Bug 5483 - added support for num values in rules

[groupbasedpolicy.git] / neutron-mapper / src / main / java / org / opendaylight / groupbasedpolicy / neutron / mapper / mapping / rule / SecRuleEntityDecoder.java

/*\r
 * Copyright (c) 2014 Cisco Systems, Inc. and others. All rights reserved.\r
 *\r
 * This program and the accompanying materials are made available under the\r
 * terms of the Eclipse Public License v1.0 which accompanies this distribution,\r
 * and is available at http://www.eclipse.org/legal/epl-v10.html\r
 */\r
\r
package org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.rule;\r
\r
import static com.google.common.base.Preconditions.checkNotNull;\r
\r
import java.util.ArrayList;\r
import java.util.List;\r
\r
import javax.annotation.Nullable;\r
\r
import org.opendaylight.groupbasedpolicy.api.sf.EtherTypeClassifierDefinition;\r
import org.opendaylight.groupbasedpolicy.api.sf.IpProtoClassifierDefinition;\r
import org.opendaylight.groupbasedpolicy.api.sf.L4ClassifierDefinition;\r
import org.opendaylight.groupbasedpolicy.neutron.mapper.util.NeutronUtils;\r
import org.opendaylight.groupbasedpolicy.neutron.mapper.util.Utils;\r
import org.opendaylight.neutron.spi.NeutronSecurityRule;\r
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev100924.IpPrefix;\r
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ClassifierName;\r
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ContractId;\r
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.EndpointGroupId;\r
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ParameterName;\r
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.SubjectName;\r
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.TenantId;\r
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.HasDirection.Direction;\r
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.classifier.refs.ClassifierRef;\r
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.classifier.refs.ClassifierRef.ConnectionTracking;\r
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.classifier.refs.ClassifierRefBuilder;\r
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.endpoint.identification.constraints.EndpointIdentificationConstraints;\r
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.endpoint.identification.constraints.EndpointIdentificationConstraintsBuilder;\r
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.endpoint.identification.constraints.endpoint.identification.constraints.L3EndpointIdentificationConstraintsBuilder;\r
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.endpoint.identification.constraints.endpoint.identification.constraints.l3.endpoint.identification.constraints.PrefixConstraint;\r
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.endpoint.identification.constraints.endpoint.identification.constraints.l3.endpoint.identification.constraints.PrefixConstraintBuilder;\r
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.subject.feature.instance.ParameterValue;\r
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.subject.feature.instance.ParameterValueBuilder;\r
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.subject.feature.instance.parameter.value.RangeValueBuilder;\r
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.contract.Clause;\r
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.contract.ClauseBuilder;\r
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.contract.clause.ConsumerMatchers;\r
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.contract.clause.ConsumerMatchersBuilder;\r
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.subject.feature.instances.ClassifierInstance;\r
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.subject.feature.instances.ClassifierInstanceBuilder;\r
\r
import com.google.common.base.Strings;\r
import com.google.common.collect.ImmutableList;\r
\r
public class SecRuleEntityDecoder {\r
\r
    private SecRuleEntityDecoder() {\r
        throw new UnsupportedOperationException("Cannot create an instace.");\r
    }\r
\r
    public static TenantId getTenantId(NeutronSecurityRule secRule) {\r
        return new TenantId(Utils.normalizeUuid(secRule.getSecurityRuleTenantID()));\r
    }\r
\r
    public static EndpointGroupId getProviderEpgId(NeutronSecurityRule secRule) {\r
        return new EndpointGroupId(Utils.normalizeUuid(secRule.getSecurityRuleGroupID()));\r
    }\r
\r
    public static @Nullable EndpointGroupId getConsumerEpgId(NeutronSecurityRule secRule) {\r
        if (Strings.isNullOrEmpty(secRule.getSecurityRemoteGroupID())) {\r
            return null;\r
        }\r
        return new EndpointGroupId(Utils.normalizeUuid(secRule.getSecurityRemoteGroupID()));\r
    }\r
\r
    public static ContractId getContractId(NeutronSecurityRule secRule) {\r
        return new ContractId(Utils.normalizeUuid(secRule.getSecurityRuleUUID()));\r
