2 * Copyright (C) 2014 Red Hat, Inc.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
9 package org.opendaylight.controller.networkconfig.neutron.northbound;
12 import java.util.ArrayList;
13 import java.util.HashMap;
14 import java.util.Iterator;
15 import java.util.List;
17 import javax.ws.rs.Consumes;
18 import javax.ws.rs.DELETE;
19 import javax.ws.rs.GET;
20 import javax.ws.rs.POST;
21 import javax.ws.rs.PUT;
22 import javax.ws.rs.Path;
23 import javax.ws.rs.PathParam;
24 import javax.ws.rs.Produces;
25 import javax.ws.rs.QueryParam;
26 import javax.ws.rs.core.MediaType;
27 import javax.ws.rs.core.Response;
29 import org.codehaus.enunciate.jaxrs.ResponseCode;
30 import org.codehaus.enunciate.jaxrs.StatusCodes;
31 import org.opendaylight.controller.networkconfig.neutron.INeutronFirewallPolicyCRUD;
32 import org.opendaylight.controller.networkconfig.neutron.INeutronFirewallRuleAware;
33 import org.opendaylight.controller.networkconfig.neutron.INeutronFirewallRuleCRUD;
34 import org.opendaylight.controller.networkconfig.neutron.NeutronCRUDInterfaces;
35 import org.opendaylight.controller.networkconfig.neutron.NeutronFirewallRule;
38 * Neutron Northbound REST APIs for Firewall Rule.<br>
39 * This class provides REST APIs for managing neutron Firewall Rule
43 * Authentication scheme : <b>HTTP Basic</b><br>
44 * Authentication realm : <b>opendaylight</b><br>
45 * Transport : <b>HTTP and HTTPS</b><br>
47 * HTTPS Authentication is disabled by default. Administrator can enable it in
48 * tomcat-server.xml after adding a proper keystore / SSL certificate from a
49 * trusted authority.<br>
51 * http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html#Configuration
54 @Path("fw/firewalls_rules")
55 public class NeutronFirewallRulesNorthbound {
57 private NeutronFirewallRule extractFields(NeutronFirewallRule o, List<String> fields) {
58 return o.extractFields(fields);
62 * Returns a list of all Firewall Rules
65 @Produces({MediaType.APPLICATION_JSON})
67 @ResponseCode(code = 200, condition = "Operation successful"),
68 @ResponseCode(code = 401, condition = "Unauthorized"),
69 @ResponseCode(code = 501, condition = "Not Implemented")})
70 public Response listRules(
72 @QueryParam("fields") List<String> fields,
73 // OpenStack firewall rule attributes
74 @QueryParam("id") String queryFirewallRuleUUID,
75 @QueryParam("tenant_id") String queryFirewallRuleTenantID,
76 @QueryParam("name") String queryFirewallRuleName,
77 @QueryParam("description") String queryFirewallRuleDescription,
78 @QueryParam("admin_state_up") Boolean queryFirewallRuleAdminStateIsUp,
79 @QueryParam("status") String queryFirewallRuleStatus,
80 @QueryParam("shared") Boolean queryFirewallRuleIsShared,
81 @QueryParam("firewall_policy_id") String queryFirewallRulePolicyID,
82 @QueryParam("protocol") String queryFirewallRuleProtocol,
83 @QueryParam("ip_version") Integer queryFirewallRuleIpVer,
84 @QueryParam("source_ip_address") String queryFirewallRuleSrcIpAddr,
85 @QueryParam("destination_ip_address") String queryFirewallRuleDstIpAddr,
86 @QueryParam("source_port") Integer queryFirewallRuleSrcPort,
87 @QueryParam("destination_port") Integer queryFirewallRuleDstPort,
88 @QueryParam("position") Integer queryFirewallRulePosition,
89 @QueryParam("action") String queryFirewallRuleAction,
90 @QueryParam("enabled") Boolean queryFirewallRuleIsEnabled,
92 @QueryParam("limit") String limit,
93 @QueryParam("marker") String marker,
94 @QueryParam("page_reverse") String pageReverse
95 // sorting not supported
97 INeutronFirewallRuleCRUD firewallRuleInterface = NeutronCRUDInterfaces.getINeutronFirewallRuleCRUD(this);
98 if (firewallRuleInterface == null) {
99 throw new ServiceUnavailableException("Firewall Rule CRUD Interface "
100 + RestMessages.SERVICEUNAVAILABLE.toString());
102 List<NeutronFirewallRule> allFirewallRules = firewallRuleInterface.getAllNeutronFirewallRules();
103 List<NeutronFirewallRule> ans = new ArrayList<NeutronFirewallRule>();
104 Iterator<NeutronFirewallRule> i = allFirewallRules.iterator();
105 while (i.hasNext()) {
