2 * Copyright (C) 2014 Red Hat, Inc.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
9 package org.opendaylight.controller.networkconfig.neutron.northbound;
12 import java.util.ArrayList;
13 import java.util.HashMap;
14 import java.util.Iterator;
15 import java.util.List;
17 import javax.ws.rs.Consumes;
18 import javax.ws.rs.DELETE;
19 import javax.ws.rs.GET;
20 import javax.ws.rs.POST;
21 import javax.ws.rs.PUT;
22 import javax.ws.rs.Path;
23 import javax.ws.rs.PathParam;
24 import javax.ws.rs.Produces;
25 import javax.ws.rs.QueryParam;
26 import javax.ws.rs.core.MediaType;
27 import javax.ws.rs.core.Response;
29 import org.codehaus.enunciate.jaxrs.ResponseCode;
30 import org.codehaus.enunciate.jaxrs.StatusCodes;
31 import org.opendaylight.controller.networkconfig.neutron.INeutronFirewallPolicyAware;
32 import org.opendaylight.controller.networkconfig.neutron.INeutronFirewallPolicyCRUD;
33 import org.opendaylight.controller.networkconfig.neutron.NeutronCRUDInterfaces;
34 import org.opendaylight.controller.networkconfig.neutron.NeutronFirewallPolicy;
37 * Neutron Northbound REST APIs for Firewall Policies.<br>
38 * This class provides REST APIs for managing neutron Firewall Policies
42 * Authentication scheme : <b>HTTP Basic</b><br>
43 * Authentication realm : <b>opendaylight</b><br>
44 * Transport : <b>HTTP and HTTPS</b><br>
46 * HTTPS Authentication is disabled by default. Administrator can enable it in
47 * tomcat-server.xml after adding a proper keystore / SSL certificate from a
48 * trusted authority.<br>
50 * http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html#Configuration
53 @Path("/fw/firewalls_policies")
54 public class NeutronFirewallPolicyNorthbound {
56 private NeutronFirewallPolicy extractFields(NeutronFirewallPolicy o, List<String> fields) {
57 return o.extractFields(fields);
61 * Returns a list of all Firewall Policies */
63 @Produces({ MediaType.APPLICATION_JSON })
65 @ResponseCode(code = 200, condition = "Operation successful"),
66 @ResponseCode(code = 401, condition = "Unauthorized"),
67 @ResponseCode(code = 501, condition = "Not Implemented") })
69 public Response listGroups(
71 @QueryParam("fields") List<String> fields,
72 // OpenStack Firewall Policy attributes
73 @QueryParam("id") String queryFirewallPolicyUUID,
74 @QueryParam("tenant_id") String queryFirewallPolicyTenantID,
75 @QueryParam("name") String queryFirewallPolicyName,
76 @QueryParam("description") String querySecurityPolicyDescription,
77 @QueryParam("shared") String querySecurityPolicyIsShared,
78 @QueryParam("firewall_rules") List<String> querySecurityPolicyFirewallRules,
79 @QueryParam("audited") Boolean querySecurityPolicyIsAudited,
81 @QueryParam("limit") String limit,
82 @QueryParam("marker") String marker,
83 @QueryParam("page_reverse") String pageReverse
84 // sorting not supported
86 INeutronFirewallPolicyCRUD firewallPolicyInterface = NeutronCRUDInterfaces.getINeutronFirewallPolicyCRUD(this);
88 if (firewallPolicyInterface == null) {
89 throw new ServiceUnavailableException("Firewall Policy CRUD Interface "
90 + RestMessages.SERVICEUNAVAILABLE.toString());
92 List<NeutronFirewallPolicy> allFirewallPolicies = firewallPolicyInterface.getAllNeutronFirewallPolicies();
93 List<NeutronFirewallPolicy> ans = new ArrayList<NeutronFirewallPolicy>();
94 Iterator<NeutronFirewallPolicy> i = allFirewallPolicies.iterator();
96 NeutronFirewallPolicy nsg = i.next();
97 if ((queryFirewallPolicyUUID == null ||