    }\r
\r
    public static ClassifierInstance getClassifierInstance(NeutronSecurityRule secRule) {\r
        ClassifierInstanceBuilder classifierBuilder = new ClassifierInstanceBuilder();\r
        List<ParameterValue> params = new ArrayList<>();\r
        Integer portMin = secRule.getSecurityRulePortMin();\r
        Integer portMax = secRule.getSecurityRulePortMax();\r
        if (portMin != null && portMax != null) {\r
            classifierBuilder.setClassifierDefinitionId(L4ClassifierDefinition.DEFINITION.getId());\r
            if (portMin.equals(portMax)) {\r
                params.add(new ParameterValueBuilder().setName(new ParameterName(L4ClassifierDefinition.DST_PORT_PARAM))\r
                    .setIntValue(portMin.longValue())\r
                    .build());\r
            } else {\r
                params.add(new ParameterValueBuilder().setName(new ParameterName(L4ClassifierDefinition.DST_PORT_RANGE_PARAM))\r
                    .setRangeValue(\r
                            new RangeValueBuilder().setMin(portMin.longValue()).setMax(portMax.longValue()).build())\r
                    .build());\r
            }\r
        }\r
        Long protocol = getProtocol(secRule);\r
        if (protocol != null) {\r
            if (classifierBuilder.getClassifierDefinitionId() == null) {\r
                classifierBuilder.setClassifierDefinitionId(IpProtoClassifierDefinition.DEFINITION.getId());\r
            }\r
            params.add(new ParameterValueBuilder().setName(new ParameterName(IpProtoClassifierDefinition.PROTO_PARAM))\r
                .setIntValue(protocol)\r
                .build());\r
        }\r
        Long ethertype = getEtherType(secRule);\r
        if (ethertype != null) {\r
            if (classifierBuilder.getClassifierDefinitionId() == null) {\r
                classifierBuilder.setClassifierDefinitionId(EtherTypeClassifierDefinition.DEFINITION.getId());\r
            }\r
            params.add(new ParameterValueBuilder().setName(new ParameterName(EtherTypeClassifierDefinition.ETHERTYPE_PARAM))\r
                .setIntValue(ethertype)\r
                .build());\r
        }\r
        ClassifierName classifierName = SecRuleNameDecoder.getClassifierInstanceName(secRule);\r
        return classifierBuilder.setParameterValue(params).setName(new ClassifierName(classifierName)).build();\r
    }\r
\r
    public static ClassifierRef getClassifierRef(NeutronSecurityRule secRule) {\r
        checkNotNull(secRule);\r
        ClassifierName classifierInstanceName = SecRuleNameDecoder.getClassifierInstanceName(secRule);\r
        ClassifierRefBuilder classifierRefBuilder = new ClassifierRefBuilder()\r
            .setConnectionTracking(ConnectionTracking.Reflexive).setInstanceName(classifierInstanceName);\r
        Direction direction = getDirection(secRule);\r
        classifierRefBuilder.setDirection(direction);\r
        ClassifierName classifierRefName = SecRuleNameDecoder.getClassifierRefName(secRule);\r
        return classifierRefBuilder.setName(classifierRefName).build();\r
    }\r
\r
    /**\r
     * @param secRule\r
     * @return direction resolved from {@link NeutronSecurityRule#getSecurityRuleDirection()}\r
     * @throws IllegalArgumentException if return value of\r
     *         {@link NeutronSecurityRule#getSecurityRuleDirection()} is other than "ingress" or\r
     *         "egress"\r
     */\r
    public static Direction getDirection(NeutronSecurityRule secRule) {\r
        String direction = secRule.getSecurityRuleDirection();\r
        if (NeutronUtils.INGRESS.equals(direction)) {\r
            return Direction.In;\r
        }\r
        if (NeutronUtils.EGRESS.equals(direction)) {\r
            return Direction.Out;\r
        }\r
        throw new IllegalArgumentException("Direction " + direction + " from security group rule "\r
                + secRule.getSecurityRuleUUID() + " is not supported. Direction can be only 'ingress' or 'egress'.");\r
    }\r
\r
    /**\r
     * @param secRule {@link NeutronSecurityRule#getSecurityRuleRemoteIpPrefix()} is used for EIC\r
     *        and subject selection\r
     * @return clause with the subject and with a consumer matcher containing EIC\r
     */\r
    public static Clause getClause(NeutronSecurityRule secRule) {\r
        checkNotNull(secRule);\r
        SubjectName subjectName = SecRuleNameDecoder.getSubjectName(secRule);\r
        ClauseBuilder clauseBuilder =\r
                new ClauseBuilder().setSubjectRefs(ImmutableList.of(subjectName)).setName(SecRuleNameDecoder.getClauseName(secRule));\r
        String remoteIpPrefix = secRule.getSecurityRuleRemoteIpPrefix();\r
        if (!Strings.isNullOrEmpty(remoteIpPrefix)) {\r
            clauseBuilder.setConsumerMatchers(createConsumerMatchersWithEic(remoteIpPrefix));\r
        }\r
        return clauseBuilder.build();\r