106 NeutronFirewallRule nsr = i.next();
107 if ((queryFirewallRuleUUID == null ||
108 queryFirewallRuleUUID.equals(nsr.getFirewallRuleUUID())) &&
109 (queryFirewallRuleTenantID == null ||
110 queryFirewallRuleTenantID.equals(nsr.getFirewallRuleTenantID())) &&
111 (queryFirewallRuleName == null ||
112 queryFirewallRuleName.equals(nsr.getFirewallRuleName())) &&
113 (queryFirewallRuleDescription == null ||
114 queryFirewallRuleDescription.equals(nsr.getFirewallRuleDescription())) &&
115 (queryFirewallRuleAdminStateIsUp == null ||
116 queryFirewallRuleAdminStateIsUp.equals(nsr.getFirewallRuleAdminStateIsUp())) &&
117 (queryFirewallRuleStatus == null ||
118 queryFirewallRuleStatus.equals(nsr.getFirewallRuleStatus())) &&
119 (queryFirewallRuleIsShared == null ||
120 queryFirewallRuleIsShared.equals(nsr.getFirewallRuleIsShared())) &&
121 (queryFirewallRulePolicyID == null ||
122 queryFirewallRulePolicyID.equals(nsr.getFirewallRulePolicyID())) &&
123 (queryFirewallRuleProtocol == null ||
124 queryFirewallRuleProtocol.equals(nsr.getFirewallRuleProtocol())) &&
125 (queryFirewallRuleIpVer == null ||
126 queryFirewallRuleIpVer.equals(nsr.getFirewallRuleIpVer())) &&
127 (queryFirewallRuleSrcIpAddr == null ||
128 queryFirewallRuleSrcIpAddr.equals(nsr.getFirewallRuleSrcIpAddr())) &&
129 (queryFirewallRuleDstIpAddr == null ||
130 queryFirewallRuleDstIpAddr.equals(nsr.getFirewallRuleDstIpAddr())) &&
131 (queryFirewallRuleSrcPort == null ||
132 queryFirewallRuleSrcPort.equals(nsr.getFirewallRuleSrcPort())) &&
133 (queryFirewallRuleDstPort == null ||
134 queryFirewallRuleDstPort.equals(nsr.getFirewallRuleDstPort())) &&
135 (queryFirewallRulePosition == null ||
136 queryFirewallRulePosition.equals(nsr.getFirewallRulePosition())) &&
137 (queryFirewallRuleAction == null ||
138 queryFirewallRuleAction.equals(nsr.getFirewallRuleAction())) &&
139 (queryFirewallRuleIsEnabled == null ||
140 queryFirewallRuleIsEnabled.equals(nsr.getFirewallRuleIsEnabled()))) {
141 if (fields.size() > 0) {
142 ans.add(extractFields(nsr, fields));
148 //TODO: apply pagination to results
149 return Response.status(200).entity(
150 new NeutronFirewallRuleRequest(ans)).build();
154 * Returns a specific Firewall Rule
157 @Path("{firewallRuleUUID}")
159 @Produces({MediaType.APPLICATION_JSON})
161 @ResponseCode(code = 200, condition = "Operation successful"),
162 @ResponseCode(code = 401, condition = "Unauthorized"),
163 @ResponseCode(code = 404, condition = "Not Found"),
164 @ResponseCode(code = 501, condition = "Not Implemented")})
165 public Response showFirewallRule(@PathParam("firewallRuleUUID") String firewallRuleUUID,
167 @QueryParam("fields") List<String> fields) {
168 INeutronFirewallRuleCRUD firewallRuleInterface = NeutronCRUDInterfaces.getINeutronFirewallRuleCRUD(this);
169 if (firewallRuleInterface == null) {
170 throw new ServiceUnavailableException("Firewall Rule CRUD Interface "
171 + RestMessages.SERVICEUNAVAILABLE.toString());
173 if (!firewallRuleInterface.neutronFirewallRuleExists(firewallRuleUUID)) {
174 throw new ResourceNotFoundException("Firewall Rule UUID does not exist.");
176 if (fields.size() > 0) {
177 NeutronFirewallRule ans = firewallRuleInterface.getNeutronFirewallRule(firewallRuleUUID);
178 return Response.status(200).entity(
179 new NeutronFirewallRuleRequest(extractFields(ans, fields))).build();
181 return Response.status(200)
182 .entity(new NeutronFirewallRuleRequest(
183 firewallRuleInterface.getNeutronFirewallRule(firewallRuleUUID)))
189 * Creates new Firewall Rule
193 @Produces({MediaType.APPLICATION_JSON})
194 @Consumes({MediaType.APPLICATION_JSON})
196 @ResponseCode(code = 201, condition = "Created"),
197 @ResponseCode(code = 400, condition = "Bad Request"),
198 @ResponseCode(code = 401, condition = "Unauthorized"),
199 @ResponseCode(code = 403, condition = "Forbidden"),
200 @ResponseCode(code = 404, condition = "Not Found"),
201 @ResponseCode(code = 409, condition = "Conflict"),
202 @ResponseCode(code = 501, condition = "Not Implemented")})
203 public Response createFirewallRules(final NeutronFirewallRuleRequest input) {
