauseWithConsProvEic(ipPrefix, DNS_SUBJECT_NAME);
 321         wTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.clauseIid(tenantId, DNS_CONTRACT_ID, clause.getName()),
 322                 clause, true);
 323     }
 324
 325     /**
 326      * puts clause with {@link L3EndpointIdentificationConstraints} in {@link ConsumerMatchers}
 327      * and {@link ProviderMatchers}. This clause points to subject in {@link #MGMT_CONTRACT}.
 328      *
 329      * @param tenantId location of {@link #MGMT_CONTRACT}
 330      * @param ipPrefix used in {@link L3EndpointIdentificationConstraints}
 331      * @param wTx transaction where entities are written
 332      */
 333     public static void writeMgmtClauseWithConsProvEic(TenantId tenantId, @Nullable IpPrefix ipPrefix,
 334             WriteTransaction wTx) {
 335         Clause clause = createClauseWithConsProvEic(ipPrefix, MGMT_SUBJECT_NAME);
 336         wTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.clauseIid(tenantId, MGMT_CONTRACT_ID, clause.getName()),
 337                 clause, true);
 338     }
 339
 340     private static Clause createClauseWithConsProvEic(@Nullable IpPrefix ipPrefix, SubjectName subjectName) {
 341         ConsumerMatchers consumerMatchers = null;
 342         ProviderMatchers providerMatchers = null;
 343         StringBuilder clauseName = new StringBuilder();
 344         clauseName.append(subjectName.getValue());
 345         if (ipPrefix != null) {
 346             clauseName.append(MappingUtils.NAME_DOUBLE_DELIMETER).append(Utils.getStringIpPrefix(ipPrefix));
 347             consumerMatchers =
 348                     new ConsumerMatchersBuilder()
 349                         .setEndpointIdentificationConstraints(new EndpointIdentificationConstraintsBuilder()
 350                             .setL3EndpointIdentificationConstraints(new L3EndpointIdentificationConstraintsBuilder()
 351                                 .setPrefixConstraint(
 352                                         ImmutableList.of(new PrefixConstraintBuilder().setIpPrefix(ipPrefix).build()))
 353                                 .build())
 354                             .build())
 355                         .build();
 356             providerMatchers =
 357                     new ProviderMatchersBuilder()
 358                         .setEndpointIdentificationConstraints(new EndpointIdentificationConstraintsBuilder()
 359                             .setL3EndpointIdentificationConstraints(new L3EndpointIdentificationConstraintsBuilder()
 360                                 .setPrefixConstraint(
 361                                         ImmutableList.of(new PrefixConstraintBuilder().setIpPrefix(ipPrefix).build()))
 362                                 .build())
 363                             .build())
 364                         .build();
 365         }
 366         return new ClauseBuilder().setName(new ClauseName(clauseName.toString()))
 367             .setSubjectRefs(ImmutableList.of(subjectName))
 368             .setConsumerMatchers(consumerMatchers)
 369             .setProviderMatchers(providerMatchers)
 370             .build();
 371     }
 372
 373     /**
 374      * Puts network service entities (classifier-instances, {@link #DHCP_CONTRACT},
 375      * {@link #DNS_CONTRACT}, {@link #MGMT_CONTRACT} and {@link #EPG}) to
 376      * {@link LogicalDatastoreType#CONFIGURATION}
 377      *
 378      * @param tenantId location of network-service entities
 379      * @param wTx transaction where network-service entities are written
 380      */
 381     public static void writeNetworkServiceEntitiesToTenant(TenantId tenantId, WriteTransaction wTx) {
 382         Set<ClassifierInstance> classifierInstances = getAllClassifierInstances();
 383         for (ClassifierInstance ci : classifierInstances) {
 384             wTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.classifierInstanceIid(tenantId, ci.getName()), ci,
