2 * Copyright (C) 2014 Red Hat, Inc.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
10 package org.opendaylight.controller.networkconfig.neutron.northbound;
13 import java.util.ArrayList;
14 import java.util.HashMap;
15 import java.util.Iterator;
16 import java.util.List;
18 import javax.ws.rs.Consumes;
19 import javax.ws.rs.DELETE;
20 import javax.ws.rs.GET;
21 import javax.ws.rs.POST;
22 import javax.ws.rs.PUT;
23 import javax.ws.rs.Path;
24 import javax.ws.rs.PathParam;
25 import javax.ws.rs.Produces;
26 import javax.ws.rs.QueryParam;
27 import javax.ws.rs.core.MediaType;
28 import javax.ws.rs.core.Response;
30 import org.codehaus.enunciate.jaxrs.ResponseCode;
31 import org.codehaus.enunciate.jaxrs.StatusCodes;
32 import org.opendaylight.controller.networkconfig.neutron.INeutronSecurityGroupCRUD;
33 import org.opendaylight.controller.networkconfig.neutron.INeutronSecurityRuleAware;
34 import org.opendaylight.controller.networkconfig.neutron.INeutronSecurityRuleCRUD;
35 import org.opendaylight.controller.networkconfig.neutron.NeutronCRUDInterfaces;
36 import org.opendaylight.controller.networkconfig.neutron.NeutronSecurityRule;
37 import org.slf4j.Logger;
38 import org.slf4j.LoggerFactory;
41 * Neutron Northbound REST APIs for Security Rule.<br>
42 * This class provides REST APIs for managing neutron Security Rule
46 * Authentication scheme : <b>HTTP Basic</b><br>
47 * Authentication realm : <b>opendaylight</b><br>
48 * Transport : <b>HTTP and HTTPS</b><br>
50 * HTTPS Authentication is disabled by default. Administrator can enable it in
51 * tomcat-server.xml after adding a proper keystore / SSL certificate from a
52 * trusted authority.<br>
54 * http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html#Configuration
57 @Path ("/security-group-rules")
58 public class NeutronSecurityRulesNorthbound {
59 static final Logger logger = LoggerFactory.getLogger(NeutronSecurityRulesNorthbound.class);
61 private NeutronSecurityRule extractFields(NeutronSecurityRule o, List<String> fields) {
62 return o.extractFields(fields);
66 * Returns a list of all Security Rules
69 @Produces ({MediaType.APPLICATION_JSON})
71 @ResponseCode (code = 200, condition = "Operation successful"),
72 @ResponseCode (code = 401, condition = "Unauthorized"),
73 @ResponseCode (code = 501, condition = "Not Implemented")})
74 public Response listRules(
76 @QueryParam ("fields") List<String> fields,
77 // OpenStack security rule attributes
78 @QueryParam ("id") String querySecurityRuleUUID,
79 @QueryParam ("direction") String querySecurityRuleDirection,
80 @QueryParam ("protocol") String querySecurityRuleProtocol,
81 @QueryParam ("port_range_min") Integer querySecurityRulePortMin,
82 @QueryParam ("port_range_max") Integer querySecurityRulePortMax,
83 @QueryParam ("ethertype") String querySecurityRuleEthertype,
84 @QueryParam ("remote_ip_prefix") String querySecurityRuleIpPrefix,
85 @QueryParam ("remote_group_id") String querySecurityRemoteGroupID,
86 @QueryParam ("security_group_id") String querySecurityRuleGroupID,
87 @QueryParam ("tenant_id") String querySecurityRuleTenantID,
88 @QueryParam ("limit") String limit,
89 @QueryParam ("marker") String marker,
90 @QueryParam ("page_reverse") String pageReverse
92 INeutronSecurityRuleCRUD securityRuleInterface = NeutronCRUDInterfaces.getINeutronSecurityRuleCRUD(this);
93 if (securityRuleInterface == null) {
94 throw new ServiceUnavailableException("Security Rule CRUD Interface "
95 + RestMessages.SERVICEUNAVAILABLE.toString());
97 List<NeutronSecurityRule> allSecurityRules = securityRuleInterface.getAllNeutronSecurityRules();
98 List<NeutronSecurityRule> ans = new ArrayList<NeutronSecurityRule>();
99 Iterator<NeutronSecurityRule> i = allSecurityRules.iterator();
100 while (i.hasNext()) {