204 INeutronFirewallRuleCRUD firewallRuleInterface = NeutronCRUDInterfaces.getINeutronFirewallRuleCRUD(this);
205 if (firewallRuleInterface == null) {
206 throw new ServiceUnavailableException("Firewall Rule CRUD Interface "
207 + RestMessages.SERVICEUNAVAILABLE.toString());
209 INeutronFirewallPolicyCRUD firewallPolicyInterface = NeutronCRUDInterfaces.getINeutronFirewallPolicyCRUD(this);
210 if (firewallPolicyInterface == null) {
211 throw new ServiceUnavailableException("Firewall Policy CRUD Interface "
212 + RestMessages.SERVICEUNAVAILABLE.toString());
215 if (input.isSingleton()) {
216 NeutronFirewallRule singleton = input.getSingleton();
217 if (firewallRuleInterface.neutronFirewallRuleExists(singleton.getFirewallRuleUUID())) {
218 throw new BadRequestException("Firewall Rule UUID already exists");
220 firewallRuleInterface.addNeutronFirewallRule(singleton);
221 Object[] instances = NeutronUtil.getInstances(INeutronFirewallRuleAware.class, this);
222 if (instances != null) {
223 for (Object instance : instances) {
224 INeutronFirewallRuleAware service = (INeutronFirewallRuleAware) instance;
225 int status = service.canCreateNeutronFirewallRule(singleton);
226 if (status < 200 || status > 299) {
227 return Response.status(status).build();
232 singleton.initDefaults();
233 firewallRuleInterface.addNeutronFirewallRule(singleton);
234 if (instances != null) {
235 for (Object instance : instances) {
236 INeutronFirewallRuleAware service = (INeutronFirewallRuleAware) instance;
237 service.neutronFirewallRuleCreated(singleton);
241 List<NeutronFirewallRule> bulk = input.getBulk();
242 Iterator<NeutronFirewallRule> i = bulk.iterator();
243 HashMap<String, NeutronFirewallRule> testMap = new HashMap<String, NeutronFirewallRule>();
244 Object[] instances = NeutronUtil.getInstances(INeutronFirewallRuleAware.class, this);
245 while (i.hasNext()) {
246 NeutronFirewallRule test = i.next();
249 * Verify that the Firewall rule doesn't already exist
252 if (firewallRuleInterface.neutronFirewallRuleExists(test.getFirewallRuleUUID())) {
253 throw new BadRequestException("Firewall Rule UUID already exists");
255 if (testMap.containsKey(test.getFirewallRuleUUID())) {
256 throw new BadRequestException("Firewall Rule UUID already exists");
258 if (instances != null) {
259 for (Object instance : instances) {
260 INeutronFirewallRuleAware service = (INeutronFirewallRuleAware) instance;
261 int status = service.canCreateNeutronFirewallRule(test);
262 if (status < 200 || status > 299) {
263 return Response.status(status).build();
269 * now, each element of the bulk request can be added to the cache
272 while (i.hasNext()) {
273 NeutronFirewallRule test = i.next();
274 firewallRuleInterface.addNeutronFirewallRule(test);
275 if (instances != null) {
276 for (Object instance : instances) {
277 INeutronFirewallRuleAware service = (INeutronFirewallRuleAware) instance;
278 service.neutronFirewallRuleCreated(test);
283 return Response.status(201).entity(input).build();
287 * Updates a Firewall Rule
289 @Path("{firewallRuleUUID}")
291 @Produces({MediaType.APPLICATION_JSON})
292 @Consumes({MediaType.APPLICATION_JSON})
294 @ResponseCode(code = 200, condition = "Operation successful"),
295 @ResponseCode(code = 400, condition = "Bad Request"),
296 @ResponseCode(code = 401, condition = "Unauthorized"),
297 @ResponseCode(code = 403, condition = "Forbidden"),
298 @ResponseCode(code = 404, condition = "Not Found"),
299 @ResponseCode(code = 501, condition = "Not Implemented")})
300 public Response updateFirewallRule(
301 @PathParam("firewallRuleUUID") String firewallRuleUUID, final NeutronFirewallRuleRequest input) {
302 INeutronFirewallRuleCRUD firewallRuleInterface = NeutronCRUDInterfaces.getINeutronFirewallRuleCRUD(this);
303 if (firewallRuleInterface == null) {
304 throw new ServiceUnavailableException("Firewall Rule CRUD Interface "
305 + RestMessages.SERVICEUNAVAILABLE.toString());
308 * verify the Firewall Rule exists
310 if (!firewallRuleInterface.neutronFirewallRuleExists(firewallRuleUUID)) {