 385                     true);
 386         }
 387         wTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.contractIid(tenantId, DHCP_CONTRACT_ID), DHCP_CONTRACT,
 388                 true);
 389         wTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.contractIid(tenantId, DNS_CONTRACT_ID), DNS_CONTRACT,
 390                 true);
 391         wTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.contractIid(tenantId, MGMT_CONTRACT_ID), MGMT_CONTRACT,
 392                 true);
 393         wTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.endpointGroupIid(tenantId, EPG_ID), EPG, true);
 394     }
 395
 396     /**
 397      * @return All classifier-instances used in {@link #DHCP_CONTRACT}, {@link #DNS_CONTRACT} and
 398      *         {@link #MGMT_CONTRACT}
 399      */
 400     public static Set<ClassifierInstance> getAllClassifierInstances() {
 401         HashSet<ClassifierInstance> cis = new HashSet<>();
 402         cis.add(createDhcpIpv4ClientServer());
 403         cis.add(createDhcpIpv4ServerClient());
 404         cis.add(createDhcpIpv6ClientServer());
 405         cis.add(createDhcpIpv6ServerClient());
 406         cis.add(createDnsUdpIpv4ClientServer());
 407         cis.add(createDnsUdpIpv4ServerClient());
 408         cis.add(createDnsUdpIpv6ClientServer());
 409         cis.add(createDnsUdpIpv6ServerClient());
 410         cis.add(createDnsTcpIpv4ClientServer());
 411         cis.add(createDnsTcpIpv4ServerClient());
 412         cis.add(createDnsTcpIpv6ClientServer());
 413         cis.add(createDnsTcpIpv6ServerClient());
 414         // MGMT
 415         cis.add(createSshTcpIpv4ServerClient());
 416         cis.add(createSshTcpIpv6ServerClient());
 417         cis.add(createSshTcpIpv4ClientServer());
 418         cis.add(createSshTcpIpv6ClientServer());
 419         cis.add(createIcmpIpv4());
 420         cis.add(createIcmpIpv6());
 421
 422         return cis;
 423     }
 424
 425     // ###################### DHCP
 426     private static ClassifierInstance createDhcpIpv4ClientServer() {
 427         return new ClassifierInstanceBuilder().setName(DHCP_IPV4_CLIENT_SERVER_NAME)
 428             .setClassifierDefinitionId(L4ClassifierDefinition.DEFINITION.getId())
 429             .setParameterValue(createParams(EtherTypeClassifierDefinition.IPv4_VALUE, IpProtoClassifierDefinition.UDP_VALUE,
 430                     DHCP_IPV4_CLIENT_PORT, DHCP_IPV4_SERVER_PORT))
 431             .build();
 432     }
 433
 434     private static ClassifierInstance createDhcpIpv4ServerClient() {
 435         return new ClassifierInstanceBuilder().setName(DHCP_IPV4_SERVER_CLIENT_NAME)
 436             .setClassifierDefinitionId(L4ClassifierDefinition.DEFINITION.getId())
 437             .setParameterValue(createParams(EtherTypeClassifierDefinition.IPv4_VALUE, IpProtoClassifierDefinition.UDP_VALUE,
 438                     DHCP_IPV4_SERVER_PORT, DHCP_IPV4_CLIENT_PORT))
 439             .build();
 440     }
 441
 442     private static ClassifierInstance createDhcpIpv6ClientServer() {
 443         return new ClassifierInstanceBuilder().setName(DHCP_IPV6_CLIENT_SERVER_NAME)
 444             .setClassifierDefinitionId(L4ClassifierDefinition.DEFINITION.getId())
 445             .setParameterValue(createParams(EtherTypeClassifierDefinition.IPv6_VALUE, IpProtoClassifierDefinition.UDP_VALUE,
 446                     DHCP_IPV6_CLIENT_PORT, DHCP_IPV6_SERVER_PORT))
 447             .build();
 448     }
 449
 450     private static ClassifierInstance createDhcpIpv6ServerClient() {
 451         return new ClassifierInstanceBuilder().setName(DHCP_IPV6_SERVER_CLIENT_NAME)
 452             .setClassifierDefinitionId(L4ClassifierDefinition.DEFINITION.getId())
 453             .setParameterValue(createParams(EtherTypeClassifierDefinition.IPv6_VALUE, IpProtoClassifierDefinition.UDP_VALUE,
 454                     DHCP_IPV6_SERVER_PORT, DHCP_IPV6_CLIENT_PORT))
 455             .build();