101 NeutronSecurityRule nsr = i.next();
102 if ((querySecurityRuleUUID == null ||
103 querySecurityRuleUUID.equals(nsr.getSecurityRuleUUID())) &&
104 (querySecurityRuleDirection == null ||
105 querySecurityRuleDirection.equals(nsr.getSecurityRuleDirection())) &&
106 (querySecurityRuleProtocol == null ||
107 querySecurityRuleProtocol.equals(nsr.getSecurityRuleProtocol())) &&
108 (querySecurityRulePortMin == null ||
109 querySecurityRulePortMin.equals(nsr.getSecurityRulePortMin())) &&
110 (querySecurityRulePortMax == null ||
111 querySecurityRulePortMax.equals(nsr.getSecurityRulePortMax())) &&
112 (querySecurityRuleEthertype == null ||
113 querySecurityRuleEthertype.equals(nsr.getSecurityRuleEthertype())) &&
114 (querySecurityRuleIpPrefix == null ||
115 querySecurityRuleIpPrefix.equals(nsr.getSecurityRuleRemoteIpPrefix())) &&
116 (querySecurityRuleGroupID == null ||
117 querySecurityRuleGroupID.equals(nsr.getSecurityRuleGroupID())) &&
118 (querySecurityRemoteGroupID == null ||
119 querySecurityRemoteGroupID.equals(nsr.getSecurityRemoteGroupID())) &&
120 (querySecurityRuleTenantID == null ||
121 querySecurityRuleTenantID.equals(nsr.getSecurityRuleTenantID()))) {
122 if (fields.size() > 0) {
123 ans.add(extractFields(nsr, fields));
129 return Response.status(200).entity(
130 new NeutronSecurityRuleRequest(ans)).build();
134 * Returns a specific Security Rule
137 @Path ("{securityRuleUUID}")
139 @Produces ({MediaType.APPLICATION_JSON})
141 @ResponseCode (code = 200, condition = "Operation successful"),
142 @ResponseCode (code = 401, condition = "Unauthorized"),
143 @ResponseCode (code = 404, condition = "Not Found"),
144 @ResponseCode (code = 501, condition = "Not Implemented")})
145 public Response showSecurityRule(@PathParam ("securityRuleUUID") String securityRuleUUID,
147 @QueryParam ("fields") List<String> fields) {
148 INeutronSecurityRuleCRUD securityRuleInterface = NeutronCRUDInterfaces.getINeutronSecurityRuleCRUD(this);
149 if (securityRuleInterface == null) {
150 throw new ServiceUnavailableException("Security Rule CRUD Interface "
151 + RestMessages.SERVICEUNAVAILABLE.toString());
153 if (!securityRuleInterface.neutronSecurityRuleExists(securityRuleUUID)) {
154 throw new ResourceNotFoundException("Security Rule UUID does not exist.");
156 if (!fields.isEmpty()) {
157 NeutronSecurityRule ans = securityRuleInterface.getNeutronSecurityRule(securityRuleUUID);
158 return Response.status(200).entity(
159 new NeutronSecurityRuleRequest(extractFields(ans, fields))).build();
161 return Response.status(200).entity(new NeutronSecurityRuleRequest(securityRuleInterface.getNeutronSecurityRule(securityRuleUUID))).build();
166 * Creates new Security Rule
170 @Produces ({MediaType.APPLICATION_JSON})
171 @Consumes ({MediaType.APPLICATION_JSON})
173 @ResponseCode (code = 201, condition = "Created"),
174 @ResponseCode (code = 400, condition = "Bad Request"),
175 @ResponseCode (code = 401, condition = "Unauthorized"),
176 @ResponseCode (code = 403, condition = "Forbidden"),
177 @ResponseCode (code = 404, condition = "Not Found"),
178 @ResponseCode (code = 409, condition = "Conflict"),
179 @ResponseCode (code = 501, condition = "Not Implemented")})
180 public Response createSecurityRules(final NeutronSecurityRuleRequest input) {
181 INeutronSecurityRuleCRUD securityRuleInterface = NeutronCRUDInterfaces.getINeutronSecurityRuleCRUD(this);
182 if (securityRuleInterface == null) {
183 throw new ServiceUnavailableException("Security Rule CRUD Interface "
184 + RestMessages.SERVICEUNAVAILABLE.toString());
186 INeutronSecurityGroupCRUD securityGroupInterface = NeutronCRUDInterfaces.getINeutronSecurityGroupCRUD(this);
187 if (securityGroupInterface == null) {
188 throw new ServiceUnavailableException("Security Group CRUD Interface "
189 + RestMessages.SERVICEUNAVAILABLE.toString());
