Code Review / groupbasedpolicy.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
Add yang generated packages in .gitignore
[groupbasedpolicy.git] / neutron-mapper / src / main / java / org / opendaylight / groupbasedpolicy / neutron / mapper / mapping / rule / SecRuleEntityDecoder.java
1 package org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.rule;\r
2 \r
3 import static com.google.common.base.Preconditions.checkNotNull;\r
4 \r
5 import java.util.ArrayList;\r
6 import java.util.List;\r
7 \r
8 import javax.annotation.Nullable;\r
9 \r
10 import org.opendaylight.groupbasedpolicy.neutron.mapper.util.NeutronUtils;\r
11 import org.opendaylight.groupbasedpolicy.neutron.mapper.util.Utils;\r
12 import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.sf.EtherTypeClassifier;\r
13 import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.sf.IpProtoClassifier;\r
14 import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.sf.L4Classifier;\r
15 import org.opendaylight.neutron.spi.NeutronSecurityRule;\r
16 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev100924.IpPrefix;\r
17 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ClassifierName;\r
18 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ContractId;\r
19 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.EndpointGroupId;\r
20 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ParameterName;\r
21 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.SubjectName;\r
22 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.TenantId;\r
23 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.HasDirection.Direction;\r
24 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.classifier.refs.ClassifierRef;\r
25 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.classifier.refs.ClassifierRef.ConnectionTracking;\r
26 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.classifier.refs.ClassifierRefBuilder;\r
27 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.endpoint.identification.constraints.EndpointIdentificationConstraints;\r
28 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.endpoint.identification.constraints.EndpointIdentificationConstraintsBuilder;\r
29 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.endpoint.identification.constraints.endpoint.identification.constraints.L3EndpointIdentificationConstraintsBuilder;\r
30 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.endpoint.identification.constraints.endpoint.identification.constraints.l3.endpoint.identification.constraints.PrefixConstraint;\r
31 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.endpoint.identification.constraints.endpoint.identification.constraints.l3.endpoint.identification.constraints.PrefixConstraintBuilder;\r
32 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.subject.feature.instance.ParameterValue;\r
33 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.subject.feature.instance.ParameterValueBuilder;\r
34 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.subject.feature.instance.parameter.value.RangeValueBuilder;\r
35 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.Clause;\r
36 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.ClauseBuilder;\r
37 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.clause.ConsumerMatchers;\r
38 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.clause.ConsumerMatchersBuilder;\r
39 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.subject.feature.instances.ClassifierInstance;\r
40 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.subject.feature.instances.ClassifierInstanceBuilder;\r
41 \r
42 import com.google.common.base.Strings;\r
43 import com.google.common.collect.ImmutableList;\r
44 \r
45 public class SecRuleEntityDecoder {\r
46 \r
47     private SecRuleEntityDecoder() {\r
48         throw new UnsupportedOperationException("Cannot create an instace.");\r
49     }\r
50 \r
51     public static TenantId getTenantId(NeutronSecurityRule secRule) {\r
52         return new TenantId(Utils.normalizeUuid(secRule.getSecurityRuleTenantID()));\r
53     }\r
54 \r
55     public static EndpointGroupId getProviderEpgId(NeutronSecurityRule secRule) {\r
56         return new EndpointGroupId(Utils.normalizeUuid(secRule.getSecurityRuleGroupID()));\r
57     }\r
58 \r
59     /**\r
60      * @return {@code null} if {@link NeutronSecurityRule#getSecurityRemoteGroupID()} is null\r
61      */\r
62     public static @Nullable EndpointGroupId getConsumerEpgId(NeutronSecurityRule secRule) {\r
63         if (Strings.isNullOrEmpty(secRule.getSecurityRemoteGroupID())) {\r
64             return null;\r
65         }\r
66         return new EndpointGroupId(Utils.normalizeUuid(secRule.getSecurityRemoteGroupID()));\r
67     }\r
68 \r
69     public static ContractId getContractId(NeutronSecurityRule secRule) {\r
70         return new ContractId(Utils.normalizeUuid(secRule.getSecurityRuleUUID()));\r
71     }\r
72 \r