 456     }
 457
 458     // ###################### DNS UDP
 459     private static ClassifierInstance createDnsUdpIpv4ClientServer() {
 460         return new ClassifierInstanceBuilder().setName(DNS_UDP_IPV4_CLIENT_SERVER_NAME)
 461             .setClassifierDefinitionId(L4ClassifierDefinition.DEFINITION.getId())
 462             .setParameterValue(
 463                     createParams(EtherTypeClassifierDefinition.IPv4_VALUE, IpProtoClassifierDefinition.UDP_VALUE, null, DNS_SERVER_PORT))
 464             .build();
 465     }
 466
 467     private static ClassifierInstance createDnsUdpIpv4ServerClient() {
 468         return new ClassifierInstanceBuilder().setName(DNS_UDP_IPV4_SERVER_CLIENT_NAME)
 469             .setClassifierDefinitionId(L4ClassifierDefinition.DEFINITION.getId())
 470             .setParameterValue(
 471                     createParams(EtherTypeClassifierDefinition.IPv4_VALUE, IpProtoClassifierDefinition.UDP_VALUE, DNS_SERVER_PORT, null))
 472             .build();
 473     }
 474
 475     private static ClassifierInstance createDnsUdpIpv6ClientServer() {
 476         return new ClassifierInstanceBuilder().setName(DNS_UDP_IPV6_CLIENT_SERVER_NAME)
 477             .setClassifierDefinitionId(L4ClassifierDefinition.DEFINITION.getId())
 478             .setParameterValue(
 479                     createParams(EtherTypeClassifierDefinition.IPv6_VALUE, IpProtoClassifierDefinition.UDP_VALUE, null, DNS_SERVER_PORT))
 480             .build();
 481     }
 482
 483     private static ClassifierInstance createDnsUdpIpv6ServerClient() {
 484         return new ClassifierInstanceBuilder().setName(DNS_UDP_IPV6_SERVER_CLIENT_NAME)
 485             .setClassifierDefinitionId(L4ClassifierDefinition.DEFINITION.getId())
 486             .setParameterValue(
 487                     createParams(EtherTypeClassifierDefinition.IPv6_VALUE, IpProtoClassifierDefinition.UDP_VALUE, DNS_SERVER_PORT, null))
 488             .build();
 489     }
 490
 491     // ###################### DNS TCP
 492     private static ClassifierInstance createDnsTcpIpv4ClientServer() {
 493         return new ClassifierInstanceBuilder().setName(DNS_TCP_IPV4_CLIENT_SERVER_NAME)
 494             .setClassifierDefinitionId(L4ClassifierDefinition.DEFINITION.getId())
 495             .setParameterValue(
 496                     createParams(EtherTypeClassifierDefinition.IPv4_VALUE, IpProtoClassifierDefinition.TCP_VALUE, null, DNS_SERVER_PORT))
 497             .build();
 498     }
 499
 500     private static ClassifierInstance createDnsTcpIpv4ServerClient() {
 501         return new ClassifierInstanceBuilder().setName(DNS_TCP_IPV4_SERVER_CLIENT_NAME)
 502             .setClassifierDefinitionId(L4ClassifierDefinition.DEFINITION.getId())
 503             .setParameterValue(
 504                     createParams(EtherTypeClassifierDefinition.IPv4_VALUE, IpProtoClassifierDefinition.TCP_VALUE, DNS_SERVER_PORT, null))
 505             .build();
 506     }
 507
 508     private static ClassifierInstance createDnsTcpIpv6ClientServer() {
 509         return new ClassifierInstanceBuilder().setName(DNS_TCP_IPV6_CLIENT_SERVER_NAME)
 510             .setClassifierDefinitionId(L4ClassifierDefinition.DEFINITION.getId())
 511             .setParameterValue(
 512                     createParams(EtherTypeClassifierDefinition.IPv6_VALUE, IpProtoClassifierDefinition.TCP_VALUE, null, DNS_SERVER_PORT))
 513             .build();
 514     }
 515
 516     private static ClassifierInstance createDnsTcpIpv6ServerClient() {
 517         return new ClassifierInstanceBuilder().setName(DNS_TCP_IPV6_SERVER_CLIENT_NAME)
 518             .setClassifierDefinitionId(L4ClassifierDefinition.DEFINITION.getId())
 519             .setParameterValue(
 520                     createParams(EtherTypeClassifierDefinition.IPv6_VALUE, IpProtoClassifierDefinition.TCP_VALUE, DNS_SERVER_PORT, null))
 521             .build();
 522     }
 523
 524     // ###################### SSH TCP