193 * Existing entry checks
196 if (input.isSingleton()) {
197 NeutronSecurityRule singleton = input.getSingleton();
199 if (securityRuleInterface.neutronSecurityRuleExists(singleton.getSecurityRuleUUID())) {
200 throw new BadRequestException("Security Rule UUID already exists");
202 Object[] instances = NeutronUtil.getInstances(INeutronSecurityRuleAware.class, this);
203 if (instances != null) {
204 for (Object instance : instances) {
205 INeutronSecurityRuleAware service = (INeutronSecurityRuleAware) instance;
206 int status = service.canCreateNeutronSecurityRule(singleton);
207 if ((status < 200) || (status > 299)) {
208 return Response.status(status).build();
214 singleton.initDefaults();
215 securityRuleInterface.addNeutronSecurityRule(singleton);
216 if (instances != null) {
217 for (Object instance : instances) {
218 INeutronSecurityRuleAware service = (INeutronSecurityRuleAware) instance;
219 service.neutronSecurityRuleCreated(singleton);
223 securityRuleInterface.addNeutronSecurityRule(singleton);
224 if (instances != null) {
225 for (Object instance : instances) {
226 INeutronSecurityRuleAware service = (INeutronSecurityRuleAware) instance;
227 service.neutronSecurityRuleCreated(singleton);
231 List<NeutronSecurityRule> bulk = input.getBulk();
232 Iterator<NeutronSecurityRule> i = bulk.iterator();
233 HashMap<String, NeutronSecurityRule> testMap = new HashMap<String, NeutronSecurityRule>();
234 Object[] instances = NeutronUtil.getInstances(INeutronSecurityRuleAware.class, this);
235 while (i.hasNext()) {
236 NeutronSecurityRule test = i.next();
239 * Verify that the security rule doesn't already exist
242 if (securityRuleInterface.neutronSecurityRuleExists(test.getSecurityRuleUUID())) {
243 throw new BadRequestException("Security Rule UUID already exists");
245 if (testMap.containsKey(test.getSecurityRuleUUID())) {
246 throw new BadRequestException("Security Rule UUID already exists");
248 if (instances != null) {
249 for (Object instance : instances) {
250 INeutronSecurityRuleAware service = (INeutronSecurityRuleAware) instance;
251 int status = service.canCreateNeutronSecurityRule(test);
252 if ((status < 200) || (status > 299)) {
253 return Response.status(status).build();
260 * now, each element of the bulk request can be added to the cache
263 while (i.hasNext()) {
264 NeutronSecurityRule test = i.next();
265 securityRuleInterface.addNeutronSecurityRule(test);
266 if (instances != null) {
267 for (Object instance : instances) {
268 INeutronSecurityRuleAware service = (INeutronSecurityRuleAware) instance;
269 service.neutronSecurityRuleCreated(test);
274 return Response.status(201).entity(input).build();
278 * Updates a Security Rule
281 @Path ("{securityRuleUUID}")
283 @Produces ({MediaType.APPLICATION_JSON})
284 @Consumes ({MediaType.APPLICATION_JSON})
286 @ResponseCode (code = 200, condition = "Operation successful"),
287 @ResponseCode (code = 400, condition = "Bad Request"),
288 @ResponseCode (code = 401, condition = "Unauthorized"),
289 @ResponseCode (code = 403, condition = "Forbidden"),
290 @ResponseCode (code = 404, condition = "Not Found"),
291 @ResponseCode (code = 501, condition = "Not Implemented")})
292 public Response updateSecurityRule(
293 @PathParam ("securityRuleUUID") String securityRuleUUID, final NeutronSecurityRuleRequest input) {
294 INeutronSecurityRuleCRUD securityRuleInterface = NeutronCRUDInterfaces.getINeutronSecurityRuleCRUD(this);
295 if (securityRuleInterface == null) {
296 throw new ServiceUnavailableException("Security Rule CRUD Interface "
297 + RestMessages.SERVICEUNAVAILABLE.toString());
301 * verify the Security Rule exists and there is only one delta provided
303 if (!securityRuleInterface.neutronSecurityRuleExists(securityRuleUUID)) {