73     public static ClassifierInstance getClassifierInstance(NeutronSecurityRule secRule) {\r
74         ClassifierInstanceBuilder classifierBuilder = new ClassifierInstanceBuilder();\r
75         List<ParameterValue> params = new ArrayList<>();\r
76         Integer portMin = secRule.getSecurityRulePortMin();\r
77         Integer portMax = secRule.getSecurityRulePortMax();\r
78         if (portMin != null && portMax != null) {\r
79             classifierBuilder.setClassifierDefinitionId(L4Classifier.DEFINITION.getId());\r
80             if (portMin.equals(portMax)) {\r
81                 params.add(new ParameterValueBuilder().setName(new ParameterName(L4Classifier.DST_PORT_PARAM))\r
82                     .setIntValue(portMin.longValue())\r
83                     .build());\r
84             } else {\r
85                 params.add(new ParameterValueBuilder().setName(new ParameterName(L4Classifier.DST_PORT_RANGE_PARAM))\r
86                     .setRangeValue(\r
87                             new RangeValueBuilder().setMin(portMin.longValue()).setMax(portMax.longValue()).build())\r
88                     .build());\r
89             }\r
90         }\r
91         Long protocol = getProtocol(secRule);\r
92         if (protocol != null) {\r
93             if (classifierBuilder.getClassifierDefinitionId() == null) {\r
94                 classifierBuilder.setClassifierDefinitionId(IpProtoClassifier.DEFINITION.getId());\r
95             }\r
96             params.add(new ParameterValueBuilder().setName(new ParameterName(IpProtoClassifier.PROTO_PARAM))\r
97                 .setIntValue(protocol)\r
98                 .build());\r
99         }\r
100         Long ethertype = getEtherType(secRule);\r
101         if (ethertype != null) {\r
102             if (classifierBuilder.getClassifierDefinitionId() == null) {\r
103                 classifierBuilder.setClassifierDefinitionId(EtherTypeClassifier.DEFINITION.getId());\r
104             }\r
105             params.add(new ParameterValueBuilder().setName(new ParameterName(EtherTypeClassifier.ETHERTYPE_PARAM))\r
106                 .setIntValue(ethertype)\r
107                 .build());\r
108         }\r
109         ClassifierName classifierName = SecRuleNameDecoder.getClassifierInstanceName(secRule);\r
110         return classifierBuilder.setParameterValue(params).setName(new ClassifierName(classifierName)).build();\r
111     }\r
112 \r
113     public static ClassifierRef getClassifierRef(NeutronSecurityRule secRule) {\r
114         checkNotNull(secRule);\r
115         ClassifierName classifierInstanceName = SecRuleNameDecoder.getClassifierInstanceName(secRule);\r
116         ClassifierRefBuilder classifierRefBuilder = new ClassifierRefBuilder()\r
117             .setConnectionTracking(ConnectionTracking.Reflexive).setInstanceName(classifierInstanceName);\r
118         Direction direction = getDirection(secRule);\r
119         classifierRefBuilder.setDirection(direction);\r
120         ClassifierName classifierRefName = SecRuleNameDecoder.getClassifierRefName(secRule);\r
121         return classifierRefBuilder.setName(classifierRefName).build();\r
122     }\r
123 \r
124     /**\r
125      * @param secRule\r
126      * @return direction resolved from {@link NeutronSecurityRule#getSecurityRuleDirection()}\r
127      * @throws IllegalArgumentException if return value of\r
128      *         {@link NeutronSecurityRule#getSecurityRuleDirection()} is other than "ingress" or\r
129      *         "egress"\r
130      */\r
131     public static Direction getDirection(NeutronSecurityRule secRule) {\r
132         String direction = secRule.getSecurityRuleDirection();\r
133         if (NeutronUtils.INGRESS.equals(direction)) {\r
134             return Direction.In;\r
135         }\r
136         if (NeutronUtils.EGRESS.equals(direction)) {\r
137             return Direction.Out;\r
138         }\r
139         throw new IllegalArgumentException("Direction " + direction + " from security group rule "\r
140                 + secRule.getSecurityRuleUUID() + " is not supported. Direction can be only 'ingress' or 'egress'.");\r
141     }\r
142 \r
143     /**\r
144      * @param secRule {@link NeutronSecurityRule#getSecurityRuleRemoteIpPrefix()} is used for EIC\r
145      *        and subject selection\r
146      * @return clause with the subject and with a consumer matcher containing EIC\r
147      */\r
148     public static Clause getClause(NeutronSecurityRule secRule) {\r
149         checkNotNull(secRule);\r
150         SubjectName subjectName = SecRuleNameDecoder.getSubjectName(secRule);\r
151         ClauseBuilder clauseBuilder =\r
152                 new ClauseBuilder().setSubjectRefs(ImmutableList.of(subjectName)).setName(SecRuleNameDecoder.getClauseName(secRule));\r
153         String remoteIpPrefix = secRule.getSecurityRuleRemoteIpPrefix();\r
154         if (!Strings.isNullOrEmpty(remoteIpPrefix)) {\r