 525     private static ClassifierInstance createSshTcpIpv4ClientServer() {
 526         return new ClassifierInstanceBuilder().setName(SSH_IPV4_CLIENT_TO_SERVER_NAME)
 527             .setClassifierDefinitionId(L4ClassifierDefinition.DEFINITION.getId())
 528             .setParameterValue(
 529                     createParams(EtherTypeClassifierDefinition.IPv4_VALUE, IpProtoClassifierDefinition.TCP_VALUE, SSH_TCP_PORT, null))
 530             .build();
 531     }
 532
 533     private static ClassifierInstance createSshTcpIpv4ServerClient() {
 534         return new ClassifierInstanceBuilder().setName(SSH_IPV4_SERVER_TO_CLIENT_NAME)
 535             .setClassifierDefinitionId(L4ClassifierDefinition.DEFINITION.getId())
 536             .setParameterValue(
 537                     createParams(EtherTypeClassifierDefinition.IPv4_VALUE, IpProtoClassifierDefinition.TCP_VALUE, null, SSH_TCP_PORT))
 538             .build();
 539     }
 540
 541     private static ClassifierInstance createSshTcpIpv6ClientServer() {
 542         return new ClassifierInstanceBuilder().setName(SSH_IPV6_CLIENT_TO_SERVER_NAME)
 543             .setClassifierDefinitionId(L4ClassifierDefinition.DEFINITION.getId())
 544             .setParameterValue(
 545                     createParams(EtherTypeClassifierDefinition.IPv6_VALUE, IpProtoClassifierDefinition.TCP_VALUE, SSH_TCP_PORT, null))
 546             .build();
 547     }
 548
 549     private static ClassifierInstance createSshTcpIpv6ServerClient() {
 550         return new ClassifierInstanceBuilder().setName(SSH_IPV6_SERVER_TO_CLIENT_NAME)
 551             .setClassifierDefinitionId(L4ClassifierDefinition.DEFINITION.getId())
 552             .setParameterValue(
 553                     createParams(EtherTypeClassifierDefinition.IPv6_VALUE, IpProtoClassifierDefinition.TCP_VALUE, null, SSH_TCP_PORT))
 554             .build();
 555     }
 556
 557     // ###################### ICMP
 558     private static ClassifierInstance createIcmpIpv4() {
 559         return new ClassifierInstanceBuilder().setName(ICMP_IPV4_BETWEEN_SERVER_CLIENT_NAME)
 560             .setClassifierDefinitionId(IpProtoClassifierDefinition.DEFINITION.getId())
 561             .setParameterValue(createParams(EtherTypeClassifierDefinition.IPv4_VALUE, IpProtoClassifierDefinition.ICMP_VALUE, null, null))
 562             .build();
 563     }
 564
 565     private static ClassifierInstance createIcmpIpv6() {
 566         return new ClassifierInstanceBuilder().setName(ICMP_IPV6_BETWEEN_SERVER_CLIENT_NAME)
 567             .setClassifierDefinitionId(IpProtoClassifierDefinition.DEFINITION.getId())
 568             .setParameterValue(createParams(EtherTypeClassifierDefinition.IPv6_VALUE, IpProtoClassifierDefinition.ICMP_VALUE, null, null))
 569             .build();
 570     }
 571
 572     private static List<ParameterValue> createParams(long etherType, long proto, @Nullable Long srcPort,
 573             @Nullable Long dstPort) {
 574         List<ParameterValue> params = new ArrayList<>();
 575         if (srcPort != null) {
 576             params.add(new ParameterValueBuilder().setName(new ParameterName(L4ClassifierDefinition.SRC_PORT_PARAM))
 577                 .setIntValue(srcPort)
 578                 .build());
 579         }
 580         if (dstPort != null) {
 581             params.add(new ParameterValueBuilder().setName(new ParameterName(L4ClassifierDefinition.DST_PORT_PARAM))
 582                 .setIntValue(dstPort)
 583                 .build());
 584         }
 585         params.add(new ParameterValueBuilder().setName(new ParameterName(IpProtoClassifierDefinition.PROTO_PARAM))
 586             .setIntValue(proto)
 587             .build());
 588         params.add(new ParameterValueBuilder().setName(new ParameterName(EtherTypeClassifierDefinition.ETHERTYPE_PARAM))
 589             .setIntValue(etherType)
 590             .build());
 591         return params;
 592     }
 593 }