    }\r
\r
    private static ConsumerMatchers createConsumerMatchersWithEic(String remoteIpPrefix) {\r
        IpPrefix ipPrefix = Utils.createIpPrefix(remoteIpPrefix);\r
        PrefixConstraint consumerPrefixConstraint = new PrefixConstraintBuilder().setIpPrefix(ipPrefix).build();\r
        EndpointIdentificationConstraints eic =\r
                new EndpointIdentificationConstraintsBuilder()\r
                    .setL3EndpointIdentificationConstraints(new L3EndpointIdentificationConstraintsBuilder()\r
                        .setPrefixConstraint(ImmutableList.<PrefixConstraint>of(consumerPrefixConstraint)).build())\r
                    .build();\r
        return new ConsumerMatchersBuilder().setEndpointIdentificationConstraints(eic).build();\r
    }\r
\r
    public static boolean isEtherTypeOfOneWithinTwo(NeutronSecurityRule one, NeutronSecurityRule two) {\r
        Long oneEtherType = getEtherType(one);\r
        Long twoEtherType = getEtherType(two);\r
        return twoIsNullOrEqualsOne(oneEtherType, twoEtherType);\r
    }\r
\r
    public static boolean isProtocolOfOneWithinTwo(NeutronSecurityRule one, NeutronSecurityRule two) {\r
        Long oneProtocol = getProtocol(one);\r
        Long twoProtocol = getProtocol(two);\r
        return twoIsNullOrEqualsOne(oneProtocol, twoProtocol);\r
    }\r
\r
    private static <T> boolean twoIsNullOrEqualsOne(T one, T two) {\r
        if (two == null)\r
            return true;\r
        if (two.equals(one))\r
            return true;\r
        return false;\r
    }\r
\r
    public static boolean isPortsOfOneWithinTwo(NeutronSecurityRule one, NeutronSecurityRule two) {\r
        Integer onePortMin = one.getSecurityRulePortMin();\r
        Integer onePortMax = one.getSecurityRulePortMax();\r
        Integer twoPortMin = two.getSecurityRulePortMin();\r
        Integer twoPortMax = two.getSecurityRulePortMax();\r
        if (twoPortMin == null && twoPortMax == null) {\r
            return true;\r
        }\r
        if ((onePortMin != null && twoPortMin != null && onePortMin >= twoPortMin)\r
                && (onePortMax != null && twoPortMax != null && onePortMax <= twoPortMax)) {\r
            return true;\r
        }\r
        return false;\r
    }\r
\r
    /**\r
     * @param secRule\r
     * @return {@code null} if {@link NeutronSecurityRule#getSecurityRuleEthertype()} is null or\r
     *         empty; value of {@link EtherTypeClassifierDefinition#IPv4_VALUE} or\r
     *         {@link EtherTypeClassifierDefinition#IPv6_VALUE}\r
     * @throws IllegalArgumentException if return value of\r
     *         {@link NeutronSecurityRule#getSecurityRuleEthertype()} is not empty/null and is other\r
     *         than "IPv4" or "IPv6"\r
     */\r
    public static Long getEtherType(NeutronSecurityRule secRule) {\r
        String ethertype = secRule.getSecurityRuleEthertype();\r
        if (Strings.isNullOrEmpty(ethertype)) {\r
            return null;\r
        }\r
        if (NeutronUtils.IPv4.equals(ethertype)) {\r
            return EtherTypeClassifierDefinition.IPv4_VALUE;\r
        }\r
        if (NeutronUtils.IPv6.equals(ethertype)) {\r
            return EtherTypeClassifierDefinition.IPv6_VALUE;\r
        }\r
        throw new IllegalArgumentException("Ethertype " + ethertype + " is not supported.");\r
    }\r
\r
    /**\r
     * @param secRule\r
     * @return {@code null} if {@link NeutronSecurityRule#getSecurityRuleProtocol()} is null or\r
     *         empty; Otherwise protocol number\r
     * @throws IllegalArgumentException if return value of\r
     *         {@link NeutronSecurityRule#getSecurityRuleProtocol()} is not empty/null and is other\r
     *         than "tcp", "udp", "icmp", "icmpv6" or string values that can be decoded to {@link Short}.\r
     */\r
    public static Long getProtocol(NeutronSecurityRule secRule) {\r
        String protocol = secRule.getSecurityRuleProtocol();\r
        if (Strings.isNullOrEmpty(protocol)) {\r
            return null;\r
        }\r
        if (NeutronUtils.TCP.equals(protocol)) {\r
            return IpProtoClassifierDefinition.TCP_VALUE;\r
        }\r
        if (NeutronUtils.UDP.equals(protocol)) {\r
            return IpProtoClassifierDefinition.UDP_VALUE;\r
        }\r
        if (NeutronUtils.ICMP.equals(protocol)) {\r
            return IpProtoClassifierDefinition.ICMP_VALUE;\r
        }\r
        if (NeutronUtils.ICMPv6.equals(protocol)) {\r
            return IpProtoClassifierDefinition.ICMPv6_VALUE;\r
        }\r
        Long protocolNum;\r
        try {\r
            protocolNum = Long.valueOf(protocol);\r
        } catch (NumberFormatException e) {\r
            throw new IllegalArgumentException("Neutron Security Rule Protocol value " + protocol\r
                    + " is not supported.");\r
        }\r
        return protocolNum;\r
    }\r
}\r