304 throw new ResourceNotFoundException("Security Rule UUID does not exist.");
306 if (!input.isSingleton()) {
307 throw new BadRequestException("Only singleton edit supported");
309 NeutronSecurityRule delta = input.getSingleton();
310 NeutronSecurityRule original = securityRuleInterface.getNeutronSecurityRule(securityRuleUUID);
313 * updates restricted by Neutron
316 if (delta.getSecurityRuleUUID() != null ||
317 delta.getSecurityRuleDirection() != null ||
318 delta.getSecurityRuleProtocol() != null ||
319 delta.getSecurityRulePortMin() != null ||
320 delta.getSecurityRulePortMax() != null ||
321 delta.getSecurityRuleEthertype() != null ||
322 delta.getSecurityRuleRemoteIpPrefix() != null ||
323 delta.getSecurityRuleGroupID() != null ||
324 delta.getSecurityRemoteGroupID() != null ||
325 delta.getSecurityRuleTenantID() != null) {
326 throw new BadRequestException("Attribute edit blocked by Neutron");
329 Object[] instances = NeutronUtil.getInstances(INeutronSecurityRuleAware.class, this);
330 if (instances != null) {
331 for (Object instance : instances) {
332 INeutronSecurityRuleAware service = (INeutronSecurityRuleAware) instance;
333 int status = service.canUpdateNeutronSecurityRule(delta, original);
334 if (status < 200 || status > 299) {
335 return Response.status(status).build();
341 * update the object and return it
343 securityRuleInterface.updateNeutronSecurityRule(securityRuleUUID, delta);
344 NeutronSecurityRule updatedSecurityRule = securityRuleInterface.getNeutronSecurityRule(securityRuleUUID);
345 if (instances != null) {
346 for (Object instance : instances) {
347 INeutronSecurityRuleAware service = (INeutronSecurityRuleAware) instance;
348 service.neutronSecurityRuleUpdated(updatedSecurityRule);
351 return Response.status(200).entity(new NeutronSecurityRuleRequest(securityRuleInterface.getNeutronSecurityRule(securityRuleUUID))).build();
355 * Deletes a Security Rule
358 @Path ("{securityRuleUUID}")
361 @ResponseCode (code = 204, condition = "No Content"),
362 @ResponseCode (code = 401, condition = "Unauthorized"),
363 @ResponseCode (code = 404, condition = "Not Found"),
364 @ResponseCode (code = 409, condition = "Conflict"),
365 @ResponseCode (code = 501, condition = "Not Implemented")})
366 public Response deleteSecurityRule(
367 @PathParam ("securityRuleUUID") String securityRuleUUID) {
368 INeutronSecurityRuleCRUD securityRuleInterface = NeutronCRUDInterfaces.getINeutronSecurityRuleCRUD(this);
369 if (securityRuleInterface == null) {
370 throw new ServiceUnavailableException("Security Rule CRUD Interface "
371 + RestMessages.SERVICEUNAVAILABLE.toString());
375 * verify the Security Rule exists and it isn't currently in use
377 if (!securityRuleInterface.neutronSecurityRuleExists(securityRuleUUID)) {
378 throw new ResourceNotFoundException("Security Rule UUID does not exist.");
380 if (securityRuleInterface.neutronSecurityRuleInUse(securityRuleUUID)) {
381 return Response.status(409).build();
383 NeutronSecurityRule singleton = securityRuleInterface.getNeutronSecurityRule(securityRuleUUID);
384 Object[] instances = NeutronUtil.getInstances(INeutronSecurityRuleAware.class, this);
385 if (instances != null) {
386 for (Object instance : instances) {
387 INeutronSecurityRuleAware service = (INeutronSecurityRuleAware) instance;
388 int status = service.canDeleteNeutronSecurityRule(singleton);
389 if (status < 200 || status > 299) {
390 return Response.status(status).build();
396 * remove it and return 204 status
398 securityRuleInterface.removeNeutronSecurityRule(securityRuleUUID);
399 if (instances != null) {
400 for (Object instance : instances) {
401 INeutronSecurityRuleAware service = (INeutronSecurityRuleAware) instance;
402 service.neutronSecurityRuleDeleted(singleton);
405 return Response.status(204).build();