155             clauseBuilder.setConsumerMatchers(createConsumerMatchersWithEic(remoteIpPrefix));\r
156         }\r
157         return clauseBuilder.build();\r
158     }\r
159 \r
160     private static ConsumerMatchers createConsumerMatchersWithEic(String remoteIpPrefix) {\r
161         IpPrefix ipPrefix = Utils.createIpPrefix(remoteIpPrefix);\r
162         PrefixConstraint consumerPrefixConstraint = new PrefixConstraintBuilder().setIpPrefix(ipPrefix).build();\r
163         EndpointIdentificationConstraints eic =\r
164                 new EndpointIdentificationConstraintsBuilder()\r
165                     .setL3EndpointIdentificationConstraints(new L3EndpointIdentificationConstraintsBuilder()\r
166                         .setPrefixConstraint(ImmutableList.<PrefixConstraint>of(consumerPrefixConstraint)).build())\r
167                     .build();\r
168         return new ConsumerMatchersBuilder().setEndpointIdentificationConstraints(eic).build();\r
169     }\r
170 \r
171     public static boolean isEtherTypeOfOneWithinTwo(NeutronSecurityRule one, NeutronSecurityRule two) {\r
172         Long oneEtherType = getEtherType(one);\r
173         Long twoEtherType = getEtherType(two);\r
174         return twoIsNullOrEqualsOne(oneEtherType, twoEtherType);\r
175     }\r
176 \r
177     public static boolean isProtocolOfOneWithinTwo(NeutronSecurityRule one, NeutronSecurityRule two) {\r
178         Long oneProtocol = getProtocol(one);\r
179         Long twoProtocol = getProtocol(two);\r
180         return twoIsNullOrEqualsOne(oneProtocol, twoProtocol);\r
181     }\r
182 \r
183     private static <T> boolean twoIsNullOrEqualsOne(T one, T two) {\r
184         if (two == null)\r
185             return true;\r
186         if (two.equals(one))\r
187             return true;\r
188         return false;\r
189     }\r
190 \r
191     public static boolean isPortsOfOneWithinTwo(NeutronSecurityRule one, NeutronSecurityRule two) {\r
192         Integer onePortMin = one.getSecurityRulePortMin();\r
193         Integer onePortMax = one.getSecurityRulePortMax();\r
194         Integer twoPortMin = two.getSecurityRulePortMin();\r
195         Integer twoPortMax = two.getSecurityRulePortMax();\r
196         if (twoPortMin == null && twoPortMax == null) {\r
197             return true;\r
198         }\r
199         if ((onePortMin != null && twoPortMin != null && onePortMin >= twoPortMin)\r
200                 && (onePortMax != null && twoPortMax != null && onePortMax <= twoPortMax)) {\r
201             return true;\r
202         }\r
203         return false;\r
204     }\r
205 \r
206     /**\r
207      * @param secRule\r
208      * @return {@code null} if {@link NeutronSecurityRule#getSecurityRuleEthertype()} is null or\r
209      *         empty; value of {@link EtherTypeClassifier#IPv4_VALUE} or\r
210      *         {@link EtherTypeClassifier#IPv6_VALUE}\r
211      * @throws IllegalArgumentException if return value of\r
212      *         {@link NeutronSecurityRule#getSecurityRuleEthertype()} is not empty/null and is other\r
213      *         than "IPv4" or "IPv6"\r
214      */\r
215     public static Long getEtherType(NeutronSecurityRule secRule) {\r
216         String ethertype = secRule.getSecurityRuleEthertype();\r
217         if (Strings.isNullOrEmpty(ethertype)) {\r
218             return null;\r
219         }\r
220         if (NeutronUtils.IPv4.equals(ethertype)) {\r
221             return EtherTypeClassifier.IPv4_VALUE;\r
222         }\r
223         if (NeutronUtils.IPv6.equals(ethertype)) {\r
224             return EtherTypeClassifier.IPv6_VALUE;\r
225         }\r
226         throw new IllegalArgumentException("Ethertype " + ethertype + " is not supported.");\r
227     }\r
228 \r
229     /**\r
230      * @param secRule\r
231      * @return {@code null} if {@link NeutronSecurityRule#getSecurityRuleProtocol()} is null or\r
232      *         empty; Otherwise protocol number\r
233      * @throws IllegalArgumentException if return value of\r
234      *         {@link NeutronSecurityRule#getSecurityRuleProtocol()} is not empty/null and is other\r
235      *         than "tcp", "udp", "icmp"\r
236      */\r
237     public static Long getProtocol(NeutronSecurityRule secRule) {\r
238         String protocol = secRule.getSecurityRuleProtocol();\r
239         if (Strings.isNullOrEmpty(protocol)) {\r
240             return null;\r
241         }\r
242         if (NeutronUtils.TCP.equals(protocol)) {\r
243             return IpProtoClassifier.TCP_VALUE;\r
244         }\r
245         if (NeutronUtils.UDP.equals(protocol)) {\r
246             return IpProtoClassifier.UDP_VALUE;\r
247         }\r
248         if (NeutronUtils.ICMP.equals(protocol)) {\r
249             return IpProtoClassifier.ICMP_VALUE;\r
250         }\r
251         throw new IllegalArgumentException("Protocol " + protocol + " is not supported.");\r
252     }\r
253 \r
254 }\r
OpenDaylight Group Based Policy Plugin