98 queryFirewallPolicyUUID.equals(nsg.getFirewallPolicyUUID())) &&
99 (queryFirewallPolicyTenantID == null ||
100 queryFirewallPolicyTenantID.equals(nsg.getFirewallPolicyTenantID())) &&
101 (queryFirewallPolicyName == null ||
102 queryFirewallPolicyName.equals(nsg.getFirewallPolicyName())) &&
103 (querySecurityPolicyDescription == null ||
104 querySecurityPolicyDescription.equals(nsg.getFirewallPolicyDescription())) &&
105 (querySecurityPolicyIsShared == null ||
106 querySecurityPolicyIsShared.equals(nsg.getFirewallPolicyIsShared())) &&
107 (querySecurityPolicyFirewallRules.size() == 0 ||
108 querySecurityPolicyFirewallRules.equals(nsg.getFirewallPolicyRules())) &&
109 (querySecurityPolicyIsAudited == null ||
110 querySecurityPolicyIsAudited.equals(nsg.getFirewallPolicyIsAudited()))) {
111 if (fields.size() > 0) {
112 ans.add(extractFields(nsg,fields));
117 } // ans.add((NeutronFirewallPolicy) rules);
118 //TODO: apply pagination to results
119 return Response.status(200).entity(
120 new NeutronFirewallPolicyRequest(ans)).build();
124 * Returns a specific Firewall Policy */
126 @Path("{firewallPolicyUUID}")
128 @Produces({ MediaType.APPLICATION_JSON })
130 @ResponseCode(code = 200, condition = "Operation successful"),
131 @ResponseCode(code = 401, condition = "Unauthorized"),
132 @ResponseCode(code = 404, condition = "Not Found"),
133 @ResponseCode(code = 501, condition = "Not Implemented") })
134 public Response showFirewallPolicy(@PathParam("firewallPolicyUUID") String firewallPolicyUUID,
136 @QueryParam("fields") List<String> fields) {
137 INeutronFirewallPolicyCRUD firewallPolicyInterface = NeutronCRUDInterfaces.getINeutronFirewallPolicyCRUD(this);
138 if (firewallPolicyInterface == null) {
139 throw new ServiceUnavailableException("Firewall Policy CRUD Interface "
140 + RestMessages.SERVICEUNAVAILABLE.toString());
142 if (!firewallPolicyInterface.neutronFirewallPolicyExists(firewallPolicyUUID)) {
143 throw new ResourceNotFoundException("Firewall Policy UUID does not exist.");
145 if (fields.size() > 0) {
146 NeutronFirewallPolicy ans = firewallPolicyInterface.getNeutronFirewallPolicy(firewallPolicyUUID);
147 return Response.status(200).entity(
148 new NeutronFirewallPolicyRequest(extractFields(ans, fields))).build();
150 return Response.status(200).entity(new NeutronFirewallPolicyRequest(firewallPolicyInterface.getNeutronFirewallPolicy(firewallPolicyUUID))).build();
155 * Creates new Firewall Policy
158 @Produces({ MediaType.APPLICATION_JSON })
159 @Consumes({ MediaType.APPLICATION_JSON })
161 @ResponseCode(code = 201, condition = "Created"),
162 @ResponseCode(code = 400, condition = "Bad Request"),
163 @ResponseCode(code = 401, condition = "Unauthorized"),
164 @ResponseCode(code = 403, condition = "Forbidden"),
165 @ResponseCode(code = 404, condition = "Not Found"),
166 @ResponseCode(code = 409, condition = "Conflict"),
167 @ResponseCode(code = 501, condition = "Not Implemented") })
168 public Response createFirewallPolicies(final NeutronFirewallPolicyRequest input) {
169 INeutronFirewallPolicyCRUD firewallPolicyInterface = NeutronCRUDInterfaces.getINeutronFirewallPolicyCRUD(this);
170 if (firewallPolicyInterface == null) {
171 throw new ServiceUnavailableException("Firewall Policy CRUD Interface "
172 + RestMessages.SERVICEUNAVAILABLE.toString());
174 if (input.isSingleton()) {
175 NeutronFirewallPolicy singleton = input.getSingleton();
178 * Verify that the Firewall Policy doesn't already exist.
