2 * Copyright (c) 2015 Cisco Systems, Inc. and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
8 package org.opendaylight.groupbasedpolicy.neutron.mapper.mapping;
10 import static com.google.common.base.Preconditions.checkNotNull;
12 import com.google.common.base.Optional;
13 import com.google.common.base.Strings;
15 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
16 import org.opendaylight.controller.md.sal.binding.api.ReadWriteTransaction;
17 import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
18 import org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.rule.NeutronSecurityRuleAware;
19 import org.opendaylight.groupbasedpolicy.neutron.mapper.util.MappingUtils;
20 import org.opendaylight.groupbasedpolicy.util.DataStoreHelper;
21 import org.opendaylight.groupbasedpolicy.util.IidFactory;
22 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.EndpointGroupId;
23 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.Name;
24 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.TenantId;
25 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.EndpointGroup;
26 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.EndpointGroup.IntraGroupPolicy;
27 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.EndpointGroupBuilder;
28 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.ExternalImplicitGroup;
29 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.ExternalImplicitGroupBuilder;
30 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.rev150712.Neutron;
31 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.secgroups.rev150712.security.groups.attributes.SecurityGroups;
32 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.secgroups.rev150712.security.groups.attributes.security.groups.SecurityGroup;
33 import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
34 import org.slf4j.Logger;
35 import org.slf4j.LoggerFactory;
37 public class NeutronSecurityGroupAware implements NeutronAware<SecurityGroup> {
39 private static final Logger LOG = LoggerFactory.getLogger(NeutronSecurityGroupAware.class);
40 public static final InstanceIdentifier<SecurityGroup> SECURITY_GROUP_WILDCARD_IID =
41 InstanceIdentifier.builder(Neutron.class).child(SecurityGroups.class).child(SecurityGroup.class).build();
42 private final DataBroker dataProvider;
43 private final NeutronSecurityRuleAware ruleAware;
45 public NeutronSecurityGroupAware(DataBroker dataProvider, NeutronSecurityRuleAware ruleAware) {
46 this.dataProvider = checkNotNull(dataProvider);
47 this.ruleAware = checkNotNull(ruleAware);
51 public void onCreated(SecurityGroup createdSecGroup, Neutron neutron) {
52 LOG.trace("created securityGroup - {}", createdSecGroup);
53 ReadWriteTransaction rwTx = dataProvider.newReadWriteTransaction();
54 boolean isSecGroupCreated = addNeutronSecurityGroup(createdSecGroup, rwTx);
55 if (isSecGroupCreated) {
56 DataStoreHelper.submitToDs(rwTx);
60 ruleAware.flushPendingSecurityRulesFor(createdSecGroup.getKey(), neutron);
63 boolean addNeutronSecurityGroup(SecurityGroup secGroup, ReadWriteTransaction rwTx) {
64 if (secGroup.getTenantId() == null) {
65 LOG.warn("Skip processing group {} because TenantId is null.", secGroup);
66 // TODO This needs to be reworked, SecGroups shouldn't use TenantId, Neutron doesn't always configure it
69 TenantId tenantId = new TenantId(secGroup.getTenantId().getValue());
70 EndpointGroupId epgId = new EndpointGroupId(secGroup.getUuid().getValue());
71 if (epgId.getValue().equals(MappingUtils.EIG_UUID.getValue())) {
72 ExternalImplicitGroup eig = new ExternalImplicitGroupBuilder().setId(epgId).build();
73 rwTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.externalImplicitGroupIid(tenantId, epgId), eig,
76 EndpointGroupBuilder epgBuilder = new EndpointGroupBuilder().setId(epgId);
77 if (!Strings.isNullOrEmpty(secGroup.getName())) {
79 epgBuilder.setName(new Name(secGroup.getName()));
80 } catch (NullPointerException | IllegalArgumentException e) {
81 LOG.info("Name '{}' of Neutron Security-group '{}' is ignored.", secGroup.getName(),
82 secGroup.getUuid().getValue());
83 LOG.debug("Name exception", e);
86 epgBuilder.setIntraGroupPolicy(IntraGroupPolicy.RequireContract);
87 rwTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.endpointGroupIid(tenantId, epgId),
88 epgBuilder.build(), true);
93 public void onUpdated(SecurityGroup oldItem, SecurityGroup newItem, Neutron oldNeutron, Neutron newNeutron) {
94 LOG.warn("updated securityGroup - Never should be called "
95 + "- neutron API does not allow UPDATE on neutron security group. \nSecurity group: {}", newItem);
99 public void onDeleted(SecurityGroup deletedSecGroup, Neutron oldNeutron, Neutron newNeutron) {
100 if (deletedSecGroup.getTenantId() == null) {
101 LOG.warn("Skip deleting SecGroup {} because TenantId is null.", deletedSecGroup);
102 // TODO This needs to be reworked, SecGroups shouldn't use TenantId, Neutron doesn't always configure it
105 LOG.trace("deleted securityGroup - {}", deletedSecGroup);
106 if (newNeutron != null && newNeutron.getSecurityRules() != null
107 && newNeutron.getSecurityRules().getSecurityRule() != null
108 && newNeutron.getSecurityRules()
111 .anyMatch(sr -> sr.getSecurityGroupId().equals(deletedSecGroup.getUuid()))) {
112 LOG.warn("Cannot remove security group {} before removing last security rule.", deletedSecGroup.getKey());
113 ruleAware.addPendingDeletedSecGroup(deletedSecGroup);
116 deleteGbpEndpointGroup(dataProvider, new TenantId(deletedSecGroup.getTenantId().getValue()),
117 new EndpointGroupId(deletedSecGroup.getUuid().getValue()));
120 public static void deleteGbpEndpointGroup(DataBroker dataBroker, TenantId tenantId, EndpointGroupId epgId) {
121 ReadWriteTransaction rwTx = dataBroker.newReadWriteTransaction();
122 Optional<EndpointGroup> potentialEpg = DataStoreHelper.removeIfExists(LogicalDatastoreType.CONFIGURATION,
123 IidFactory.endpointGroupIid(tenantId, epgId), rwTx);
124 if (!potentialEpg.isPresent()) {
125 LOG.warn("Illegal state - Endpoint group {} does not exist.", epgId.getValue());
129 DataStoreHelper.submitToDs(rwTx);