311 throw new ResourceNotFoundException("Firewall Rule UUID does not exist.");
313 if (!input.isSingleton()) {
314 throw new BadRequestException("Only singleton edit supported");
316 NeutronFirewallRule delta = input.getSingleton();
317 NeutronFirewallRule original = firewallRuleInterface.getNeutronFirewallRule(firewallRuleUUID);
320 * updates restricted by Neutron
323 if (delta.getFirewallRuleUUID() != null ||
324 delta.getFirewallRuleTenantID() != null ||
325 delta.getFirewallRuleName() != null ||
326 delta.getFirewallRuleDescription() != null ||
327 delta.getFirewallRuleAdminStateIsUp() != null ||
328 delta.getFirewallRuleStatus() != null ||
329 delta.getFirewallRuleIsShared() != null ||
330 delta.getFirewallRulePolicyID() != null ||
331 delta.getFirewallRuleProtocol() != null ||
332 delta.getFirewallRuleIpVer() != null ||
333 delta.getFirewallRuleSrcIpAddr() != null ||
334 delta.getFirewallRuleDstIpAddr() != null ||
335 delta.getFirewallRuleSrcPort() != null ||
336 delta.getFirewallRuleDstPort() != null ||
337 delta.getFirewallRulePosition() != null ||
338 delta.getFirewallRuleAction() != null ||
339 delta.getFirewallRuleIsEnabled() != null) {
340 throw new BadRequestException("Attribute edit blocked by Neutron");
343 Object[] instances = NeutronUtil.getInstances(INeutronFirewallRuleAware.class, this);
344 if (instances != null) {
345 for (Object instance : instances) {
346 INeutronFirewallRuleAware service = (INeutronFirewallRuleAware) instance;
347 int status = service.canUpdateNeutronFirewallRule(delta, original);
348 if (status < 200 || status > 299) {
349 return Response.status(status).build();
355 * update the object and return it
357 firewallRuleInterface.updateNeutronFirewallRule(firewallRuleUUID, delta);
358 NeutronFirewallRule updatedFirewallRule = firewallRuleInterface.getNeutronFirewallRule(firewallRuleUUID);
359 if (instances != null) {
360 for (Object instance : instances) {
361 INeutronFirewallRuleAware service = (INeutronFirewallRuleAware) instance;
362 service.neutronFirewallRuleUpdated(updatedFirewallRule);
365 return Response.status(200)
366 .entity(new NeutronFirewallRuleRequest(firewallRuleInterface.getNeutronFirewallRule(firewallRuleUUID)))
371 * Deletes a Firewall Rule
374 @Path("{firewallRuleUUID}")
377 @ResponseCode(code = 204, condition = "No Content"),
378 @ResponseCode(code = 401, condition = "Unauthorized"),
379 @ResponseCode(code = 404, condition = "Not Found"),
380 @ResponseCode(code = 409, condition = "Conflict"),
381 @ResponseCode(code = 501, condition = "Not Implemented")})
382 public Response deleteFirewallRule(
383 @PathParam("firewallRuleUUID") String firewallRuleUUID) {
384 INeutronFirewallRuleCRUD firewallRuleInterface = NeutronCRUDInterfaces.getINeutronFirewallRuleCRUD(this);
385 if (firewallRuleInterface == null) {
386 throw new ServiceUnavailableException("Firewall Rule CRUD Interface "
387 + RestMessages.SERVICEUNAVAILABLE.toString());
391 * verify the Firewall Rule exists and it isn't currently in use
393 if (!firewallRuleInterface.neutronFirewallRuleExists(firewallRuleUUID)) {
394 throw new ResourceNotFoundException("Firewall Rule UUID does not exist.");
396 if (firewallRuleInterface.neutronFirewallRuleInUse(firewallRuleUUID)) {
397 return Response.status(409).build();
399 NeutronFirewallRule singleton = firewallRuleInterface.getNeutronFirewallRule(firewallRuleUUID);
400 Object[] instances = NeutronUtil.getInstances(INeutronFirewallRuleAware.class, this);
401 if (instances != null) {
402 for (Object instance : instances) {
403 INeutronFirewallRuleAware service = (INeutronFirewallRuleAware) instance;
404 int status = service.canDeleteNeutronFirewallRule(singleton);
405 if (status < 200 || status > 299) {
406 return Response.status(status).build();
412 * remove it and return 204 status
414 firewallRuleInterface.removeNeutronFirewallRule(firewallRuleUUID);
415 if (instances != null) {
416 for (Object instance : instances) {
417 INeutronFirewallRuleAware service = (INeutronFirewallRuleAware) instance;
418 service.neutronFirewallRuleDeleted(singleton);
421 return Response.status(204).build();