180 if (firewallPolicyInterface.neutronFirewallPolicyExists(singleton.getFirewallPolicyUUID())) {
181 throw new BadRequestException("Firewall Policy UUID already exists");
183 firewallPolicyInterface.addNeutronFirewallPolicy(singleton);
185 Object[] instances = NeutronUtil.getInstances(INeutronFirewallPolicyAware.class, this);
186 if (instances != null) {
187 if (instances.length > 0) {
188 for (Object instance : instances) {
189 INeutronFirewallPolicyAware service = (INeutronFirewallPolicyAware) instance;
190 int status = service.canCreateNeutronFirewallPolicy(singleton);
191 if (status < 200 || status > 299) {
192 return Response.status(status).build();
196 throw new ServiceUnavailableException("No providers registered. Please try again later");
199 throw new ServiceUnavailableException("Couldn't get providers list. Please try again later");
201 firewallPolicyInterface.addNeutronFirewallPolicy(singleton);
202 if (instances != null) {
203 for (Object instance : instances) {
204 INeutronFirewallPolicyAware service = (INeutronFirewallPolicyAware) instance;
205 service.neutronFirewallPolicyCreated(singleton);
209 List<NeutronFirewallPolicy> bulk = input.getBulk();
210 Iterator<NeutronFirewallPolicy> i = bulk.iterator();
211 HashMap<String, NeutronFirewallPolicy> testMap = new HashMap<String, NeutronFirewallPolicy>();
212 Object[] instances = NeutronUtil.getInstances(INeutronFirewallPolicyAware.class, this);
213 while (i.hasNext()) {
214 NeutronFirewallPolicy test = i.next();
217 * Verify that the firewall policy doesn't already exist
220 if (firewallPolicyInterface.neutronFirewallPolicyExists(test.getFirewallPolicyUUID())) {
221 throw new BadRequestException("Firewall Policy UUID already is already created");
223 if (testMap.containsKey(test.getFirewallPolicyUUID())) {
224 throw new BadRequestException("Firewall Policy UUID already exists");
226 if (instances != null) {
227 if (instances.length > 0) {
228 for (Object instance : instances) {
229 INeutronFirewallPolicyAware service = (INeutronFirewallPolicyAware) instance;
230 int status = service.canCreateNeutronFirewallPolicy(test);
231 if (status < 200 || status > 299) {
232 return Response.status(status).build();
236 throw new ServiceUnavailableException("No providers registered. Please try again later");
239 throw new ServiceUnavailableException("Couldn't get providers list. Please try again later");
243 * now, each element of the bulk request can be added to the cache
246 while (i.hasNext()) {
247 NeutronFirewallPolicy test = i.next();
248 firewallPolicyInterface.addNeutronFirewallPolicy(test);
249 if (instances != null) {
250 for (Object instance : instances) {
251 INeutronFirewallPolicyAware service = (INeutronFirewallPolicyAware) instance;
252 service.neutronFirewallPolicyCreated(test);
257 return Response.status(201).entity(input).build();
261 * Updates a Firewall Policy
263 @Path("{firewallPolicyUUID}")
265 @Produces({ MediaType.APPLICATION_JSON })
266 @Consumes({ MediaType.APPLICATION_JSON })
267 //@TypeHint(OpenStackSubnets.class)
269 @ResponseCode(code = 200, condition = "Operation successful"),
270 @ResponseCode(code = 400, condition = "Bad Request"),
271 @ResponseCode(code = 401, condition = "Unauthorized"),
272 @ResponseCode(code = 403, condition = "Forbidden"),
273 @ResponseCode(code = 404, condition = "Not Found"),
274 @ResponseCode(code = 501, condition = "Not Implemented") })
275 public Response updateFirewallPolicy(
276 @PathParam("firewallPolicyUUID") String firewallPolicyUUID, final NeutronFirewallPolicyRequest input) {
277 INeutronFirewallPolicyCRUD firewallPolicyInterface = NeutronCRUDInterfaces.getINeutronFirewallPolicyCRUD(this);
278 if (firewallPolicyInterface == null) {
279 throw new ServiceUnavailableException("Firewall Policy CRUD Interface "
280 + RestMessages.SERVICEUNAVAILABLE.toString());
284 * verify the Firewall Policy exists and there is only one delta provided
286 if (!firewallPolicyInterface.neutronFirewallPolicyExists(firewallPolicyUUID)) {
287 throw new ResourceNotFoundException("Firewall Policy UUID does not exist.");
289 if (!input.isSingleton()) {
290 throw new BadRequestException("Only singleton edit supported");
292 NeutronFirewallPolicy delta = input.getSingleton();
293 NeutronFirewallPolicy original = firewallPolicyInterface.getNeutronFirewallPolicy(firewallPolicyUUID);
296 * updates restricted by Neutron
298 if (delta.getFirewallPolicyUUID() != null ||
299 delta.getFirewallPolicyTenantID() != null ||
300 delta.getFirewallPolicyName() != null ||
301 delta.getFirewallPolicyDescription() != null ||
302 delta.getFirewallPolicyIsShared() != null ||
303 delta.getFirewallPolicyRules().size() > 0 ||
304 delta.getFirewallPolicyIsAudited() != null) {
305 throw new BadRequestException("Attribute edit blocked by Neutron");
308 Object[] instances = NeutronUtil.getInstances(INeutronFirewallPolicyAware.class, this);
309 if (instances != null) {
310 if (instances.length > 0) {
311 for (Object instance : instances) {
312 INeutronFirewallPolicyAware service = (INeutronFirewallPolicyAware) instance;
313 int status = service.canUpdateNeutronFirewallPolicy(delta, original);
314 if (status < 200 || status > 299) {
315 return Response.status(status).build();
319 throw new ServiceUnavailableException("No providers registered. Please try again later");
322 throw new ServiceUnavailableException("Couldn't get providers list. Please try again later");
326 * update the object and return it
328 firewallPolicyInterface.updateNeutronFirewallPolicy(firewallPolicyUUID, delta);
329 NeutronFirewallPolicy updatedFirewallPolicy = firewallPolicyInterface.getNeutronFirewallPolicy(firewallPolicyUUID);
330 if (instances != null) {
331 for (Object instance : instances) {
332 INeutronFirewallPolicyAware service = (INeutronFirewallPolicyAware) instance;
333 service.neutronFirewallPolicyUpdated(updatedFirewallPolicy);
336 return Response.status(200).entity(new NeutronFirewallPolicyRequest(firewallPolicyInterface.getNeutronFirewallPolicy(firewallPolicyUUID))).build();
340 * Deletes a Firewall Policy */
342 @Path("{firewallPolicyUUID}")
345 @ResponseCode(code = 204, condition = "No Content"),
346 @ResponseCode(code = 401, condition = "Unauthorized"),
347 @ResponseCode(code = 404, condition = "Not Found"),
348 @ResponseCode(code = 409, condition = "Conflict"),
349 @ResponseCode(code = 501, condition = "Not Implemented") })
350 public Response deleteFirewallPolicy(
351 @PathParam("firewallPolicyUUID") String firewallPolicyUUID) {
352 INeutronFirewallPolicyCRUD firewallPolicyInterface = NeutronCRUDInterfaces.getINeutronFirewallPolicyCRUD(this);
353 if (firewallPolicyInterface == null) {
354 throw new ServiceUnavailableException("Firewall Policy CRUD Interface "
355 + RestMessages.SERVICEUNAVAILABLE.toString());
359 * verify the Firewall Policy exists and it isn't currently in use
361 if (!firewallPolicyInterface.neutronFirewallPolicyExists(firewallPolicyUUID)) {
362 throw new ResourceNotFoundException("Firewall Policy UUID does not exist.");
364 if (firewallPolicyInterface.neutronFirewallPolicyInUse(firewallPolicyUUID)) {
365 return Response.status(409).build();
367 NeutronFirewallPolicy singleton = firewallPolicyInterface.getNeutronFirewallPolicy(firewallPolicyUUID);
368 Object[] instances = NeutronUtil.getInstances(INeutronFirewallPolicyAware.class, this);
369 if (instances != null) {
370 if (instances.length > 0) {
371 for (Object instance : instances) {
372 INeutronFirewallPolicyAware service = (INeutronFirewallPolicyAware) instance;
373 int status = service.canDeleteNeutronFirewallPolicy(singleton);
374 if (status < 200 || status > 299) {
375 return Response.status(status).build();
379 throw new ServiceUnavailableException("No providers registered. Please try again later");
382 throw new ServiceUnavailableException("Couldn't get providers list. Please try again later");
385 firewallPolicyInterface.removeNeutronFirewallPolicy(firewallPolicyUUID);
386 if (instances != null) {
387 for (Object instance : instances) {
388 INeutronFirewallPolicyAware service = (INeutronFirewallPolicyAware) instance;
389 service.neutronFirewallPolicyDeleted(singleton);
392 return Response.status(204).build();